On Tue, Jul 25, 2017 at 5:11 PM, Linus Torvalds <torva...@linux-foundation.org> wrote: > On Tue, Jul 25, 2017 at 4:35 PM, Kees Cook <keesc...@chromium.org> wrote: >> >> In this case, there isn't a sensible way to continue. > > Kees, stop this idiocy already. > > These have been FALSE POSITIVES. They haven't actually been bugs in > the code, they have been bugs in the *checking* code. > > In two years, when this code is actually trusted, that would be one thing.
Okay, fair enough. As long as there is a time horizon where this can operate as an actual runtime protection, I can accept that. > But right now, it's a f*cking disgrace that you are in denial about > the fact that it's the *checking* that is broken, not the code, and > are making excuses for shit. I'm not in denial about that -- I think we just have very different perspectives on this. I sent a bunch of patches to fix all the places where there were false positives being found before this landed; I'm not making excuses and I'm obviously interested in fixing it. > So get rid of the BUG(), and get rid of the excuses. I'll get it fixed up. > We *know* this code is likely to find these kinds of "not really a > bug, but the checker code does something we didn't used to do" > situations. Yup, agreed. We've already fixed a bunch of these, and while this checking would catch some actual security vulnerabilities from the past, I can see your point about its "newness" being too great a risk. -Kees -- Kees Cook Pixel Security
