lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7bc72b9d-79b0-5b8c-18c4-4a5c914efdc5@acm.org>
Date:   Thu, 25 Aug 2022 10:39:02 -0700
From:   Bart Van Assche <bvanassche@....org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Rasmus Villemoes <linux@...musvillemoes.dk>,
        Steven Rostedt <rostedt@...dmis.org>,
        linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Christoph Hellwig <hch@....de>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Jens Axboe <axboe@...nel.dk>, Kees Cook <keescook@...omium.org>
Subject: Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings
 triggered by is_signed_type()

On 8/24/22 17:40, Linus Torvalds wrote:
> Actually, thinking about it, that was simple enough.
> 
>    -#define is_signed_type(type)   (((type)(-1)) < (type)1)
>    +#define is_signed_type(type)   (((type)(-1)) < (__force type)1)
> 
> should work.
> 
> It looks a bit odd, because we only force one side.
> 
> But we only need to force one side, because the '-1' doesn't have any
> issues with bitwise types, the same way 0 doesn't.
> 
> So only '1' needs to be force-cast to avoid a warning about casting an
> integer to a bitwise type.
> 
> And since that -1 counts as an unrestricted value after a cast, now
> the ordered comparison doesn't warn either.
> 
> Now, admittedly I think sparse should also allow a forced cast of an
> unrestricted value to be unrestricted, so I think I should do this
> 
>   static int restricted_value(struct expression *v, struct symbol *type)
>   {
> -       if (v->type == EXPR_CAST)
> +       if (v->type == EXPR_CAST || v->type = EXPR_FORCE_CAST)
>                  v = v->cast_expression;
> 
> in sparse, but even without that the above "is_signed_type()" macro
> should make sparse happy (with that current tree of mine).
> 
> And since we don't now need to cast 0, gcc won't complain about that
> NULL pointer comparison.
> 
> Does that solve things for you?

Yes, thank you! No sparse warnings are triggered by the is_signed_type()
macro and the gcc warning about ordered comparison of a pointer with the
null pointer is gone.

The patch I came up with is available below. If nobody picks it up from
this email I will try to find an appropriate kernel maintainer to send
this kernel patch to.

Thanks,

Bart.


From: Bart Van Assche <bvanassche@....org>
Date: Tue, 23 Aug 2022 12:59:25 -0700
Subject: [PATCH] tracing: Define the is_signed_type() macro once

There are two definitions of the is_signed_type() macro: one in
<linux/overflow.h> and a second definition in <linux/trace_events.h>.

As suggested by Linus Torvalds, move the definition of the
is_signed_type() macro into the <linux/compiler.h> header file. Change
the definition of the is_signed_type() macro to make sure that it does
not trigger any sparse warnings with future versions of sparse for
bitwise types. See also:
https://lore.kernel.org/all/CAHk-=whjH6p+qzwUdx5SOVVHjS3WvzJQr6mDUwhEyTf6pJWzaQ@mail.gmail.com/
https://lore.kernel.org/all/CAHk-=wjQGnVfb4jehFR0XyZikdQvCZouE96xR_nnf5kqaM5qqQ@mail.gmail.com/

Cc: Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Steven Rostedt <rostedt@...dmis.org>
Cc: Kees Cook <keescook@...omium.org>
Signed-off-by: Bart Van Assche <bvanassche@....org>
---
  include/linux/compiler.h     | 6 ++++++
  include/linux/overflow.h     | 1 -
  include/linux/trace_events.h | 2 --
  3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 01ce94b58b42..7713d7bcdaea 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -239,6 +239,12 @@ static inline void *offset_to_ptr(const int *off)
  /* &a[0] degrades to a pointer: a different type from an array */
  #define __must_be_array(a)	BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))

+/*
+ * Whether 'type' is a signed type or an unsigned type. Supports scalar types,
+ * bool and also pointer types.
+ */
+#define is_signed_type(type) (((type)(-1)) < (__force type)1)
+
  /*
   * This is needed in functions which generate the stack canary, see
   * arch/x86/kernel/smpboot.c::start_secondary() for an example.
diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index f1221d11f8e5..0eb3b192f07a 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -30,7 +30,6 @@
   * https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html -
   * credit to Christian Biere.
   */
-#define is_signed_type(type)       (((type)(-1)) < (type)1)
  #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type)))
  #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
  #define type_min(T) ((T)((T)-type_max(T)-(T)1))
diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h
index b18759a673c6..8401dec93c15 100644
--- a/include/linux/trace_events.h
+++ b/include/linux/trace_events.h
@@ -814,8 +814,6 @@ extern int trace_add_event_call(struct trace_event_call *call);
  extern int trace_remove_event_call(struct trace_event_call *call);
  extern int trace_event_get_offsets(struct trace_event_call *call);

-#define is_signed_type(type)	(((type)(-1)) < (type)1)
-
  int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set);
  int trace_set_clr_event(const char *system, const char *event, int set);
  int trace_array_set_clr_event(struct trace_array *tr, const char *system,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ