linaro-kernel January 2022

linaro-kernel@lists.linaro.org

2 participants
3 discussions

[TCWG CI] Regression caused by linux: Makefile: Enable -Warray-bounds

by ci_notify＠linaro.org

[TCWG CI] Regression caused by linux: Makefile: Enable -Warray-bounds: commit d4e0dad4a0cd00d1518f2105ccbfee17e2aa44a7 Author: Kees Cook <keescook(a)chromium.org> Makefile: Enable -Warray-bounds Results regressed to # reset_artifacts: -10 # build_abe binutils: -9 # build_abe stage1: -5 # build_abe qemu: -2 # linux_n_obj: 21319 # First few build errors in logs: # 00:00:53 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:53 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] from # reset_artifacts: -10 # build_abe binutils: -9 # build_abe stage1: -5 # build_abe qemu: -2 # linux_n_obj: 21459 # First few build errors in logs: # 00:03:34 arch/arm/kernel/ptrace.c:438:40: error: ‘arch_ctrl’ is used uninitialized [-Werror=uninitialized] # 00:03:34 arch/arm/kernel/ptrace.c:484:40: error: ‘ctrl’ is used uninitialized [-Werror=uninitialized] # 00:03:36 make[2]: *** [scripts/Makefile.build:288: arch/arm/kernel/ptrace.o] Error 1 # 00:03:44 arch/arm/kernel/module-plts.c:127:21: error: statement will never be executed [-Werror=switch-unreachable] # 00:03:44 make[2]: *** [scripts/Makefile.build:288: arch/arm/kernel/module-plts.o] Error 1 # 00:04:00 sound/core/oss/mixer_oss.c:1057:21: error: ‘slot’ is used uninitialized [-Werror=uninitialized] # 00:04:01 sound/core/oss/pcm_oss.c:108:29: error: ‘t’ is used uninitialized [-Werror=uninitialized] # 00:04:01 sound/core/oss/pcm_oss.c:2998:51: error: ‘template’ is used uninitialized [-Werror=uninitialized] # 00:04:01 sound/core/seq/oss/seq_oss_init.c:350:35: error: ‘qinfo’ is used uninitialized [-Werror=uninitialized] # 00:04:01 sound/core/seq/oss/seq_oss_init.c:370:35: error: ‘qinfo’ is used uninitialized [-Werror=uninitialized] THIS IS THE END OF INTERESTING STUFF. BELOW ARE LINKS TO BUILDS, REPRODUCTION INSTRUCTIONS, AND THE RAW COMMIT. This commit has regressed these CI configurations: - tcwg_kernel/gnu-master-arm-next-allmodconfig First_bad build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allmod… Last_good build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allmod… Baseline build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allmod… Even more details: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allmod… Reproduce builds: <cut> mkdir investigate-linux-d4e0dad4a0cd00d1518f2105ccbfee17e2aa44a7 cd investigate-linux-d4e0dad4a0cd00d1518f2105ccbfee17e2aa44a7 # Fetch scripts git clone https://git.linaro.org/toolchain/jenkins-scripts # Fetch manifests and test.sh script mkdir -p artifacts/manifests curl -o artifacts/manifests/build-baseline.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allmod… --fail curl -o artifacts/manifests/build-parameters.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allmod… --fail curl -o artifacts/test.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allmod… --fail chmod +x artifacts/test.sh # Reproduce the baseline build (build all pre-requisites) ./jenkins-scripts/tcwg_kernel-build.sh @@ artifacts/manifests/build-baseline.sh # Save baseline build state (which is then restored in artifacts/test.sh) mkdir -p ./bisect rsync -a --del --delete-excluded --exclude /bisect/ --exclude /artifacts/ --exclude /linux/ ./ ./bisect/baseline/ cd linux # Reproduce first_bad build git checkout --detach d4e0dad4a0cd00d1518f2105ccbfee17e2aa44a7 ../artifacts/test.sh # Reproduce last_good build git checkout --detach 9d210ed97e491400750e9b3c8c93f98d75845904 ../artifacts/test.sh cd .. </cut> Full commit (up to 1000 lines): <cut> commit d4e0dad4a0cd00d1518f2105ccbfee17e2aa44a7 Author: Kees Cook <keescook(a)chromium.org> Date: Fri Jun 18 23:30:07 2021 -0700 Makefile: Enable -Warray-bounds With the recent fixes for flexible arrays and expanded FORTIFY_SOURCE coverage, it is now possible to enable -Warray-bounds. Since both GCC and Clang include -Warray-bounds in -Wall, adjust the Makefile to just stop disabling it. Note that this option can be conservative in its warnings (which is done at casting time rather than access time), but this is reasonable since the cast variables may be accessed out of a scope where the true size of the original object can't be evaluated. These handful of false positives (which are arguably bad casts and can be easily avoided), are worth dealing with because of the many places where this option has helped identify missed bounds checks and even accesses done against cases where a NULL pointer could be reached. https://github.com/KSPP/linux/issues/109 https://github.com/KSPP/linux/issues/151 Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: linux-kbuild(a)vger.kernel.org Co-developed-by: Gustavo A. R. Silva <gustavoars(a)kernel.org> Signed-off-by: Gustavo A. R. Silva <gustavoars(a)kernel.org> Signed-off-by: Kees Cook <keescook(a)chromium.org> --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 0fb4f94a6885..71c313b90a2b 100644 --- a/Makefile +++ b/Makefile @@ -952,7 +952,6 @@ KBUILD_CFLAGS += $(call cc-disable-warning, stringop-truncation) # We'll want to enable this eventually, but it's not going away for 5.7 at least KBUILD_CFLAGS += $(call cc-disable-warning, zero-length-bounds) -KBUILD_CFLAGS += -Wno-array-bounds KBUILD_CFLAGS += $(call cc-disable-warning, stringop-overflow) # Another good warning that we'll want to enable eventually </cut>

2 years, 11 months

[PATCH] tcwg_kernel-build.sh: Report toolchain versions

by Kees Cook

Report the toolchain versions after locating them. Signed-off-by: Kees Cook <keescook(a)chromium.org> --- Repo: https://git.linaro.org/toolchain/jenkins-scripts.git/ --- tcwg_kernel-build.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tcwg_kernel-build.sh b/tcwg_kernel-build.sh index 42ed4a55907c..7f76c4bcce52 100755 --- a/tcwg_kernel-build.sh +++ b/tcwg_kernel-build.sh @@ -97,7 +97,7 @@ build_linux_1 () rm -rf "$(pwd)"/bin mkdir "$(pwd)"/bin - local gnu_host abe_bin cc ld_opt="" + local gnu_host abe_bin cc ld hostcc ld_opt="" gnu_host=$(print_gnu_target native) abe_bin="$(pwd)/abe/builds/destdir/$gnu_host/bin" @@ -114,12 +114,19 @@ build_linux_1 () export PATH="$llvm_bin:$PATH" cc="$llvm_bin/clang" - ld_opt="LD=$llvm_bin/ld.lld" + ld="$llvm_bin/ld.lld" + hostcc="$cc" + + ld_opt="LD=$ld" ;; gnu) cc="$abe_bin/$(print_gnu_target ${rr[target]})-gcc" + ld="$abe_bin/$(print_gnu_target ${rr[target]})-ld" + hostcc=gcc ;; esac + echo -n "Compiler: "; $cc --version | head -n1 + echo -n "Linker: "; $ld --version | head -n1 # Use ccache only when bisecting linux or qemu (or preparing to). # Otherwise the compiler is new in every build and we would @@ -142,7 +149,8 @@ EOF if [ x"${rr[target]}" != x"$(uname -m)" ]; then opts="$opts ARCH=$(print_kernel_target ${rr[target]})" opts="$opts CROSS_COMPILE=$(print_gnu_target ${rr[target]})-" - opts="$opts HOSTCC=gcc" + opts="$opts HOSTCC=$hostcc" + echo -n "Host cc: "; $cc --version | head -n1 fi cd linux -- 2.30.2

2 years, 11 months

[TCWG CI] Regression caused by linux: Makefile: Enable -Warray-bounds

by ci_notify＠linaro.org

[TCWG CI] Regression caused by linux: Makefile: Enable -Warray-bounds: commit 4ba545781e20f49cf1175e11d9f606e621040acf Author: Kees Cook <keescook(a)chromium.org> Makefile: Enable -Warray-bounds Results regressed to # reset_artifacts: -10 # build_abe binutils: -9 # build_abe stage1: -5 # build_abe qemu: -2 # linux_n_obj: 19475 # First few build errors in logs: # 00:00:54 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:113:9: error: array subscript 0 is outside array bounds of ‘const volatile void[0]’ [-Werror=array-bounds] # 00:00:54 ./arch/arm/include/asm/io.h:95:9: error: array subscript 0 is outside array bounds of ‘volatile void[0]’ [-Werror=array-bounds] from # reset_artifacts: -10 # build_abe binutils: -9 # build_abe stage1: -5 # build_abe qemu: -2 # linux_n_obj: 19597 # First few build errors in logs: # 00:01:09 arch/arm/kernel/ptrace.c:438:40: error: ‘arch_ctrl’ is used uninitialized [-Werror=uninitialized] # 00:01:09 arch/arm/kernel/ptrace.c:484:40: error: ‘ctrl’ is used uninitialized [-Werror=uninitialized] # 00:01:11 make[2]: *** [scripts/Makefile.build:288: arch/arm/kernel/ptrace.o] Error 1 # 00:01:17 arch/arm/kernel/module-plts.c:127:21: error: statement will never be executed [-Werror=switch-unreachable] # 00:01:18 make[2]: *** [scripts/Makefile.build:288: arch/arm/kernel/module-plts.o] Error 1 # 00:01:31 sound/core/oss/mixer_oss.c:1057:21: error: ‘slot’ is used uninitialized [-Werror=uninitialized] # 00:01:31 sound/core/oss/pcm_oss.c:108:29: error: ‘t’ is used uninitialized [-Werror=uninitialized] # 00:01:31 sound/core/oss/pcm_oss.c:2998:51: error: ‘template’ is used uninitialized [-Werror=uninitialized] # 00:01:33 make[3]: *** [scripts/Makefile.build:288: sound/core/oss/mixer_oss.o] Error 1 # 00:01:34 sound/core/oss/pcm_oss.c:2488:34: error: ‘setup’ is used uninitialized [-Werror=uninitialized] THIS IS THE END OF INTERESTING STUFF. BELOW ARE LINKS TO BUILDS, REPRODUCTION INSTRUCTIONS, AND THE RAW COMMIT. This commit has regressed these CI configurations: - tcwg_kernel/gnu-master-arm-next-allyesconfig First_bad build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allyes… Last_good build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allyes… Baseline build: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allyes… Even more details: https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allyes… Reproduce builds: <cut> mkdir investigate-linux-4ba545781e20f49cf1175e11d9f606e621040acf cd investigate-linux-4ba545781e20f49cf1175e11d9f606e621040acf # Fetch scripts git clone https://git.linaro.org/toolchain/jenkins-scripts # Fetch manifests and test.sh script mkdir -p artifacts/manifests curl -o artifacts/manifests/build-baseline.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allyes… --fail curl -o artifacts/manifests/build-parameters.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allyes… --fail curl -o artifacts/test.sh https://ci.linaro.org/job/tcwg_kernel-gnu-bisect-gnu-master-arm-next-allyes… --fail chmod +x artifacts/test.sh # Reproduce the baseline build (build all pre-requisites) ./jenkins-scripts/tcwg_kernel-build.sh @@ artifacts/manifests/build-baseline.sh # Save baseline build state (which is then restored in artifacts/test.sh) mkdir -p ./bisect rsync -a --del --delete-excluded --exclude /bisect/ --exclude /artifacts/ --exclude /linux/ ./ ./bisect/baseline/ cd linux # Reproduce first_bad build git checkout --detach 4ba545781e20f49cf1175e11d9f606e621040acf ../artifacts/test.sh # Reproduce last_good build git checkout --detach 2cb06c87c9ddbe0801fd1d94def2e24703772224 ../artifacts/test.sh cd .. </cut> Full commit (up to 1000 lines): <cut> commit 4ba545781e20f49cf1175e11d9f606e621040acf Author: Kees Cook <keescook(a)chromium.org> Date: Fri Jun 18 23:30:07 2021 -0700 Makefile: Enable -Warray-bounds With the recent fixes for flexible arrays and expanded FORTIFY_SOURCE coverage, it is now possible to enable -Warray-bounds. Since both GCC and Clang include -Warray-bounds in -Wall, adjust the Makefile to just stop disabling it. Note that this option can be conservative in its warnings (which is done at casting time rather than access time), but this is reasonable since the cast variables may be accessed out of a scope where the true size of the original object can't be evaluated. These handful of false positives (which are arguably bad casts and can be easily avoided), are worth dealing with because of the many places where this option has helped identify missed bounds checks and even accesses done against cases where a NULL pointer could be reached. https://github.com/KSPP/linux/issues/109 https://github.com/KSPP/linux/issues/151 Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: linux-kbuild(a)vger.kernel.org Co-developed-by: Gustavo A. R. Silva <gustavoars(a)kernel.org> Signed-off-by: Gustavo A. R. Silva <gustavoars(a)kernel.org> Signed-off-by: Kees Cook <keescook(a)chromium.org> --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 0fb4f94a6885..71c313b90a2b 100644 --- a/Makefile +++ b/Makefile @@ -952,7 +952,6 @@ KBUILD_CFLAGS += $(call cc-disable-warning, stringop-truncation) # We'll want to enable this eventually, but it's not going away for 5.7 at least KBUILD_CFLAGS += $(call cc-disable-warning, zero-length-bounds) -KBUILD_CFLAGS += -Wno-array-bounds KBUILD_CFLAGS += $(call cc-disable-warning, stringop-overflow) # Another good warning that we'll want to enable eventually </cut>

2 years, 11 months

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

linaro-kernel January 2022