lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 9 Jun 2024 08:31:58 +0800
From: Zhouyi Zhou <zhouzhouyi@...il.com>
To: akpm@...ux-foundation.org, pmladek@...e.com, masahiroy@...nel.org, 
	yoann.congal@...le.fr, rdunlap@...radead.org, gustavoars@...nel.org, 
	nphamcs@...il.com, vincent.guittot@...aro.org, linux-kernel@...r.kernel.org, 
	rcu@...r.kernel.org
Subject: Re: [PATCH] init/Kconfig: lower to GCC version 9 check for -Warray-bounds

the patch is incorrect

On Sat, Jun 8, 2024 at 9:40 AM Zhouyi Zhou <zhouzhouyi@...il.com> wrote:
>
> commit 3e00f5802fab ("init/Kconfig: lower GCC version check for -Warray-bounds")
> lowers GCC version check for -Warray-bounds, but I continue to see false positives
> from -Warray-bounds in GCC 9.4.
They are not false positives, GCC 9.4.0 did report the out of bound
array access!
>
> This happens after
> commit b44759705f7d ("bitmap: make bitmap_{get,set}_value8() use bitmap_{read,write}()")
>
> During the rcuturture test in Ubuntu 20.04 GCC 9.4.0 x86_64, the compiling of
rcutorture test
> drivers/gpio/gpio-pca953x.c issues following warning:
>
> ```
>   CC      drivers/gpio/gpio-pca953x.o
> In file included from drivers/gpio/gpio-pca953x.c:12:
> drivers/gpio/gpio-pca953x.c: In function ‘pca953x_probe’:
> ./include/linux/bitmap.h:799:17: error: array subscript [1, 1024] is outside array bounds of ‘long unsigned int[1]’ [-Werror=array-bounds]
>   799 |  map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
>       |                 ^~
> In file included from ./include/linux/atomic.h:5,
>                  from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1015:17: note: while referencing ‘val’
>  1015 |  DECLARE_BITMAP(val, MAX_LINE);
>       |                 ^~~
> ./include/linux/types.h:11:16: note: in definition of macro ‘DECLARE_BITMAP’
>    11 |  unsigned long name[BITS_TO_LONGS(bits)]
>       |                ^~~~
> In file included from drivers/gpio/gpio-pca953x.c:12:
> ./include/linux/bitmap.h:800:17: error: array subscript [1, 1024] is outside array bounds of ‘long unsigned int[1]’ [-Werror=array-bounds]
>   800 |  map[index + 1] |= (value >> space);
>       |  ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
> In file included from ./include/linux/atomic.h:5,
>                  from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1015:17: note: while referencing ‘val’
>  1015 |  DECLARE_BITMAP(val, MAX_LINE);
>       |                 ^~~
> ./include/linux/types.h:11:16: note: in definition of macro ‘DECLARE_BITMAP’
>    11 |  unsigned long name[BITS_TO_LONGS(bits)]
> ```
>
In device_pca957x_init:
```
DECLARE_BITMAP(val, MAX_LINE);
for (i = 0; i < NBANK(chip); i++)
         bitmap_set_value8(val, 0x02, i * BANK_SZ);
```
We can't ensure "i*BANK_SZ" is within "MAX_LINE".
After setting the boundary, GCC no longer emits warnings:
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c
index 77a2812f2974..e40bbd7c83ec 100644
--- a/drivers/gpio/gpio-pca953x.c
+++ b/drivers/gpio/gpio-pca953x.c
@@ -1021,7 +1021,7 @@ static int device_pca957x_init(struct pca953x_chip *chip)
                return ret;

        /* To enable register 6, 7 to control pull up and pull down */
-       for (i = 0; i < NBANK(chip); i++)
+       for (i = 0; i < NBANK(chip) && i < MAX_BANK; i++)
                bitmap_set_value8(val, 0x02, i * BANK_SZ);

The case is similar in drivers/pinctrl/pinctrl-cy8c95x0.c.

I will send another patch to set array access boundaries in the above
two source files.

Sorry for the inconvenience that I brought,
Sorry for the trouble.

Regards
Zhouyi

> Disable gcc-9+ array-bounds avoid above warning.
>
> Signed-off-by: Zhouyi Zhou <zhouzhouyi@...il.com>
> ---
>  init/Kconfig | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/init/Kconfig b/init/Kconfig
> index 72404c1f2157..27ce2ded95b6 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -876,14 +876,14 @@ config CC_IMPLICIT_FALLTHROUGH
>         default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
>         default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
>
> -# Currently, disable gcc-10+ array-bounds globally.
> +# Currently, disable gcc-9+ array-bounds globally.
>  # It's still broken in gcc-13, so no upper bound yet.
> -config GCC10_NO_ARRAY_BOUNDS
> +config GCC9_NO_ARRAY_BOUNDS
>         def_bool y
>
>  config CC_NO_ARRAY_BOUNDS
>         bool
> -       default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS
> +       default y if CC_IS_GCC && GCC_VERSION >= 90000 && GCC9_NO_ARRAY_BOUNDS
>
>  # Currently, disable -Wstringop-overflow for GCC globally.
>  config GCC_NO_STRINGOP_OVERFLOW
> --
> 2.25.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ