| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Aug 2017 13:45:28 +0200
From: Michal Nazarewicz <mina86@...a86.com>
To: Joe Stringer <joe@....org>, linux-kernel@...r.kernel.org
Cc: Ian Abbott <abbotti@....co.uk>, Arnd Bergmann <arnd@...db.de>,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH net-next] compiler: Document behavior compiling with -O0
On Thu, Aug 24 2017, Joe Stringer wrote:
> Recent changes[0] to make use of __compiletime_assert() from container_of()
> increased the scope of this macro, resulting in a wider set of
> situations where developers cannot compile their code using "-O0". I
> noticed this when making use of the macro in my own development, and
> spent more time than I'd like to admit tracking the problem down. This
> patch documents the behavior in lieu of a compile-time assertion
> implementation that does not rely on optimizations.
>
> Example compilation failure:
>
> ./include/linux/compiler.h:547:38: error: call to ‘__compiletime_assert_94’ declared with attribute error: pointer type mismatch in container_of()
> _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
> ^
> ./include/linux/compiler.h:530:4: note: in definition of macro ‘__compiletime_assert’
> prefix ## suffix(); \
> ^~~~~~
> ./include/linux/compiler.h:547:2: note: in expansion of macro ‘_compiletime_assert’
> _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
> ^~~~~~~~~~~~~~~~~~~
> ./include/linux/build_bug.h:46:37: note: in expansion of macro ‘compiletime_assert’
> #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> ^~~~~~~~~~~~~~~~~~
> ./include/linux/kernel.h:860:2: note: in expansion of macro ‘BUILD_BUG_ON_MSG’
> BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
> ^~~~~~~~~~~~~~~~
>
> [0] http://lkml.kernel.org/r/20170525120316.24473-7-abbotti@mev.co.uk
>
> Signed-off-by: Joe Stringer <joe@....org>
> ---
> include/linux/compiler.h | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index eca8ad75e28b..bb640167fdac 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -517,6 +517,11 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
> # define __compiletime_error_fallback(condition) do { } while (0)
> #endif
>
> +/*
> + * __compiletime_assert() relies on compiler optimizations to remove the check
> + * against '__cond' if 'condition' is false. As a result, compiling with -O0
> + * will cause compilation errors here regardless of the value of 'condition'.
> + */
> #define __compiletime_assert(condition, msg, prefix, suffix) \
> do { \
> bool __cond = !(condition); \
Could __builtin_choose_expr help here? Something like:
#define __compiletime_assert(condition, msg, prefix, suffix) \
do { \
bool __cond = !(condition); \
extern int prefix ## suffix(void) __compiletime_error(msg); \
__builting_choose_expr(cond, prefix ## suffix(), 0); \
__compiletime_error_fallback(__cond); \
} while (0)
Or better still, _Static_assert?
--
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»
Powered by blists - more mailing lists