lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9b57fd4914b46f38d54087d75e072d6e947cb56d.camel@HansenPartnership.com>
Date:   Sun, 22 Nov 2020 10:21:59 -0800
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Kees Cook <keescook@...omium.org>, Jakub Kicinski <kuba@...nel.org>
Cc:     "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        linux-kernel@...r.kernel.org, alsa-devel@...a-project.org,
        amd-gfx@...ts.freedesktop.org, bridge@...ts.linux-foundation.org,
        ceph-devel@...r.kernel.org, cluster-devel@...hat.com,
        coreteam@...filter.org, devel@...verdev.osuosl.org,
        dm-devel@...hat.com, drbd-dev@...ts.linbit.com,
        dri-devel@...ts.freedesktop.org, GR-everest-linux-l2@...vell.com,
        GR-Linux-NIC-Dev@...vell.com, intel-gfx@...ts.freedesktop.org,
        intel-wired-lan@...ts.osuosl.org, keyrings@...r.kernel.org,
        linux1394-devel@...ts.sourceforge.net, linux-acpi@...r.kernel.org,
        linux-afs@...ts.infradead.org,
        linux-arm-kernel@...ts.infradead.org,
        linux-arm-msm@...r.kernel.org,
        linux-atm-general@...ts.sourceforge.net,
        linux-block@...r.kernel.org, linux-can@...r.kernel.org,
        linux-cifs@...r.kernel.org, linux-crypto@...r.kernel.org,
        linux-decnet-user@...ts.sourceforge.net,
        linux-ext4@...r.kernel.org, linux-fbdev@...r.kernel.org,
        linux-geode@...ts.infradead.org, linux-gpio@...r.kernel.org,
        linux-hams@...r.kernel.org, linux-hwmon@...r.kernel.org,
        linux-i3c@...ts.infradead.org, linux-ide@...r.kernel.org,
        linux-iio@...r.kernel.org, linux-input@...r.kernel.org,
        linux-integrity@...r.kernel.org,
        linux-mediatek@...ts.infradead.org, linux-media@...r.kernel.org,
        linux-mmc@...r.kernel.org, linux-mm@...ck.org,
        linux-mtd@...ts.infradead.org, linux-nfs@...r.kernel.org,
        linux-rdma@...r.kernel.org, linux-renesas-soc@...r.kernel.org,
        linux-scsi@...r.kernel.org, linux-sctp@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-stm32@...md-mailman.stormreply.com,
        linux-usb@...r.kernel.org, linux-watchdog@...r.kernel.org,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        netfilter-devel@...r.kernel.org, nouveau@...ts.freedesktop.org,
        op-tee@...ts.trustedfirmware.org, oss-drivers@...ronome.com,
        patches@...nsource.cirrus.com, rds-devel@....oracle.com,
        reiserfs-devel@...r.kernel.org, samba-technical@...ts.samba.org,
        selinux@...r.kernel.org, target-devel@...r.kernel.org,
        tipc-discussion@...ts.sourceforge.net,
        usb-storage@...ts.one-eyed-alien.net,
        virtualization@...ts.linux-foundation.org,
        wcn36xx@...ts.infradead.org, x86@...nel.org,
        xen-devel@...ts.xenproject.org, linux-hardening@...r.kernel.org,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nathan Chancellor <natechancellor@...il.com>,
        Miguel Ojeda <ojeda@...nel.org>, Joe Perches <joe@...ches.com>
Subject: Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Sun, 2020-11-22 at 08:17 -0800, Kees Cook wrote:
> On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> > On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote:
> > > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote:
> > > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote:  
> > > > > This series aims to fix almost all remaining fall-through
> > > > > warnings in order to enable -Wimplicit-fallthrough for Clang.
> > > > > 
> > > > > In preparation to enable -Wimplicit-fallthrough for Clang,
> > > > > explicitly add multiple break/goto/return/fallthrough
> > > > > statements instead of just letting the code fall through to
> > > > > the next case.
> > > > > 
> > > > > Notice that in order to enable -Wimplicit-fallthrough for
> > > > > Clang, this change[1] is meant to be reverted at some point.
> > > > > So, this patch helps to move in that direction.
> > > > > 
> > > > > Something important to mention is that there is currently a
> > > > > discrepancy between GCC and Clang when dealing with switch
> > > > > fall-through to empty case statements or to cases that only
> > > > > contain a break/continue/return statement[2][3][4].  
> > > > 
> > > > Are we sure we want to make this change? Was it discussed
> > > > before?
> > > > 
> > > > Are there any bugs Clangs puritanical definition of fallthrough
> > > > helped find?
> > > > 
> > > > IMVHO compiler warnings are supposed to warn about issues that
> > > > could be bugs. Falling through to default: break; can hardly be
> > > > a bug?!  
> > > 
> > > It's certainly a place where the intent is not always clear. I
> > > think this makes all the cases unambiguous, and doesn't impact
> > > the machine code, since the compiler will happily optimize away
> > > any behavioral redundancy.
> > 
> > If none of the 140 patches here fix a real bug, and there is no
> > change to machine code then it sounds to me like a W=2 kind of a
> > warning.
> 
> FWIW, this series has found at least one bug so far:
> https://lore.kernel.org/lkml/CAFCwf11izHF=g1mGry1fE5kvFFFrxzhPSM6qKAO8gxSp=Kr_CQ@mail.gmail.com/


Well, it's a problem in an error leg, sure, but it's not a really
compelling reason for a 141 patch series, is it?  All that fixing this
error will do is get the driver to print "oh dear there's a problem"
under four more conditions than it previously did.

We've been at this for three years now with nearly a thousand patches,
firstly marking all the fall throughs with /* fall through */ and later
changing it to fallthrough.  At some point we do have to ask if the
effort is commensurate with the protection afforded.  Please tell me
our reward for all this effort isn't a single missing error print.

James


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ