lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a0776e05c5074da2b8394926b2f787a2@AcuMS.aculab.com>
Date: Thu, 11 Apr 2024 10:27:23 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Adrian Hunter' <adrian.hunter@...el.com>, Arnd Bergmann <arnd@...db.de>
CC: Peter Zijlstra <peterz@...radead.org>, Dave Hansen
	<dave.hansen@...ux.intel.com>, John Stultz <jstultz@...gle.com>, "H. Peter
 Anvin" <hpa@...or.com>, Alexander Gordeev <agordeev@...ux.ibm.com>, "Vincenzo
 Frascino" <vincenzo.frascino@....com>, "linux-s390@...r.kernel.org"
	<linux-s390@...r.kernel.org>, Naresh Kamboju <naresh.kamboju@...aro.org>,
	"x86@...nel.org" <x86@...nel.org>, Aneesh Kumar K.V
	<aneesh.kumar@...nel.org>, Ingo Molnar <mingo@...hat.com>, "Naveen N. Rao"
	<naveen.n.rao@...ux.ibm.com>, Christian Borntraeger
	<borntraeger@...ux.ibm.com>, Vasily Gorbik <gor@...ux.ibm.com>, "Heiko
 Carstens" <hca@...ux.ibm.com>, Nicholas Piggin <npiggin@...il.com>, "Borislav
 Petkov" <bp@...en8.de>, Andy Lutomirski <luto@...nel.org>, Bjorn Helgaas
	<bhelgaas@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, "Anna-Maria
 Gleixner" <anna-maria@...utronix.de>, Stephen Boyd <sboyd@...nel.org>, "Randy
 Dunlap" <rdunlap@...radead.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, Sven Schnelle <svens@...ux.ibm.com>,
	"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>
Subject: RE: [PATCH] bug: Fix no-return-statement warning with !CONFIG_BUG

From: Adrian Hunter
> Sent: 11 April 2024 10:04
> 
> On 11/04/24 10:56, Arnd Bergmann wrote:
> > On Thu, Apr 11, 2024, at 09:16, Adrian Hunter wrote:
> >> On 11/04/24 10:04, Arnd Bergmann wrote:
> >>> On Wed, Apr 10, 2024, at 17:32, Adrian Hunter wrote:
> >>>> BUG() does not return, and arch implementations of BUG() use unreachable()
> >>>> or other non-returning code. However with !CONFIG_BUG, the default
> >>>> implementation is often used instead, and that does not do that. x86 always
> >>>> uses its own implementation, but powerpc with !CONFIG_BUG gives a build
> >>>> error:
> >>>>
> >>>>   kernel/time/timekeeping.c: In function ‘timekeeping_debug_get_ns’:
> >>>>   kernel/time/timekeeping.c:286:1: error: no return statement in function
> >>>>   returning non-void [-Werror=return-type]
> >>>>
> >>>> Add unreachable() to default !CONFIG_BUG BUG() implementation.
> >>>
> >>> I'm a bit worried about this patch, since we have had problems
> >>> with unreachable() inside of BUG() in the past, and as far as I
> >>> can remember, the current version was the only one that
> >>> actually did the right thing on all compilers.
> >>>
> >>> One problem with an unreachable() annotation here is that if
> >>> a compiler misanalyses the endless loop, it can decide to
> >>> throw out the entire code path leading up to it and just
> >>> run into undefined behavior instead of printing a BUG()
> >>> message.
> >>>
> >>> Do you know which compiler version show the warning above?
> >>
> >> Original report has a list
> >>
> >
> > It looks like it's all versions of gcc, though no versions
> > of clang show the warnings. I did a few more tests and could
> > not find any differences on actual code generation, but
> > I'd still feel more comfortable changing the caller than
> > the BUG() macro. It's trivial to add a 'return 0' there.
> 
> AFAICT every implementation of BUG() except this one has
> unreachable() or equivalent, so that inconsistency seems
> wrong.
> 
> Could add 'return 0', but I do notice other cases
> where a function does not have a return value, such as
> cpus_have_final_boot_cap(), so there is already an expectation
> that that is OK.

Isn't that likely to generate an 'unreachable code' warning?
I any case the compiler can generate better code for the non-BUG()
path if it knows BUG() doesn't return.
(And confuse stack back-trace code in the process.)

> 
> > Another interesting observation is that clang-11 and earlier
> > versions end up skipping the endless loop, both with and
> > without the __builtin_unreachable, see
> > https://godbolt.org/z/aqa9zqz8x
> 
> Adding volatile asm("") to the loop would probably fix that,
> but it seems like a separate issue.

I'd guess barrier() would be better.
It might be needed before the loopstop for other reasons.
The compiler might be just moving code below the loop and then
discarding it as unreachable.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ