[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] subdom: Fix -Werror=address failure in tmp_emulator


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 4 Aug 2023 10:29:33 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H+qOK9cx+4ZjG6NCincp5adHyETuhf+yKMXpcOoYjUg=; b=lO+7utAJod30CXYvHdp0m6erJaVS+H82mFoO9UiDTzN0pDYZx2kkFibwiW73ofz5PnRodrTBxXIfU4AMIfeMxVZMaI82dXKIyyoEjMRyhwsFFAWF12zC3jHFKeXlBGj2MZAThqH8BnkjLCvC5bnFwWfgAty8Y6jAuFQK2S4R+CFUK5DJ7P+CWeYbPV5+e9mWAe4uVKbbvCURF5FoUMp4DBkY8U89AUGoyJx8x7Ej8yaUToXP2chMfqLdSJFB7KlZf3TP+d+peg7snUCYFRWH0sxncacKAUYNpHghopoT1ctjkUqGaay8qAJiZrt1GYlCQNKDudULXY7UDBq51A9Snw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XCHC5+ByiMpkKPCPNOADNI5soEaEh4hU41dWHd+xfeyTKnL4M2psJVRAG71uzu3hSqCEKzEi16RlpmJFzOnkuSPQT+JflKw1PFdMUUI6mQpXkMhk3TPaDNxuhIipgI5X3Ip6fuoHfMubOaEeaSU1JdBcvrlmXkAE/vCS5tZeuaBPyd9qV6FYlQ8DqwkpLgJKfhpY8WRgAU/9pbYTf+O94ebd2vaNzjWndLMh80Y4uyRcKo4VRg9McJ8JKuA9GGghx1ilCfUkr6qG1R6h40Ll83sgRg+GVXoFHrlDEnF2KcpVhf1O4t7uy3yiGSc/Yh2H0+v1h9lQGcB1WIOItH1tbw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 04 Aug 2023 09:30:12 +0000
  • Ironport-data: A9a23:hFpuyKIIXSOBH9D7FE+Rh5UlxSXFcZb7ZxGr2PjKsXjdYENS0TIEz WVKUG/QbPaCZWGhKohxPIWz80MBvsWDmNVnHAZlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpKrfrawP9TlK6q4mhA7gRiPakjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5WAj5t7 PI5eAlcVTmhjdyIxY+WQ7RF05FLwMnDZOvzu1lG5BSAVbMMZ8+GRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/VvpTGLkmSd05C0WDbRUvWMSd9YgQCzo WXe8n6iKhobKMae2XyO9XfEaurnxHqrBdtISOfknhJsqG+v92lQWTMRbkGm/eWzpRWkeNcBO 1NBr0LCqoB3riRHVOLVXRe1vXqFtR40QMdLHqsx7wTl4rHP/w+TC2wATzhAQN8rrsk7QXotz FDht8ztLSxitvuSU3313rWJqTK/PwAFIGlEYjULJSMH7MPku5oblQ/UQ5BoF6vdptj8AzT52 T2JhCk4mbQIjMQP2rm7/FbImDalrN7CSQtdzgfeWG6//x56TIGgbo2sr1Pc6J5oIJ6CS1idv FANg8WE8P0VFpaJiTCMR+MWWrqu4p6tOz3GgEVzGIEh+i7r5DioeYlK4xlxIU5oNoAPfjqBS F/ev0Zd6YFeOFOubLRreMShBsIy16/iGN/5EPfOYbJzjoNZcQaG+GRkYxGW1mW0yEw0y/hnZ 9GcbNqmCmscBeJ/1j2qSuwB0LgtgCcj2WfUQpO9xBOiuVaDWEOopX4+GAPmRogEAGms8W05L /432xO29ihi
  • Ironport-hdrordr: A9a23:HNYX7qyQBqvv5rB1ylSVKrPxMegkLtp133Aq2lEZdPULSKGlfp GV9sjziyWetN9wYh4dcB67SdC9qADnhPlICO4qTMqftWjdyRGVxeRZgbcKrAeQeBEWmtQtsJ uINpIOc+EYbmIK8/oSgjPZLz9I+rDunsGVbKXlvg9QpGlRGt5dBmxCe2Km+yNNNW977NYCZf ihDp0tnUvdRZ1bVLXyOpFDNNKz1eHjpdbDW1orFhQn4A6BgXeB76P7KQGR2lMzQi5C2rAr9E nCikjc6r+4u/+25xfA3yuLhq4m1OfJ+59mPoihm8IVIjLjhkKBY5lgYaSLuHQYsfyi81Ejlf jLulMFM95o433cU2mpqV/G2hXm0hwp93j+oGXozEfLkIjcfnYXGsBBjYVWfl/w7Fchhsh11O Zu03iCv5RaIBvclGCljuK4HS1Cpw6Rmz4PgOQTh3tQXc83b6JQl5UW+AdwHI0bFCz3xYg7GK 1FDd3a5txRbVSGBkqp9VVH8ZiJZDAeDx2GSk8Ntoi81CVXpmlwyw8iyMkWjh47heUAYqgBw9 6BHrVjlblIQMNTR7l6Hv09Tcy+DXGIaQ7QMUqJSG6XVJ0vCjbokdra8b817OaldNgj150pgq nMV1teqCobZ1/uM8uTx5dGmyq9AVlVZQ6diP222qIJ/4EVHNHQQGm+oREV4oWdSswkc47ms6 3ZAuMQPxfhRVGebbqhkTeOHaW6EkNuI/H9iuxLKm5mnfi7WrECltarBso7d4CdWAoMayfYPk YpegTVCYFp0n2LM0WI9SQ5HUmdNXDCwQ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 04/08/2023 8:23 am, Jan Beulich wrote:
> On 03.08.2023 22:36, Andrew Cooper wrote:
>> The opensuse-tumbleweed build jobs currently fail with:
>>
>>   /builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c: In 
>> function 'rsa_private':
>>   /builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c:56:7: 
>> error: the comparison will always evaluate as 'true' for the address of 'p' 
>> will never be NULL [-Werror=address]
>>      56 |   if (!key->p || !key->q || !key->u) {
>>         |       ^
>>   In file included from 
>> /builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c:17:
>>   /builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.h:28:12: 
>> note: 'p' declared here
>>      28 |   tpm_bn_t p;
>>         |            ^
>>
>> This is because all tpm_bn_t's are 1-element arrays (of either a GMP or
>> OpenSSL BIGNUM flavour).  The author was probably meaning to do value checks,
>> but that's not what the code does.
> Looking at the code, I'm not sure about this. There could as well have been
> the intention to allow pointers there, then permitting them to be left at
> NULL. Who knows where that code came from originally.

Do you agree that the patch is no function change, or are you saying
that you think I got some of my analysis wrong?

>
>> Adjust it to compile.  No functional change.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> ---
>> CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
>> CC: Jan Beulich <JBeulich@xxxxxxxx>
>> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
>> CC: Wei Liu <wl@xxxxxxx>
>> CC: Julien Grall <julien@xxxxxxx>
>> CC: Juergen Gross <jgross@xxxxxxxx>
>> CC: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
>> CC: Jason Andryuk <jandryuk@xxxxxxxxx>
>> CC: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>> CC: Christopher Clark <christopher.w.clark@xxxxxxxxx>
>>
>> While I've confirmed this to fix the build issue:
>>
>>   https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/955160430
>>
>> I'm -1 overall to the change, and would prefer to disable vtpm-stubdom
>> entirely.
>>
>> It's TPM 1.2 only, using decades-old libs, and some stuff in the upstream
>> https://github.com/PeterHuewe/tpm-emulator (which is still abandaonded as of
>> 2018) is just as concerning as the basic error here in rsa_private().
>>
>> vtpm-stubdom isn't credibly component of a Xen system, and we're wasting 
>> loads
>> of CI cycles testing it...
> Question is whether people might be using it, and I'm afraid that's a
> question we can't answer. Would it be an alternative to disable vtpm in
> this container's stubdom configure invocation? Obviously as other
> containers have their compilers updated, the same issue may surface
> there then ...

Well that's why I CC'd some of the usual suspects, but all I'm
suggesting (for now) is that we turn it off by default.

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.