lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 23 Feb 2024 09:08:27 -0800
From: Kees Cook <keescook@...omium.org>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: Kees Cook <keescook@...omium.org>,
	Lu Yao <yaolu@...inos.cn>,
	Paul Moore <paul@...l-moore.com>,
	"Gustavo A . R . Silva" <gustavoars@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Christophe Leroy <christophe.leroy@...roup.eu>,
	Johannes Weiner <hannes@...xchg.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Randy Dunlap <rdunlap@...radead.org>,
	Petr Mladek <pmladek@...e.com>,
	Suren Baghdasaryan <surenb@...gle.com>,
	Marc Aurèle La France <tsi@...oix.net>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Ard Biesheuvel <ardb@...nel.org>,
	Nhat Pham <nphamcs@...il.com>,
	linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org
Subject: [PATCH] init/Kconfig: Lower GCC version check for -Warray-bounds

We continue to see false positives from -Warray-bounds even in GCC 10,
which is getting reported in a few places[1] still:

security/security.c:811:2: warning: ‘memcpy’ offset 32 is out of the bounds [0, 0] [-Warray-bounds]

Lower the GCC version check from 11 to 10.

Reported-by: Lu Yao <yaolu@...inos.cn>
Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/
Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.com [1]
Signed-off-by: Kees Cook <keescook@...omium.org>
---
Cc: Masahiro Yamada <masahiroy@...nel.org>
Cc: Paul Moore <paul@...l-moore.com>
Cc: Gustavo A. R. Silva <gustavoars@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>
Cc: Christophe Leroy <christophe.leroy@...roup.eu>
Cc: Johannes Weiner <hannes@...xchg.org>
---
 init/Kconfig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/init/Kconfig b/init/Kconfig
index 8d4e836e1b6b..7b352f2943f2 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -867,14 +867,14 @@ config CC_IMPLICIT_FALLTHROUGH
 	default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
 	default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
 
-# Currently, disable gcc-11+ array-bounds globally.
+# Currently, disable gcc-10+ array-bounds globally.
 # It's still broken in gcc-13, so no upper bound yet.
-config GCC11_NO_ARRAY_BOUNDS
+config GCC10_NO_ARRAY_BOUNDS
 	def_bool y
 
 config CC_NO_ARRAY_BOUNDS
 	bool
-	default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS
+	default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS
 
 # Currently, disable -Wstringop-overflow for GCC 11, globally.
 config GCC11_NO_STRINGOP_OVERFLOW
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ