Re: [PATCH 00/10] raise minimum GCC version to 5.1

[Kees Cook]

On Fri, Sep 10, 2021 at 04:40:37PM -0700, Nick Desaulniers wrote:
> commit fad7cd3310db ("nbd: add the check to prevent overflow in
> __nbd_ioctl()")
> 
> raised an issue from the fallback helpers added in
> 
> commit f0907827a8a9 ("compiler.h: enable builtin overflow checkers and add fallback code")
> 
> Specifically, the helpers for checking whether the results of a
> multiplication overflowed (__unsigned_mul_overflow,
> __signed_add_overflow) use the division operator when
> !COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW. This is problematic for 64b
> operands on 32b hosts.
> 
> Also, because the macro is type agnostic, it is very difficult to write
> a similarly type generic macro that dispatches to one of:
> * div64_s64
> * div64_u64
> * div_s64
> * div_u64

Given that it's all compile-time type-aware goo, this isn't so bad. The
gist[1] you linked off the bug report is pretty close. Needs some
bikeshedding. ;)

> Raising the minimum supported versions allows us to remove all of the
> fallback helpers for !COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW, instead
> dispatching the compiler builtins.
> 
> arm64 has already raised the minimum supported GCC version to 5.1, do
> this for all targets now. See the link below for the previous
> discussion.

That said, I'd much prefer raising the minimum GCC -- no one appears
to actually be building on 4.9 -- there are close to 200 errors (neé
warnings) on x86_64 allmodconfig there currently.

-Kees

[1] https://gist.github.com/nickdesaulniers/2479818f4983bbf2d688cebbab435863

-- 
Kees Cook