Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751901AbdGZAiO (ORCPT <rfc822;w@1wt.eu>);
        Tue, 25 Jul 2017 20:38:14 -0400
Received: from mail-it0-f45.google.com ([209.85.214.45]:35685 "EHLO
        mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751210AbdGZAiN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 25 Jul 2017 20:38:13 -0400
MIME-Version: 1.0
In-Reply-To: <CA+55aFwZUzAkiv4tkO1r9eoqQcO9uyFnqQbMp=QKRvhCbR-FfQ@mail.gmail.com>
References: <20170720014238.GH27396@yexl-desktop> <CA+55aFwuebKQ0-sAiRJWpMcaVJ8MjXvCg56DO5q8jMiPDXvc8A@mail.gmail.com>
 <CAGXu5jKxBsJGQHx4Wx24iOBZy5raf0s0iDJ2J+EQOGTrVx9-nw@mail.gmail.com> <CA+55aFwZUzAkiv4tkO1r9eoqQcO9uyFnqQbMp=QKRvhCbR-FfQ@mail.gmail.com>
From: Kees Cook <keescook@chromium.org>
Date: Tue, 25 Jul 2017 17:38:11 -0700
X-Google-Sender-Auth: rIJ-JcSCCMlquh5TNzo7g9qeQLQ
Message-ID: <CAGXu5j+=WqBwLu3L8Um=5jfT=KOZX-GP0Nn1A9b8VZrYgiE+8Q@mail.gmail.com>
Subject: Re: [lkp-robot] [include/linux/string.h] 6974f0c455: kernel_BUG_at_lib/string.c
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: kernel test robot <xiaolong.ye@intel.com>,
        Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>,
        Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Daniel Micay <danielmicay@gmail.com>, Arnd Bergmann <arnd@arndb.de>,
        Mark Rutland <mark.rutland@arm.com>, Daniel Axtens <dja@axtens.net>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Chris Metcalf <cmetcalf@ezchip.com>,
        Thomas Gleixner <tglx@linutronix.de>, "H. Peter Anvin" <hpa@zytor.com>,
        Ingo Molnar <mingo@elte.hu>, Andrew Morton <akpm@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>, LKP <lkp@01.org>,
        Joe Perches <joe@perches.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1508
Lines: 42

On Tue, Jul 25, 2017 at 5:11 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Tue, Jul 25, 2017 at 4:35 PM, Kees Cook <keescook@chromium.org> wrote:
>>
>> In this case, there isn't a sensible way to continue.
>
> Kees, stop this idiocy already.
>
> These have been FALSE POSITIVES. They haven't actually been bugs in
> the code, they have been bugs in the *checking* code.
>
> In two years, when this code is actually trusted, that would be one thing.

Okay, fair enough. As long as there is a time horizon where this can
operate as an actual runtime protection, I can accept that.

> But right now, it's a f*cking disgrace that you are in denial about
> the fact that it's the *checking* that is broken, not the code, and
> are making excuses for shit.

I'm not in denial about that -- I think we just have very different
perspectives on this. I sent a bunch of patches to fix all the places
where there were false positives being found before this landed; I'm
not making excuses and I'm obviously interested in fixing it.

> So get rid of the BUG(), and get rid of the excuses.

I'll get it fixed up.

> We *know* this code is likely to find these kinds of "not really a
> bug, but the checker code does something we didn't used to do"
> situations.

Yup, agreed. We've already fixed a bunch of these, and while this
checking would catch some actual security vulnerabilities from the
past, I can see your point about its "newness" being too great a risk.

-Kees

-- 
Kees Cook
Pixel Security