| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Jan 2023 13:50:12 -0800
From: Kees Cook <keescook@...omium.org>
To: gregkh@...uxfoundation.org, torvalds@...ux-foundation.org
Cc: kees@...nel.org, linux@...ck-us.net, vbabka@...e.cz,
stable-commits@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: Patch "gcc: disable -Warray-bounds for gcc-11 too" has been
added to the 6.1-stable tree
On Thu, Jan 12, 2023 at 01:56:39PM +0100, gregkh@...uxfoundation.org wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> gcc: disable -Warray-bounds for gcc-11 too
>
> to the 6.1-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> gcc-disable-warray-bounds-for-gcc-11-too.patch
> and it can be found in the queue-6.1 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@...r.kernel.org> know about it.
Ugh, please don't include this in -stable. Prior kernel versions don't
show this warning, so why remove coverage there?
>
>
> From 5a41237ad1d4b62008f93163af1d9b1da90729d8 Mon Sep 17 00:00:00 2001
> From: Linus Torvalds <torvalds@...ux-foundation.org>
> Date: Mon, 9 Jan 2023 17:04:49 -0600
> Subject: gcc: disable -Warray-bounds for gcc-11 too
>
> From: Linus Torvalds <torvalds@...ux-foundation.org>
>
> commit 5a41237ad1d4b62008f93163af1d9b1da90729d8 upstream.
>
> We had already disabled this warning for gcc-12 due to bugs in the value
> range analysis, but it turns out we end up having some similar problems
> with gcc-11.3 too, so let's disable it there too.
>
> Older gcc versions end up being increasingly less relevant, and
> hopefully clang and newer version of gcc (ie gcc-13) end up working
> reliably enough that we still get the build coverage even when we
> disable this for some versions.
>
> Link: https://lore.kernel.org/all/20221227002941.GA2691687@roeck-us.net/
> Link: https://lore.kernel.org/all/D8BDBF66-E44C-45D4-9758-BAAA4F0C1998@kernel.org/
> Cc: Kees Cook <kees@...nel.org>
> Cc: Vlastimil Babka <vbabka@...e.cz>
> Cc: Guenter Roeck <linux@...ck-us.net>
> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> ---
> init/Kconfig | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -892,13 +892,17 @@ config CC_IMPLICIT_FALLTHROUGH
> default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
> default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
>
> -# Currently, disable gcc-12 array-bounds globally.
> +# Currently, disable gcc-11,12 array-bounds globally.
> # We may want to target only particular configurations some day.
> +config GCC11_NO_ARRAY_BOUNDS
> + def_bool y
> +
> config GCC12_NO_ARRAY_BOUNDS
> def_bool y
>
> config CC_NO_ARRAY_BOUNDS
> bool
> + default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC_VERSION < 120000 && GCC11_NO_ARRAY_BOUNDS
> default y if CC_IS_GCC && GCC_VERSION >= 120000 && GCC_VERSION < 130000 && GCC12_NO_ARRAY_BOUNDS
Linus, this seems like a really giant hammer for a single warning on a
single architecture for an option that gives us real bug coverage. I'm
not sure GCC 11 will be going away any time soon, either. Can we please
limit this to either just the affected file, or at least just powerpc?
-Kees
--
Kees Cook
Powered by blists - more mailing lists