lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2024120938-kilogram-granite-9a53@gregkh>
Date: Mon, 9 Dec 2024 07:45:51 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Nilay Shroff <nilay@...ux.ibm.com>
Cc: linux-kernel@...r.kernel.org, briannorris@...omium.org,
	yury.norov@...il.com, kees@...nel.org, gustavoars@...nel.org,
	nathan@...nel.org, steffen.klassert@...unet.com,
	daniel.m.jordan@...cle.com, gjoyce@....com,
	linux-crypto@...r.kernel.org, linux@...ssschuh.net
Subject: Re: [PATCHv3] gcc: disable '-Wstrignop-overread' universally for
 gcc-13+ and FORTIFY_SOURCE

On Sun, Dec 08, 2024 at 09:42:28PM +0530, Nilay Shroff wrote:
> Acked-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

As this is different, my Ack does not still stand, sorry :(

> +# Currently, disable -Wstringop-overread for gcc-13+ and FORTIFY_SOURCE globally.
> +config GCC13_NO_STRINGOP_OVERREAD
> +	def_bool y

I hit this with gcc 14, it's not just a gcc 13 issue.

> +config CC_NO_STRINGOP_OVERREAD
> +	bool
> +	default y if CC_IS_GCC && GCC_VERSION >= 130000 && GCC13_NO_STRINGOP_OVERREAD && FORTIFY_SOURCE

Ok, I see you enabled this for more than 13, but why call it "13"?

> +
>  #
>  # For architectures that know their GCC __int128 support is sound
>  #
> diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
> index 1d13cecc7cc7..1abd41269fd0 100644
> --- a/scripts/Makefile.extrawarn
> +++ b/scripts/Makefile.extrawarn
> @@ -27,6 +27,7 @@ endif
>  KBUILD_CPPFLAGS-$(CONFIG_WERROR) += -Werror
>  KBUILD_CPPFLAGS += $(KBUILD_CPPFLAGS-y)
>  KBUILD_CFLAGS-$(CONFIG_CC_NO_ARRAY_BOUNDS) += -Wno-array-bounds
> +KBUILD_CFLAGS-$(CONFIG_CC_NO_STRINGOP_OVERREAD) += -Wno-stringop-overread

I don't want this disabled for all files in the kernel, we only have one
that this is a problem for.  I think you disable this, the whole fortify
logic is disabled which is not the goal, why not just force the fortify
feature OFF if we have a "bad compiler" that can not support it?

So no, I don't think this is the correct solution here, sorry.

And it's odd that we are the only 2 people hitting it, has everyone else
just given up on gcc and moved on to using clang?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ