lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 23 Jan 2019 18:37:07 +0100
From:   Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To:     Jessica Yu <jeyu@...nel.org>
Cc:     Laura Abbott <labbott@...hat.com>,
        Martin Sebor <msebor@....gnu.org>, linux-kernel@...r.kernel.org
Subject: [PATCH] include/linux/module.h: mark init/cleanup_module aliases as
 __cold

The upcoming GCC 9 release adds the -Wmissing-attributes warnings
(enabled by -Wall), which trigger for all the init/cleanup_module
aliases in the kernel (defined by the module_init/exit macros),
ending up being very noisy.

These aliases point to the __init/__exit functions of a module,
which are defined as __cold (among other attributes). However,
the aliases themselves do not have the __cold attribute.

Since the compiler behaves differently when compiling a __cold
function as well as when compiling paths leading to calls
to __cold functions, the warning is trying to point out
the possibly-forgotten attribute in the alias.

In order to keep the warning enabled, we choose to silence
the warning by marking the aliases as __cold. This is possible
marking either the extern declaration, the definition, or both.
In order to avoid changing the behavior of callers, we do it
only in the definition of the aliases (since those are not
seen by any other TU).

Suggested-by: Martin Sebor <msebor@....gnu.org>
Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
---
Note that an alternative is using the new copy attribute
introduced by GCC 9 (Martin told me about it, as well as the
new warning).

What I am concerned about using __copy is that I am not sure
we should be copying all the attributes (even if some are
blacklisted by the copy itself), since:
  - We have unknown-to-GCC attributes (e.g. from plugins).
  - We wouldn't enjoy the fix for older compilers
    (e.g. if the fix had an actual impact).

So here I took the conservative approach for the moment,
and we can discuss/apply whether another solution is best.

Jessica: please review what I explain in the commit message.
Do we actually want the __cold attribute in the declaration
as well? If yes, AFAIK, GCC would assume paths that end up
calling the __init/__exit functions are not meant to be taken
(but when we are asked to load modules, that is the expected
path, no?).

I will put this in the compiler-attributes tree and get
some time in linux-next, unless you want to pick it up!

 include/linux/module.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/module.h b/include/linux/module.h
index 8fa38d3e7538..c4e805e87628 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -129,13 +129,13 @@ extern void cleanup_module(void);
 #define module_init(initfn)					\
 	static inline initcall_t __maybe_unused __inittest(void)		\
 	{ return initfn; }					\
-	int init_module(void) __attribute__((alias(#initfn)));
+	int init_module(void) __cold __attribute__((alias(#initfn)));
 
 /* This is only required if you want to be unloadable. */
 #define module_exit(exitfn)					\
 	static inline exitcall_t __maybe_unused __exittest(void)		\
 	{ return exitfn; }					\
-	void cleanup_module(void) __attribute__((alias(#exitfn)));
+	void cleanup_module(void) __cold __attribute__((alias(#exitfn)));
 
 #endif
 
-- 
2.17.1

Powered by blists - more mailing lists