lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 17 Aug 2021 16:23:41 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     Kees Cook <keescook@...omium.org>,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Philip Li <philip.li@...el.com>
Cc:     Masahiro Yamada <masahiroy@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH] kbuild: Enable -Wimplicit-fallthrough for clang 14.0.0+

On 8/17/2021 4:06 PM, Kees Cook wrote:
> On Tue, Aug 17, 2021 at 04:33:25PM -0500, Gustavo A. R. Silva wrote:
>>
>>
>> On 8/17/21 16:17, Masahiro Yamada wrote:
>>> On Wed, Aug 18, 2021 at 3:25 AM Nathan Chancellor <nathan@...nel.org> wrote:
>>>>
>>>> On 8/17/2021 11:03 AM, Kees Cook wrote:
>>>>> On Mon, Aug 16, 2021 at 09:55:28PM -0700, Nathan Chancellor wrote:
>>>>>> If you/Gustavo would prefer, I can upgrade that check to
>>>>>>
>>>>>> ifneq ($(call cc-option, -Wunreachable-code-fallthrough),)
>>>>>>
>>>>>> I was just trying to save a call to the compiler, as that is more expensive
>>>>>> than a shell test call.
>>>>>
>>>>> I prefer the option test -- this means no changes are needed on the
>>>>> kernel build side if it ever finds itself backported to earlier versions
>>>>> (and it handles the current case of "14" not meaning "absolute latest").
>>>>>
>>>>> More specifically, I think you want this (untested):
>>>>
>>>> That should work but since -Wunreachable-code-fallthrough is off by
>>>> default, I did not really see a reason to include it in KBUILD_CFLAGS. I
>>>> do not have a strong opinion though, your version is smaller than mine
>>>> is so we can just go with that. I'll defer to Gustavo on it since he has
>>>> put in all of the work cleaning up the warnings.
>>>
>>>
>>>
>>> https://github.com/llvm/llvm-project/commit/9ed4a94d6451046a51ef393cd62f00710820a7e8
>>>
>>>     did two things:
>>>
>>>   (1) Change the -Wimplicit-fallthrough behavior so that it fits
>>>        to our use in the kernel
>>>
>>>   (2) Add a new option -Wunreachable-code-fallthrough
>>>        that works like the previous -Wimplicit-fallthrough of
>>>        Clang <= 13.0.0
>>>
>>>
>>> They are separate things.
>>>
>>> Checking the presence of -Wunreachable-code-fallthrough
>>> does not make sense since we are only interested in (1) here.
>>>
>>> So, checking the Clang version is sensible and matches
>>> the explanation in the comment block.
> 
> I thought one of the problems (which is quickly draining away) that
> needed to be solved here is that some Clang trunk builds (that report
> as version 14) don't yet have support for -Wunreachable-code-fallthrough
> since they aren't new enough.

Philip, how often is the kernel test robot's clang version rebuilt? 
Would it be possible to bump it to latest ToT or at least 
9ed4a94d6451046a51ef393cd62f00710820a7e8 so that we do not get bit by 
this warning when we go to enable this flag?

I do not know of any other CI aside from ours that is testing with tip 
of tree clang and ours should already have a clang that includes my 
patch since it comes from apt.llvm.org.

>>> # Warn about unmarked fall-throughs in switch statement.
>>> # Clang prior to 14.0.0 warned on unreachable fallthroughs with
>>> # -Wimplicit-fallthrough, which is unacceptable due to IS_ENABLED().
>>> # https://bugs.llvm.org/show_bug.cgi?id=51094
>>> ifeq ($(firstword $(sort $(CONFIG_CLANG_VERSION) 140000)),140000)
>>> KBUILD_CFLAGS += -Wimplicit-fallthrough
>>> endif

Very clever and nifty trick! I have verified that it works for clang 13 
and 14 along with a theoretical clang 15. Gustavo, feel free to stick a

Reviewed-by: Nathan Chancellor <nathan@...nel.org>
Tested-by: Nathan Chancellor <nathan@...nel.org>

if you so desire.

>>>
>>> The $(sort ...) is alphabetical sort, not numeric sort.
>>> It works for us because the minimum Clang version is 10.0.1
>>> (that is CONFIG_CLANG_VERSION is always 6-digit)
>>>
>>> It will break when Clang version 100.0.0 is released.
>>>
>>> But, before that, we will raise the minimum supported clang version,
>>> and this conditional will go away.
> 
> If a version test is preferred, cool; this is a nice trick. :)
> 
>> I like this. :)
>>
>> I'm going to make the 0-day robot test it in my tree, first.
> 
> Sounds good to me!
> 

Powered by blists - more mailing lists