Re: mainline build failure due to 281d0c962752 ("fortify: Add Clang support")
From: Josh Poimboeuf
Date: Wed Jun 29 2022 - 12:34:07 EST
On Wed, Jun 29, 2022 at 09:08:20AM -0700, Linus Torvalds wrote:
> On Tue, Jun 28, 2022 at 3:43 PM Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
> >
> > So, something like this:
>
> No, clang should just be fixed.
>
> These UBSAN reports should usually be WARN_ON_ONCE.
>
> It's all the same issues we've had before: causing a panic will just
> kill the machine, and gets us fewer reports.
>
> Now, UBSAN is something that presumably normal people don't actually
> run on real hardware, so it's probably less of a deal than some. But
> hey, maybe somebody wants to actually run an UBSAN kernel on a real
> load with a full accelerated graphical UI and real drivers: a panic
> may end up killing the kernel, and there you sit, with a dead machine
> and no idea what went wrong.
>
> So the whole "panic if UBSAN reports something" is COMPLETE GARBAGE.
> It actually makes the whole point of running UBSAN go away. You *lose*
> coverage.
>
> So please don't make the kernel worse because clang got something like
> this wrong.
>
> Just fix clang.
>
> And fix your mindset.
Yeah, good point. All the other UBSAN handlers (other than builtin
unreachable) try to recover. There's nothing special about divrem
overflow which requires it to be fatal.
So clang needs to stop assuming the divrem overflow handler is noreturn.
--
Josh