lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK7LNATmW6SfUkF4uZBLVCDUK9NRpWUrmenat1HsSkLHDNmVTQ@mail.gmail.com>
Date: Fri, 9 May 2025 22:04:23 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: Nathan Chancellor <nathan@...nel.org>
Cc: Nicolas Schier <nicolas.schier@...ux.dev>, 
	Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Bill Wendling <morbo@...gle.com>, 
	Justin Stitt <justinstitt@...gle.com>, Linus Torvalds <torvalds@...ux-foundation.org>, 
	linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, 
	llvm@...ts.linux.dev, patches@...ts.linux.dev, stable@...r.kernel.org, 
	Linux Kernel Functional Testing <lkft@...aro.org>, Marcus Seyfarth <m.seyfarth@...il.com>
Subject: Re: [PATCH v2] kbuild: Disable -Wdefault-const-init-unsafe

On Wed, May 7, 2025 at 6:06 AM Nathan Chancellor <nathan@...nel.org> wrote:
>
> A new on by default warning in clang [1] aims to flags instances where
> const variables without static or thread local storage or const members
> in aggregate types are not initialized because it can lead to an
> indeterminate value. This is quite noisy for the kernel due to
> instances originating from header files such as:
>
>   drivers/gpu/drm/i915/gt/intel_ring.h:62:2: error: default initialization of an object of type 'typeof (ring->size)' (aka 'const unsigned int') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
>      62 |         typecheck(typeof(ring->size), next);
>         |         ^
>   include/linux/typecheck.h:10:9: note: expanded from macro 'typecheck'
>      10 | ({      type __dummy; \
>         |              ^
>
>   include/net/ip.h:478:14: error: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigned long') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
>     478 |                 if (mtu && time_before(jiffies, rt->dst.expires))
>         |                            ^
>   include/linux/jiffies.h:138:26: note: expanded from macro 'time_before'
>     138 | #define time_before(a,b)        time_after(b,a)
>         |                                 ^
>   include/linux/jiffies.h:128:3: note: expanded from macro 'time_after'
>     128 |         (typecheck(unsigned long, a) && \
>         |          ^
>   include/linux/typecheck.h:11:12: note: expanded from macro 'typecheck'
>      11 |         typeof(x) __dummy2; \
>         |                   ^
>
>   include/linux/list.h:409:27: warning: default initialization of an object of type 'union (unnamed union at include/linux/list.h:409:27)' with const member leaves the object uninitialized [-Wdefault-const-init-field-unsafe]
>     409 |         struct list_head *next = smp_load_acquire(&head->next);
>         |                                  ^
>   include/asm-generic/barrier.h:176:29: note: expanded from macro 'smp_load_acquire'
>     176 | #define smp_load_acquire(p) __smp_load_acquire(p)
>         |                             ^
>   arch/arm64/include/asm/barrier.h:164:59: note: expanded from macro '__smp_load_acquire'
>     164 |         union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u;   \
>         |                                                                  ^
>   include/linux/list.h:409:27: note: member '__val' declared 'const' here
>
>   crypto/scatterwalk.c:66:22: error: default initialization of an object of type 'struct scatter_walk' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
>      66 |         struct scatter_walk walk;
>         |                             ^
>   include/crypto/algapi.h:112:15: note: member 'addr' declared 'const' here
>     112 |                 void *const addr;
>         |                             ^
>
>   fs/hugetlbfs/inode.c:733:24: error: default initialization of an object of type 'struct vm_area_struct' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
>     733 |         struct vm_area_struct pseudo_vma;
>         |                               ^
>   include/linux/mm_types.h:803:20: note: member 'vm_flags' declared 'const' here
>     803 |                 const vm_flags_t vm_flags;
>         |                                  ^
>
> Silencing the instances from typecheck.h is difficult because '= {}' is
> not available in older but supported compilers and '= {0}' would cause
> warnings about a literal 0 being treated as NULL. While it might be
> possible to come up with a local hack to silence the warning for
> clang-21+, it may not be worth it since -Wuninitialized will still
> trigger if an uninitialized const variable is actually used.
>
> In all audited cases of the "field" variant of the warning, the members
> are either not used in the particular call path, modified through other
> means such as memset() / memcpy() because the containing object is not
> const, or are within a union with other non-const members.
>
> Since this warning does not appear to have a high signal to noise ratio,
> just disable it.
>
> Cc: stable@...r.kernel.org
> Link: https://github.com/llvm/llvm-project/commit/576161cb6069e2c7656a8ef530727a0f4aefff30 [1]
> Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>
> Closes: https://lore.kernel.org/CA+G9fYuNjKcxFKS_MKPRuga32XbndkLGcY-PVuoSwzv6VWbY=w@mail.gmail.com/
> Reported-by: Marcus Seyfarth <m.seyfarth@...il.com>
> Closes: https://github.com/ClangBuiltLinux/linux/issues/2088
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> ---
> Changes in v2:
> - Disable -Wdefault-const-init-var-unsafe as well, as '= {}' does not
>   work in typecheck() for all supported compilers and it may not be
>   worth a local hack.
> - Link to v1: https://lore.kernel.org/r/20250501-default-const-init-clang-v1-0-3d2c6c185dbb@kernel.org



Applied to linux-kbuild.
Thanks.

I fixed up the conflict with the -Wdefault-const-init-field-unsafe patch.

Please check if it is correct.


-- 
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ