Re: Patch "gcc: disable -Warray-bounds for gcc-11 too" has been added to the 6.1-stable tree

Re: Patch "gcc: disable -Warray-bounds for gcc-11 too" has been added to the 6.1-stable tree

[Kees Cook]

On Thu, Jan 12, 2023 at 01:56:39PM +0100, gregkh@linuxfoundation.org wrote:
> 
> This is a note to let you know that I've just added the patch titled
> 
>     gcc: disable -Warray-bounds for gcc-11 too
> 
> to the 6.1-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      gcc-disable-warray-bounds-for-gcc-11-too.patch
> and it can be found in the queue-6.1 subdirectory.
> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@vger.kernel.org> know about it.

Ugh, please don't include this in -stable. Prior kernel versions don't
show this warning, so why remove coverage there?

> 
> 
> From 5a41237ad1d4b62008f93163af1d9b1da90729d8 Mon Sep 17 00:00:00 2001
> From: Linus Torvalds <torvalds@linux-foundation.org>
> Date: Mon, 9 Jan 2023 17:04:49 -0600
> Subject: gcc: disable -Warray-bounds for gcc-11 too
> 
> From: Linus Torvalds <torvalds@linux-foundation.org>
> 
> commit 5a41237ad1d4b62008f93163af1d9b1da90729d8 upstream.
> 
> We had already disabled this warning for gcc-12 due to bugs in the value
> range analysis, but it turns out we end up having some similar problems
> with gcc-11.3 too, so let's disable it there too.
> 
> Older gcc versions end up being increasingly less relevant, and
> hopefully clang and newer version of gcc (ie gcc-13) end up working
> reliably enough that we still get the build coverage even when we
> disable this for some versions.
> 
> Link: https://lore.kernel.org/all/20221227002941.GA2691687@roeck-us.net/
> Link: https://lore.kernel.org/all/D8BDBF66-E44C-45D4-9758-BAAA4F0C1998@kernel.org/
> Cc: Kees Cook <kees@kernel.org>
> Cc: Vlastimil Babka <vbabka@suse.cz>
> Cc: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  init/Kconfig |    6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -892,13 +892,17 @@ config CC_IMPLICIT_FALLTHROUGH
>  	default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
>  	default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
>  
> -# Currently, disable gcc-12 array-bounds globally.
> +# Currently, disable gcc-11,12 array-bounds globally.
>  # We may want to target only particular configurations some day.
> +config GCC11_NO_ARRAY_BOUNDS
> +	def_bool y
> +
>  config GCC12_NO_ARRAY_BOUNDS
>  	def_bool y
>  
>  config CC_NO_ARRAY_BOUNDS
>  	bool
> +	default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC_VERSION < 120000 && GCC11_NO_ARRAY_BOUNDS
>  	default y if CC_IS_GCC && GCC_VERSION >= 120000 && GCC_VERSION < 130000 && GCC12_NO_ARRAY_BOUNDS

Linus, this seems like a really giant hammer for a single warning on a
single architecture for an option that gives us real bug coverage. I'm
not sure GCC 11 will be going away any time soon, either. Can we please
limit this to either just the affected file, or at least just powerpc?

-Kees

-- 
Kees Cook

Re: Patch "gcc: disable -Warray-bounds for gcc-11 too" has been added to the 6.1-stable tree

[Linus Torvalds]

On Thu, Jan 12, 2023 at 3:50 PM Kees Cook <keescook@chromium.org> wrote:
>
> Linus, this seems like a really giant hammer for a single warning on a
> single architecture for an option that gives us real bug coverage. I'm
> not sure GCC 11 will be going away any time soon, either. Can we please
> limit this to either just the affected file, or at least just powerpc?

We did exactly that with the gcc-12 case. Grep for
GCC12_NO_ARRAY_BOUNDS, and see the remaining case on the s390 side,
because initially it was limited to s390.

That was initially thought to be just an issue with gcc not liking how
s390 has special "short" pointers that gcc thought were some kind of
NULL pointer thing and then always considered everything to be
out-of-bounds.

See commit 8b202ee21839 ("s390: disable -Warray-bounds").

... and then a few months later, it turns out that that s390-specific
issue wasn't the only thing wrong with -Warray-bounds, and we disabled
it everywhere.

See commit f0be87c42cbd ("gcc-12: disable '-Warray-bounds' universally
for now").

I'm not going to play this game again. There is nothing that says that
this is powerpc-specific, it's probably just a thing where it triggers
on powerpc for some completely random reason.

And compiler bugs are not some kind of "let's just pray and hope it
doesn't hit us anywhere else". If the compiler is buggy, it's buggy,
and we should make sure we don't hit that bug.

So if you can actually show *why* it happens, and show that yes, this
is limited to only powerpc, then we can revisit.

But right now it seems a matter of "just by luck, we don't hit it
anywhere else", and I'm not interested in playing any more
whack-a-mole with this broken compiler option.

                    Linus

Re: Patch "gcc: disable -Warray-bounds for gcc-11 too" has been added to the 6.1-stable tree

[Kees Cook]

On Thu, Jan 12, 2023 at 05:22:53PM -0600, Linus Torvalds wrote:
> But right now it seems a matter of "just by luck, we don't hit it
> anywhere else", and I'm not interested in playing any more
> whack-a-mole with this broken compiler option.

Okay, understood.

FWIW, I've been tracking these and getting reproducers so they can
get worked on. A few got fixed for GCC 12, and but not enough to turn
-Warray-bounds on there. More were fixed in GCC 13. So far, I'm aware
of these 3 getting fixed since we started trying to enable
-Warray-bounds:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105679
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101419

I recently reported 1:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108306

And these 3 are likely related, but for options we don't yet enable,
but seem to be internal issues with the value range handling (usually
when a sanitizer of one kind or another is enabled):

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97490
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99673
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101778

The powerpc issue hasn't been reported yet. It's my intention to do so
once I can get it minimized.

-- 
Kees Cook

Re: Patch "gcc: disable -Warray-bounds for gcc-11 too" has been added to the 6.1-stable tree

[Kees Cook]

On Thu, Jan 12, 2023 at 04:10:08PM -0800, Kees Cook wrote:
> The powerpc issue hasn't been reported yet. It's my intention to do so
> once I can get it minimized.

I've reproduced the powerpc issue on GCC 11.2+. I don't see it on GCC
12.2+ (with -Warray-bounds forced on). So I've got that going for me,
which is nice.

Anyway, I have high hopes for GCC 13. :)

-Kees

-- 
Kees Cook