From: Kees Cook <keescook@chromium.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: "Nick Desaulniers" <ndesaulniers@google.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Michal Marek" <michal.lkml@markovi.net>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
"Tony Luck" <tony.luck@intel.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Joe Perches" <joe@perches.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
"Daniel Axtens" <dja@axtens.net>,
"Arvind Sankar" <nivedita@alum.mit.edu>,
"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
"Alexandru Ardelean" <alexandru.ardelean@analog.com>,
"Yury Norov" <yury.norov@gmail.com>,
x86@kernel.org, "Ard Biesheuvel" <ardb@kernel.org>,
"Paul E . McKenney" <paulmck@kernel.org>,
"Daniel Kiper" <daniel.kiper@oracle.com>,
"Bruce Ashfield" <bruce.ashfield@gmail.com>,
"Marco Elver" <elver@google.com>,
"Vamshi K Sthambamkadi" <vamshi.k.sthambamkadi@gmail.com>,
"Andi Kleen" <ak@suse.de>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"Dávid Bolvanský" <david.bolvansky@gmail.com>,
"Eli Friedman" <efriedma@quicinc.com>,
stable@vger.kernel.org, "Sami Tolvanen" <samitolvanen@google.com>
Subject: Re: [PATCH 1/4] Makefile: add -fno-builtin-stpcpy
Date: Tue, 18 Aug 2020 12:21:51 -0700 [thread overview]
Message-ID: <202008181214.5C736E7@keescook> (raw)
In-Reply-To: <82bbeff7-acc3-410c-9bca-3644b141dc1a@zytor.com>
On Mon, Aug 17, 2020 at 03:31:26PM -0700, H. Peter Anvin wrote:
> On 2020-08-17 15:02, Nick Desaulniers wrote:
> > LLVM implemented a recent "libcall optimization" that lowers calls to
> > `sprintf(dest, "%s", str)` where the return value is used to
> > `stpcpy(dest, str) - dest`. This generally avoids the machinery involved
> > in parsing format strings. This optimization was introduced into
> > clang-12. Because the kernel does not provide an implementation of
> > stpcpy, we observe linkage failures for almost all targets when building
> > with ToT clang.
> >
> > The interface is unsafe as it does not perform any bounds checking.
> > Disable this "libcall optimization" via `-fno-builtin-stpcpy`.
> >
> > Unlike
> > commit 5f074f3e192f ("lib/string.c: implement a basic bcmp")
> > which cited failures with `-fno-builtin-*` flags being retained in LLVM
> > LTO, that bug seems to have been fixed by
> > https://reviews.llvm.org/D71193, so the above sha can now be reverted in
> > favor of `-fno-builtin-bcmp`.
> >
>
> stpcpy() and (to a lesser degree) mempcpy() are fairly useful routines
> in general. Perhaps we *should* provide them?
As Nick mentioned, I really don't want to expand the already bad
interfaces from libc. We have enough messes to clean up already, and I
don't want to add more. The kernel already uses a subset of C, we have
(several) separate non-libc memory allocators, we're using strscpy() and
scnprintf() widely in favor of their buggy libc counterparts, etc. We
don't need to match the libc string interfaces especially when they're
arguably bug-prone foot-guns. :)
--
Kees Cook
next prev parent reply other threads:[~2020-08-18 19:22 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 22:02 [PATCH 0/4] -ffreestanding/-fno-builtin-* patches Nick Desaulniers
2020-08-17 22:02 ` [PATCH 1/4] Makefile: add -fno-builtin-stpcpy Nick Desaulniers
2020-08-17 22:31 ` H. Peter Anvin
2020-08-17 23:36 ` Nick Desaulniers
2020-08-18 19:21 ` Kees Cook [this message]
2020-08-18 7:10 ` Ard Biesheuvel
2020-08-18 7:25 ` Greg KH
2020-08-18 7:29 ` Ard Biesheuvel
2020-08-18 7:34 ` Greg KH
2020-08-18 19:23 ` Kees Cook
2020-08-17 22:02 ` [PATCH 2/4] Revert "lib/string.c: implement a basic bcmp" Nick Desaulniers
2020-08-18 5:44 ` Nathan Chancellor
2020-08-18 18:00 ` Nick Desaulniers
2020-08-18 19:24 ` Kees Cook
2020-08-17 22:02 ` [PATCH 3/4] x86/boot: use -fno-builtin-bcmp Nick Desaulniers
2020-08-18 19:24 ` Kees Cook
2020-08-17 22:02 ` [PATCH 4/4] x86: don't build CONFIG_X86_32 as -ffreestanding Nick Desaulniers
2020-08-18 19:24 ` Kees Cook
2021-01-07 0:27 ` Fangrui Song
2022-04-07 15:34 ` [tip: x86/build] x86/build: Don't " tip-bot2 for Nick Desaulniers
2022-04-07 17:01 ` Nick Desaulniers
2022-04-07 22:28 ` Borislav Petkov
2020-08-17 22:44 ` [PATCH 0/4] -ffreestanding/-fno-builtin-* patches H. Peter Anvin
2020-08-18 17:56 ` Nick Desaulniers
2020-08-18 19:02 ` H. Peter Anvin
2020-08-18 19:13 ` Linus Torvalds
2020-08-18 19:25 ` Nick Desaulniers
2020-08-18 19:58 ` Nick Desaulniers
2020-08-19 12:19 ` Clement Courbet
2020-08-18 20:24 ` Arvind Sankar
2020-08-18 20:27 ` Nick Desaulniers
2020-08-18 20:58 ` Nick Desaulniers
2020-08-18 21:41 ` Arvind Sankar
2020-08-18 21:51 ` Dávid Bolvanský
2020-08-18 21:59 ` Nick Desaulniers
2020-08-18 22:05 ` Dávid Bolvanský
2020-08-18 23:22 ` Nick Desaulniers
2020-08-20 14:56 ` Rasmus Villemoes
2020-08-20 17:56 ` Arvind Sankar
2020-08-20 18:05 ` Dávid Bolvanský
2020-08-20 23:33 ` Linus Torvalds
2020-08-21 17:29 ` Arvind Sankar
2020-08-21 17:54 ` Linus Torvalds
2020-08-21 18:02 ` Linus Torvalds
2020-08-21 19:14 ` Arvind Sankar
2020-08-21 19:23 ` Linus Torvalds
2020-08-21 19:57 ` Arvind Sankar
2020-08-21 20:03 ` Peter Zijlstra
2020-08-21 21:39 ` Linus Torvalds
2020-08-22 0:12 ` Nick Desaulniers
2020-08-22 12:20 ` David Laight
2020-08-21 6:45 ` Rasmus Villemoes
2020-08-24 15:57 ` Masahiro Yamada
2020-08-24 17:34 ` Arvind Sankar
2020-08-25 7:10 ` Nick Desaulniers
2020-08-25 7:31 ` Nick Desaulniers
2020-08-25 12:28 ` Masahiro Yamada
2020-08-25 14:02 ` Nick Desaulniers
2020-08-26 13:28 ` Masahiro Yamada
2020-08-18 21:53 ` David Laight
2020-08-20 22:41 ` H. Peter Anvin
2020-08-20 23:17 ` Arvind Sankar
2020-08-18 19:35 ` Nick Desaulniers
2020-08-18 22:25 ` Arvind Sankar
2020-08-18 22:59 ` Nick Desaulniers
2020-08-18 23:51 ` Arvind Sankar
2020-08-19 0:20 ` Arvind Sankar
2020-08-19 8:26 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202008181214.5C736E7@keescook \
--to=keescook@chromium.org \
--cc=ak@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alexandru.ardelean@analog.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=bruce.ashfield@gmail.com \
--cc=daniel.kiper@oracle.com \
--cc=david.bolvansky@gmail.com \
--cc=dja@axtens.net \
--cc=dvyukov@google.com \
--cc=efriedma@quicinc.com \
--cc=elver@google.com \
--cc=hpa@zytor.com \
--cc=joe@perches.com \
--cc=joel@joelfernandes.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=ndesaulniers@google.com \
--cc=nivedita@alum.mit.edu \
--cc=paulmck@kernel.org \
--cc=samitolvanen@google.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=vamshi.k.sthambamkadi@gmail.com \
--cc=x86@kernel.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).