* [GIT PULL] overflow updates for v5.15-rc1
@ 2021-09-03 3:22 Kees Cook
2021-09-04 20:47 ` Linus Torvalds
0 siblings, 1 reply; 10+ messages in thread
From: Kees Cook @ 2021-09-03 3:22 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, Arnd Bergmann, Daniel Vetter, Dan Williams,
Rasmus Villemoes, Greg Kroah-Hartman, Gustavo A. R. Silva,
Keith Packard, Nathan Chancellor, Nick Desaulniers,
linux-hardening
Hi Linus,
Please pull these overflow updates for v5.15-rc1.
Thanks!
-Kees
The following changes since commit 2734d6c1b1a089fb593ef6a23d4b70903526fe0c:
Linux 5.14-rc2 (2021-07-18 14:13:49 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/overflow-v5.15-rc1
for you to fetch changes up to 5975fbb6f1eb0615b96873425a363c80859060ef:
treewide: Replace 0-element memcpy() destinations with flexible arrays (2021-08-30 11:32:10 -0700)
----------------------------------------------------------------
overflow updates for v5.15-rc1
The end goal of the current buffer overflow detection work[0] is to gain
full compile-time and run-time coverage of all detectable buffer overflows
seen via array indexing or memcpy(), memmove(), and memset(). The str*()
family of functions already have full coverage.
While much of the work for these changes have been on-going for many
releases (i.e. 0-element and 1-element array replacements, as well as
avoiding false positives and fixing discovered overflows[1]), this series
contains the foundational elements of several related buffer overflow
detection improvements by providing new common helpers and FORTIFY_SOURCE
changes needed to gain the introspection needed for compiler visibility
into array sizes. Also included are a handful of already Acked instances
using the helpers (or related clean-ups), with many more waiting at the
ready to be taken via subsystem-specific trees[2]. The new helpers are:
- struct_group() for gaining struct member range introspection.
- memset_after() and memset_startat() for clearing to the end of structures.
- DECLARE_FLEX_ARRAY() for using flex arrays in unions or alone in structs.
Also included is the beginning of the refactoring of FORTIFY_SOURCE to
support memcpy() introspection, fix missing and regressed coverage under
GCC, and to prepare to fix the currently broken Clang support. Finishing
this work is part of the larger series[0], but depends on all the false
positives and buffer overflow bug fixes to have landed already and those
that depend on this series to land.
As part of the FORTIFY_SOURCE refactoring, a set of both a compile-time
and run-time tests are added for FORTIFY_SOURCE and the mem*()-family
functions respectively. Please note that the appearance of "panic" and
"BUG" in the FORTIFY_SOURCE refactoring are the result of relocating
existing code, and no new use of those code-paths are expected nor
desired.
Finally, there are two tree-wide conversions for 0-element arrays and
flexible array unions to gain sane compiler introspection coverage that
result in no known object code differences.
After this series (and the changes that have now landed via netdev
and usb), we are so very close to finally being able to build with
-Warray-bounds and -Wzero-length-bounds. However, due two recently found
corner cases in GCC[3] and Clang[4], I have not included the last two
patches that turn on these options, as I don't want to introduce any known
warnings to the build. I am expecting to solve them before rc2, though,
so hopefully there will be a small follow-up to this series before then.
[0] https://lore.kernel.org/lkml/20210818060533.3569517-1-keescook@chromium.org/
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=FORTIFY_SOURCE
[2] https://lore.kernel.org/lkml/202108220107.3E26FE6C9C@keescook/
[3] https://lore.kernel.org/lkml/3ab153ec-2798-da4c-f7b1-81b0ac8b0c5b@roeck-us.net/
[4] https://bugs.llvm.org/show_bug.cgi?id=51682
----------------------------------------------------------------
Kees Cook (28):
scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp
powerpc: Split memset() to avoid multi-field overflow
stddef: Fix kerndoc for sizeof_field() and offsetofend()
stddef: Introduce struct_group() helper macro
cxl/core: Replace unions with struct_group()
bnxt_en: Use struct_group_attr() for memcpy() region
iommu/amd: Use struct_group() for memcpy() region
drm/mga/mga_ioc32: Use struct_group() for memcpy() region
HID: cp2112: Use struct_group() for memcpy() region
HID: roccat: Use struct_group() to zero kone_mouse_event
can: flexcan: Use struct_group() to zero struct flexcan_regs regions
cm4000_cs: Use struct_group() to zero struct cm4000_dev region
compiler_types.h: Remove __compiletime_object_size()
lib/string: Move helper functions out of string.c
fortify: Move remaining fortify helpers into fortify-string.h
fortify: Explicitly disable Clang support
fortify: Fix dropped strcpy() compile-time write overflow check
fortify: Prepare to improve strnlen() and strlen() warnings
fortify: Allow strlen() and strnlen() to pass compile-time known lengths
fortify: Add compile-time FORTIFY_SOURCE tests
lib: Introduce CONFIG_MEMCPY_KUNIT_TEST
string.h: Introduce memset_after() for wiping trailing members/padding
xfrm: Use memset_after() to clear padding
string.h: Introduce memset_startat() for wiping trailing members and padding
btrfs: Use memset_startat() to clear end of struct
stddef: Introduce DECLARE_FLEX_ARRAY() helper
treewide: Replace open-coded flex arrays in unions
treewide: Replace 0-element memcpy() destinations with flexible arrays
MAINTAINERS | 9 +
arch/arm/boot/compressed/string.c | 1 +
arch/s390/lib/string.c | 3 +
arch/x86/boot/compressed/misc.h | 2 +
arch/x86/boot/compressed/pgtable_64.c | 2 +
arch/x86/lib/string_32.c | 1 +
drivers/char/pcmcia/cm4000_cs.c | 9 +-
drivers/crypto/chelsio/chcr_crypto.h | 14 +-
drivers/cxl/cxl.h | 61 ++---
drivers/gpu/drm/mga/mga_ioc32.c | 27 +-
drivers/hid/hid-cp2112.c | 14 +-
drivers/hid/hid-roccat-kone.c | 2 +-
drivers/hid/hid-roccat-kone.h | 12 +-
drivers/iommu/amd/init.c | 9 +-
drivers/macintosh/smu.c | 3 +-
drivers/net/can/flexcan.c | 68 ++---
drivers/net/can/usb/etas_es58x/es581_4.h | 2 +-
drivers/net/can/usb/etas_es58x/es58x_fd.h | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 4 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h | 14 +-
drivers/net/wireless/ath/ath10k/bmi.h | 10 +-
drivers/net/wireless/ath/ath10k/htt.h | 7 +-
drivers/net/wireless/intel/iwlegacy/commands.h | 6 +-
drivers/net/wireless/intel/iwlwifi/dvm/commands.h | 6 +-
drivers/net/wireless/intel/iwlwifi/fw/api/tx.h | 12 +-
drivers/scsi/aic94xx/aic94xx_sds.c | 6 +-
drivers/scsi/ibmvscsi/ibmvscsi.c | 3 +-
drivers/scsi/qla4xxx/ql4_def.h | 4 +-
drivers/staging/rtl8188eu/include/ieee80211.h | 6 +-
drivers/staging/rtl8712/ieee80211.h | 4 +-
drivers/staging/rtl8723bs/include/ieee80211.h | 6 +-
fs/btrfs/root-tree.c | 6 +-
fs/hpfs/hpfs.h | 8 +-
include/linux/compiler-gcc.h | 2 -
include/linux/compiler_types.h | 4 -
include/linux/filter.h | 6 +-
include/linux/fortify-string.h | 77 ++++--
include/linux/ieee80211.h | 30 +--
include/linux/stddef.h | 65 ++++-
include/linux/string.h | 44 +++-
include/linux/thread_info.h | 2 +-
include/scsi/sas.h | 12 +-
include/uapi/drm/mga_drm.h | 22 +-
include/uapi/linux/dlm_device.h | 4 +-
include/uapi/linux/stddef.h | 37 +++
include/uapi/rdma/rdma_user_rxe.h | 4 +-
include/uapi/sound/asoc.h | 4 +-
lib/.gitignore | 2 +
lib/Kconfig.debug | 11 +
lib/Makefile | 34 +++
lib/memcpy_kunit.c | 289 ++++++++++++++++++++++
lib/string.c | 210 +---------------
lib/string_helpers.c | 195 +++++++++++++++
lib/test_fortify/read_overflow-memchr.c | 5 +
lib/test_fortify/read_overflow-memchr_inv.c | 5 +
lib/test_fortify/read_overflow-memcmp.c | 5 +
lib/test_fortify/read_overflow-memscan.c | 5 +
lib/test_fortify/read_overflow2-memcmp.c | 5 +
lib/test_fortify/read_overflow2-memcpy.c | 5 +
lib/test_fortify/read_overflow2-memmove.c | 5 +
lib/test_fortify/test_fortify.h | 35 +++
lib/test_fortify/write_overflow-memcpy.c | 5 +
lib/test_fortify/write_overflow-memmove.c | 5 +
lib/test_fortify/write_overflow-memset.c | 5 +
lib/test_fortify/write_overflow-strcpy-lit.c | 5 +
lib/test_fortify/write_overflow-strcpy.c | 5 +
lib/test_fortify/write_overflow-strlcpy-src.c | 5 +
lib/test_fortify/write_overflow-strlcpy.c | 5 +
lib/test_fortify/write_overflow-strncpy-src.c | 5 +
lib/test_fortify/write_overflow-strncpy.c | 5 +
lib/test_fortify/write_overflow-strscpy.c | 5 +
net/xfrm/xfrm_policy.c | 4 +-
net/xfrm/xfrm_user.c | 2 +-
scripts/kernel-doc | 9 +
scripts/test_fortify.sh | 59 +++++
security/Kconfig | 3 +
76 files changed, 1149 insertions(+), 445 deletions(-)
create mode 100644 lib/memcpy_kunit.c
create mode 100644 lib/test_fortify/read_overflow-memchr.c
create mode 100644 lib/test_fortify/read_overflow-memchr_inv.c
create mode 100644 lib/test_fortify/read_overflow-memcmp.c
create mode 100644 lib/test_fortify/read_overflow-memscan.c
create mode 100644 lib/test_fortify/read_overflow2-memcmp.c
create mode 100644 lib/test_fortify/read_overflow2-memcpy.c
create mode 100644 lib/test_fortify/read_overflow2-memmove.c
create mode 100644 lib/test_fortify/test_fortify.h
create mode 100644 lib/test_fortify/write_overflow-memcpy.c
create mode 100644 lib/test_fortify/write_overflow-memmove.c
create mode 100644 lib/test_fortify/write_overflow-memset.c
create mode 100644 lib/test_fortify/write_overflow-strcpy-lit.c
create mode 100644 lib/test_fortify/write_overflow-strcpy.c
create mode 100644 lib/test_fortify/write_overflow-strlcpy-src.c
create mode 100644 lib/test_fortify/write_overflow-strlcpy.c
create mode 100644 lib/test_fortify/write_overflow-strncpy-src.c
create mode 100644 lib/test_fortify/write_overflow-strncpy.c
create mode 100644 lib/test_fortify/write_overflow-strscpy.c
create mode 100644 scripts/test_fortify.sh
--
Kees Cook
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-03 3:22 [GIT PULL] overflow updates for v5.15-rc1 Kees Cook
@ 2021-09-04 20:47 ` Linus Torvalds
[not found] ` <45312958-B844-4B4C-9808-8205866675A1@chromium.org>
0 siblings, 1 reply; 10+ messages in thread
From: Linus Torvalds @ 2021-09-04 20:47 UTC (permalink / raw)
To: Kees Cook
Cc: Linux Kernel Mailing List, Arnd Bergmann, Daniel Vetter,
Dan Williams, Rasmus Villemoes, Greg Kroah-Hartman,
Gustavo A. R. Silva, Keith Packard, Nathan Chancellor,
Nick Desaulniers, linux-hardening
On Thu, Sep 2, 2021 at 8:22 PM Kees Cook <keescook@chromium.org> wrote:
>
> Please pull these overflow updates for v5.15-rc1.
I pulled and then immediately unpulled again.
You can't add new warnings without fixing them, and this adds some
HORRENDOUSLY ugly new warnings that would most definitely hide other
warnings.
It doesn't matter one whit if the new warnings are from some
test-file, they are not acceptable for a build.
Make any tests separate from a real kernel build, because if "make
allmodconfig" results in hundreds of lines of warning crud, it's
useless garbage.
Linus
---
warning: unsafe memchr() usage lacked '__read_overflow' warning in
lib/test_fortify/read_overflow-memchr.c
lib/test_fortify/test_fortify.h: In function ‘do_fortify_tests’:
lib/test_fortify/read_overflow-memchr.c:3:9: error: statement with no
effect [-Werror=unused-value]
3 | memchr(small, 0x7A, sizeof(small) + 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/test_fortify/test_fortify.h:34:9: note: in expansion of macro ‘TEST’
34 | TEST;
| ^~~~
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
.. lots of noise ..
In function ‘strncpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:56:17: error: call to
‘__write_overflow’ declared with attribute error: detected write
beyond size of object (1st parameter)
56 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strncpy() usage lacked '__write_overflow' warning in
lib/test_fortify/write_overflow-strncpy.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strncpy.c:5:
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
[not found] ` <45312958-B844-4B4C-9808-8205866675A1@chromium.org>
@ 2021-09-05 17:36 ` Linus Torvalds
2021-09-05 18:21 ` Linus Torvalds
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Linus Torvalds @ 2021-09-05 17:36 UTC (permalink / raw)
To: Kees Cook
Cc: Linux Kernel Mailing List, Arnd Bergmann, Daniel Vetter,
Dan Williams, Rasmus Villemoes, Greg Kroah-Hartman,
Gustavo A. R. Silva, Keith Packard, Nathan Chancellor,
Nick Desaulniers, linux-hardening
[-- Attachment #1: Type: text/plain, Size: 1433 bytes --]
On Sun, Sep 5, 2021 at 12:38 AM Kees Cook <keescook@chromium.org> wrote:
>
> Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too.
Sadly, I don't think linux-next checks for warnings.
I really want to enable -Werror at some point, but every time I think
I should, I just end up worrying about another random new compiler (or
a random old one).
We do have -Werror in various configurations (and in some sub-trees).
> What was the build environment?
This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build.
> Seeing an unexpected "-Wunused-value" in your output makes me think I've got a compiler version blind-spot, with some different default flags.)
There were lots of other ones too, I just pasted a small subset. Thne
full error log was 400+ lines. Most of those lines are just because of
the very verbose warnings.
Three errors due to "-Werror=unused-value", but 17 each of variations on
error: call to ‘__read_overflow’ declared with attribute error:
detected read beyond size of object (1st parameter)
and
warning: unsafe xyz() usage lacked '__read_overflow' warning
warnings.
Full 400+ lines (25kB) of errors/warnings messages attached in case
you care about the whole thing and can't easily reproduce.
Linus
[-- Attachment #2: errors --]
[-- Type: application/octet-stream, Size: 25414 bytes --]
warning: unsafe memchr() usage lacked '__read_overflow' warning in lib/test_fortify/read_overflow-memchr.c
lib/test_fortify/test_fortify.h: In function ‘do_fortify_tests’:
lib/test_fortify/read_overflow-memchr.c:3:9: error: statement with no effect [-Werror=unused-value]
3 | memchr(small, 0x7A, sizeof(small) + 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/test_fortify/test_fortify.h:34:9: note: in expansion of macro ‘TEST’
34 | TEST;
| ^~~~
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/read_overflow-memchr.c:5:
In function ‘memchr’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:277:17: error: call to ‘__read_overflow’ declared with attribute error: detected read beyond size of object (1st parameter)
277 | __read_overflow();
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
warning: unsafe memchr_inv() usage lacked '__read_overflow' warning in lib/test_fortify/read_overflow-memchr_inv.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/read_overflow-memchr_inv.c:5:
In function ‘memchr_inv’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:289:17: error: call to ‘__read_overflow’ declared with attribute error: detected read beyond size of object (1st parameter)
289 | __read_overflow();
| ^~~~~~~~~~~~~~~~~
warning: unsafe memcmp() usage lacked '__read_overflow' warning in lib/test_fortify/read_overflow-memcmp.c
lib/test_fortify/test_fortify.h: In function ‘do_fortify_tests’:
lib/test_fortify/read_overflow-memcmp.c:3:9: error: statement with no effect [-Werror=unused-value]
3 | memcmp(small, large, sizeof(small) + 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/test_fortify/test_fortify.h:34:9: note: in expansion of macro ‘TEST’
34 | TEST;
| ^~~~
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/read_overflow-memcmp.c:5:
In function ‘memcmp’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:263:25: error: call to ‘__read_overflow’ declared with attribute error: detected read beyond size of object (1st parameter)
263 | __read_overflow();
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
warning: unsafe memscan() usage lacked '__read_overflow' warning in lib/test_fortify/read_overflow-memscan.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/read_overflow-memscan.c:5:
In function ‘memscan’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:250:17: error: call to ‘__read_overflow’ declared with attribute error: detected read beyond size of object (1st parameter)
250 | __read_overflow();
| ^~~~~~~~~~~~~~~~~
warning: unsafe memcmp() usage lacked '__read_overflow2' warning in lib/test_fortify/read_overflow2-memcmp.c
lib/test_fortify/test_fortify.h: In function ‘do_fortify_tests’:
lib/test_fortify/read_overflow2-memcmp.c:3:9: error: statement with no effect [-Werror=unused-value]
3 | memcmp(large, small, sizeof(small) + 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/test_fortify/test_fortify.h:34:9: note: in expansion of macro ‘TEST’
34 | TEST;
| ^~~~
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/read_overflow2-memcmp.c:5:
In function ‘memcmp’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:265:25: error: call to ‘__read_overflow2’ declared with attribute error: detected read beyond size of object (2nd parameter)
265 | __read_overflow2();
| ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
warning: unsafe memcpy() usage lacked '__read_overflow2' warning in lib/test_fortify/read_overflow2-memcpy.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/read_overflow2-memcpy.c:5:
In function ‘memcpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:221:25: error: call to ‘__read_overflow2’ declared with attribute error: detected read beyond size of object (2nd parameter)
221 | __read_overflow2();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe memmove() usage lacked '__read_overflow2' warning in lib/test_fortify/read_overflow2-memmove.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/read_overflow2-memmove.c:5:
In function ‘memmove’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:237:25: error: call to ‘__read_overflow2’ declared with attribute error: detected read beyond size of object (2nd parameter)
237 | __read_overflow2();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe memcpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-memcpy.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-memcpy.c:5:
In function ‘memcpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:219:25: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
219 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe memmove() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-memmove.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-memmove.c:5:
In function ‘memmove’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:235:25: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
235 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe memset() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-memset.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-memset.c:5:
In function ‘memset’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:206:17: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
206 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strcpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-strcpy-lit.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strcpy-lit.c:5:
In function ‘strcpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:319:17: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
319 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strcpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-strcpy.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strcpy.c:5:
In function ‘strcpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:319:17: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
319 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strlcpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-strlcpy-src.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strlcpy-src.c:5:
In function ‘strlcpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:125:25: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
125 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strlcpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-strlcpy.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strlcpy.c:5:
In function ‘strlcpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:125:25: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
125 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strncpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-strncpy.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strncpy.c:5:
In function ‘strncpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:56:17: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
56 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strscpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-strscpy.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strscpy.c:5:
In function ‘strscpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:154:17: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
154 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
warning: unsafe strncpy() usage lacked '__write_overflow' warning in lib/test_fortify/write_overflow-strncpy-src.c
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:10,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/mmzone.h:8,
from ./include/linux/gfp.h:6,
from ./include/linux/slab.h:15,
from lib/test_fortify/test_fortify.h:4,
from lib/test_fortify/write_overflow-strncpy-src.c:5:
In function ‘strncpy’,
inlined from ‘do_fortify_tests’ at lib/test_fortify/test_fortify.h:34:2:
./include/linux/fortify-string.h:56:17: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object (1st parameter)
56 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-05 17:36 ` Linus Torvalds
@ 2021-09-05 18:21 ` Linus Torvalds
2021-09-05 18:31 ` Kees Cook
` (2 subsequent siblings)
3 siblings, 0 replies; 10+ messages in thread
From: Linus Torvalds @ 2021-09-05 18:21 UTC (permalink / raw)
To: Kees Cook
Cc: Linux Kernel Mailing List, Arnd Bergmann, Daniel Vetter,
Dan Williams, Rasmus Villemoes, Greg Kroah-Hartman,
Gustavo A. R. Silva, Keith Packard, Nathan Chancellor,
Nick Desaulniers, linux-hardening
On Sun, Sep 5, 2021 at 10:36 AM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> Sadly, I don't think linux-next checks for warnings.
>
> I really want to enable -Werror at some point, but every time I think
> I should, I just end up worrying about another random new compiler (or
> a random old one).
>
> We do have -Werror in various configurations (and in some sub-trees).
Whatever. I'll just make a new config option, make it 'default y', and
it will be on for anybody doing allmodconfig builds etc.
And if people have new compilers, or odd configurations that still
cause warnings, they can turn it off, but hopefully this will make
compiler warnings in linux-next (or any other automated builds) cause
a lot more noise.
Linus
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-05 17:36 ` Linus Torvalds
2021-09-05 18:21 ` Linus Torvalds
@ 2021-09-05 18:31 ` Kees Cook
2021-09-06 11:43 ` Mark Brown
2021-09-05 20:52 ` Kees Cook
2021-09-06 5:27 ` Stephen Rothwell
3 siblings, 1 reply; 10+ messages in thread
From: Kees Cook @ 2021-09-05 18:31 UTC (permalink / raw)
To: Linus Torvalds
Cc: Linux Kernel Mailing List, Arnd Bergmann, Daniel Vetter,
Dan Williams, Rasmus Villemoes, Greg Kroah-Hartman,
Gustavo A. R. Silva, Keith Packard, Nathan Chancellor,
Nick Desaulniers, linux-hardening
On Sun, Sep 05, 2021 at 10:36:22AM -0700, Linus Torvalds wrote:
> On Sun, Sep 5, 2021 at 12:38 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too.
>
> Sadly, I don't think linux-next checks for warnings.
Oh, I thought I'd gotten such reports from sfr before, but certainly the
0day bot and others have yelled loudly about new warnings (from earlier
iterations of this series in -next).
> I really want to enable -Werror at some point, but every time I think
> I should, I just end up worrying about another random new compiler (or
> a random old one).
>
> We do have -Werror in various configurations (and in some sub-trees).
Yup, I think ppc and drm?
> > What was the build environment?
>
> This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build.
Ah, fun. Yeah, I'm behind on versions, it seems. Default gcc version on
latest stable Ubuntu release is 10.3. I will go retest on the devel
release.
> > Seeing an unexpected "-Wunused-value" in your output makes me think I've got a compiler version blind-spot, with some different default flags.)
>
> There were lots of other ones too, I just pasted a small subset. Thne
> full error log was 400+ lines. Most of those lines are just because of
> the very verbose warnings.
>
> Three errors due to "-Werror=unused-value", but 17 each of variations on
>
> error: call to ‘__read_overflow’ declared with attribute error:
> detected read beyond size of object (1st parameter)
>
> and
>
> warning: unsafe xyz() usage lacked '__read_overflow' warning
>
> warnings.
>
> Full 400+ lines (25kB) of errors/warnings messages attached in case
> you care about the whole thing and can't easily reproduce.
Yeah, the tests are designed to freak out if it gets an unexpected
warning (since it's trying to check for _expected_ warnings), but
regardless, they were not at all supposed to be spewing like this
immediately! :P
Sorry for the noise; I will get it cleaned up and re-sent.
-Kees
--
Kees Cook
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-05 17:36 ` Linus Torvalds
2021-09-05 18:21 ` Linus Torvalds
2021-09-05 18:31 ` Kees Cook
@ 2021-09-05 20:52 ` Kees Cook
2021-09-06 5:27 ` Stephen Rothwell
3 siblings, 0 replies; 10+ messages in thread
From: Kees Cook @ 2021-09-05 20:52 UTC (permalink / raw)
To: Linus Torvalds
Cc: Linux Kernel Mailing List, Arnd Bergmann, Daniel Vetter,
Dan Williams, Rasmus Villemoes, Greg Kroah-Hartman,
Gustavo A. R. Silva, Keith Packard, Nathan Chancellor,
Nick Desaulniers, linux-hardening
On Sun, Sep 05, 2021 at 10:36:22AM -0700, Linus Torvalds wrote:
> This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build.
I've checked this on F32 now, and I still wasn't seeing the testsuite
warnings. I did see this, though, unrelated to (but certainly thematically
associated with) the overflow series:
fs/qnx4/dir.c: In function 'qnx4_readdir':
fs/qnx4/dir.c:51:32: warning: 'strnlen' specified bound 48 exceeds source size 16 [-Wstringop-overread]
51 | size = strnlen(de->di_fname, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from fs/qnx4/qnx4.h:3,
from fs/qnx4/dir.c:16:
./include/uapi/linux/qnx4_fs.h:45:25: note: source object declared here
45 | char di_fname[QNX4_SHORT_NAME_MAX];
| ^~~~~~~~
> Three errors due to "-Werror=unused-value", but 17 each of variations on
These are just side-effects of the actual warning going "missing".
> error: call to ‘__read_overflow’ declared with attribute error:
> detected read beyond size of object (1st parameter)
>
> and
>
> warning: unsafe xyz() usage lacked '__read_overflow' warning
>
> warnings.
The latter is complaining about not seeing the former... O_o
Oh... I found it:
> error: call to ‘__read_overflow’ declared with attribute error:
^ ^
vs:
error: call to '__read_overflow' declared with attribute error:
^ ^
Looks like it's LANG biting me! Ugh.
LANG=en.US.UTF-8 is '
LANG=C is '
LANG=C.UTF-8 is `
Fedora uses C.UTF-8 by default, but my build tooling (and seemingly many
others) are using LANG=en_US.UTF-8 or LANG=C. Specifically, this appears
to be LC_NAME? Fixing now...
--
Kees Cook
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-05 17:36 ` Linus Torvalds
` (2 preceding siblings ...)
2021-09-05 20:52 ` Kees Cook
@ 2021-09-06 5:27 ` Stephen Rothwell
2021-09-06 17:12 ` Kees Cook
3 siblings, 1 reply; 10+ messages in thread
From: Stephen Rothwell @ 2021-09-06 5:27 UTC (permalink / raw)
To: Linus Torvalds
Cc: Kees Cook, Linux Kernel Mailing List, Arnd Bergmann,
Daniel Vetter, Dan Williams, Rasmus Villemoes,
Greg Kroah-Hartman, Gustavo A. R. Silva, Keith Packard,
Nathan Chancellor, Nick Desaulniers, linux-hardening
[-- Attachment #1: Type: text/plain, Size: 657 bytes --]
Hi Linus,
On Sun, 5 Sep 2021 10:36:22 -0700 Linus Torvalds <torvalds@linux-foundation.org> wrote:
>
> On Sun, Sep 5, 2021 at 12:38 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too.
>
> Sadly, I don't think linux-next checks for warnings.
Yes, I do. And report them. I did not get these warnings for some
reason. One of my builds is an X86_64 allmodconfig, currently using
x86_64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-05 18:31 ` Kees Cook
@ 2021-09-06 11:43 ` Mark Brown
2021-09-06 17:19 ` Kees Cook
0 siblings, 1 reply; 10+ messages in thread
From: Mark Brown @ 2021-09-06 11:43 UTC (permalink / raw)
To: Kees Cook
Cc: Linus Torvalds, Linux Kernel Mailing List, Arnd Bergmann,
Daniel Vetter, Dan Williams, Rasmus Villemoes,
Greg Kroah-Hartman, Gustavo A. R. Silva, Keith Packard,
Nathan Chancellor, Nick Desaulniers, linux-hardening
[-- Attachment #1: Type: text/plain, Size: 1324 bytes --]
On Sun, Sep 05, 2021 at 11:31:44AM -0700, Kees Cook wrote:
> On Sun, Sep 05, 2021 at 10:36:22AM -0700, Linus Torvalds wrote:
> > > Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too.
> > Sadly, I don't think linux-next checks for warnings.
> Oh, I thought I'd gotten such reports from sfr before, but certainly the
> 0day bot and others have yelled loudly about new warnings (from earlier
> iterations of this series in -next).
Yes, Stephen will report new warnings in the configs he tested and
there's a bunch of people who like to go around fixing warnings whenever
they do appear though only in the more common configurations.
> > > What was the build environment?
> > This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build.
> Ah, fun. Yeah, I'm behind on versions, it seems. Default gcc version on
> latest stable Ubuntu release is 10.3. I will go retest on the devel
> release.
If you're looking for coverage on this stuff it's also good to check
with clang as well, it's sufficiently different that it often triggers
extra stuff (eg, turning on -Werror broke i386 allmodconfig for clang-10
since that triggers some stack frame size warnings which are now
errors).
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-06 5:27 ` Stephen Rothwell
@ 2021-09-06 17:12 ` Kees Cook
0 siblings, 0 replies; 10+ messages in thread
From: Kees Cook @ 2021-09-06 17:12 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Linus Torvalds, Linux Kernel Mailing List, Arnd Bergmann,
Daniel Vetter, Dan Williams, Rasmus Villemoes,
Greg Kroah-Hartman, Gustavo A. R. Silva, Keith Packard,
Nathan Chancellor, Nick Desaulniers, linux-hardening
On Mon, Sep 06, 2021 at 03:27:31PM +1000, Stephen Rothwell wrote:
> Hi Linus,
>
> On Sun, 5 Sep 2021 10:36:22 -0700 Linus Torvalds <torvalds@linux-foundation.org> wrote:
> >
> > On Sun, Sep 5, 2021 at 12:38 AM Kees Cook <keescook@chromium.org> wrote:
> > >
> > > Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too.
> >
> > Sadly, I don't think linux-next checks for warnings.
>
> Yes, I do. And report them. I did not get these warnings for some
> reason. One of my builds is an X86_64 allmodconfig, currently using
>
> x86_64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110
FWIW, the difference turned out to be LANG=C.UTF-8 in Fedora (vs LANG=C or
LANG=en_US.UTF-8), and the warning analysis being done in the self-tests
I added got unlucky when I tried to avoid setting "LANG". (i.e. I didn't
want to depend on matching English output, and used the trailing "'" in
the function name matcher -- which is a "`" under C.UTF-8.)
This has been fixed now -- I just got fantastically unlucky, it seems,
as literally only Linus appears to have been building with LANG=C.UTF-8.
(None of the other build bots warned about this for the weeks it's been
in -next). :(
--
Kees Cook
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] overflow updates for v5.15-rc1
2021-09-06 11:43 ` Mark Brown
@ 2021-09-06 17:19 ` Kees Cook
0 siblings, 0 replies; 10+ messages in thread
From: Kees Cook @ 2021-09-06 17:19 UTC (permalink / raw)
To: Mark Brown
Cc: Linus Torvalds, Linux Kernel Mailing List, Arnd Bergmann,
Daniel Vetter, Dan Williams, Rasmus Villemoes,
Greg Kroah-Hartman, Gustavo A. R. Silva, Keith Packard,
Nathan Chancellor, Nick Desaulniers, linux-hardening
On Mon, Sep 06, 2021 at 12:43:50PM +0100, Mark Brown wrote:
> If you're looking for coverage on this stuff it's also good to check
> with clang as well, it's sufficiently different that it often triggers
> extra stuff [...]
Yup, I tested across multiple GCC and Clang versions, which is
why the failures came as such a surprise. And specifically, these
overflow changes have been designed with Clang in mind (as well as GCC
obviously). (i.e. see the patch[0] in this series, and the last patch[1]
in the coming series.)
-Kees
[0] https://lore.kernel.org/lkml/20210822075122.864511-17-keescook@chromium.org/
[1] https://lore.kernel.org/lkml/20210818060533.3569517-64-keescook@chromium.org/
--
Kees Cook
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-09-06 17:19 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-03 3:22 [GIT PULL] overflow updates for v5.15-rc1 Kees Cook
2021-09-04 20:47 ` Linus Torvalds
[not found] ` <45312958-B844-4B4C-9808-8205866675A1@chromium.org>
2021-09-05 17:36 ` Linus Torvalds
2021-09-05 18:21 ` Linus Torvalds
2021-09-05 18:31 ` Kees Cook
2021-09-06 11:43 ` Mark Brown
2021-09-06 17:19 ` Kees Cook
2021-09-05 20:52 ` Kees Cook
2021-09-06 5:27 ` Stephen Rothwell
2021-09-06 17:12 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).