| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK7LNATmW6SfUkF4uZBLVCDUK9NRpWUrmenat1HsSkLHDNmVTQ@mail.gmail.com>
Date: Fri, 9 May 2025 22:04:23 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: Nathan Chancellor <nathan@...nel.org>
Cc: Nicolas Schier <nicolas.schier@...ux.dev>,
Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Bill Wendling <morbo@...gle.com>,
Justin Stitt <justinstitt@...gle.com>, Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, patches@...ts.linux.dev, stable@...r.kernel.org,
Linux Kernel Functional Testing <lkft@...aro.org>, Marcus Seyfarth <m.seyfarth@...il.com>
Subject: Re: [PATCH v2] kbuild: Disable -Wdefault-const-init-unsafe
On Wed, May 7, 2025 at 6:06 AM Nathan Chancellor <nathan@...nel.org> wrote:
>
> A new on by default warning in clang [1] aims to flags instances where
> const variables without static or thread local storage or const members
> in aggregate types are not initialized because it can lead to an
> indeterminate value. This is quite noisy for the kernel due to
> instances originating from header files such as:
>
> drivers/gpu/drm/i915/gt/intel_ring.h:62:2: error: default initialization of an object of type 'typeof (ring->size)' (aka 'const unsigned int') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
> 62 | typecheck(typeof(ring->size), next);
> | ^
> include/linux/typecheck.h:10:9: note: expanded from macro 'typecheck'
> 10 | ({ type __dummy; \
> | ^
>
> include/net/ip.h:478:14: error: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigned long') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
> 478 | if (mtu && time_before(jiffies, rt->dst.expires))
> | ^
> include/linux/jiffies.h:138:26: note: expanded from macro 'time_before'
> 138 | #define time_before(a,b) time_after(b,a)
> | ^
> include/linux/jiffies.h:128:3: note: expanded from macro 'time_after'
> 128 | (typecheck(unsigned long, a) && \
> | ^
> include/linux/typecheck.h:11:12: note: expanded from macro 'typecheck'
> 11 | typeof(x) __dummy2; \
> | ^
>
> include/linux/list.h:409:27: warning: default initialization of an object of type 'union (unnamed union at include/linux/list.h:409:27)' with const member leaves the object uninitialized [-Wdefault-const-init-field-unsafe]
> 409 | struct list_head *next = smp_load_acquire(&head->next);
> | ^
> include/asm-generic/barrier.h:176:29: note: expanded from macro 'smp_load_acquire'
> 176 | #define smp_load_acquire(p) __smp_load_acquire(p)
> | ^
> arch/arm64/include/asm/barrier.h:164:59: note: expanded from macro '__smp_load_acquire'
> 164 | union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u; \
> | ^
> include/linux/list.h:409:27: note: member '__val' declared 'const' here
>
> crypto/scatterwalk.c:66:22: error: default initialization of an object of type 'struct scatter_walk' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
> 66 | struct scatter_walk walk;
> | ^
> include/crypto/algapi.h:112:15: note: member 'addr' declared 'const' here
> 112 | void *const addr;
> | ^
>
> fs/hugetlbfs/inode.c:733:24: error: default initialization of an object of type 'struct vm_area_struct' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
> 733 | struct vm_area_struct pseudo_vma;
> | ^
> include/linux/mm_types.h:803:20: note: member 'vm_flags' declared 'const' here
> 803 | const vm_flags_t vm_flags;
> | ^
>
> Silencing the instances from typecheck.h is difficult because '= {}' is
> not available in older but supported compilers and '= {0}' would cause
> warnings about a literal 0 being treated as NULL. While it might be
> possible to come up with a local hack to silence the warning for
> clang-21+, it may not be worth it since -Wuninitialized will still
> trigger if an uninitialized const variable is actually used.
>
> In all audited cases of the "field" variant of the warning, the members
> are either not used in the particular call path, modified through other
> means such as memset() / memcpy() because the containing object is not
> const, or are within a union with other non-const members.
>
> Since this warning does not appear to have a high signal to noise ratio,
> just disable it.
>
> Cc: stable@...r.kernel.org
> Link: https://github.com/llvm/llvm-project/commit/576161cb6069e2c7656a8ef530727a0f4aefff30 [1]
> Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>
> Closes: https://lore.kernel.org/CA+G9fYuNjKcxFKS_MKPRuga32XbndkLGcY-PVuoSwzv6VWbY=w@mail.gmail.com/
> Reported-by: Marcus Seyfarth <m.seyfarth@...il.com>
> Closes: https://github.com/ClangBuiltLinux/linux/issues/2088
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> ---
> Changes in v2:
> - Disable -Wdefault-const-init-var-unsafe as well, as '= {}' does not
> work in typecheck() for all supported compilers and it may not be
> worth a local hack.
> - Link to v1: https://lore.kernel.org/r/20250501-default-const-init-clang-v1-0-3d2c6c185dbb@kernel.org
Applied to linux-kbuild.
Thanks.
I fixed up the conflict with the -Wdefault-const-init-field-unsafe patch.
Please check if it is correct.
--
Best Regards
Masahiro Yamada
Powered by blists - more mailing lists