| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251110214349.GC302594@ax162>
Date: Mon, 10 Nov 2025 14:43:49 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Mike Rapoport <rppt@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
"David Hildenbrand (Red Hat)" <david@...nel.org>,
Ankit Khushwaha <ankitkhushwaha.linux@...il.com>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>,
Suren Baghdasaryan <surenb@...gle.com>,
Michal Hocko <mhocko@...e.com>, Shuah Khan <shuah@...nel.org>,
linux-mm@...ck.org, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] selftest/mm: fix pointer comparison in mremap_test
On Sun, Nov 09, 2025 at 08:11:09PM +0100, Vlastimil Babka wrote:
> >> > >>> Pointer arthemitic with 'void * addr' and 'unsigned long long dest_alignment'
> >> > >>> triggers following warning:
> >> > >>>
> >> > >>> mremap_test.c:1035:31: warning: pointer comparison always evaluates to
> >> > >>> false [-Wtautological-compare]
> >> > >>> 1035 | if (addr + c.dest_alignment < addr) {
> >> > >>> | ^
> >> > >>>
> >> > >>> typecasting 'addr' to 'unsigned long long' to fix pointer comparison.
...
> >> I must say, applying this would be an unhappy life event.
> >>
> >> if (void* + ulong < void*)
> >>
> >> makes perfect sense in a world which permits void* arithmetic (ie,
> >> ours). So what the heck is clang doing??
>
> My (not very informed) guess would be something about undefined behavior
> because pointer arithmetic is strictly speaking only valid within an array,
> so void* + ulong is also still in the same array, and thus can't become
> smaller by an overflow, because overflow can't happen if we're still within
> the same valid array...
It is indeed due to undefined behavior but more so that without
-fwrapv-pointer (set via -fno-strict-overflow for the kernel build), the
addition of an unsigned index and a pointer cannot wrap. This warning is
a result of the following change in clang-20:
https://github.com/llvm/llvm-project/commit/6d34cfac53b993a6cdf3d6669e017eac3a2296c8
https://godbolt.org/z/hvMoPYb17
which I made sure respected the value of -fwrapv-pointer in
https://github.com/llvm/llvm-project/commit/f0dcf3240dffe3767c7f3a2e2da5b92ae9fd1bef
But it looks like the mm selftests do not build with
-fno-strict-overflow. Maybe it should?
> But I don't know if this strictness is only applied to the warning itself or
> to the actual compilation too (does it eliminate everything as dead code then?)
Yes, it would turn that
if (addr + c.dest_alignment < addr) {
into just
if (false) {
based on the above Godbolt link.
> >> If we do
> >>
> >> void *addr2 = addr + c.dest_alignment;
> >> if (addr2 < addr)
> >> ...
> >>
> >> then which statement warns, and why?
>
> As the answer was that nothing warns, I'd think it just isn't able to warn
> if it's no longer part of the same statement. Whether it also means it's not
> eliminated as dead code anymore, dunno.
Based on the above Godbolt link, it appears it will be optimized the
same way, just without the warning letting you know something is up.
Cheers,
Nathan
Powered by blists - more mailing lists