lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202311301304.28F0C52BA@keescook>
Date: Thu, 30 Nov 2023 13:07:13 -0800
From: Kees Cook <keescook@...omium.org>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: Masahiro Yamada <masahiroy@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nick Desaulniers <ndesaulniers@...gle.com>,
	Nicolas Schier <nicolas@...sle.eu>, linux-kbuild@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] init: Kconfig: Disable -Wstringop-overflow for
 GCC-11

On Thu, Nov 30, 2023 at 02:52:10PM -0600, Gustavo A. R. Silva wrote:
> -Wstringop-overflow is buggy in GCC-11. Therefore, we should disable

Can you add some links for this? For example, maybe this?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97490

Or discussions from -next builds?

> this option specifically for that compiler version. To achieve this,
> we introduce a new configuration option: GCC11_NO_STRINGOP_OVERFLOW.
> 
> The compiler option related to string operation overflow is now managed
> under configuration CC_STRINGOP_OVERFLOW. This option is enabled by
> default for all other versions of GCC that support it.
> 
> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>

But yeah, let's get this landed to keep new warnings from appearing...

Reviewed-by: Kees Cook <keescook@...omium.org>


> ---
>  Makefile     |  4 +++-
>  init/Kconfig | 12 ++++++++++++
>  2 files changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/Makefile b/Makefile
> index 2cfd71ae3a86..8adc611fb611 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -982,7 +982,9 @@ NOSTDINC_FLAGS += -nostdinc
>  # perform bounds checking.
>  KBUILD_CFLAGS += $(call cc-option, -fstrict-flex-arrays=3)
>  
> -KBUILD_CFLAGS += $(call cc-option, -Wstringop-overflow)
> +#Currently, disable -Wstringop-overflow for GCC 11, globally.
> +KBUILD_CFLAGS-$(CONFIG_CC_NO_STRINGOP_OVERFLOW) += $(call cc-option, -Wno-stringop-overflow)
> +KBUILD_CFLAGS-$(CONFIG_CC_STRINGOP_OVERFLOW) += $(call cc-option, -Wstringop-overflow)
>  
>  # disable invalid "can't wrap" optimizations for signed / pointers
>  KBUILD_CFLAGS	+= -fno-strict-overflow
> diff --git a/init/Kconfig b/init/Kconfig
> index 9ffb103fc927..aaaa99a5d2a9 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -876,6 +876,18 @@ config CC_NO_ARRAY_BOUNDS
>  	bool
>  	default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS
>  
> +# Currently, disable -Wstringop-overflow for GCC 11, globally.
> +config GCC11_NO_STRINGOP_OVERFLOW
> +	def_bool y
> +
> +config CC_NO_STRINGOP_OVERFLOW
> +	bool
> +	default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC_VERSION < 120000 && GCC11_NO_STRINGOP_OVERFLOW
> +
> +config CC_STRINGOP_OVERFLOW
> +	bool
> +	default y if CC_IS_GCC && !CC_NO_STRINGOP_OVERFLOW
> +
>  #
>  # For architectures that know their GCC __int128 support is sound
>  #
> -- 
> 2.34.1
> 

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ