lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXHyv1_56-CdX-egQTxnJn5ob15=TrfSOGmp+s019EfT2w@mail.gmail.com>
Date:   Tue, 21 Feb 2023 16:10:36 +0100
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Mark Rutland <mark.rutland@....com>
Cc:     Lin Yujun <linyujun809@...wei.com>, catalin.marinas@....com,
        will@...nel.org, broonie@...nel.org, kristina.martsenko@....com,
        james.morse@....com, maz@...nel.org, samitolvanen@...gle.com,
        andreyknvl@...il.com, masahiroy@...nel.org, joey.gouly@....com,
        anshuman.khandual@....com, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org, wanghai38@...wei.com
Subject: Re: [PATCH -next] arm64: Optimize the comparison of unsigned
 expressions to avoid compiling error

On Tue, 21 Feb 2023 at 11:37, Mark Rutland <mark.rutland@....com> wrote:
>
> On Tue, Feb 21, 2023 at 09:27:40AM +0800, Lin Yujun wrote:
> > while compile arch/arm64/include/asm/cpufeature.h with
> > -Werror=type-limits enabled, errors shown as below:
> >
> > ./arch/arm64/include/asm/cpufeature.h: In function 'system_supports_4kb_granule':
> > ./arch/arm64/include/asm/cpufeature.h:653:14: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits]
> >   return (val >= ID_AA64MMFR0_TGRAN4_SUPPORTED_MIN) &&
> >               ^~
> > ./arch/arm64/include/asm/cpufeature.h: In function 'system_supports_64kb_granule':
> > ./arch/arm64/include/asm/cpufeature.h:666:14: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits]
> >   return (val >= ID_AA64MMFR0_TGRAN64_SUPPORTED_MIN) &&
> >               ^~

The usefulness of this diagnostic is debatable even when the right
hand is a literal '0' but warning about symbolic constants like this
is actively evil.

In general, preprocessor #defined values can depend on Kconfig
settings or other build configuration switches, and this warning
encourages us to remove the expression altogether, which could mean
introducing a bug if the macro may assume values >0 in other
configurations.

Ergo, we must ignore -Wtype-limits until it is fixed, and can at least
distinguish literal 0 constants from ones instantiated by a CPP macro.


>
> When is the `-Werror=type-limits` flag enabled by the build system?
>
> We have patterns like this all over the kernel, and I don't think this is
> indicative of a real problem, and I don't think that we need to change code to
> make this warning disappear.
>
> > Modify the return judgment statement, use
> > "((val - min) < (val - max - 1))" to confirm that returns
> > true in “min <= val <= max” cases, false in other cases.
>
> That expression is far less clear than the existing code, so I do not think
> that is a good idea.
>
> > Fixes: 79d82cbcbb3d ("arm64/kexec: Test page size support with new TGRAN range values")
>
> What functional error does this fix?
>
> What configuration is broken?
>
> Thanks,
> Mark.
>
> > Signed-off-by: Lin Yujun <linyujun809@...wei.com>
> > ---
> >  arch/arm64/include/asm/cpufeature.h | 18 ++++++++++++------
> >  1 file changed, 12 insertions(+), 6 deletions(-)
> >
> > diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
> > index 03d1c9d7af82..0a6bda025141 100644
> > --- a/arch/arm64/include/asm/cpufeature.h
> > +++ b/arch/arm64/include/asm/cpufeature.h
> > @@ -54,6 +54,9 @@ enum ftr_type {
> >  #define FTR_VISIBLE_IF_IS_ENABLED(config)            \
> >       (IS_ENABLED(config) ? FTR_VISIBLE : FTR_HIDDEN)
> >
> > +#define IN_RANGE_INCLUSIVE(val, min, max)            \
> > +     (((val) - (min)) < ((val) - (max) - 1))
> > +
> >  struct arm64_ftr_bits {
> >       bool            sign;   /* Value is signed ? */
> >       bool            visible;
> > @@ -693,8 +696,9 @@ static inline bool system_supports_4kb_granule(void)
> >       val = cpuid_feature_extract_unsigned_field(mmfr0,
> >                                               ID_AA64MMFR0_EL1_TGRAN4_SHIFT);
> >
> > -     return (val >= ID_AA64MMFR0_EL1_TGRAN4_SUPPORTED_MIN) &&
> > -            (val <= ID_AA64MMFR0_EL1_TGRAN4_SUPPORTED_MAX);
> > +     return IN_RANGE_INCLUSIVE(val,
> > +             ID_AA64MMFR0_EL1_TGRAN4_SUPPORTED_MIN,
> > +             ID_AA64MMFR0_EL1_TGRAN4_SUPPORTED_MAX);
> >  }
> >
> >  static inline bool system_supports_64kb_granule(void)
> > @@ -706,8 +710,9 @@ static inline bool system_supports_64kb_granule(void)
> >       val = cpuid_feature_extract_unsigned_field(mmfr0,
> >                                               ID_AA64MMFR0_EL1_TGRAN64_SHIFT);
> >
> > -     return (val >= ID_AA64MMFR0_EL1_TGRAN64_SUPPORTED_MIN) &&
> > -            (val <= ID_AA64MMFR0_EL1_TGRAN64_SUPPORTED_MAX);
> > +     return IN_RANGE_INCLUSIVE(val,
> > +             ID_AA64MMFR0_EL1_TGRAN64_SUPPORTED_MIN,
> > +             ID_AA64MMFR0_EL1_TGRAN64_SUPPORTED_MAX);
> >  }
> >
> >  static inline bool system_supports_16kb_granule(void)
> > @@ -719,8 +724,9 @@ static inline bool system_supports_16kb_granule(void)
> >       val = cpuid_feature_extract_unsigned_field(mmfr0,
> >                                               ID_AA64MMFR0_EL1_TGRAN16_SHIFT);
> >
> > -     return (val >= ID_AA64MMFR0_EL1_TGRAN16_SUPPORTED_MIN) &&
> > -            (val <= ID_AA64MMFR0_EL1_TGRAN16_SUPPORTED_MAX);
> > +     return IN_RANGE_INCLUSIVE(val,
> > +             ID_AA64MMFR0_EL1_TGRAN16_SUPPORTED_MIN,
> > +             ID_AA64MMFR0_EL1_TGRAN16_SUPPORTED_MAX);
> >  }
> >
> >  static inline bool system_supports_mixed_endian_el0(void)
> > --
> > 2.34.1
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ