I think the 'else' added in the proposed patch makes it too complicated
for GCC to optimize out the __attribute__((error)) checks before they're
considered to be errors. It's not needed so it's probably best to just
avoid doing something like that. The runtime checks can't get false
positives from
Hi Kees,
[auto build test ERROR on linus/master]
[also build test ERROR on v4.13-rc2 next-20170726]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Kees-Cook/fortify-Use-WARN-instead-of-BUG-for-n
> Maybe we could do two phases? One to s/BUG/WARN/ and the second to
> improve the message?
s/fortify_panic/fortify_overflow/ + use WARN + remove __noreturn makes
sense as one commit. Still think the *option* of __noreturn + BUG should
be kept there even just for measuring the size overhead. !COMP
On Wed, Jul 26, 2017 at 5:52 AM, Daniel Micay wrote:
> It should just be renamed from fortify_panic -> fortify_error, including
> in arch/x86/boot/compressed/misc.c and arch/x86/boot/compressed/misc.c.
Somehow I missed these. I'll send a v2. I wonder why those didn't trip
in my build...
> It can
On Wed, Jul 26, 2017 at 10:10 AM, Linus Torvalds
wrote:
> On Tue, Jul 25, 2017 at 8:50 PM, Kees Cook wrote:
>> +
>> +void fortify_read_overflow(const char *func)
>> {
>> - pr_emerg("detected buffer overflow in %s\n", name);
>> - BUG();
>> + WARN(1, "detected read beyond size of
On Tue, Jul 25, 2017 at 8:50 PM, Kees Cook wrote:
> +
> +void fortify_read_overflow(const char *func)
> {
> - pr_emerg("detected buffer overflow in %s\n", name);
> - BUG();
> + WARN(1, "detected read beyond size of object passed as 1st parameter
> in %s\n", func);
> }
Side no
It should just be renamed from fortify_panic -> fortify_error, including
in arch/x86/boot/compressed/misc.c and arch/x86/boot/compressed/misc.c.
It can use WARN instead of BUG by with a 'default n', !COMPILE_TEST
option to use BUG again. Otherwise it needs to be patched downstream
when that's wante
While CONFIG_FORTIFY_SOURCE continues to shake out, don't unconditionally
use BUG(), opting instead for WARN(). At the same time, expand the runtime
detection to provide a better hint about what went wrong.
Cc: Daniel Micay
Suggested-by: Linus Torvalds
Signed-off-by: Kees Cook
---
Sending to ak
8 matches
Mail list logo
