From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FF9FC433E1 for ; Tue, 18 Aug 2020 19:21:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1F87E2078D for ; Tue, 18 Aug 2020 19:21:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="fdirQtS3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726651AbgHRTV6 (ORCPT ); Tue, 18 Aug 2020 15:21:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41778 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726435AbgHRTVz (ORCPT ); Tue, 18 Aug 2020 15:21:55 -0400 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93323C061389 for ; Tue, 18 Aug 2020 12:21:54 -0700 (PDT) Received: by mail-pg1-x542.google.com with SMTP id x6so10192619pgx.12 for ; Tue, 18 Aug 2020 12:21:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=zqSUjfhetXa5IuRw9JeF+TW2/+QsT5+pQU8GGaPMx7M=; b=fdirQtS35bnk6l7y3oW8Lw0Cg/XmLySVy6zO41Bo0Jky1Yq7FjctMNf30HUh477Q0+ k6bc/NwkvecrpTp319yOav2wSqUK7Y/7nyq8iWZrm1pDxIhDit1RZAWjuv/9EcNrcDYK Z8IwnKbdRyVfphkNX5Weqbt3bjg5GNhOj2mdI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=zqSUjfhetXa5IuRw9JeF+TW2/+QsT5+pQU8GGaPMx7M=; b=P6Xda0R2dXwrenfxhAfMpl9POMGLTZdWDu+1OdrRwO+q15ZHa701ND+xqSDkpgZUL0 HvvxW46x43HzYWJJ2yEcdl/6EwJjH/4dwc1MADM05YfVJjJlNb07Mx6CY0PSipWwAJ4m dpegVdZXKGqkhN89p5GjVx7PLMf1iJftGYgqGEnCH/nkMD3M/y/7rMvO3EhbPD8fVnpv QnK/lbAF0q7Nrpiq1l4OQdkHRJUZNS8/q1U9T6aAbB9QHV44k86B3/RL9GgsqX1Drdzr +dc1Co1ymzvekjh5j+8Icq/lpNYru3oJEFVK8FgqD7ErbSg2tozm1eKbg1KQhRCbkgyL ZJGA== X-Gm-Message-State: AOAM531huFqzAqZCfc1cDAwyB7luZtu+IrFccbbtnxY55taJYxZIDlmy MCuIaZjpZGtpLou6a87GjH1zLA== X-Google-Smtp-Source: ABdhPJzQiR6xAc8WKkbKdUhnnyT4rO2YXcWUvPMo/Nnf80Lz9eP5MKsknobJ4DFtPnQJPH3UbCvtvQ== X-Received: by 2002:aa7:984e:: with SMTP id n14mr16437303pfq.272.1597778514020; Tue, 18 Aug 2020 12:21:54 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id n26sm24981410pff.30.2020.08.18.12.21.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Aug 2020 12:21:52 -0700 (PDT) Date: Tue, 18 Aug 2020 12:21:51 -0700 From: Kees Cook To: "H. Peter Anvin" Cc: Nick Desaulniers , Masahiro Yamada , Andrew Morton , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Michal Marek , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, Tony Luck , Dmitry Vyukov , Michael Ellerman , Joe Perches , Joel Fernandes , Daniel Axtens , Arvind Sankar , Andy Shevchenko , Alexandru Ardelean , Yury Norov , x86@kernel.org, Ard Biesheuvel , "Paul E . McKenney" , Daniel Kiper , Bruce Ashfield , Marco Elver , Vamshi K Sthambamkadi , Andi Kleen , Linus Torvalds , =?iso-8859-1?Q?D=E1vid_Bolvansk=FD?= , Eli Friedman , stable@vger.kernel.org, Sami Tolvanen Subject: Re: [PATCH 1/4] Makefile: add -fno-builtin-stpcpy Message-ID: <202008181214.5C736E7@keescook> References: <20200817220212.338670-1-ndesaulniers@google.com> <20200817220212.338670-2-ndesaulniers@google.com> <82bbeff7-acc3-410c-9bca-3644b141dc1a@zytor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <82bbeff7-acc3-410c-9bca-3644b141dc1a@zytor.com> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Mon, Aug 17, 2020 at 03:31:26PM -0700, H. Peter Anvin wrote: > On 2020-08-17 15:02, Nick Desaulniers wrote: > > LLVM implemented a recent "libcall optimization" that lowers calls to > > `sprintf(dest, "%s", str)` where the return value is used to > > `stpcpy(dest, str) - dest`. This generally avoids the machinery involved > > in parsing format strings. This optimization was introduced into > > clang-12. Because the kernel does not provide an implementation of > > stpcpy, we observe linkage failures for almost all targets when building > > with ToT clang. > > > > The interface is unsafe as it does not perform any bounds checking. > > Disable this "libcall optimization" via `-fno-builtin-stpcpy`. > > > > Unlike > > commit 5f074f3e192f ("lib/string.c: implement a basic bcmp") > > which cited failures with `-fno-builtin-*` flags being retained in LLVM > > LTO, that bug seems to have been fixed by > > https://reviews.llvm.org/D71193, so the above sha can now be reverted in > > favor of `-fno-builtin-bcmp`. > > > > stpcpy() and (to a lesser degree) mempcpy() are fairly useful routines > in general. Perhaps we *should* provide them? As Nick mentioned, I really don't want to expand the already bad interfaces from libc. We have enough messes to clean up already, and I don't want to add more. The kernel already uses a subset of C, we have (several) separate non-libc memory allocators, we're using strscpy() and scnprintf() widely in favor of their buggy libc counterparts, etc. We don't need to match the libc string interfaces especially when they're arguably bug-prone foot-guns. :) -- Kees Cook