| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Aug 2017 16:22:58 -0700
From: Joe Stringer <joe@....org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Ian Abbott <abbotti@....co.uk>, Arnd Bergmann <arnd@...db.de>,
Michal Nazarewicz <mina86@...a86.com>,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] compiler: Don't perform compiletime_assert with -O0.
On 30 August 2017 at 15:59, Andrew Morton <akpm@...ux-foundation.org> wrote:
> On Tue, 29 Aug 2017 16:01:14 -0700 Joe Stringer <joe@....org> wrote:
>
>> Recent changes[0] to make use of __compiletime_assert() from
>> container_of() increased the usage of this macro, allowing developers to
>> notice type conflicts in usage of container_of() at compile time.
>> However, the implementation of __compiletime_assert relies on compiler
>> optimizations to report an error. This means that if a developer uses
>> "-O0" with any code that performs container_of(), the compiler will
>> always report an error regardless of whether there is an actual problem
>> in the code.
>>
>> This patch disables compile_time_assert when optimizations are disabled
>> to allow such code to compile with CFLAGS="-O0".
>
> I'm wondering if we should backport this into -stable. Probably not,
> as I doubt if many people use -O0 - it's a pretty weird thing to do. I
> used to use it a bit because it makes the ".lst" files (intermingled .c
> and .s files) make more sense. In fact I'm wondering how you even
> noticed this?
Local debugging, was trying to get a better understanding of the
underlying assembly and the code I was using just happened to use
container_of().
I doubt this is going to affect a large number of people, and most
developers will rebase against something newish on a regular basis so
I personally wouldn't push to apply against -stable.
> So unless disagreed with, I think I'll leave this out of -stable. I
> redid the changelog somewhat, presenting it as a fix against
> c7acec713d14c6c:
>
>
> From: Joe Stringer <joe@....org>
> Subject: include/linux/compiler.h: don't perform compiletime_assert with -O0
>
> c7acec713d14c6c ("kernel.h: handle pointers to arrays better in
> container_of()") made use of __compiletime_assert() from container_of()
> thus increasing the usage of this macro, allowing developers to notice
> type conflicts in usage of container_of() at compile time.
>
> However, the implementation of __compiletime_assert relies on compiler
> optimizations to report an error. This means that if a developer uses
> "-O0" with any code that performs container_of(), the compiler will always
> report an error regardless of whether there is an actual problem in the
> code.
>
> This patch disables compile_time_assert when optimizations are disabled to
> allow such code to compile with CFLAGS="-O0".
>
> Example compilation failure:
>
> ./include/linux/compiler.h:547:38: error: call to `__compiletime_assert_94' declared with attribute error: pointer type mismatch in container_of()
> _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
> ^
> ./include/linux/compiler.h:530:4: note: in definition of macro `__compiletime_assert'
> prefix ## suffix(); \
> ^~~~~~
> ./include/linux/compiler.h:547:2: note: in expansion of macro `_compiletime_assert'
> _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
> ^~~~~~~~~~~~~~~~~~~
> ./include/linux/build_bug.h:46:37: note: in expansion of macro `compiletime_assert'
> #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> ^~~~~~~~~~~~~~~~~~
> ./include/linux/kernel.h:860:2: note: in expansion of macro `BUILD_BUG_ON_MSG'
> BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
> ^~~~~~~~~~~~~~~~
>
> Link: http://lkml.kernel.org/r/20170829230114.11662-1-joe@ovn.org
> Fixes: c7acec713d14c6c ("kernel.h: handle pointers to arrays better in container_of()")
> Signed-off-by: Joe Stringer <joe@....org>
> Cc: Ian Abbott <abbotti@....co.uk>
> Cc: Arnd Bergmann <arnd@...db.de>
> Cc: Michal Nazarewicz <mina86@...a86.com>
> Cc: Kees Cook <keescook@...omium.org>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> ---
>
> include/linux/compiler.h | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff -puN include/linux/compiler.h~compiler-dont-perform-compiletime_assert-with-o0 include/linux/compiler.h
> --- a/include/linux/compiler.h~compiler-dont-perform-compiletime_assert-with-o0
> +++ a/include/linux/compiler.h
> @@ -517,7 +517,8 @@ static __always_inline void __write_once
> # define __compiletime_error_fallback(condition) do { } while (0)
> #endif
>
> -#define __compiletime_assert(condition, msg, prefix, suffix) \
> +#ifdef __OPTIMIZE__
> +# define __compiletime_assert(condition, msg, prefix, suffix) \
> do { \
> bool __cond = !(condition); \
> extern void prefix ## suffix(void) __compiletime_error(msg); \
> @@ -525,6 +526,9 @@ static __always_inline void __write_once
> prefix ## suffix(); \
> __compiletime_error_fallback(__cond); \
> } while (0)
> +#else
> +# define __compiletime_assert(condition, msg, prefix, suffix)
> +#endif
The commit message update looks fine, but it looks like this is v1 not
v2 (see the #else part).
Thanks,
Joe
Powered by blists - more mailing lists