lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9ff492c6-3824-475b-a9f6-415205920e56@linux.ibm.com>
Date: Mon, 9 Dec 2024 22:39:30 +0530
From: Nilay Shroff <nilay@...ux.ibm.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, briannorris@...omium.org,
        yury.norov@...il.com, kees@...nel.org, gustavoars@...nel.org,
        nathan@...nel.org, steffen.klassert@...unet.com,
        daniel.m.jordan@...cle.com, gjoyce@....com,
        linux-crypto@...r.kernel.org, linux@...ssschuh.net
Subject: Re: [PATCHv3] gcc: disable '-Wstrignop-overread' universally for
 gcc-13+ and FORTIFY_SOURCE



On 12/9/24 12:15, Greg Kroah-Hartman wrote:
> On Sun, Dec 08, 2024 at 09:42:28PM +0530, Nilay Shroff wrote:
>> Acked-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> 
> As this is different, my Ack does not still stand, sorry :(
> 
>> +# Currently, disable -Wstringop-overread for gcc-13+ and FORTIFY_SOURCE globally.
>> +config GCC13_NO_STRINGOP_OVERREAD
>> +	def_bool y
> 
> I hit this with gcc 14, it's not just a gcc 13 issue.
> 
>> +config CC_NO_STRINGOP_OVERREAD
>> +	bool
>> +	default y if CC_IS_GCC && GCC_VERSION >= 130000 && GCC13_NO_STRINGOP_OVERREAD && FORTIFY_SOURCE
> 
> Ok, I see you enabled this for more than 13, but why call it "13"?
Yeah I'd change it to GCC_NO_STRINGOP_OVERREAD.
> 
>> +
>>  #
>>  # For architectures that know their GCC __int128 support is sound
>>  #
>> diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
>> index 1d13cecc7cc7..1abd41269fd0 100644
>> --- a/scripts/Makefile.extrawarn
>> +++ b/scripts/Makefile.extrawarn
>> @@ -27,6 +27,7 @@ endif
>>  KBUILD_CPPFLAGS-$(CONFIG_WERROR) += -Werror
>>  KBUILD_CPPFLAGS += $(KBUILD_CPPFLAGS-y)
>>  KBUILD_CFLAGS-$(CONFIG_CC_NO_ARRAY_BOUNDS) += -Wno-array-bounds
>> +KBUILD_CFLAGS-$(CONFIG_CC_NO_STRINGOP_OVERREAD) += -Wno-stringop-overread
> 
> I don't want this disabled for all files in the kernel, we only have one
> that this is a problem for.  I think you disable this, the whole fortify
> logic is disabled which is not the goal, why not just force the fortify
> feature OFF if we have a "bad compiler" that can not support it?
> 
okay so that means you recommend to disable FORTIFY_SOURCE for gcc-13+ instead 
of disabling -Wstringop-overread globally?

> So no, I don't think this is the correct solution here, sorry.
> 
> And it's odd that we are the only 2 people hitting it, has everyone else
> just given up on gcc and moved on to using clang?
I guess that developers are either using Clang or they haven't enabled CONFIG_FORTIFY_SOURCE 
if they're using gcc-13+.

Thanks,
--Nilay

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ