init/Kconfig: Lower GCC version check for -Warray-bounds

Message ID 20240223170824.work.768-kees@kernel.org
State New
Headers
Series init/Kconfig: Lower GCC version check for -Warray-bounds |

Commit Message

Kees Cook Feb. 23, 2024, 5:08 p.m. UTC
  We continue to see false positives from -Warray-bounds even in GCC 10,
which is getting reported in a few places[1] still:

security/security.c:811:2: warning: ‘memcpy’ offset 32 is out of the bounds [0, 0] [-Warray-bounds]

Lower the GCC version check from 11 to 10.

Reported-by: Lu Yao <yaolu@kylinos.cn>
Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/
Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.com [1]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Johannes Weiner <hannes@cmpxchg.org>
---
 init/Kconfig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
  

Comments

Paul Moore Feb. 23, 2024, 7:11 p.m. UTC | #1
On Fri, Feb 23, 2024 at 12:08 PM Kees Cook <keescook@chromium.org> wrote:
>
> We continue to see false positives from -Warray-bounds even in GCC 10,
> which is getting reported in a few places[1] still:
>
> security/security.c:811:2: warning: ‘memcpy’ offset 32 is out of the bounds [0, 0] [-Warray-bounds]
>
> Lower the GCC version check from 11 to 10.
>
> Reported-by: Lu Yao <yaolu@kylinos.cn>
> Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/
> Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.com [1]
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> Cc: Masahiro Yamada <masahiroy@kernel.org>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
> Cc: Johannes Weiner <hannes@cmpxchg.org>
> ---
>  init/Kconfig | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

Thanks Kees.

Reviewed-by: Paul Moore <paul@paul-moore.com>
  

Patch

diff --git a/init/Kconfig b/init/Kconfig
index 8d4e836e1b6b..7b352f2943f2 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -867,14 +867,14 @@  config CC_IMPLICIT_FALLTHROUGH
 	default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
 	default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
 
-# Currently, disable gcc-11+ array-bounds globally.
+# Currently, disable gcc-10+ array-bounds globally.
 # It's still broken in gcc-13, so no upper bound yet.
-config GCC11_NO_ARRAY_BOUNDS
+config GCC10_NO_ARRAY_BOUNDS
 	def_bool y
 
 config CC_NO_ARRAY_BOUNDS
 	bool
-	default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS
+	default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS
 
 # Currently, disable -Wstringop-overflow for GCC 11, globally.
 config GCC11_NO_STRINGOP_OVERFLOW