lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 30 Aug 2017 16:22:58 -0700
From:   Joe Stringer <joe@....org>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Ian Abbott <abbotti@....co.uk>, Arnd Bergmann <arnd@...db.de>,
        Michal Nazarewicz <mina86@...a86.com>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] compiler: Don't perform compiletime_assert with -O0.

On 30 August 2017 at 15:59, Andrew Morton <akpm@...ux-foundation.org> wrote:
> On Tue, 29 Aug 2017 16:01:14 -0700 Joe Stringer <joe@....org> wrote:
>
>> Recent changes[0] to make use of __compiletime_assert() from
>> container_of() increased the usage of this macro, allowing developers to
>> notice type conflicts in usage of container_of() at compile time.
>> However, the implementation of __compiletime_assert relies on compiler
>> optimizations to report an error. This means that if a developer uses
>> "-O0" with any code that performs container_of(), the compiler will
>> always report an error regardless of whether there is an actual problem
>> in the code.
>>
>> This patch disables compile_time_assert when optimizations are disabled
>> to allow such code to compile with CFLAGS="-O0".
>
> I'm wondering if we should backport this into -stable.  Probably not,
> as I doubt if many people use -O0 - it's a pretty weird thing to do.  I
> used to use it a bit because it makes the ".lst" files (intermingled .c
> and .s files) make more sense.  In fact I'm wondering how you even
> noticed this?

Local debugging, was trying to get a better understanding of the
underlying assembly and the code I was using just happened to use
container_of().

I doubt this is going to affect a large number of people, and most
developers will rebase against something newish on a regular basis so
I personally wouldn't push to apply against -stable.

> So unless disagreed with, I think I'll leave this out of -stable.  I
> redid the changelog somewhat, presenting it as a fix against
> c7acec713d14c6c:
>
>
> From: Joe Stringer <joe@....org>
> Subject: include/linux/compiler.h: don't perform compiletime_assert with -O0
>
> c7acec713d14c6c ("kernel.h: handle pointers to arrays better in
> container_of()") made use of __compiletime_assert() from container_of()
> thus increasing the usage of this macro, allowing developers to notice
> type conflicts in usage of container_of() at compile time.
>
> However, the implementation of __compiletime_assert relies on compiler
> optimizations to report an error.  This means that if a developer uses
> "-O0" with any code that performs container_of(), the compiler will always
> report an error regardless of whether there is an actual problem in the
> code.
>
> This patch disables compile_time_assert when optimizations are disabled to
> allow such code to compile with CFLAGS="-O0".
>
> Example compilation failure:
>
> ./include/linux/compiler.h:547:38: error: call to `__compiletime_assert_94' declared with attribute error: pointer type mismatch in container_of()
>   _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>                                       ^
> ./include/linux/compiler.h:530:4: note: in definition of macro `__compiletime_assert'
>     prefix ## suffix();    \
>     ^~~~~~
> ./include/linux/compiler.h:547:2: note: in expansion of macro `_compiletime_assert'
>   _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>   ^~~~~~~~~~~~~~~~~~~
> ./include/linux/build_bug.h:46:37: note: in expansion of macro `compiletime_assert'
>  #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
>                                      ^~~~~~~~~~~~~~~~~~
> ./include/linux/kernel.h:860:2: note: in expansion of macro `BUILD_BUG_ON_MSG'
>   BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
>   ^~~~~~~~~~~~~~~~
>
> Link: http://lkml.kernel.org/r/20170829230114.11662-1-joe@ovn.org
> Fixes: c7acec713d14c6c ("kernel.h: handle pointers to arrays better in container_of()")
> Signed-off-by: Joe Stringer <joe@....org>
> Cc: Ian Abbott <abbotti@....co.uk>
> Cc: Arnd Bergmann <arnd@...db.de>
> Cc: Michal Nazarewicz <mina86@...a86.com>
> Cc: Kees Cook <keescook@...omium.org>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> ---
>
>  include/linux/compiler.h |    6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff -puN include/linux/compiler.h~compiler-dont-perform-compiletime_assert-with-o0 include/linux/compiler.h
> --- a/include/linux/compiler.h~compiler-dont-perform-compiletime_assert-with-o0
> +++ a/include/linux/compiler.h
> @@ -517,7 +517,8 @@ static __always_inline void __write_once
>  # define __compiletime_error_fallback(condition) do { } while (0)
>  #endif
>
> -#define __compiletime_assert(condition, msg, prefix, suffix)           \
> +#ifdef __OPTIMIZE__
> +# define __compiletime_assert(condition, msg, prefix, suffix)          \
>         do {                                                            \
>                 bool __cond = !(condition);                             \
>                 extern void prefix ## suffix(void) __compiletime_error(msg); \
> @@ -525,6 +526,9 @@ static __always_inline void __write_once
>                         prefix ## suffix();                             \
>                 __compiletime_error_fallback(__cond);                   \
>         } while (0)
> +#else
> +# define __compiletime_assert(condition, msg, prefix, suffix)
> +#endif

The commit message update looks fine, but it looks like this is v1 not
v2 (see the #else part).

Thanks,
Joe

Powered by blists - more mailing lists