From patchwork Thu Aug 26 05:04:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12459105 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 736A7C4320A for ; Thu, 26 Aug 2021 05:05:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 56317610A6 for ; Thu, 26 Aug 2021 05:05:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238262AbhHZFFt (ORCPT ); Thu, 26 Aug 2021 01:05:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238002AbhHZFFs (ORCPT ); Thu, 26 Aug 2021 01:05:48 -0400 Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 319FAC0613D9 for ; Wed, 25 Aug 2021 22:05:02 -0700 (PDT) Received: by mail-pg1-x535.google.com with SMTP id k24so2051214pgh.8 for ; Wed, 25 Aug 2021 22:05:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H+ke82JqnNzuF+ETLARNzezEA9Zqm2D4YO8akYC5ijQ=; b=TXfA89AwrHNBCE0emeWk24ecxJ5IcsflSZCiMHER4Vz/S6r2VxQGH+ZyLfhNaiGz2X 8hn6ZM+WaZgk8lsalj+53TMWoYSZihHlWGdPZZQ2Lk7u4nLLuXnHnUhhUYlLqCs+ltCD YCETgE3Vuy9QfKCuisQgOQr6bNjw6Az3WpSOo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H+ke82JqnNzuF+ETLARNzezEA9Zqm2D4YO8akYC5ijQ=; b=bqTxTKvdm1lC2Qg4sYHVHOoALW9FzoDQmiiIUoDagy/ryE6t1imd+ZuqwrOZfZ2T3T uGNJH6V6kjTSY89gHcsSuNOr6BfUdKQZr8ardsvq4fpvveJktqX6PdFroUg0iW/TsPF7 tiXUcMZk+8Dh/9sDqRhFTa2r8P1/8xtSMqQBT2ehPFjcgc6moIhbp5ZmMJ+uvxhzvIEm k75kk34TrzSMunM2ZIIckw14CcQCG6fF2PUyELIE2beRFGfHj3RJFZt2JO7ToWfRxYuY bNhjeeCR0/U2UcfAwQV6Ci2iDBbTVUA1sSUgxU1qw/eZFP5yNRbO0OYaMXgJgX9mYsVf 1INw== X-Gm-Message-State: AOAM531cxc8wLXe3qx63WQcbDdBNdFPgw6yjXqfbZnrgUKGC2AS++tIj MJfQ5hpBHiCYWlXw4opvCDtcAw== X-Google-Smtp-Source: ABdhPJx2VMSKs/v7tqMFkn/Q6/kBji0mAtIa+Anlr5oH0jYuxB1l7qI8qu3PXXevarRmfGhnqeoBRA== X-Received: by 2002:a63:c158:: with SMTP id p24mr1726458pgi.336.1629954301691; Wed, 25 Aug 2021 22:05:01 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id d18sm1812151pgk.24.2021.08.25.22.05.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 22:05:00 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Arnd Bergmann , Masahiro Yamada , linux-kbuild@vger.kernel.org, "Gustavo A . R . Silva" , Rasmus Villemoes , Keith Packard , Dan Williams , Daniel Vetter , clang-built-linux@googlegroups.com, linux-hardening@vger.kernel.org Subject: [PATCH v2 4/5] Makefile: Enable -Warray-bounds Date: Wed, 25 Aug 2021 22:04:57 -0700 Message-Id: <20210826050458.1540622-5-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210826050458.1540622-1-keescook@chromium.org> References: <20210826050458.1540622-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1113; h=from:subject; bh=oefMcHZzjrqvoOMjUB7suXN8EJKiDU2oIYgtW+uUBtg=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhJyD5aFIio04DmLvoRaIim4FnyDX46vN/W1R6TAc9 7X8LHOKJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYScg+QAKCRCJcvTf3G3AJnbVD/ 99uKUWved0lEF54nU1F7qKRM+Mv7siWIawdByX70YCMH1LpDZs6ja7HAHyb5nY0zJbQwGopcJsFn11 yntizr+UNLRhKE+CI5hmHijdbpaXrvNxCaSJF+DAkyEjqlmlAHSm1FWzX2ffYiEMhJTdPUebBpDVYr xwj4co1+92cPTQZg9VaD5UN55j9gc46QTYRsyvBl2jxtW8DPSVTWy7vaCya9Bn4TY5evml2nwFt3p+ sf7fn9Y1rf8xHpOEa+gNVbFst4tZ3KV9UupkpsSLi7+VLwDm9g2fwhma1aWdrtuO3q7iBbKEs3Y2Qq ans0Np+r32K3v5Pm7PYx8VDN9zn0LvK9Oc4Gsm6blZyPCqulPENZid0NeFXBICff4z2MgWn+UR4fyJ EqSn/aDYwWG6PjKkkfVr4NZr/olZHzwEhpaqReNAWzV01WUSmo+cmq3LIR7SslJXMiPM9F33KwApfq guhvH6SLi67EfhowGkIyFpDil1Keh+khqje+ZsIJgTqAhiBF72scXtqvP73hNT6w3M5x46LZyRLDbN TjvGaYP/k4JRtFdZYCxLFFVDov+8nlgA09DuTuePiFy68KyvBo1pZPZSNJejo1N5DSu5ll3PmckN+A IwAMOP/e2UwotUVUgDM95mAQA/ypXqzU/BhSxY9MkQfLOT5IAjW2i5ByugJw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org With the recent fixes for flexible arrays and expanded FORTIFY_SOURCE coverage, it is now possible to enable -Warray-bounds. Since both GCC and Clang include -Warray-bounds in -Wall, we just need to stop disabling it. Cc: Arnd Bergmann Cc: Masahiro Yamada Cc: linux-kbuild@vger.kernel.org Co-developed-by: Gustavo A. R. Silva Signed-off-by: Gustavo A. R. Silva Signed-off-by: Kees Cook --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index e4f5895badb5..8e7e73a642e2 100644 --- a/Makefile +++ b/Makefile @@ -995,7 +995,6 @@ KBUILD_CFLAGS += $(call cc-disable-warning, stringop-truncation) # We'll want to enable this eventually, but it's not going away for 5.7 at least KBUILD_CFLAGS += $(call cc-disable-warning, zero-length-bounds) -KBUILD_CFLAGS += $(call cc-disable-warning, array-bounds) KBUILD_CFLAGS += $(call cc-disable-warning, stringop-overflow) # Another good warning that we'll want to enable eventually From patchwork Thu Aug 26 05:04:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12459107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DCDBC43214 for ; Thu, 26 Aug 2021 05:05:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 658DA61106 for ; Thu, 26 Aug 2021 05:05:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238522AbhHZFGD (ORCPT ); Thu, 26 Aug 2021 01:06:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238579AbhHZFFv (ORCPT ); Thu, 26 Aug 2021 01:05:51 -0400 Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA072C061757 for ; Wed, 25 Aug 2021 22:05:04 -0700 (PDT) Received: by mail-pl1-x630.google.com with SMTP id b9so1073973plx.2 for ; Wed, 25 Aug 2021 22:05:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wUGiyr3xsPMSx8OhiS6MBjOzSMfwTo6qvLGkcomqylk=; b=VuCkHMB1VQYEYHJkzyhB8xdSFi/41FiApesXgYjbGWkDN11tFyPl//j/KRsQQ7Sk/A 7qZISeIo1JmWTDeeGRc0c7xQ4F6rENPHOMaXiguIndpjAg3ZEpFiOdJHfAyhtE13VA9F uykbBIW1K7ZzV+Vhg08owYife8lXusB2Xyu0E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wUGiyr3xsPMSx8OhiS6MBjOzSMfwTo6qvLGkcomqylk=; b=R9mqr+6CYXqc3yDj9pEo6Rrkpnuki3dOOWAMz0o1ziumW44v3rvPxRS+u6vkFfQLXn rwl6o3HEMtPBPRsrlTVbqbKkJ7hnPFnF840sl5r4Rc1+/YSuoKFYarQghj7airAzcG4P gr8YlrE8je4G0IZGAkufPGriMVXekUu+hbWvjuYUswMvUQSRkD+m2V27W3cW8i1WkECb lbIDaKkAAPdefXWNQCzSCxGEhLhOzXvU+5GjLtq1nT48pcogsuGJjH+8dEeYpaYf9Cyi m8gXkWUV0mnvzmavkeG2dvn+insDjGqfXIlrDadbfOmWLm2xOEobS7CzNHBFenEsgfTF grYQ== X-Gm-Message-State: AOAM531t3DlN2jlqMqgUHiri3QTRUdLv2R9qhVE9txvlp0cxfprayGw4 /z2owAQJb/ZkBKxVcFfxKD5FfA== X-Google-Smtp-Source: ABdhPJzBMb037AO91ukyk99+KaGE+DKvJN8SONVetu+5nq/tlTK7oez3Nf49eU5yT7wDHnTqacSycw== X-Received: by 2002:a17:902:c406:b0:12d:d0ff:4be with SMTP id k6-20020a170902c40600b0012dd0ff04bemr1932183plk.24.1629954304465; Wed, 25 Aug 2021 22:05:04 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id q9sm845318pfs.40.2021.08.25.22.05.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 22:05:03 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , "Gustavo A. R. Silva" , Arnd Bergmann , Masahiro Yamada , linux-kbuild@vger.kernel.org, Rasmus Villemoes , Keith Packard , Dan Williams , Daniel Vetter , clang-built-linux@googlegroups.com, linux-hardening@vger.kernel.org Subject: [PATCH v2 5/5] Makefile: Enable -Wzero-length-bounds Date: Wed, 25 Aug 2021 22:04:58 -0700 Message-Id: <20210826050458.1540622-6-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210826050458.1540622-1-keescook@chromium.org> References: <20210826050458.1540622-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=996; h=from:subject; bh=/SN5+6T3ztIGtswjzUhGWY/cmKXtgVAB5r1vX4FHhD8=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhJyD54PEFBk7l4lz+prByvaAJlFG/Y2kCmVwrumJm JhcDUiyJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYScg+QAKCRCJcvTf3G3AJsC+D/ 49jN/M53yldVraoYc8MXwX+Sk0xVJLw9Qx17Lnyh9r2OXIiB2JEcb93t1wS1OG16kMz8j/GBydQ+8t yIoXHSl8ZlclCCmSIWbUx4Mu253gXAui7dX128Y8CVlfbwqYJ5PyQL3nD8vk0yGXDji83kxE/dnHMU lzqNnMfnVFuKcZsyr9Z0NS9srdSXCB58id7DCCMvWwt74oK1+AgsAoZPEQSXT7x0sprmRw5J2Hc4Fg zKoLkK45i59aCgM2HM54A6v3IAs4bNjFEjJa5r+DpOTsGoi+8DtjNaGkbDIuDyq3sS+HnD7wqtKmSX rjczu/Nqle/MLQxSAph5jo/++DPU/A/ErXjAVcsj1rwJsecCmPHahvOOXkGGv+hepMnLvsgGRteZVp JcS8n23cR/Ho92OmB0kwH+/OEQZKZvvBL2uU//nLIkQYtDPkLC0xxUKNUefJCLbIw/4Hc5OzXfuDMB 603YyvtZg4HOMYIxgo7zLishMKI82OUdqZz88YhSLjz9peg+zryh9o9GBxiDg7+u1LgW+DkjcOeldv GSqhSiLqDG51d3OqPJ0MbEIJZxi97MQDw1muzzZMpLHRo/ohkZ985/qVH6xfSzaHputWj5zGC3X8mL j7O8Hs7TGRrWTI6yhMIMv4EfJ74b04ki//kwBq2+YYc8INF6bGgdW1dHGQsQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org With all known internal zero-length accesses fixed, it is possible to enable -Wzero-length-bounds globally. Since this is included by default in -Warray-bounds, we just need to stop disabling it. Cc: "Gustavo A. R. Silva" Cc: Arnd Bergmann Cc: Masahiro Yamada Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 8e7e73a642e2..8e732e875e78 100644 --- a/Makefile +++ b/Makefile @@ -994,7 +994,6 @@ KBUILD_CFLAGS += -Wno-pointer-sign KBUILD_CFLAGS += $(call cc-disable-warning, stringop-truncation) # We'll want to enable this eventually, but it's not going away for 5.7 at least -KBUILD_CFLAGS += $(call cc-disable-warning, zero-length-bounds) KBUILD_CFLAGS += $(call cc-disable-warning, stringop-overflow) # Another good warning that we'll want to enable eventually