[PATCH] err.h: add type checking to IS_ERR_VALUE macro

[PATCH] err.h: add type checking to IS_ERR_VALUE macro

[Andrzej Hajda]

IS_ERR_VALUE used with some common types can work not as expected.
The problem affects all unsigned types shorter than ulong and
signed types longer than ulong.
The patch add compile time checker which reports bug in case wrong type
is passed to the macro. Type checking is performed by testing if value
of -MAX_ERRNO differes if casted to argument type and to ulong.

Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
---
Hi,

Current implementation of IS_ERR_VALUE does not check type of its arguments.
It can result in subtle bugs in the code, especially when compiled for 64bit
architectures.
The patch tries to solve it by adding error checking. Another solution is
to change semantic of the macro, for example:

if (typeof(x) is signed)
	return x < 0;
else
	return x >= ((typeof(x))-MAX_ERRNO;

For me the latter is more natural, but changes semantic. I can prepare
patch if it is preferable.
I suppose "typeof(x) is signed" can be implemented by:
(typeof(x))(-1) < 0
and 'if' clause can be replaced by __builtin_choose_expr.

Finally simplified SmPL patch to find all occurences of suspected code:

virtual context

@@
typedef bool, u8, u16, u32, s64;
{unsigned char, unsigned short, unsigned int, long long, bool, u8, u16, u32, s64} e;
position p;
@@
* IS_ERR_VALUE(e@p)

It detected about 20 suspects.

Regards
Andrzej
---
 include/linux/err.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/linux/err.h b/include/linux/err.h
index 56762ab..5cdf849 100644
--- a/include/linux/err.h
+++ b/include/linux/err.h
@@ -1,6 +1,7 @@
 #ifndef _LINUX_ERR_H
 #define _LINUX_ERR_H
 
+#include <linux/bug.h>
 #include <linux/compiler.h>
 #include <linux/types.h>
 
@@ -18,7 +19,11 @@
 
 #ifndef __ASSEMBLY__
 
-#define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)
+#define IS_ERR_VALUE(x) \
+({ \
+    BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
+    unlikely((x) >= (unsigned long)-MAX_ERRNO);\
+})
 
 static inline void * __must_check ERR_PTR(long error)
 {
-- 
1.9.1

Re: [PATCH] err.h: add type checking to IS_ERR_VALUE macro

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 10908 bytes --]

Hi Andrzej,

[auto build test ERROR on v4.4-rc5]
[also build test ERROR on next-20151217]

url:    https://github.com/0day-ci/linux/commits/Andrzej-Hajda/err-h-add-type-checking-to-IS_ERR_VALUE-macro/20151218-185839
config: i386-tinyconfig (attached as .config)
reproduce:
        # save the attached .config to linux build tree
        make ARCH=i386 

All errors (new ones prefixed by >>):

   include/linux/bug.h: Assembler messages:
>> include/linux/bug.h:7: Error: no such instruction: `enum bug_trap_type {'
>> include/linux/bug.h:8: Error: junk at end of line, first unrecognized character is `,'
   include/linux/bug.h:9: Error: junk at end of line, first unrecognized character is `,'
   include/linux/bug.h:10: Error: junk at end of line, first unrecognized character is `,'
   include/linux/bug.h:11: Error: junk at end of line, first unrecognized character is `}'
>> include/linux/bug.h:13: Error: no such instruction: `struct pt_regs'
>> include/linux/bug.h:105: Error: no such instruction: `static inline enum bug_trap_type report_bug(unsigned long bug_addr,'
>> include/linux/bug.h:106: Error: no such instruction: `struct pt_regs *regs)'
   include/linux/bug.h:107: Error: junk at end of line, first unrecognized character is `{'
>> include/linux/bug.h:108: Error: no such instruction: `return BUG_TRAP_TYPE_BUG'
   include/linux/bug.h:109: Error: junk at end of line, first unrecognized character is `}'

vim +7 include/linux/bug.h

7664c5a1d Jeremy Fitzhardinge   2006-12-08    1  #ifndef _LINUX_BUG_H
7664c5a1d Jeremy Fitzhardinge   2006-12-08    2  #define _LINUX_BUG_H
7664c5a1d Jeremy Fitzhardinge   2006-12-08    3  
7664c5a1d Jeremy Fitzhardinge   2006-12-08    4  #include <asm/bug.h>
a3ccc497c Daniel Santos         2013-02-21    5  #include <linux/compiler.h>
7664c5a1d Jeremy Fitzhardinge   2006-12-08    6  
7664c5a1d Jeremy Fitzhardinge   2006-12-08   @7  enum bug_trap_type {
7664c5a1d Jeremy Fitzhardinge   2006-12-08   @8  	BUG_TRAP_TYPE_NONE = 0,
7664c5a1d Jeremy Fitzhardinge   2006-12-08    9  	BUG_TRAP_TYPE_WARN = 1,
7664c5a1d Jeremy Fitzhardinge   2006-12-08   10  	BUG_TRAP_TYPE_BUG = 2,
7664c5a1d Jeremy Fitzhardinge   2006-12-08   11  };
7664c5a1d Jeremy Fitzhardinge   2006-12-08   12  
608e26196 Heiko Carstens        2007-07-15  @13  struct pt_regs;
608e26196 Heiko Carstens        2007-07-15   14  
35edd9103 Paul Gortmaker        2011-11-16   15  #ifdef __CHECKER__
ca623c914 Daniel Santos         2013-02-21   16  #define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
35edd9103 Paul Gortmaker        2011-11-16   17  #define BUILD_BUG_ON_ZERO(e) (0)
35edd9103 Paul Gortmaker        2011-11-16   18  #define BUILD_BUG_ON_NULL(e) ((void*)0)
c5782e9f5 Tushar Behera         2012-11-26   19  #define BUILD_BUG_ON_INVALID(e) (0)
9a8ab1c39 Daniel Santos         2013-02-21   20  #define BUILD_BUG_ON_MSG(cond, msg) (0)
ca623c914 Daniel Santos         2013-02-21   21  #define BUILD_BUG_ON(condition) (0)
35edd9103 Paul Gortmaker        2011-11-16   22  #define BUILD_BUG() (0)
35edd9103 Paul Gortmaker        2011-11-16   23  #else /* __CHECKER__ */
35edd9103 Paul Gortmaker        2011-11-16   24  
35edd9103 Paul Gortmaker        2011-11-16   25  /* Force a compilation error if a constant expression is not a power of 2 */
35edd9103 Paul Gortmaker        2011-11-16   26  #define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
35edd9103 Paul Gortmaker        2011-11-16   27  	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
35edd9103 Paul Gortmaker        2011-11-16   28  
35edd9103 Paul Gortmaker        2011-11-16   29  /* Force a compilation error if condition is true, but also produce a
35edd9103 Paul Gortmaker        2011-11-16   30     result (of value 0 and type size_t), so the expression can be used
35edd9103 Paul Gortmaker        2011-11-16   31     e.g. in a structure initializer (or where-ever else comma expressions
35edd9103 Paul Gortmaker        2011-11-16   32     aren't permitted). */
35edd9103 Paul Gortmaker        2011-11-16   33  #define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
35edd9103 Paul Gortmaker        2011-11-16   34  #define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
35edd9103 Paul Gortmaker        2011-11-16   35  
baf05aa92 Konstantin Khlebnikov 2012-05-29   36  /*
baf05aa92 Konstantin Khlebnikov 2012-05-29   37   * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
baf05aa92 Konstantin Khlebnikov 2012-05-29   38   * expression but avoids the generation of any code, even if that expression
baf05aa92 Konstantin Khlebnikov 2012-05-29   39   * has side-effects.
baf05aa92 Konstantin Khlebnikov 2012-05-29   40   */
baf05aa92 Konstantin Khlebnikov 2012-05-29   41  #define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
baf05aa92 Konstantin Khlebnikov 2012-05-29   42  
35edd9103 Paul Gortmaker        2011-11-16   43  /**
9a8ab1c39 Daniel Santos         2013-02-21   44   * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
9a8ab1c39 Daniel Santos         2013-02-21   45   *		      error message.
9a8ab1c39 Daniel Santos         2013-02-21   46   * @condition: the condition which the compiler should know is false.
9a8ab1c39 Daniel Santos         2013-02-21   47   *
9a8ab1c39 Daniel Santos         2013-02-21   48   * See BUILD_BUG_ON for description.
9a8ab1c39 Daniel Santos         2013-02-21   49   */
9a8ab1c39 Daniel Santos         2013-02-21   50  #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
9a8ab1c39 Daniel Santos         2013-02-21   51  
9a8ab1c39 Daniel Santos         2013-02-21   52  /**
35edd9103 Paul Gortmaker        2011-11-16   53   * BUILD_BUG_ON - break compile if a condition is true.
35edd9103 Paul Gortmaker        2011-11-16   54   * @condition: the condition which the compiler should know is false.
35edd9103 Paul Gortmaker        2011-11-16   55   *
35edd9103 Paul Gortmaker        2011-11-16   56   * If you have some code which relies on certain constants being equal, or
a3ccc497c Daniel Santos         2013-02-21   57   * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
35edd9103 Paul Gortmaker        2011-11-16   58   * detect if someone changes it.
35edd9103 Paul Gortmaker        2011-11-16   59   *
a3ccc497c Daniel Santos         2013-02-21   60   * The implementation uses gcc's reluctance to create a negative array, but gcc
a3ccc497c Daniel Santos         2013-02-21   61   * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
a3ccc497c Daniel Santos         2013-02-21   62   * inline functions).  Luckily, in 4.3 they added the "error" function
a3ccc497c Daniel Santos         2013-02-21   63   * attribute just for this type of case.  Thus, we use a negative sized array
a3ccc497c Daniel Santos         2013-02-21   64   * (should always create an error on gcc versions older than 4.4) and then call
a3ccc497c Daniel Santos         2013-02-21   65   * an undefined function with the error attribute (should always create an
a3ccc497c Daniel Santos         2013-02-21   66   * error on gcc 4.3 and later).  If for some reason, neither creates a
a3ccc497c Daniel Santos         2013-02-21   67   * compile-time error, we'll still have a link-time error, which is harder to
a3ccc497c Daniel Santos         2013-02-21   68   * track down.
35edd9103 Paul Gortmaker        2011-11-16   69   */
35edd9103 Paul Gortmaker        2011-11-16   70  #ifndef __OPTIMIZE__
35edd9103 Paul Gortmaker        2011-11-16   71  #define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
35edd9103 Paul Gortmaker        2011-11-16   72  #else
35edd9103 Paul Gortmaker        2011-11-16   73  #define BUILD_BUG_ON(condition) \
9a8ab1c39 Daniel Santos         2013-02-21   74  	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
35edd9103 Paul Gortmaker        2011-11-16   75  #endif
35edd9103 Paul Gortmaker        2011-11-16   76  
35edd9103 Paul Gortmaker        2011-11-16   77  /**
35edd9103 Paul Gortmaker        2011-11-16   78   * BUILD_BUG - break compile if used.
35edd9103 Paul Gortmaker        2011-11-16   79   *
35edd9103 Paul Gortmaker        2011-11-16   80   * If you have some code that you expect the compiler to eliminate at
35edd9103 Paul Gortmaker        2011-11-16   81   * build time, you should use BUILD_BUG to detect if it is
35edd9103 Paul Gortmaker        2011-11-16   82   * unexpectedly used.
35edd9103 Paul Gortmaker        2011-11-16   83   */
9a8ab1c39 Daniel Santos         2013-02-21   84  #define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
35edd9103 Paul Gortmaker        2011-11-16   85  
35edd9103 Paul Gortmaker        2011-11-16   86  #endif	/* __CHECKER__ */
35edd9103 Paul Gortmaker        2011-11-16   87  
7664c5a1d Jeremy Fitzhardinge   2006-12-08   88  #ifdef CONFIG_GENERIC_BUG
7664c5a1d Jeremy Fitzhardinge   2006-12-08   89  #include <asm-generic/bug.h>
7664c5a1d Jeremy Fitzhardinge   2006-12-08   90  
7664c5a1d Jeremy Fitzhardinge   2006-12-08   91  static inline int is_warning_bug(const struct bug_entry *bug)
7664c5a1d Jeremy Fitzhardinge   2006-12-08   92  {
7664c5a1d Jeremy Fitzhardinge   2006-12-08   93  	return bug->flags & BUGFLAG_WARNING;
7664c5a1d Jeremy Fitzhardinge   2006-12-08   94  }
7664c5a1d Jeremy Fitzhardinge   2006-12-08   95  
7664c5a1d Jeremy Fitzhardinge   2006-12-08   96  const struct bug_entry *find_bug(unsigned long bugaddr);
7664c5a1d Jeremy Fitzhardinge   2006-12-08   97  
608e26196 Heiko Carstens        2007-07-15   98  enum bug_trap_type report_bug(unsigned long bug_addr, struct pt_regs *regs);
7664c5a1d Jeremy Fitzhardinge   2006-12-08   99  
7664c5a1d Jeremy Fitzhardinge   2006-12-08  100  /* These are defined by the architecture */
7664c5a1d Jeremy Fitzhardinge   2006-12-08  101  int is_valid_bugaddr(unsigned long addr);
7664c5a1d Jeremy Fitzhardinge   2006-12-08  102  
7664c5a1d Jeremy Fitzhardinge   2006-12-08  103  #else	/* !CONFIG_GENERIC_BUG */
7664c5a1d Jeremy Fitzhardinge   2006-12-08  104  
608e26196 Heiko Carstens        2007-07-15 @105  static inline enum bug_trap_type report_bug(unsigned long bug_addr,
608e26196 Heiko Carstens        2007-07-15 @106  					    struct pt_regs *regs)
7664c5a1d Jeremy Fitzhardinge   2006-12-08  107  {
7664c5a1d Jeremy Fitzhardinge   2006-12-08 @108  	return BUG_TRAP_TYPE_BUG;
7664c5a1d Jeremy Fitzhardinge   2006-12-08  109  }
7664c5a1d Jeremy Fitzhardinge   2006-12-08  110  
7664c5a1d Jeremy Fitzhardinge   2006-12-08  111  #endif	/* CONFIG_GENERIC_BUG */

:::::: The code at line 7 was first introduced by commit
:::::: 7664c5a1da4711bb6383117f51b94c8dc8f3f1cd [PATCH] Generic BUG implementation

:::::: TO: Jeremy Fitzhardinge <jeremy@goop.org>
:::::: CC: Linus Torvalds <torvalds@woody.osdl.org>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 6098 bytes --]

Re: [PATCH] err.h: add type checking to IS_ERR_VALUE macro

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 7132 bytes --]

Hi Andrzej,

[auto build test WARNING on v4.4-rc5]
[also build test WARNING on next-20151217]

url:    https://github.com/0day-ci/linux/commits/Andrzej-Hajda/err-h-add-type-checking-to-IS_ERR_VALUE-macro/20151218-185839
config: m68k-sun3_defconfig (attached as .config)
reproduce:
        wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=m68k 

All warnings (new ones prefixed by >>):

   In file included from include/uapi/linux/stddef.h:1:0,
                    from include/linux/stddef.h:4,
                    from include/uapi/linux/posix_types.h:4,
                    from include/uapi/linux/types.h:13,
                    from include/linux/types.h:5,
                    from include/uapi/linux/sysinfo.h:4,
                    from include/uapi/linux/kernel.h:4,
                    from include/linux/cache.h:4,
                    from net/ipv4/netfilter/ip_tables.c:13:
   In function 'find_check_entry.isra.12',
       inlined from 'translate_table' at net/ipv4/netfilter/ip_tables.c:868:7:
   include/linux/compiler.h:484:38: error: call to '__compiletime_assert_674' declared with attribute error: Invalid IS_ERR_VALUE argument type
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:467:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^
   include/linux/compiler.h:484:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^
   include/linux/bug.h:50:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^
   include/linux/err.h:24:5: note: in expansion of macro 'BUILD_BUG_ON_MSG'
        BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
        ^
>> net/ipv4/netfilter/ip_tables.c:674:6: note: in expansion of macro 'IS_ERR_VALUE'
     if (IS_ERR_VALUE(e->counters.pcnt))
         ^
--
   In file included from include/linux/linkage.h:4:0,
                    from include/linux/kernel.h:6,
                    from net/ipv4/netfilter/arp_tables.c:13:
   In function 'find_check_entry.isra.14',
       inlined from 'translate_table' at net/ipv4/netfilter/arp_tables.c:702:7:
   include/linux/compiler.h:484:38: error: call to '__compiletime_assert_530' declared with attribute error: Invalid IS_ERR_VALUE argument type
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:467:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^
   include/linux/compiler.h:484:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^
   include/linux/bug.h:50:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^
   include/linux/err.h:24:5: note: in expansion of macro 'BUILD_BUG_ON_MSG'
        BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
        ^
>> net/ipv4/netfilter/arp_tables.c:530:6: note: in expansion of macro 'IS_ERR_VALUE'
     if (IS_ERR_VALUE(e->counters.pcnt))
         ^
--
   In file included from include/linux/linkage.h:4:0,
                    from include/linux/kernel.h:6,
                    from net/ipv6/netfilter/ip6_tables.c:15:
   In function 'find_check_entry.isra.12',
       inlined from 'translate_table' at net/ipv6/netfilter/ip6_tables.c:880:7:
   include/linux/compiler.h:484:38: error: call to '__compiletime_assert_687' declared with attribute error: Invalid IS_ERR_VALUE argument type
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:467:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^
   include/linux/compiler.h:484:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^
   include/linux/bug.h:50:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^
   include/linux/err.h:24:5: note: in expansion of macro 'BUILD_BUG_ON_MSG'
        BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
        ^
>> net/ipv6/netfilter/ip6_tables.c:687:6: note: in expansion of macro 'IS_ERR_VALUE'
     if (IS_ERR_VALUE(e->counters.pcnt))
         ^

vim +/IS_ERR_VALUE +674 net/ipv4/netfilter/ip_tables.c

022748a9 Denys Vlasenko   2008-01-14  658  static int
a83d8e8d Alexey Dobriyan  2010-01-18  659  find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
0559518b Jan Engelhardt   2010-02-24  660  		 unsigned int size)
^1da177e Linus Torvalds   2005-04-16  661  {
87a2e70d Jan Engelhardt   2010-10-13  662  	struct xt_entry_target *t;
6709dbbb Jan Engelhardt   2007-02-07  663  	struct xt_target *target;
^1da177e Linus Torvalds   2005-04-16  664  	int ret;
^1da177e Linus Torvalds   2005-04-16  665  	unsigned int j;
9b4fce7a Jan Engelhardt   2008-10-08  666  	struct xt_mtchk_param mtpar;
dcea992a Jan Engelhardt   2010-02-24  667  	struct xt_entry_match *ematch;
^1da177e Linus Torvalds   2005-04-16  668  
a96be246 Dmitry Mishin    2006-12-12  669  	ret = check_entry(e, name);
a96be246 Dmitry Mishin    2006-12-12  670  	if (ret)
a96be246 Dmitry Mishin    2006-12-12  671  		return ret;
590bdf7f Dmitry Mishin    2006-10-30  672  
71ae0dff Florian Westphal 2015-06-11  673  	e->counters.pcnt = xt_percpu_counter_alloc();
71ae0dff Florian Westphal 2015-06-11 @674  	if (IS_ERR_VALUE(e->counters.pcnt))
71ae0dff Florian Westphal 2015-06-11  675  		return -ENOMEM;
71ae0dff Florian Westphal 2015-06-11  676  
^1da177e Linus Torvalds   2005-04-16  677  	j = 0;
a83d8e8d Alexey Dobriyan  2010-01-18  678  	mtpar.net	= net;
9b4fce7a Jan Engelhardt   2008-10-08  679  	mtpar.table     = name;
9b4fce7a Jan Engelhardt   2008-10-08  680  	mtpar.entryinfo = &e->ip;
9b4fce7a Jan Engelhardt   2008-10-08  681  	mtpar.hook_mask = e->comefrom;
916a917d Jan Engelhardt   2008-10-08  682  	mtpar.family    = NFPROTO_IPV4;

:::::: The code at line 674 was first introduced by commit
:::::: 71ae0dff02d756e4d2ca710b79f2ff5390029a5f netfilter: xtables: use percpu rule counters

:::::: TO: Florian Westphal <fw@strlen.de>
:::::: CC: Pablo Neira Ayuso <pablo@netfilter.org>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 11067 bytes --]

Re: [PATCH] err.h: add type checking to IS_ERR_VALUE macro

[Andrzej Hajda]

Hi kbuild test robot,

Thanks for tests :)

Log below shows there are IS_ERR_VALUE usage bugs present in the kernel,
which SmPL patch did not detected.
These bugs should be fixed before accepting current version of my patch.
If alternative version will be chosen, 'bugs' should become valid code.

Regards
Andrzej

On 12/18/2015 12:22 PM, kbuild test robot wrote:
> Hi Andrzej,
>
> [auto build test WARNING on v4.4-rc5]
> [also build test WARNING on next-20151217]
>
> url:    https://github.com/0day-ci/linux/commits/Andrzej-Hajda/err-h-add-type-checking-to-IS_ERR_VALUE-macro/20151218-185839
> config: m68k-sun3_defconfig (attached as .config)
> reproduce:
>         wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # save the attached .config to linux build tree
>         make.cross ARCH=m68k 
>
> All warnings (new ones prefixed by >>):
>
>    In file included from include/uapi/linux/stddef.h:1:0,
>                     from include/linux/stddef.h:4,
>                     from include/uapi/linux/posix_types.h:4,
>                     from include/uapi/linux/types.h:13,
>                     from include/linux/types.h:5,
>                     from include/uapi/linux/sysinfo.h:4,
>                     from include/uapi/linux/kernel.h:4,
>                     from include/linux/cache.h:4,
>                     from net/ipv4/netfilter/ip_tables.c:13:
>    In function 'find_check_entry.isra.12',
>        inlined from 'translate_table' at net/ipv4/netfilter/ip_tables.c:868:7:
>    include/linux/compiler.h:484:38: error: call to '__compiletime_assert_674' declared with attribute error: Invalid IS_ERR_VALUE argument type
>      _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>                                          ^
>    include/linux/compiler.h:467:4: note: in definition of macro '__compiletime_assert'
>        prefix ## suffix();    \
>        ^
>    include/linux/compiler.h:484:2: note: in expansion of macro '_compiletime_assert'
>      _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>      ^
>    include/linux/bug.h:50:37: note: in expansion of macro 'compiletime_assert'
>     #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
>                                         ^
>    include/linux/err.h:24:5: note: in expansion of macro 'BUILD_BUG_ON_MSG'
>         BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
>         ^
>>> net/ipv4/netfilter/ip_tables.c:674:6: note: in expansion of macro 'IS_ERR_VALUE'
>      if (IS_ERR_VALUE(e->counters.pcnt))
>          ^
> --
>    In file included from include/linux/linkage.h:4:0,
>                     from include/linux/kernel.h:6,
>                     from net/ipv4/netfilter/arp_tables.c:13:
>    In function 'find_check_entry.isra.14',
>        inlined from 'translate_table' at net/ipv4/netfilter/arp_tables.c:702:7:
>    include/linux/compiler.h:484:38: error: call to '__compiletime_assert_530' declared with attribute error: Invalid IS_ERR_VALUE argument type
>      _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>                                          ^
>    include/linux/compiler.h:467:4: note: in definition of macro '__compiletime_assert'
>        prefix ## suffix();    \
>        ^
>    include/linux/compiler.h:484:2: note: in expansion of macro '_compiletime_assert'
>      _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>      ^
>    include/linux/bug.h:50:37: note: in expansion of macro 'compiletime_assert'
>     #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
>                                         ^
>    include/linux/err.h:24:5: note: in expansion of macro 'BUILD_BUG_ON_MSG'
>         BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
>         ^
>>> net/ipv4/netfilter/arp_tables.c:530:6: note: in expansion of macro 'IS_ERR_VALUE'
>      if (IS_ERR_VALUE(e->counters.pcnt))
>          ^
> --
>    In file included from include/linux/linkage.h:4:0,
>                     from include/linux/kernel.h:6,
>                     from net/ipv6/netfilter/ip6_tables.c:15:
>    In function 'find_check_entry.isra.12',
>        inlined from 'translate_table' at net/ipv6/netfilter/ip6_tables.c:880:7:
>    include/linux/compiler.h:484:38: error: call to '__compiletime_assert_687' declared with attribute error: Invalid IS_ERR_VALUE argument type
>      _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>                                          ^
>    include/linux/compiler.h:467:4: note: in definition of macro '__compiletime_assert'
>        prefix ## suffix();    \
>        ^
>    include/linux/compiler.h:484:2: note: in expansion of macro '_compiletime_assert'
>      _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>      ^
>    include/linux/bug.h:50:37: note: in expansion of macro 'compiletime_assert'
>     #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
>                                         ^
>    include/linux/err.h:24:5: note: in expansion of macro 'BUILD_BUG_ON_MSG'
>         BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
>         ^
>>> net/ipv6/netfilter/ip6_tables.c:687:6: note: in expansion of macro 'IS_ERR_VALUE'
>      if (IS_ERR_VALUE(e->counters.pcnt))
>          ^
>
> vim +/IS_ERR_VALUE +674 net/ipv4/netfilter/ip_tables.c
>
> 022748a9 Denys Vlasenko   2008-01-14  658  static int
> a83d8e8d Alexey Dobriyan  2010-01-18  659  find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
> 0559518b Jan Engelhardt   2010-02-24  660  		 unsigned int size)
> ^1da177e Linus Torvalds   2005-04-16  661  {
> 87a2e70d Jan Engelhardt   2010-10-13  662  	struct xt_entry_target *t;
> 6709dbbb Jan Engelhardt   2007-02-07  663  	struct xt_target *target;
> ^1da177e Linus Torvalds   2005-04-16  664  	int ret;
> ^1da177e Linus Torvalds   2005-04-16  665  	unsigned int j;
> 9b4fce7a Jan Engelhardt   2008-10-08  666  	struct xt_mtchk_param mtpar;
> dcea992a Jan Engelhardt   2010-02-24  667  	struct xt_entry_match *ematch;
> ^1da177e Linus Torvalds   2005-04-16  668  
> a96be246 Dmitry Mishin    2006-12-12  669  	ret = check_entry(e, name);
> a96be246 Dmitry Mishin    2006-12-12  670  	if (ret)
> a96be246 Dmitry Mishin    2006-12-12  671  		return ret;
> 590bdf7f Dmitry Mishin    2006-10-30  672  
> 71ae0dff Florian Westphal 2015-06-11  673  	e->counters.pcnt = xt_percpu_counter_alloc();
> 71ae0dff Florian Westphal 2015-06-11 @674  	if (IS_ERR_VALUE(e->counters.pcnt))
> 71ae0dff Florian Westphal 2015-06-11  675  		return -ENOMEM;
> 71ae0dff Florian Westphal 2015-06-11  676  
> ^1da177e Linus Torvalds   2005-04-16  677  	j = 0;
> a83d8e8d Alexey Dobriyan  2010-01-18  678  	mtpar.net	= net;
> 9b4fce7a Jan Engelhardt   2008-10-08  679  	mtpar.table     = name;
> 9b4fce7a Jan Engelhardt   2008-10-08  680  	mtpar.entryinfo = &e->ip;
> 9b4fce7a Jan Engelhardt   2008-10-08  681  	mtpar.hook_mask = e->comefrom;
> 916a917d Jan Engelhardt   2008-10-08  682  	mtpar.family    = NFPROTO_IPV4;
>
> :::::: The code at line 674 was first introduced by commit
> :::::: 71ae0dff02d756e4d2ca710b79f2ff5390029a5f netfilter: xtables: use percpu rule counters
>
> :::::: TO: Florian Westphal <fw@strlen.de>
> :::::: CC: Pablo Neira Ayuso <pablo@netfilter.org>
>
> ---
> 0-DAY kernel test infrastructure                Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Re: [PATCH] err.h: add type checking to IS_ERR_VALUE macro

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 3223 bytes --]

Hi Andrzej,

[auto build test ERROR on v4.4-rc5]
[also build test ERROR on next-20151217]

url:    https://github.com/0day-ci/linux/commits/Andrzej-Hajda/err-h-add-type-checking-to-IS_ERR_VALUE-macro/20151218-185839
config: i386-randconfig-s1-201550 (attached as .config)
reproduce:
        # save the attached .config to linux build tree
        make ARCH=i386 

All error/warnings (new ones prefixed by >>):

   In file included from include/linux/linkage.h:4:0,
                    from include/linux/preempt.h:9,
                    from include/linux/spinlock.h:50,
                    from include/linux/mmzone.h:7,
                    from include/linux/gfp.h:5,
                    from include/linux/mm.h:9,
                    from drivers/char/mem.c:11:
   drivers/char/mem.c: In function 'memory_lseek':
>> include/linux/compiler.h:484:38: error: call to '__compiletime_assert_698' declared with attribute error: Invalid IS_ERR_VALUE argument type
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:467:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^
   include/linux/compiler.h:484:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^
   include/linux/bug.h:50:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^
>> include/linux/err.h:24:5: note: in expansion of macro 'BUILD_BUG_ON_MSG'
        BUILD_BUG_ON_MSG((typeof(x))(-MAX_ERRNO) != (unsigned long)-MAX_ERRNO, "Invalid IS_ERR_VALUE argument type");\
        ^
>> drivers/char/mem.c:698:7: note: in expansion of macro 'IS_ERR_VALUE'
      if (IS_ERR_VALUE((unsigned long long)offset)) {
          ^

vim +/__compiletime_assert_698 +484 include/linux/compiler.h

9a8ab1c3 Daniel Santos  2013-02-21  478   *
9a8ab1c3 Daniel Santos  2013-02-21  479   * In tradition of POSIX assert, this macro will break the build if the
9a8ab1c3 Daniel Santos  2013-02-21  480   * supplied condition is *false*, emitting the supplied error message if the
9a8ab1c3 Daniel Santos  2013-02-21  481   * compiler has support to do so.
9a8ab1c3 Daniel Santos  2013-02-21  482   */
9a8ab1c3 Daniel Santos  2013-02-21  483  #define compiletime_assert(condition, msg) \
9a8ab1c3 Daniel Santos  2013-02-21 @484  	_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
9a8ab1c3 Daniel Santos  2013-02-21  485  
47933ad4 Peter Zijlstra 2013-11-06  486  #define compiletime_assert_atomic_type(t)				\
47933ad4 Peter Zijlstra 2013-11-06  487  	compiletime_assert(__native_word(t),				\

:::::: The code at line 484 was first introduced by commit
:::::: 9a8ab1c39970a4938a72d94e6fd13be88a797590 bug.h, compiler.h: introduce compiletime_assert & BUILD_BUG_ON_MSG

:::::: TO: Daniel Santos <daniel.santos@pobox.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 26107 bytes --]