| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Apr 2022 16:07:43 +0200
From: Christophe de Dinechin <christophe@...echin.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Christophe de Dinechin <dinechin@...hat.com>, trivial@...nel.org,
Ben Segall <bsegall@...gle.com>,
"Michael S. Tsirkin" <mst@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>, Mel Gorman <mgorman@...e.de>,
Dietmar Eggemann <dietmar.eggemann@....com>,
Vincent Guittot <vincent.guittot@...aro.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Daniel Bristot de Oliveira <bristot@...hat.com>,
Jason Wang <jasowang@...hat.com>,
virtualization@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org,
Zhen Lei <thunder.leizhen@...wei.com>,
Juri Lelli <juri.lelli@...hat.com>
Subject: Re: [PATCH 1/3] sched/headers: Fix compilation error with GCC 12
> On 14 Apr 2022, at 17:21, Peter Zijlstra <peterz@...radead.org> wrote:
>
> On Thu, Apr 14, 2022 at 05:08:53PM +0200, Christophe de Dinechin wrote:
>> With gcc version 12.0.1 20220401 (Red Hat 12.0.1-0) (GCC), the following
>> errors are reported in sched.h when building after `make defconfig`:
>
> <snip tons of noise>
I don’t mind removing the detailed error message.
What do others think?
>
>> Rewrite the definitions of sched_class_highest and for_class_range to
>> avoid this error as follows:
>>
>> 1/ The sched_class_highest is rewritten to be relative to
>> __begin_sched_classes, so that GCC sees it as being part of the
>> __begin_sched_classes array and not a distinct __end_sched_classes
>> array.
>>
>> 2/ The for_class_range macro is modified to replace the comparison with
>> an out-of-bound pointer __begin_sched_classes - 1 with an equivalent,
>> but in-bounds comparison.
>>
>> In that specific case, I believe that the GCC analysis is correct and
>> potentially valuable for other arrays, so it makes sense to keep it
>> enabled.
>>
>> Signed-off-by: Christophe de Dinechin <christophe@...echin.org>
>> Signed-off-by: Christophe de Dinechin <dinechin@...hat.com>
>> ---
>> kernel/sched/sched.h | 11 +++++++++--
>> 1 file changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
>> index 8dccb34eb190..6350fbc7418d 100644
>> --- a/kernel/sched/sched.h
>> +++ b/kernel/sched/sched.h
>> @@ -2193,11 +2193,18 @@ const struct sched_class name##_sched_class \
>> extern struct sched_class __begin_sched_classes[];
>> extern struct sched_class __end_sched_classes[];
>>
>> -#define sched_class_highest (__end_sched_classes - 1)
>> +/*
>> + * sched_class_highests is really __end_sched_classes - 1, but written in a way
>> + * that makes it clear that it is within __begin_sched_classes[] and not outside
>> + * of __end_sched_classes[].
>> + */
>> +#define sched_class_highest (__begin_sched_classes + \
>> + (__end_sched_classes - __begin_sched_classes - 1))
>> #define sched_class_lowest (__begin_sched_classes - 1)
>>
>> +/* The + 1 below places the pointers within the range of their array */
>> #define for_class_range(class, _from, _to) \
>> - for (class = (_from); class != (_to); class--)
>> + for (class = (_from); class + 1 != (_to) + 1; class--)
>
> Urgh, so now we get less readable code,
You consider the original code readable? It actually relies on a
precise layout that is not enforced in this code, not even documented,
but actually enforced by the linker script.
> just because GCC is being
> stupid?
I think that GCC is actually remarkably smart there. It tells you
that you are building pointers to A[] from B[], when there is a legit
way to say that the pointer is in A[] (which is what my patch does)
> What's wrong with negative array indexes? memory is memory, stuff works.
What’s wrong is that the compiler cannot prove theorems anymore.
These theorems are used to optimise code. When you write -1[B], the
compiler cannot optimise based on knowing this refers to A[B-A-1].
While at first, you might think that disabling a warning is a win, what comes next
is the compiler optimizing in a way you did not anticipate, mysterious bugs showing up,
and/or having to turn off some potentially useful optimisation.
Powered by blists - more mailing lists