From: Linus Torvalds <torvalds@linux-foundation.org>
To: James Y Knight <jyknight@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Matthias Kaehlcke <mka@chromium.org>,
Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>,
Chandler Carruth <chandlerc@google.com>,
Stephen Hines <srhines@google.com>,
Kees Cook <keescook@google.com>,
Guenter Roeck <groeck@chromium.org>,
Greg Hackmann <ghackmann@google.com>
Subject: Re: [GIT PULL] x86/build changes for v4.17
Date: Wed, 4 Apr 2018 15:29:18 -0700 [thread overview]
Message-ID: <CA+55aFztDvKyHp1GuNdj4xpUf4YpPrP+pqiQzwfpvXb-gBnwqQ@mail.gmail.com> (raw)
In-Reply-To: <CAA2zVHqMS7HQggLnhQc9qjUhnD5MQXcyXkVnCQ0BoKqC8i3vgw@mail.gmail.com>
On Wed, Apr 4, 2018 at 3:21 PM, James Y Knight <jyknight@google.com> wrote:
>
> But allowing random pointer arithmetic, and pointer arithmetic wraparound,
> is still different than asserting that an object _field access_ can
> overflow.
But that's not what the code does.
It never _accessed_ the field. It only looked at the *address* of the field.
So clang got this case wrong:
&(pos)->member != NULL
where that "&" thing is very much important. There was no access. An
access would in fact have been a bug (and was the bug that the
compiler caused, because it removed the check for NULL).
You may consider this an "access", but to me, it's all just pointer
arithmetic, and not in the least different from the kind of pointer
arithmetic that "offsetof()" traditionally does.
So I think your "it's a field access" is just a syntactic argument and
should not semantically be *any* different from doing arithmetic on a
pointer.
Linus
next prev parent reply other threads:[~2018-04-04 22:29 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-02 9:50 [GIT PULL] x86/build changes for v4.17 Ingo Molnar
2018-04-02 21:44 ` Linus Torvalds
2018-04-02 22:38 ` Matthias Kaehlcke
2018-04-03 1:26 ` Matthias Kaehlcke
2018-04-03 8:59 ` Peter Zijlstra
2018-04-03 9:51 ` Ingo Molnar
2018-04-03 12:09 ` Peter Zijlstra
2018-04-03 18:06 ` Matthias Kaehlcke
2018-04-03 21:58 ` Nick Desaulniers
2018-04-04 9:19 ` Peter Zijlstra
2018-04-04 9:38 ` Greg KH
2018-04-04 16:49 ` Nick Desaulniers
2018-04-04 17:13 ` Linus Torvalds
2018-04-04 17:46 ` Nick Desaulniers
2018-04-04 23:10 ` Nick Desaulniers
2018-04-04 16:53 ` Nick Desaulniers
2018-04-04 16:59 ` Greg KH
2018-04-04 19:26 ` James Y Knight
2018-04-04 19:42 ` Linus Torvalds
2018-04-04 22:21 ` James Y Knight
2018-04-04 22:29 ` Linus Torvalds [this message]
2018-04-05 7:08 ` Peter Zijlstra
2018-04-05 16:21 ` James Y Knight
2018-04-04 19:32 ` Josh Poimboeuf
2018-06-07 19:23 ` Nick Desaulniers
2018-06-07 20:11 ` Greg KH
2018-04-04 9:30 ` Peter Zijlstra
2018-04-04 19:17 ` Matthias Kaehlcke
2018-04-04 20:33 ` Arnd Bergmann
2018-04-04 20:58 ` Matthias Kaehlcke
2018-04-04 21:11 ` Arnd Bergmann
2018-04-04 21:46 ` Matthias Kaehlcke
2018-04-04 21:59 ` Linus Torvalds
2018-04-04 22:17 ` Matthias Kaehlcke
2018-04-04 22:39 ` Linus Torvalds
2018-04-04 23:31 ` Matthias Kaehlcke
2018-04-05 0:05 ` Linus Torvalds
2018-04-05 0:20 ` Kees Cook
2018-04-05 7:24 ` Peter Zijlstra
2018-04-05 8:04 ` Ingo Molnar
2018-04-05 8:24 ` Peter Zijlstra
2018-04-05 16:43 ` Linus Torvalds
2018-04-05 7:20 ` Peter Zijlstra
2018-04-05 17:46 ` James Y Knight
2018-04-05 18:06 ` Linus Torvalds
2018-04-05 20:51 ` James Y Knight
2018-04-05 21:13 ` Linus Torvalds
2018-04-05 22:51 ` James Y Knight
2018-04-06 2:02 ` Linus Torvalds
2018-04-05 17:47 ` James Y Knight
2018-04-04 23:04 ` Nick Desaulniers
2018-04-03 17:36 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFztDvKyHp1GuNdj4xpUf4YpPrP+pqiQzwfpvXb-gBnwqQ@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=chandlerc@google.com \
--cc=ghackmann@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=jyknight@google.com \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mka@chromium.org \
--cc=ndesaulniers@google.com \
--cc=peterz@infradead.org \
--cc=srhines@google.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.