* [PATCH] init/Kconfig: Lower GCC version check for -Warray-bounds
@ 2024-02-23 17:08 Kees Cook
2024-02-23 19:11 ` Paul Moore
0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2024-02-23 17:08 UTC (permalink / raw)
To: Masahiro Yamada
Cc: Kees Cook, Lu Yao, Paul Moore, Gustavo A . R . Silva,
Nathan Chancellor, Christophe Leroy, Johannes Weiner,
Andrew Morton, Randy Dunlap, Petr Mladek, Suren Baghdasaryan,
Marc Aurèle La France, Greg Kroah-Hartman, Ard Biesheuvel,
Nhat Pham, linux-kernel, linux-hardening
We continue to see false positives from -Warray-bounds even in GCC 10,
which is getting reported in a few places[1] still:
security/security.c:811:2: warning: ‘memcpy’ offset 32 is out of the bounds [0, 0] [-Warray-bounds]
Lower the GCC version check from 11 to 10.
Reported-by: Lu Yao <yaolu@kylinos.cn>
Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/
Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.com [1]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Johannes Weiner <hannes@cmpxchg.org>
---
init/Kconfig | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index 8d4e836e1b6b..7b352f2943f2 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -867,14 +867,14 @@ config CC_IMPLICIT_FALLTHROUGH
default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
-# Currently, disable gcc-11+ array-bounds globally.
+# Currently, disable gcc-10+ array-bounds globally.
# It's still broken in gcc-13, so no upper bound yet.
-config GCC11_NO_ARRAY_BOUNDS
+config GCC10_NO_ARRAY_BOUNDS
def_bool y
config CC_NO_ARRAY_BOUNDS
bool
- default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS
+ default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS
# Currently, disable -Wstringop-overflow for GCC 11, globally.
config GCC11_NO_STRINGOP_OVERFLOW
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] init/Kconfig: Lower GCC version check for -Warray-bounds
2024-02-23 17:08 [PATCH] init/Kconfig: Lower GCC version check for -Warray-bounds Kees Cook
@ 2024-02-23 19:11 ` Paul Moore
0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2024-02-23 19:11 UTC (permalink / raw)
To: Kees Cook
Cc: Masahiro Yamada, Lu Yao, Gustavo A . R . Silva, Nathan Chancellor,
Christophe Leroy, Johannes Weiner, Andrew Morton, Randy Dunlap,
Petr Mladek, Suren Baghdasaryan, Marc Aurèle La France,
Greg Kroah-Hartman, Ard Biesheuvel, Nhat Pham, linux-kernel,
linux-hardening
On Fri, Feb 23, 2024 at 12:08 PM Kees Cook <keescook@chromium.org> wrote:
>
> We continue to see false positives from -Warray-bounds even in GCC 10,
> which is getting reported in a few places[1] still:
>
> security/security.c:811:2: warning: ‘memcpy’ offset 32 is out of the bounds [0, 0] [-Warray-bounds]
>
> Lower the GCC version check from 11 to 10.
>
> Reported-by: Lu Yao <yaolu@kylinos.cn>
> Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/
> Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.com [1]
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> Cc: Masahiro Yamada <masahiroy@kernel.org>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
> Cc: Johannes Weiner <hannes@cmpxchg.org>
> ---
> init/Kconfig | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
Thanks Kees.
Reviewed-by: Paul Moore <paul@paul-moore.com>
--
paul-moore.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-23 19:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-23 17:08 [PATCH] init/Kconfig: Lower GCC version check for -Warray-bounds Kees Cook
2024-02-23 19:11 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox