This is a note to let you know that I've just added the patch titled
init/Kconfig: lower GCC version check for -Warray-bounds
to the 6.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
init-kconfig-lower-gcc-version-check-for-warray-bounds.patch
and it can be found in the queue-6.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 3e00f5802fabf2f504070a591b14b648523ede13 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Fri, 23 Feb 2024 09:08:27 -0800
Subject: init/Kconfig: lower GCC version check for -Warray-bounds
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Kees Cook <keescook@xxxxxxxxxxxx>
commit 3e00f5802fabf2f504070a591b14b648523ede13 upstream.
We continue to see false positives from -Warray-bounds even in GCC 10,
which is getting reported in a few places[1] still:
security/security.c:811:2: warning: `memcpy' offset 32 is out of the bounds [0, 0] [-Warray-bounds]
Lower the GCC version check from 11 to 10.
Link: https://lkml.kernel.org/r/20240223170824.work.768-kees@xxxxxxxxxx
Reported-by: Lu Yao <yaolu@xxxxxxxxxx>
Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@xxxxxxxxxx/
Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@xxxxxxxxxxxxx [1]
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Cc: Ard Biesheuvel <ardb@xxxxxxxxxx>
Cc: Christophe Leroy <christophe.leroy@xxxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: "Gustavo A. R. Silva" <gustavoars@xxxxxxxxxx>
Cc: Johannes Weiner <hannes@xxxxxxxxxxx>
Cc: Marc Aurèle La France <tsi@xxxxxxxxxx>
Cc: Masahiro Yamada <masahiroy@xxxxxxxxxx>
Cc: Nathan Chancellor <nathan@xxxxxxxxxx>
Cc: Nhat Pham <nphamcs@xxxxxxxxx>
Cc: Petr Mladek <pmladek@xxxxxxxx>
Cc: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Cc: Suren Baghdasaryan <surenb@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
init/Kconfig | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -876,14 +876,14 @@ config CC_IMPLICIT_FALLTHROUGH
default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
-# Currently, disable gcc-11+ array-bounds globally.
+# Currently, disable gcc-10+ array-bounds globally.
# It's still broken in gcc-13, so no upper bound yet.
-config GCC11_NO_ARRAY_BOUNDS
+config GCC10_NO_ARRAY_BOUNDS
def_bool y
config CC_NO_ARRAY_BOUNDS
bool
- default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS
+ default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS
#
# For architectures that know their GCC __int128 support is sound
Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are
queue-6.7/init-kconfig-lower-gcc-version-check-for-warray-bounds.patch
queue-6.7/xfrm-avoid-clang-fortify-warning-in-copy_to_user_tmpl.patch
queue-6.7/selftests-mqueue-set-timeout-to-180-seconds.patch
queue-6.7/landlock-warn-once-if-a-landlock-action-is-requested.patch
