Re: [PATCH] init/Kconfig: lower to GCC version 9 check for -Warray-bounds
From: Zhouyi Zhou
Date: Sat Jun 08 2024 - 20:32:18 EST
the patch is incorrect
On Sat, Jun 8, 2024 at 9:40 AM Zhouyi Zhou <zhouzhouyi@xxxxxxxxx> wrote:
>
> commit 3e00f5802fab ("init/Kconfig: lower GCC version check for -Warray-bounds")
> lowers GCC version check for -Warray-bounds, but I continue to see false positives
> from -Warray-bounds in GCC 9.4.
They are not false positives, GCC 9.4.0 did report the out of bound
array access!
>
> This happens after
> commit b44759705f7d ("bitmap: make bitmap_{get,set}_value8() use bitmap_{read,write}()")
>
> During the rcuturture test in Ubuntu 20.04 GCC 9.4.0 x86_64, the compiling of
rcutorture test
> drivers/gpio/gpio-pca953x.c issues following warning:
>
> ```
> CC drivers/gpio/gpio-pca953x.o
> In file included from drivers/gpio/gpio-pca953x.c:12:
> drivers/gpio/gpio-pca953x.c: In function ‘pca953x_probe’:
> ./include/linux/bitmap.h:799:17: error: array subscript [1, 1024] is outside array bounds of ‘long unsigned int[1]’ [-Werror=array-bounds]
> 799 | map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
> | ^~
> In file included from ./include/linux/atomic.h:5,
> from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1015:17: note: while referencing ‘val’
> 1015 | DECLARE_BITMAP(val, MAX_LINE);
> | ^~~
> ./include/linux/types.h:11:16: note: in definition of macro ‘DECLARE_BITMAP’
> 11 | unsigned long name[BITS_TO_LONGS(bits)]
> | ^~~~
> In file included from drivers/gpio/gpio-pca953x.c:12:
> ./include/linux/bitmap.h:800:17: error: array subscript [1, 1024] is outside array bounds of ‘long unsigned int[1]’ [-Werror=array-bounds]
> 800 | map[index + 1] |= (value >> space);
> | ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
> In file included from ./include/linux/atomic.h:5,
> from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1015:17: note: while referencing ‘val’
> 1015 | DECLARE_BITMAP(val, MAX_LINE);
> | ^~~
> ./include/linux/types.h:11:16: note: in definition of macro ‘DECLARE_BITMAP’
> 11 | unsigned long name[BITS_TO_LONGS(bits)]
> ```
>
In device_pca957x_init:
```
DECLARE_BITMAP(val, MAX_LINE);
for (i = 0; i < NBANK(chip); i++)
bitmap_set_value8(val, 0x02, i * BANK_SZ);
```
We can't ensure "i*BANK_SZ" is within "MAX_LINE".
After setting the boundary, GCC no longer emits warnings:
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c
index 77a2812f2974..e40bbd7c83ec 100644
--- a/drivers/gpio/gpio-pca953x.c
+++ b/drivers/gpio/gpio-pca953x.c
@@ -1021,7 +1021,7 @@ static int device_pca957x_init(struct pca953x_chip *chip)
return ret;
/* To enable register 6, 7 to control pull up and pull down */
- for (i = 0; i < NBANK(chip); i++)
+ for (i = 0; i < NBANK(chip) && i < MAX_BANK; i++)
bitmap_set_value8(val, 0x02, i * BANK_SZ);
The case is similar in drivers/pinctrl/pinctrl-cy8c95x0.c.
I will send another patch to set array access boundaries in the above
two source files.
Sorry for the inconvenience that I brought,
Sorry for the trouble.
Regards
Zhouyi
> Disable gcc-9+ array-bounds avoid above warning.
>
> Signed-off-by: Zhouyi Zhou <zhouzhouyi@xxxxxxxxx>
> ---
> init/Kconfig | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/init/Kconfig b/init/Kconfig
> index 72404c1f2157..27ce2ded95b6 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -876,14 +876,14 @@ config CC_IMPLICIT_FALLTHROUGH
> default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
> default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
>
> -# Currently, disable gcc-10+ array-bounds globally.
> +# Currently, disable gcc-9+ array-bounds globally.
> # It's still broken in gcc-13, so no upper bound yet.
> -config GCC10_NO_ARRAY_BOUNDS
> +config GCC9_NO_ARRAY_BOUNDS
> def_bool y
>
> config CC_NO_ARRAY_BOUNDS
> bool
> - default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS
> + default y if CC_IS_GCC && GCC_VERSION >= 90000 && GCC9_NO_ARRAY_BOUNDS
>
> # Currently, disable -Wstringop-overflow for GCC globally.
> config GCC_NO_STRINGOP_OVERFLOW
> --
> 2.25.1
>