| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f3939490-0f55-410f-81fe-0e9f03874546@roeck-us.net>
Date: Sat, 18 Jan 2025 14:58:48 -0800
From: Guenter Roeck <linux@...ck-us.net>
To: David Laight <david.laight.linux@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: David Laight <David.Laight@...lab.com>, Arnd Bergmann <arnd@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Jens Axboe <axboe@...nel.dk>, Matthew Wilcox <willy@...radead.org>,
Christoph Hellwig <hch@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Dan Carpenter <dan.carpenter@...aro.org>,
"Jason A . Donenfeld" <Jason@...c4.com>,
"pedro.falcato@...il.com" <pedro.falcato@...il.com>,
Mateusz Guzik <mjguzik@...il.com>, "linux-mm@...ck.org"
<linux-mm@...ck.org>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
intel-xe@...ts.freedesktop.org, intel-gfx@...ts.freedesktop.org,
David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
Jani Nikula <jani.nikula@...ux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@...el.com>
Subject: Re: Buiild error in i915/xe
On 1/18/25 14:11, David Laight wrote:
> On Sat, 18 Jan 2025 13:21:39 -0800
> Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>
>> On Sat, 18 Jan 2025 at 09:49, Guenter Roeck <linux@...ck-us.net> wrote:
>>>
>>> No idea why the compiler would know that the values are invalid.
>>
>> It's not that the compiler knows tat they are invalid, but I bet what
>> happens is in scale() (and possibly other places that do similar
>> checks), which does this:
>>
>> WARN_ON(source_min > source_max);
>> ...
>> source_val = clamp(source_val, source_min, source_max);
>>
>> and the compiler notices that the ordering comparison in the first
>> WARN_ON() is the same as the one in clamp(), so it basically converts
>> the logic to
>>
>> if (source_min > source_max) {
>> WARN(..);
>> /* Do the clamp() knowing that source_min > source_max */
>> source_val = clamp(source_val, source_min, source_max);
>> } else {
>> /* Do the clamp knowing that source_min <= source_max */
>> source_val = clamp(source_val, source_min, source_max);
>> }
>>
>> (obviously I dropped the other WARN_ON in the conversion, it wasn't
>> relevant for this case).
>>
>> And now that first clamp() case is done with source_min > source_max,
>> and it triggers that build error because that's invalid.
>>
>> So the condition is not statically true in the *source* code, but in
>> the "I have moved code around to combine tests" case it now *is*
>> statically true as far as the compiler is concerned.
>
> Well spotted :-)
>
> One option would be to move the WARN_ON() below the clamp() and
> add an OPTIMISER_HIDE_VAR(source_max) between them.
>
> Or do something more sensible than the WARN().
> Perhaps return target_min on any such errors?
>
This helps:
- WARN_ON(source_min > source_max);
- WARN_ON(target_min > target_max);
-
/* defensive */
source_val = clamp(source_val, source_min, source_max);
+ WARN_ON(source_min > source_max);
+ WARN_ON(target_min > target_max);
Guenter
Powered by blists - more mailing lists