[PATCH] gcc4: Disable __compiletime_object_size for GCC 4.6+

[PATCH] gcc4: Disable __compiletime_object_size for GCC 4.6+

[Guenter Roeck]

__builtin_object_size is known to be broken on gcc 4.6+.
See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48880 for details.

This causes unnecssary build warnings and errors such as

In function 'copy_from_user', inlined from 'sb16_copy_from_user'
	at sound/oss/sb_audio.c:878:22:
arch/x86/include/asm/uaccess_32.h:211:26: error: call to 'copy_from_user_overflow'
	declared with attribute error: copy_from_user() buffer size is not provably correct
make[3]: [sound/oss/sb_audio.o] Error 1 (ignored)

Disable it where broken.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
---
 include/linux/compiler-gcc4.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
index 68b162d..842de22 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -13,7 +13,7 @@
 #define __must_check 		__attribute__((warn_unused_result))
 #define __compiler_offsetof(a,b) __builtin_offsetof(a,b)
 
-#if GCC_VERSION >= 40100
+#if GCC_VERSION >= 40100 && GCC_VERSION < 40600
 # define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
 #endif
 
-- 
1.7.9.7

Re: [PATCH] gcc4: Disable __compiletime_object_size for GCC 4.6+

[Kees Cook]

Hi Guenter,

On Fri, Apr 12, 2013 at 07:49:08PM -0700, Guenter Roeck wrote:
> __builtin_object_size is known to be broken on gcc 4.6+.
> See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48880 for details.
> 
> This causes unnecssary build warnings and errors such as
> 
> In function 'copy_from_user', inlined from 'sb16_copy_from_user'
> 	at sound/oss/sb_audio.c:878:22:
> arch/x86/include/asm/uaccess_32.h:211:26: error: call to 'copy_from_user_overflow'
> 	declared with attribute error: copy_from_user() buffer size is not provably correct
> make[3]: [sound/oss/sb_audio.o] Error 1 (ignored)
> 
> Disable it where broken.

Is there an alternative? This means that things like
DEBUG_STRICT_USER_COPY_CHECKS are being rendered useless. I don't think
this is _always_ broken, just under certain situations, right?

-Kees

> 
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
> ---
>  include/linux/compiler-gcc4.h |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
> index 68b162d..842de22 100644
> --- a/include/linux/compiler-gcc4.h
> +++ b/include/linux/compiler-gcc4.h
> @@ -13,7 +13,7 @@
>  #define __must_check 		__attribute__((warn_unused_result))
>  #define __compiler_offsetof(a,b) __builtin_offsetof(a,b)
>  
> -#if GCC_VERSION >= 40100
> +#if GCC_VERSION >= 40100 && GCC_VERSION < 40600
>  # define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
>  #endif
>  
> -- 
> 1.7.9.7
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

-- 
Kees Cook
Chrome OS Security

Re: [PATCH] gcc4: Disable __compiletime_object_size for GCC 4.6+

[Guenter Roeck]

On Wed, Nov 13, 2013 at 10:39:13AM -0800, Kees Cook wrote:
> Hi Guenter,
> 
> On Fri, Apr 12, 2013 at 07:49:08PM -0700, Guenter Roeck wrote:
> > __builtin_object_size is known to be broken on gcc 4.6+.
> > See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48880 for details.
> > 
> > This causes unnecssary build warnings and errors such as
> > 
> > In function 'copy_from_user', inlined from 'sb16_copy_from_user'
> > 	at sound/oss/sb_audio.c:878:22:
> > arch/x86/include/asm/uaccess_32.h:211:26: error: call to 'copy_from_user_overflow'
> > 	declared with attribute error: copy_from_user() buffer size is not provably correct
> > make[3]: [sound/oss/sb_audio.o] Error 1 (ignored)
> > 
> > Disable it where broken.
> 
> Is there an alternative? This means that things like
> DEBUG_STRICT_USER_COPY_CHECKS are being rendered useless. I don't think
> this is _always_ broken, just under certain situations, right?
> 
There was a recent proposal to address the problem differently and then revert
this patch. Not sure what happened with it. I can try digging it up if necessary.

Guenter

Re: [PATCH] gcc4: Disable __compiletime_object_size for GCC 4.6+

[H. Peter Anvin]

On 11/13/2013 10:39 AM, Kees Cook wrote:
> Hi Guenter,
> 
> On Fri, Apr 12, 2013 at 07:49:08PM -0700, Guenter Roeck wrote:
>> __builtin_object_size is known to be broken on gcc 4.6+.
>> See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48880 for details.
>>
>> This causes unnecssary build warnings and errors such as
>>
>> In function 'copy_from_user', inlined from 'sb16_copy_from_user'
>> 	at sound/oss/sb_audio.c:878:22:
>> arch/x86/include/asm/uaccess_32.h:211:26: error: call to 'copy_from_user_overflow'
>> 	declared with attribute error: copy_from_user() buffer size is not provably correct
>> make[3]: [sound/oss/sb_audio.o] Error 1 (ignored)
>>
>> Disable it where broken.
> 
> Is there an alternative? This means that things like
> DEBUG_STRICT_USER_COPY_CHECKS are being rendered useless. I don't think
> this is _always_ broken, just under certain situations, right?
> 

It would be one thing to block it for, say, gcc 4.6 and 4.7 only, but
without an upper cap I don't think this is at all okay.

	-hpa

Re: [PATCH] gcc4: Disable __compiletime_object_size for GCC 4.6+

[Guenter Roeck]

On Wed, Nov 13, 2013 at 12:57:13PM -0800, H. Peter Anvin wrote:
> On 11/13/2013 10:39 AM, Kees Cook wrote:
> > Hi Guenter,
> > 
> > On Fri, Apr 12, 2013 at 07:49:08PM -0700, Guenter Roeck wrote:
> >> __builtin_object_size is known to be broken on gcc 4.6+.
> >> See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48880 for details.
> >>
> >> This causes unnecssary build warnings and errors such as
> >>
> >> In function 'copy_from_user', inlined from 'sb16_copy_from_user'
> >> 	at sound/oss/sb_audio.c:878:22:
> >> arch/x86/include/asm/uaccess_32.h:211:26: error: call to 'copy_from_user_overflow'
> >> 	declared with attribute error: copy_from_user() buffer size is not provably correct
> >> make[3]: [sound/oss/sb_audio.o] Error 1 (ignored)
> >>
> >> Disable it where broken.
> > 
> > Is there an alternative? This means that things like
> > DEBUG_STRICT_USER_COPY_CHECKS are being rendered useless. I don't think
> > this is _always_ broken, just under certain situations, right?
> > 
> 
> It would be one thing to block it for, say, gcc 4.6 and 4.7 only, but
> without an upper cap I don't think this is at all okay.
> 
Also please have a look into https://lkml.org/lkml/2013/10/21/52.
That patch has been accepted (3df7b41aa5e); maybe above commit
(2fb0815c9) is now unnecessary and can be reverted.

I don't know about parisc (Jan was concerned about that), but at least
on x86 I don't see above warning anymore after reverting my patch.

Guenter