Message ID | 202203251443.9BBADFD98@keescook (mailing list archive) |
---|---|
State | Mainlined |
Headers | show |
Series | [GIT,PULL] FORTIFY_SOURCE updates for v5.18-rc1 | expand |
On Fri, Mar 25, 2022 at 3:03 PM Kees Cook <keescook@chromium.org> wrote: > > It looks like all the dependent trees with related buffer fixes have been > merged (I was waiting for the scsi tree to get pulled). This has been > in -next for almost 2 development cycles, and I did overnight build > testing merged against your tree under the following combinations, > with no new warnings (there is one Clang 14+ specific issue in > drivers/net/ethernet/huawei/hinic that we're still tracking down as a > likely compiler regression[1]): So how much of this is _completely_ compile-time? Right now it looks to me like FORTIFY_SOURCE ends up doing two things - added runtime checking based on compile-time sizes - compile-time errors How hard would it be to separate the two issues out? Because if all the compiler issues and warnings have been sorted out, it sounds to me like the compile-time side could/should be done unconditionally if there are no runtime downsides. Hmm? Linus
On Sat, Mar 26, 2022 at 12:29 PM Linus Torvalds <torvalds@linux-foundation.org> wrote: > > Because if all the compiler issues and warnings have been sorted out, > it sounds to me like the compile-time side could/should be done > unconditionally if there are no runtime downsides. .. or do the existing compiler warnings for the builtins already cover all cases, and the only reason the fortify-source code has compile-time warnings is that the option takes over the builtins? So maybe there's no upside to the fortify-source code for that case? Linus
The pull request you sent on Fri, 25 Mar 2022 15:03:43 -0700:
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/memcpy-v5.18-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/4be240b18aa67b1144af546bea2d7cad1b75c19b
Thank you!
On Sat, Mar 26, 2022 at 12:40:18PM -0700, Linus Torvalds wrote: > On Sat, Mar 26, 2022 at 12:29 PM Linus Torvalds > <torvalds@linux-foundation.org> wrote: > > > > Because if all the compiler issues and warnings have been sorted out, > > it sounds to me like the compile-time side could/should be done > > unconditionally if there are no runtime downsides. Yeah, I'd like to do this. The way the header files are currently split up makes this slightly weird, and there have been issues with some arch/compiler combinations, so it's not quite as cut-and-dried as I'd like. I'll investigate what it could look like. > .. or do the existing compiler warnings for the builtins already cover > all cases, and the only reason the fortify-source code has > compile-time warnings is that the option takes over the builtins? This mostly depends on the compiler version, and they often overlap, but the new FORTIFY logic tends to be more strict (where possible) and is more consistent; I view the two diagnostic capabilities as complementary.