All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v5 0/6] kernel.h: container_of() pointer checking
@ 2017-05-25 12:03 Ian Abbott
  2017-05-25 12:03 ` [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype Ian Abbott
                   ` (5 more replies)
  0 siblings, 6 replies; 31+ messages in thread
From: Ian Abbott @ 2017-05-25 12:03 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

TL;DR: This series of patches splits BUILD_BUG related macros out of
"include/linux/bug.h" into new file "include/linux/build_bug.h" (patch
5), and changes the pointer type checking in the `container_of()` macro
to deal with pointers of array type better (patch 6).  Patches 1 to 4
are prerequisites.

Patches 2, 3, 4, and 5 have been inserted since the previous version of
this patch series.  Patch 6 here corresponds to v3 and v4's patch 2.

Patch 1 was a prerequisite in v3 of this series to avoid a lot of
warnings when <linux/bug.h> was included by <linux/kernel.h>.  That is
no longer relevant for v5 of the series, but I left it in because it was
acked by a Arnd Bergmann and Michal Nazarewicz.

Patches 2, 3, and 4 are some checkpatch clean-ups on
"include/linux/bug.h" before splitting out the BUILD_BUG stuff in patch
5.

Patch 5 splits the BUILD_BUG related macros out of
"include/linux/bug.h" into new file "include/linux/build_bug.h" because
including <linux/bug.h> in "include/linux/kernel.h" would result in
build failures due to circular dependencies.

Patch 6 changes the pointer type checking by `container_of()` to avoid
some incompatible pointer warnings when the dereferenced pointer has
array type.

1) asm-generic/bug.h: declare struct pt_regs; before function prototype
2) linux/bug.h: correct formatting of block comment
3) linux/bug.h: correct "(foo*)" should be "(foo *)"
4) linux/bug.h: correct "space required before that '-'"
5) bug: split BUILD_BUG stuff out into <linux/build_bug.h>
6) kernel.h: handle pointers to arrays better in container_of()

 include/asm-generic/bug.h |  1 +
 include/linux/bug.h       | 72 +---------------------------------------
 include/linux/build_bug.h | 84 +++++++++++++++++++++++++++++++++++++++++++++++
 include/linux/kernel.h    |  9 +++--
 4 files changed, 92 insertions(+), 74 deletions(-)

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype
  2017-05-25 12:03 [PATCH v5 0/6] kernel.h: container_of() pointer checking Ian Abbott
@ 2017-05-25 12:03 ` Ian Abbott
  2017-06-08 14:07   ` Steven Rostedt
  2017-05-25 12:03 ` [PATCH v5 2/6] linux/bug.h: correct formatting of block comment Ian Abbott
                   ` (4 subsequent siblings)
  5 siblings, 1 reply; 31+ messages in thread
From: Ian Abbott @ 2017-05-25 12:03 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

The declaration of `__warn()` has `struct pt_regs *regs` as one of its
parameters.  This can result in compiler warnings if `struct regs` is
not already declared.  Add an empty declaration of `struct pt_regs` to
avoid the warnings.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
---
v3: Actually, there was no v1 or v2.  I called this v3 to match the
series.
v4: Corrected 'Acked-by:' line in patch description.
v5: Added Acked-by for Michal Nazarewicz.
---
 include/asm-generic/bug.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
index d6f4aed479a1..87191357d303 100644
--- a/include/asm-generic/bug.h
+++ b/include/asm-generic/bug.h
@@ -97,6 +97,7 @@ extern void warn_slowpath_null(const char *file, const int line);
 
 /* used internally by panic.c */
 struct warn_args;
+struct pt_regs;
 
 void __warn(const char *file, int line, void *caller, unsigned taint,
 	    struct pt_regs *regs, struct warn_args *args);
-- 
2.11.0

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v5 2/6] linux/bug.h: correct formatting of block comment
  2017-05-25 12:03 [PATCH v5 0/6] kernel.h: container_of() pointer checking Ian Abbott
  2017-05-25 12:03 ` [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype Ian Abbott
@ 2017-05-25 12:03 ` Ian Abbott
  2017-05-25 13:58     ` Michal Nazarewicz
  2017-05-25 12:03 ` [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)" Ian Abbott
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 31+ messages in thread
From: Ian Abbott @ 2017-05-25 12:03 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

Correct these checkpatch.pl warnings:

|WARNING: Block comments use * on subsequent lines
|#34: FILE: include/linux/bug.h:34:
|+/* Force a compilation error if condition is true, but also produce a
|+   result (of value 0 and type size_t), so the expression can be used

|WARNING: Block comments use a trailing */ on a separate line
|#36: FILE: include/linux/bug.h:36:
|+   aren't permitted). */

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
---
v5: Actually, there was no v1 thru v4.  I called this v5 to match the
series.
---
 include/linux/bug.h | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/include/linux/bug.h b/include/linux/bug.h
index 687b557fc5eb..ca24007e2dc3 100644
--- a/include/linux/bug.h
+++ b/include/linux/bug.h
@@ -30,10 +30,12 @@ struct pt_regs;
 #define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
 	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
 
-/* Force a compilation error if condition is true, but also produce a
-   result (of value 0 and type size_t), so the expression can be used
-   e.g. in a structure initializer (or where-ever else comma expressions
-   aren't permitted). */
+/*
+ * Force a compilation error if condition is true, but also produce a
+ * result (of value 0 and type size_t), so the expression can be used
+ * e.g. in a structure initializer (or where-ever else comma expressions
+ * aren't permitted).
+ */
 #define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
 #define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
 
-- 
2.11.0

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)"
  2017-05-25 12:03 [PATCH v5 0/6] kernel.h: container_of() pointer checking Ian Abbott
  2017-05-25 12:03 ` [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype Ian Abbott
  2017-05-25 12:03 ` [PATCH v5 2/6] linux/bug.h: correct formatting of block comment Ian Abbott
@ 2017-05-25 12:03 ` Ian Abbott
  2017-05-25 13:59     ` Michal Nazarewicz
  2017-05-25 12:03 ` [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'" Ian Abbott
                   ` (2 subsequent siblings)
  5 siblings, 1 reply; 31+ messages in thread
From: Ian Abbott @ 2017-05-25 12:03 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

Correct this checkpatch.pl error:

|ERROR: "(foo*)" should be "(foo *)"
|#19: FILE: include/linux/bug.h:19:
|+#define BUILD_BUG_ON_NULL(e) ((void*)0)

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
---
v5: Actually, there was no v1 thru v4.  I called this v5 to match the
series.
---
 include/linux/bug.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/bug.h b/include/linux/bug.h
index ca24007e2dc3..216a1b79653d 100644
--- a/include/linux/bug.h
+++ b/include/linux/bug.h
@@ -16,7 +16,7 @@ struct pt_regs;
 #define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
 #define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
 #define BUILD_BUG_ON_ZERO(e) (0)
-#define BUILD_BUG_ON_NULL(e) ((void*)0)
+#define BUILD_BUG_ON_NULL(e) ((void *)0)
 #define BUILD_BUG_ON_INVALID(e) (0)
 #define BUILD_BUG_ON_MSG(cond, msg) (0)
 #define BUILD_BUG_ON(condition) (0)
-- 
2.11.0

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'"
  2017-05-25 12:03 [PATCH v5 0/6] kernel.h: container_of() pointer checking Ian Abbott
                   ` (2 preceding siblings ...)
  2017-05-25 12:03 ` [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)" Ian Abbott
@ 2017-05-25 12:03 ` Ian Abbott
  2017-05-25 14:01     ` Michal Nazarewicz
  2017-05-25 14:02     ` Michal Nazarewicz
  2017-05-25 12:03 ` [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h> Ian Abbott
  2017-05-25 12:03 ` [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of() Ian Abbott
  5 siblings, 2 replies; 31+ messages in thread
From: Ian Abbott @ 2017-05-25 12:03 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

Correct these checkpatch.pl errors:

|ERROR: space required before that '-' (ctx:OxO)
|#37: FILE: include/linux/bug.h:37:
|+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))

|ERROR: space required before that '-' (ctx:OxO)
|#38: FILE: include/linux/bug.h:38:
|+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))

I decided to wrap the bitfield expressions that begin with minus signs
in parentheses rather than insert spaces before the minus signs.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
---
v5: Actually, there was no v1 thru v4.  I called this v5 to match the
series.
---
 include/linux/bug.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/bug.h b/include/linux/bug.h
index 216a1b79653d..483207cb99fb 100644
--- a/include/linux/bug.h
+++ b/include/linux/bug.h
@@ -36,8 +36,8 @@ struct pt_regs;
  * e.g. in a structure initializer (or where-ever else comma expressions
  * aren't permitted).
  */
-#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
-#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
 
 /*
  * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
-- 
2.11.0

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h>
  2017-05-25 12:03 [PATCH v5 0/6] kernel.h: container_of() pointer checking Ian Abbott
                   ` (3 preceding siblings ...)
  2017-05-25 12:03 ` [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'" Ian Abbott
@ 2017-05-25 12:03 ` Ian Abbott
  2017-05-25 14:06     ` Michal Nazarewicz
  2017-05-25 18:30   ` Kees Cook
  2017-05-25 12:03 ` [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of() Ian Abbott
  5 siblings, 2 replies; 31+ messages in thread
From: Ian Abbott @ 2017-05-25 12:03 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

Including <linux/bug.h> pulls in a lot of bloat from <asm/bug.h> and
<asm-generic/bug.h> that is not needed to call the BUILD_BUG() family of
macros.  Split them out into their own header, <linux/build_bug.h>.

Also correct some checkpatch.pl errors for the BUILD_BUG_ON_ZERO() and
BUILD_BUG_ON_NULL() macros by adding parentheses around the bitfield
widths that begin with a minus sign.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
---
v5: Actually, there was no v1 thru v4.  I called this v5 to match the
series.
---
 include/linux/bug.h       | 74 +----------------------------------------
 include/linux/build_bug.h | 84 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+), 73 deletions(-)
 create mode 100644 include/linux/build_bug.h

diff --git a/include/linux/bug.h b/include/linux/bug.h
index 483207cb99fb..5d5554c874fd 100644
--- a/include/linux/bug.h
+++ b/include/linux/bug.h
@@ -3,6 +3,7 @@
 
 #include <asm/bug.h>
 #include <linux/compiler.h>
+#include <linux/build_bug.h>
 
 enum bug_trap_type {
 	BUG_TRAP_TYPE_NONE = 0,
@@ -13,82 +14,9 @@ enum bug_trap_type {
 struct pt_regs;
 
 #ifdef __CHECKER__
-#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
-#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
-#define BUILD_BUG_ON_ZERO(e) (0)
-#define BUILD_BUG_ON_NULL(e) ((void *)0)
-#define BUILD_BUG_ON_INVALID(e) (0)
-#define BUILD_BUG_ON_MSG(cond, msg) (0)
-#define BUILD_BUG_ON(condition) (0)
-#define BUILD_BUG() (0)
 #define MAYBE_BUILD_BUG_ON(cond) (0)
 #else /* __CHECKER__ */
 
-/* Force a compilation error if a constant expression is not a power of 2 */
-#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
-	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
-#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
-	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
-
-/*
- * Force a compilation error if condition is true, but also produce a
- * result (of value 0 and type size_t), so the expression can be used
- * e.g. in a structure initializer (or where-ever else comma expressions
- * aren't permitted).
- */
-#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
-#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
-
-/*
- * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
- * expression but avoids the generation of any code, even if that expression
- * has side-effects.
- */
-#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
-
-/**
- * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
- *		      error message.
- * @condition: the condition which the compiler should know is false.
- *
- * See BUILD_BUG_ON for description.
- */
-#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
-
-/**
- * BUILD_BUG_ON - break compile if a condition is true.
- * @condition: the condition which the compiler should know is false.
- *
- * If you have some code which relies on certain constants being equal, or
- * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
- * detect if someone changes it.
- *
- * The implementation uses gcc's reluctance to create a negative array, but gcc
- * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
- * inline functions).  Luckily, in 4.3 they added the "error" function
- * attribute just for this type of case.  Thus, we use a negative sized array
- * (should always create an error on gcc versions older than 4.4) and then call
- * an undefined function with the error attribute (should always create an
- * error on gcc 4.3 and later).  If for some reason, neither creates a
- * compile-time error, we'll still have a link-time error, which is harder to
- * track down.
- */
-#ifndef __OPTIMIZE__
-#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
-#else
-#define BUILD_BUG_ON(condition) \
-	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
-#endif
-
-/**
- * BUILD_BUG - break compile if used.
- *
- * If you have some code that you expect the compiler to eliminate at
- * build time, you should use BUILD_BUG to detect if it is
- * unexpectedly used.
- */
-#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
-
 #define MAYBE_BUILD_BUG_ON(cond)			\
 	do {						\
 		if (__builtin_constant_p((cond)))       \
diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
new file mode 100644
index 000000000000..b7d22d60008a
--- /dev/null
+++ b/include/linux/build_bug.h
@@ -0,0 +1,84 @@
+#ifndef _LINUX_BUILD_BUG_H
+#define _LINUX_BUILD_BUG_H
+
+#include <linux/compiler.h>
+
+#ifdef __CHECKER__
+#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
+#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
+#define BUILD_BUG_ON_ZERO(e) (0)
+#define BUILD_BUG_ON_NULL(e) ((void *)0)
+#define BUILD_BUG_ON_INVALID(e) (0)
+#define BUILD_BUG_ON_MSG(cond, msg) (0)
+#define BUILD_BUG_ON(condition) (0)
+#define BUILD_BUG() (0)
+#else /* __CHECKER__ */
+
+/* Force a compilation error if a constant expression is not a power of 2 */
+#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
+	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
+#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
+	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
+
+/*
+ * Force a compilation error if condition is true, but also produce a
+ * result (of value 0 and type size_t), so the expression can be used
+ * e.g. in a structure initializer (or where-ever else comma expressions
+ * aren't permitted).
+ */
+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
+
+/*
+ * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
+ * expression but avoids the generation of any code, even if that expression
+ * has side-effects.
+ */
+#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
+
+/**
+ * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
+ *		      error message.
+ * @condition: the condition which the compiler should know is false.
+ *
+ * See BUILD_BUG_ON for description.
+ */
+#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
+
+/**
+ * BUILD_BUG_ON - break compile if a condition is true.
+ * @condition: the condition which the compiler should know is false.
+ *
+ * If you have some code which relies on certain constants being equal, or
+ * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
+ * detect if someone changes it.
+ *
+ * The implementation uses gcc's reluctance to create a negative array, but gcc
+ * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
+ * inline functions).  Luckily, in 4.3 they added the "error" function
+ * attribute just for this type of case.  Thus, we use a negative sized array
+ * (should always create an error on gcc versions older than 4.4) and then call
+ * an undefined function with the error attribute (should always create an
+ * error on gcc 4.3 and later).  If for some reason, neither creates a
+ * compile-time error, we'll still have a link-time error, which is harder to
+ * track down.
+ */
+#ifndef __OPTIMIZE__
+#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
+#else
+#define BUILD_BUG_ON(condition) \
+	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
+#endif
+
+/**
+ * BUILD_BUG - break compile if used.
+ *
+ * If you have some code that you expect the compiler to eliminate at
+ * build time, you should use BUILD_BUG to detect if it is
+ * unexpectedly used.
+ */
+#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
+
+#endif	/* __CHECKER__ */
+
+#endif	/* _LINUX_BUILD_BUG_H */
-- 
2.11.0

^ permalink raw reply	[flat|nested] 31+ messages in thread

* [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of()
  2017-05-25 12:03 [PATCH v5 0/6] kernel.h: container_of() pointer checking Ian Abbott
                   ` (4 preceding siblings ...)
  2017-05-25 12:03 ` [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h> Ian Abbott
@ 2017-05-25 12:03 ` Ian Abbott
  2017-05-25 14:07     ` Michal Nazarewicz
  2017-05-25 18:35   ` Kees Cook
  5 siblings, 2 replies; 31+ messages in thread
From: Ian Abbott @ 2017-05-25 12:03 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

If the first parameter of container_of() is a pointer to a
non-const-qualified array type (and the third parameter names a
non-const-qualified array member), the local variable __mptr will be
defined with a const-qualified array type.  In ISO C, these types are
incompatible.  They work as expected in GNU C, but some versions will
issue warnings.  For example, GCC 4.9 produces the warning
"initialization from incompatible pointer type".

Here is an example of where the problem occurs:

-------------------------------------------------------
 #include <linux/kernel.h>
 #include <linux/module.h>

MODULE_LICENSE("GPL");

struct st {
	int a;
	char b[16];
};

static int __init example_init(void) {
	struct st t = { .a = 101, .b = "hello" };
	char (*p)[16] = &t.b;
	struct st *x = container_of(p, struct st, b);
	printk(KERN_DEBUG "%p %p\n", (void *)&t, (void *)x);
	return 0;
}

static void __exit example_exit(void) {
}

module_init(example_init);
module_exit(example_exit);
-------------------------------------------------------

Building the module with gcc-4.9 results in these warnings (where '{m}'
is the module source and '{k}' is the kernel source):

-------------------------------------------------------
In file included from {m}/example.c:1:0:
{m}/example.c: In function ‘example_init’:
{k}/include/linux/kernel.h:854:48: warning: initialization from
incompatible pointer type
  const typeof( ((type *)0)->member ) *__mptr = (ptr); \
                                                ^
{m}/example.c:14:17: note: in expansion of macro ‘container_of’
  struct st *x = container_of(p, struct st, b);
                 ^
{k}/include/linux/kernel.h:854:48: warning: (near initialization for
‘x’)
  const typeof( ((type *)0)->member ) *__mptr = (ptr); \
                                                ^
{m}/example.c:14:17: note: in expansion of macro ‘container_of’
  struct st *x = container_of(p, struct st, b);
                 ^
-------------------------------------------------------

Replace the type checking performed by the macro to avoid these
warnings.  Make sure `*(ptr)` either has type compatible with the
member, or has type compatible with `void`, ignoring qualifiers.  Raise
compiler errors if this is not true.  This is stronger than the previous
behaviour, which only resulted in compiler warnings for a type mismatch.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Alexander Potapenko <glider@google.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
---
v2: Rebased and altered description to provide an example of when the
compiler warnings occur.  v1 (from 2016-10-10) also modified a
'container_of_safe()' macro that never made it out of "linux-next".
v3: Added back some type checking at the suggestion of Michal
Nazarewicz with some helpful hints by Peter Zijlstra.
v4: No change.
v5: Added Acked-by for Michal Nazarewicz.  Included <linux/build_bug.h>
instead of <linux/bug.h> to avoid a circular dependency that resulted in
build failures when <asm/bug.h> was included before <linux/kernel.h>.
---
 include/linux/kernel.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 13bc08aba704..1c9c11c9f1a8 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -11,6 +11,7 @@
 #include <linux/log2.h>
 #include <linux/typecheck.h>
 #include <linux/printk.h>
+#include <linux/build_bug.h>
 #include <asm/byteorder.h>
 #include <uapi/linux/kernel.h>
 
@@ -850,9 +851,11 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
  * @member:	the name of the member within the struct.
  *
  */
-#define container_of(ptr, type, member) ({			\
-	const typeof( ((type *)0)->member ) *__mptr = (ptr);	\
-	(type *)( (char *)__mptr - offsetof(type,member) );})
+#define container_of(ptr, type, member) ({				\
+	BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) &&	\
+			 !__same_type(*(ptr), void),			\
+			 "pointer type mismatch in container_of()");	\
+	((type *)((char *)(ptr) - offsetof(type, member))); })
 
 /* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
 #ifdef CONFIG_FTRACE_MCOUNT_RECORD
-- 
2.11.0

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 2/6] linux/bug.h: correct formatting of block comment
  2017-05-25 12:03 ` [PATCH v5 2/6] linux/bug.h: correct formatting of block comment Ian Abbott
  2017-05-25 13:58     ` Michal Nazarewicz
@ 2017-05-25 13:58     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 13:58 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl warnings:
>
> |WARNING: Block comments use * on subsequent lines
> |#34: FILE: include/linux/bug.h:34:
> |+/* Force a compilation error if condition is true, but also produce a
> |+   result (of value 0 and type size_t), so the expression can be used
>
> |WARNING: Block comments use a trailing */ on a separate line
> |#36: FILE: include/linux/bug.h:36:
> |+   aren't permitted). */
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 687b557fc5eb..ca24007e2dc3 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -30,10 +30,12 @@ struct pt_regs;
>  #define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
>  	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
>  
> -/* Force a compilation error if condition is true, but also produce a
> -   result (of value 0 and type size_t), so the expression can be used
> -   e.g. in a structure initializer (or where-ever else comma expressions
> -   aren't permitted). */
> +/*
> + * Force a compilation error if condition is true, but also produce a
> + * result (of value 0 and type size_t), so the expression can be used
> + * e.g. in a structure initializer (or where-ever else comma expressions
> + * aren't permitted).
> + */
>  #define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>  #define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 2/6] linux/bug.h: correct formatting of block comment
@ 2017-05-25 13:58     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 13:58 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl warnings:
>
> |WARNING: Block comments use * on subsequent lines
> |#34: FILE: include/linux/bug.h:34:
> |+/* Force a compilation error if condition is true, but also produce a
> |+   result (of value 0 and type size_t), so the expression can be used
>
> |WARNING: Block comments use a trailing */ on a separate line
> |#36: FILE: include/linux/bug.h:36:
> |+   aren't permitted). */
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 687b557fc5eb..ca24007e2dc3 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -30,10 +30,12 @@ struct pt_regs;
>  #define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
>  	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
>  
> -/* Force a compilation error if condition is true, but also produce a
> -   result (of value 0 and type size_t), so the expression can be used
> -   e.g. in a structure initializer (or where-ever else comma expressions
> -   aren't permitted). */
> +/*
> + * Force a compilation error if condition is true, but also produce a
> + * result (of value 0 and type size_t), so the expression can be used
> + * e.g. in a structure initializer (or where-ever else comma expressions
> + * aren't permitted).
> + */
>  #define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>  #define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 2/6] linux/bug.h: correct formatting of block comment
@ 2017-05-25 13:58     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 13:58 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Jakub Kicinski, Johannes Berg,
	Kees Cook, Peter Zijlstra, Rasmus Villemoes, Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl warnings:
>
> |WARNING: Block comments use * on subsequent lines
> |#34: FILE: include/linux/bug.h:34:
> |+/* Force a compilation error if condition is true, but also produce a
> |+   result (of value 0 and type size_t), so the expression can be used
>
> |WARNING: Block comments use a trailing */ on a separate line
> |#36: FILE: include/linux/bug.h:36:
> |+   aren't permitted). */
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 687b557fc5eb..ca24007e2dc3 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -30,10 +30,12 @@ struct pt_regs;
>  #define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
>  	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
>  
> -/* Force a compilation error if condition is true, but also produce a
> -   result (of value 0 and type size_t), so the expression can be used
> -   e.g. in a structure initializer (or where-ever else comma expressions
> -   aren't permitted). */
> +/*
> + * Force a compilation error if condition is true, but also produce a
> + * result (of value 0 and type size_t), so the expression can be used
> + * e.g. in a structure initializer (or where-ever else comma expressions
> + * aren't permitted).
> + */
>  #define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>  #define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)"
  2017-05-25 12:03 ` [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)" Ian Abbott
  2017-05-25 13:59     ` Michal Nazarewicz
@ 2017-05-25 13:59     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 13:59 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct this checkpatch.pl error:
>
> |ERROR: "(foo*)" should be "(foo *)"
> |#19: FILE: include/linux/bug.h:19:
> |+#define BUILD_BUG_ON_NULL(e) ((void*)0)
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index ca24007e2dc3..216a1b79653d 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -16,7 +16,7 @@ struct pt_regs;
>  #define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
>  #define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
>  #define BUILD_BUG_ON_ZERO(e) (0)
> -#define BUILD_BUG_ON_NULL(e) ((void*)0)
> +#define BUILD_BUG_ON_NULL(e) ((void *)0)
>  #define BUILD_BUG_ON_INVALID(e) (0)
>  #define BUILD_BUG_ON_MSG(cond, msg) (0)
>  #define BUILD_BUG_ON(condition) (0)

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)"
@ 2017-05-25 13:59     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 13:59 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct this checkpatch.pl error:
>
> |ERROR: "(foo*)" should be "(foo *)"
> |#19: FILE: include/linux/bug.h:19:
> |+#define BUILD_BUG_ON_NULL(e) ((void*)0)
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index ca24007e2dc3..216a1b79653d 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -16,7 +16,7 @@ struct pt_regs;
>  #define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
>  #define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
>  #define BUILD_BUG_ON_ZERO(e) (0)
> -#define BUILD_BUG_ON_NULL(e) ((void*)0)
> +#define BUILD_BUG_ON_NULL(e) ((void *)0)
>  #define BUILD_BUG_ON_INVALID(e) (0)
>  #define BUILD_BUG_ON_MSG(cond, msg) (0)
>  #define BUILD_BUG_ON(condition) (0)

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)"
@ 2017-05-25 13:59     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 13:59 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Jakub Kicinski, Johannes Berg,
	Kees Cook, Peter Zijlstra, Rasmus Villemoes, Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct this checkpatch.pl error:
>
> |ERROR: "(foo*)" should be "(foo *)"
> |#19: FILE: include/linux/bug.h:19:
> |+#define BUILD_BUG_ON_NULL(e) ((void*)0)
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index ca24007e2dc3..216a1b79653d 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -16,7 +16,7 @@ struct pt_regs;
>  #define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
>  #define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
>  #define BUILD_BUG_ON_ZERO(e) (0)
> -#define BUILD_BUG_ON_NULL(e) ((void*)0)
> +#define BUILD_BUG_ON_NULL(e) ((void *)0)
>  #define BUILD_BUG_ON_INVALID(e) (0)
>  #define BUILD_BUG_ON_MSG(cond, msg) (0)
>  #define BUILD_BUG_ON(condition) (0)

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'"
  2017-05-25 12:03 ` [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'" Ian Abbott
  2017-05-25 14:01     ` Michal Nazarewicz
@ 2017-05-25 14:01     ` Michal Nazarewicz
  1 sibling, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:01 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl errors:
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#37: FILE: include/linux/bug.h:37:
> |+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#38: FILE: include/linux/bug.h:38:
> |+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
>
> I decided to wrap the bitfield expressions that begin with minus signs
> in parentheses rather than insert spaces before the minus signs.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 216a1b79653d..483207cb99fb 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -36,8 +36,8 @@ struct pt_regs;
>   * e.g. in a structure initializer (or where-ever else comma expressions
>   * aren't permitted).
>   */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
>  
>  /*
>   * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'"
@ 2017-05-25 14:01     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:01 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl errors:
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#37: FILE: include/linux/bug.h:37:
> |+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#38: FILE: include/linux/bug.h:38:
> |+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
>
> I decided to wrap the bitfield expressions that begin with minus signs
> in parentheses rather than insert spaces before the minus signs.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 216a1b79653d..483207cb99fb 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -36,8 +36,8 @@ struct pt_regs;
>   * e.g. in a structure initializer (or where-ever else comma expressions
>   * aren't permitted).
>   */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
>  
>  /*
>   * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'"
@ 2017-05-25 14:01     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:01 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Jakub Kicinski, Johannes Berg,
	Kees Cook, Peter Zijlstra, Rasmus Villemoes, Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl errors:
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#37: FILE: include/linux/bug.h:37:
> |+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#38: FILE: include/linux/bug.h:38:
> |+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
>
> I decided to wrap the bitfield expressions that begin with minus signs
> in parentheses rather than insert spaces before the minus signs.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 216a1b79653d..483207cb99fb 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -36,8 +36,8 @@ struct pt_regs;
>   * e.g. in a structure initializer (or where-ever else comma expressions
>   * aren't permitted).
>   */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
>  
>  /*
>   * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'"
  2017-05-25 12:03 ` [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'" Ian Abbott
  2017-05-25 14:01     ` Michal Nazarewicz
@ 2017-05-25 14:02     ` Michal Nazarewicz
  1 sibling, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:02 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl errors:
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#37: FILE: include/linux/bug.h:37:
> |+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#38: FILE: include/linux/bug.h:38:
> |+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
>
> I decided to wrap the bitfield expressions that begin with minus signs
> in parentheses rather than insert spaces before the minus signs.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

To be honest though, I would squash the fixes with the rename.

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 216a1b79653d..483207cb99fb 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -36,8 +36,8 @@ struct pt_regs;
>   * e.g. in a structure initializer (or where-ever else comma expressions
>   * aren't permitted).
>   */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
>  
>  /*
>   * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'"
@ 2017-05-25 14:02     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:02 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl errors:
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#37: FILE: include/linux/bug.h:37:
> |+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#38: FILE: include/linux/bug.h:38:
> |+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
>
> I decided to wrap the bitfield expressions that begin with minus signs
> in parentheses rather than insert spaces before the minus signs.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

To be honest though, I would squash the fixes with the rename.

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 216a1b79653d..483207cb99fb 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -36,8 +36,8 @@ struct pt_regs;
>   * e.g. in a structure initializer (or where-ever else comma expressions
>   * aren't permitted).
>   */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
>  
>  /*
>   * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'"
@ 2017-05-25 14:02     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:02 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Jakub Kicinski, Johannes Berg,
	Kees Cook, Peter Zijlstra, Rasmus Villemoes, Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Correct these checkpatch.pl errors:
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#37: FILE: include/linux/bug.h:37:
> |+#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
>
> |ERROR: space required before that '-' (ctx:OxO)
> |#38: FILE: include/linux/bug.h:38:
> |+#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
>
> I decided to wrap the bitfield expressions that begin with minus signs
> in parentheses rather than insert spaces before the minus signs.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

To be honest though, I would squash the fixes with the rename.

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 216a1b79653d..483207cb99fb 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -36,8 +36,8 @@ struct pt_regs;
>   * e.g. in a structure initializer (or where-ever else comma expressions
>   * aren't permitted).
>   */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
>  
>  /*
>   * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h>
  2017-05-25 12:03 ` [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h> Ian Abbott
  2017-05-25 14:06     ` Michal Nazarewicz
@ 2017-05-25 14:06     ` Michal Nazarewicz
  1 sibling, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:06 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Including <linux/bug.h> pulls in a lot of bloat from <asm/bug.h> and
> <asm-generic/bug.h> that is not needed to call the BUILD_BUG() family of
> macros.  Split them out into their own header, <linux/build_bug.h>.
>
> Also correct some checkpatch.pl errors for the BUILD_BUG_ON_ZERO() and
> BUILD_BUG_ON_NULL() macros by adding parentheses around the bitfield
> widths that begin with a minus sign.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h       | 74 +----------------------------------------
>  include/linux/build_bug.h | 84 +++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 85 insertions(+), 73 deletions(-)
>  create mode 100644 include/linux/build_bug.h
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 483207cb99fb..5d5554c874fd 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -3,6 +3,7 @@
>  
>  #include <asm/bug.h>
>  #include <linux/compiler.h>
> +#include <linux/build_bug.h>
>  
>  enum bug_trap_type {
>  	BUG_TRAP_TYPE_NONE = 0,
> @@ -13,82 +14,9 @@ enum bug_trap_type {
>  struct pt_regs;
>  
>  #ifdef __CHECKER__
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_ZERO(e) (0)
> -#define BUILD_BUG_ON_NULL(e) ((void *)0)
> -#define BUILD_BUG_ON_INVALID(e) (0)
> -#define BUILD_BUG_ON_MSG(cond, msg) (0)
> -#define BUILD_BUG_ON(condition) (0)
> -#define BUILD_BUG() (0)
>  #define MAYBE_BUILD_BUG_ON(cond) (0)
>  #else /* __CHECKER__ */
>  
> -/* Force a compilation error if a constant expression is not a power of 2 */
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
> -	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
> -	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> -
> -/*
> - * Force a compilation error if condition is true, but also produce a
> - * result (of value 0 and type size_t), so the expression can be used
> - * e.g. in a structure initializer (or where-ever else comma expressions
> - * aren't permitted).
> - */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> -
> -/*
> - * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> - * expression but avoids the generation of any code, even if that expression
> - * has side-effects.
> - */
> -#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> -
> -/**
> - * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> - *		      error message.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * See BUILD_BUG_ON for description.
> - */
> -#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> -
> -/**
> - * BUILD_BUG_ON - break compile if a condition is true.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * If you have some code which relies on certain constants being equal, or
> - * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> - * detect if someone changes it.
> - *
> - * The implementation uses gcc's reluctance to create a negative array, but gcc
> - * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> - * inline functions).  Luckily, in 4.3 they added the "error" function
> - * attribute just for this type of case.  Thus, we use a negative sized array
> - * (should always create an error on gcc versions older than 4.4) and then call
> - * an undefined function with the error attribute (should always create an
> - * error on gcc 4.3 and later).  If for some reason, neither creates a
> - * compile-time error, we'll still have a link-time error, which is harder to
> - * track down.
> - */
> -#ifndef __OPTIMIZE__
> -#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> -#else
> -#define BUILD_BUG_ON(condition) \
> -	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> -#endif
> -
> -/**
> - * BUILD_BUG - break compile if used.
> - *
> - * If you have some code that you expect the compiler to eliminate at
> - * build time, you should use BUILD_BUG to detect if it is
> - * unexpectedly used.
> - */
> -#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> -
>  #define MAYBE_BUILD_BUG_ON(cond)			\
>  	do {						\
>  		if (__builtin_constant_p((cond)))       \
> diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
> new file mode 100644
> index 000000000000..b7d22d60008a
> --- /dev/null
> +++ b/include/linux/build_bug.h
> @@ -0,0 +1,84 @@
> +#ifndef _LINUX_BUILD_BUG_H
> +#define _LINUX_BUILD_BUG_H
> +
> +#include <linux/compiler.h>
> +
> +#ifdef __CHECKER__
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_ZERO(e) (0)
> +#define BUILD_BUG_ON_NULL(e) ((void *)0)
> +#define BUILD_BUG_ON_INVALID(e) (0)
> +#define BUILD_BUG_ON_MSG(cond, msg) (0)
> +#define BUILD_BUG_ON(condition) (0)
> +#define BUILD_BUG() (0)
> +#else /* __CHECKER__ */
> +
> +/* Force a compilation error if a constant expression is not a power of 2 */
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
> +	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
> +	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> +
> +/*
> + * Force a compilation error if condition is true, but also produce a
> + * result (of value 0 and type size_t), so the expression can be used
> + * e.g. in a structure initializer (or where-ever else comma expressions
> + * aren't permitted).
> + */
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> +
> +/*
> + * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> + * expression but avoids the generation of any code, even if that expression
> + * has side-effects.
> + */
> +#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> +
> +/**
> + * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> + *		      error message.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * See BUILD_BUG_ON for description.
> + */
> +#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> +
> +/**
> + * BUILD_BUG_ON - break compile if a condition is true.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * If you have some code which relies on certain constants being equal, or
> + * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> + * detect if someone changes it.
> + *
> + * The implementation uses gcc's reluctance to create a negative array, but gcc
> + * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> + * inline functions).  Luckily, in 4.3 they added the "error" function
> + * attribute just for this type of case.  Thus, we use a negative sized array
> + * (should always create an error on gcc versions older than 4.4) and then call
> + * an undefined function with the error attribute (should always create an
> + * error on gcc 4.3 and later).  If for some reason, neither creates a
> + * compile-time error, we'll still have a link-time error, which is harder to
> + * track down.
> + */
> +#ifndef __OPTIMIZE__
> +#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> +#else
> +#define BUILD_BUG_ON(condition) \
> +	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> +#endif
> +
> +/**
> + * BUILD_BUG - break compile if used.
> + *
> + * If you have some code that you expect the compiler to eliminate at
> + * build time, you should use BUILD_BUG to detect if it is
> + * unexpectedly used.
> + */
> +#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> +
> +#endif	/* __CHECKER__ */
> +
> +#endif	/* _LINUX_BUILD_BUG_H */

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h>
@ 2017-05-25 14:06     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:06 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Including <linux/bug.h> pulls in a lot of bloat from <asm/bug.h> and
> <asm-generic/bug.h> that is not needed to call the BUILD_BUG() family of
> macros.  Split them out into their own header, <linux/build_bug.h>.
>
> Also correct some checkpatch.pl errors for the BUILD_BUG_ON_ZERO() and
> BUILD_BUG_ON_NULL() macros by adding parentheses around the bitfield
> widths that begin with a minus sign.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h       | 74 +----------------------------------------
>  include/linux/build_bug.h | 84 +++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 85 insertions(+), 73 deletions(-)
>  create mode 100644 include/linux/build_bug.h
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 483207cb99fb..5d5554c874fd 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -3,6 +3,7 @@
>  
>  #include <asm/bug.h>
>  #include <linux/compiler.h>
> +#include <linux/build_bug.h>
>  
>  enum bug_trap_type {
>  	BUG_TRAP_TYPE_NONE = 0,
> @@ -13,82 +14,9 @@ enum bug_trap_type {
>  struct pt_regs;
>  
>  #ifdef __CHECKER__
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_ZERO(e) (0)
> -#define BUILD_BUG_ON_NULL(e) ((void *)0)
> -#define BUILD_BUG_ON_INVALID(e) (0)
> -#define BUILD_BUG_ON_MSG(cond, msg) (0)
> -#define BUILD_BUG_ON(condition) (0)
> -#define BUILD_BUG() (0)
>  #define MAYBE_BUILD_BUG_ON(cond) (0)
>  #else /* __CHECKER__ */
>  
> -/* Force a compilation error if a constant expression is not a power of 2 */
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
> -	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
> -	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> -
> -/*
> - * Force a compilation error if condition is true, but also produce a
> - * result (of value 0 and type size_t), so the expression can be used
> - * e.g. in a structure initializer (or where-ever else comma expressions
> - * aren't permitted).
> - */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> -
> -/*
> - * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> - * expression but avoids the generation of any code, even if that expression
> - * has side-effects.
> - */
> -#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> -
> -/**
> - * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> - *		      error message.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * See BUILD_BUG_ON for description.
> - */
> -#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> -
> -/**
> - * BUILD_BUG_ON - break compile if a condition is true.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * If you have some code which relies on certain constants being equal, or
> - * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> - * detect if someone changes it.
> - *
> - * The implementation uses gcc's reluctance to create a negative array, but gcc
> - * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> - * inline functions).  Luckily, in 4.3 they added the "error" function
> - * attribute just for this type of case.  Thus, we use a negative sized array
> - * (should always create an error on gcc versions older than 4.4) and then call
> - * an undefined function with the error attribute (should always create an
> - * error on gcc 4.3 and later).  If for some reason, neither creates a
> - * compile-time error, we'll still have a link-time error, which is harder to
> - * track down.
> - */
> -#ifndef __OPTIMIZE__
> -#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> -#else
> -#define BUILD_BUG_ON(condition) \
> -	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> -#endif
> -
> -/**
> - * BUILD_BUG - break compile if used.
> - *
> - * If you have some code that you expect the compiler to eliminate at
> - * build time, you should use BUILD_BUG to detect if it is
> - * unexpectedly used.
> - */
> -#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> -
>  #define MAYBE_BUILD_BUG_ON(cond)			\
>  	do {						\
>  		if (__builtin_constant_p((cond)))       \
> diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
> new file mode 100644
> index 000000000000..b7d22d60008a
> --- /dev/null
> +++ b/include/linux/build_bug.h
> @@ -0,0 +1,84 @@
> +#ifndef _LINUX_BUILD_BUG_H
> +#define _LINUX_BUILD_BUG_H
> +
> +#include <linux/compiler.h>
> +
> +#ifdef __CHECKER__
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_ZERO(e) (0)
> +#define BUILD_BUG_ON_NULL(e) ((void *)0)
> +#define BUILD_BUG_ON_INVALID(e) (0)
> +#define BUILD_BUG_ON_MSG(cond, msg) (0)
> +#define BUILD_BUG_ON(condition) (0)
> +#define BUILD_BUG() (0)
> +#else /* __CHECKER__ */
> +
> +/* Force a compilation error if a constant expression is not a power of 2 */
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
> +	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
> +	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> +
> +/*
> + * Force a compilation error if condition is true, but also produce a
> + * result (of value 0 and type size_t), so the expression can be used
> + * e.g. in a structure initializer (or where-ever else comma expressions
> + * aren't permitted).
> + */
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> +
> +/*
> + * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> + * expression but avoids the generation of any code, even if that expression
> + * has side-effects.
> + */
> +#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> +
> +/**
> + * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> + *		      error message.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * See BUILD_BUG_ON for description.
> + */
> +#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> +
> +/**
> + * BUILD_BUG_ON - break compile if a condition is true.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * If you have some code which relies on certain constants being equal, or
> + * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> + * detect if someone changes it.
> + *
> + * The implementation uses gcc's reluctance to create a negative array, but gcc
> + * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> + * inline functions).  Luckily, in 4.3 they added the "error" function
> + * attribute just for this type of case.  Thus, we use a negative sized array
> + * (should always create an error on gcc versions older than 4.4) and then call
> + * an undefined function with the error attribute (should always create an
> + * error on gcc 4.3 and later).  If for some reason, neither creates a
> + * compile-time error, we'll still have a link-time error, which is harder to
> + * track down.
> + */
> +#ifndef __OPTIMIZE__
> +#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> +#else
> +#define BUILD_BUG_ON(condition) \
> +	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> +#endif
> +
> +/**
> + * BUILD_BUG - break compile if used.
> + *
> + * If you have some code that you expect the compiler to eliminate at
> + * build time, you should use BUILD_BUG to detect if it is
> + * unexpectedly used.
> + */
> +#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> +
> +#endif	/* __CHECKER__ */
> +
> +#endif	/* _LINUX_BUILD_BUG_H */

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h>
@ 2017-05-25 14:06     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:06 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Jakub Kicinski, Johannes Berg,
	Kees Cook, Peter Zijlstra, Rasmus Villemoes, Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> Including <linux/bug.h> pulls in a lot of bloat from <asm/bug.h> and
> <asm-generic/bug.h> that is not needed to call the BUILD_BUG() family of
> macros.  Split them out into their own header, <linux/build_bug.h>.
>
> Also correct some checkpatch.pl errors for the BUILD_BUG_ON_ZERO() and
> BUILD_BUG_ON_NULL() macros by adding parentheses around the bitfield
> widths that begin with a minus sign.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h       | 74 +----------------------------------------
>  include/linux/build_bug.h | 84 +++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 85 insertions(+), 73 deletions(-)
>  create mode 100644 include/linux/build_bug.h
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 483207cb99fb..5d5554c874fd 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -3,6 +3,7 @@
>  
>  #include <asm/bug.h>
>  #include <linux/compiler.h>
> +#include <linux/build_bug.h>
>  
>  enum bug_trap_type {
>  	BUG_TRAP_TYPE_NONE = 0,
> @@ -13,82 +14,9 @@ enum bug_trap_type {
>  struct pt_regs;
>  
>  #ifdef __CHECKER__
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_ZERO(e) (0)
> -#define BUILD_BUG_ON_NULL(e) ((void *)0)
> -#define BUILD_BUG_ON_INVALID(e) (0)
> -#define BUILD_BUG_ON_MSG(cond, msg) (0)
> -#define BUILD_BUG_ON(condition) (0)
> -#define BUILD_BUG() (0)
>  #define MAYBE_BUILD_BUG_ON(cond) (0)
>  #else /* __CHECKER__ */
>  
> -/* Force a compilation error if a constant expression is not a power of 2 */
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
> -	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
> -	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> -
> -/*
> - * Force a compilation error if condition is true, but also produce a
> - * result (of value 0 and type size_t), so the expression can be used
> - * e.g. in a structure initializer (or where-ever else comma expressions
> - * aren't permitted).
> - */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> -
> -/*
> - * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> - * expression but avoids the generation of any code, even if that expression
> - * has side-effects.
> - */
> -#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> -
> -/**
> - * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> - *		      error message.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * See BUILD_BUG_ON for description.
> - */
> -#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> -
> -/**
> - * BUILD_BUG_ON - break compile if a condition is true.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * If you have some code which relies on certain constants being equal, or
> - * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> - * detect if someone changes it.
> - *
> - * The implementation uses gcc's reluctance to create a negative array, but gcc
> - * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> - * inline functions).  Luckily, in 4.3 they added the "error" function
> - * attribute just for this type of case.  Thus, we use a negative sized array
> - * (should always create an error on gcc versions older than 4.4) and then call
> - * an undefined function with the error attribute (should always create an
> - * error on gcc 4.3 and later).  If for some reason, neither creates a
> - * compile-time error, we'll still have a link-time error, which is harder to
> - * track down.
> - */
> -#ifndef __OPTIMIZE__
> -#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> -#else
> -#define BUILD_BUG_ON(condition) \
> -	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> -#endif
> -
> -/**
> - * BUILD_BUG - break compile if used.
> - *
> - * If you have some code that you expect the compiler to eliminate at
> - * build time, you should use BUILD_BUG to detect if it is
> - * unexpectedly used.
> - */
> -#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> -
>  #define MAYBE_BUILD_BUG_ON(cond)			\
>  	do {						\
>  		if (__builtin_constant_p((cond)))       \
> diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
> new file mode 100644
> index 000000000000..b7d22d60008a
> --- /dev/null
> +++ b/include/linux/build_bug.h
> @@ -0,0 +1,84 @@
> +#ifndef _LINUX_BUILD_BUG_H
> +#define _LINUX_BUILD_BUG_H
> +
> +#include <linux/compiler.h>
> +
> +#ifdef __CHECKER__
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_ZERO(e) (0)
> +#define BUILD_BUG_ON_NULL(e) ((void *)0)
> +#define BUILD_BUG_ON_INVALID(e) (0)
> +#define BUILD_BUG_ON_MSG(cond, msg) (0)
> +#define BUILD_BUG_ON(condition) (0)
> +#define BUILD_BUG() (0)
> +#else /* __CHECKER__ */
> +
> +/* Force a compilation error if a constant expression is not a power of 2 */
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
> +	BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n)			\
> +	BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> +
> +/*
> + * Force a compilation error if condition is true, but also produce a
> + * result (of value 0 and type size_t), so the expression can be used
> + * e.g. in a structure initializer (or where-ever else comma expressions
> + * aren't permitted).
> + */
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> +
> +/*
> + * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> + * expression but avoids the generation of any code, even if that expression
> + * has side-effects.
> + */
> +#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> +
> +/**
> + * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> + *		      error message.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * See BUILD_BUG_ON for description.
> + */
> +#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> +
> +/**
> + * BUILD_BUG_ON - break compile if a condition is true.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * If you have some code which relies on certain constants being equal, or
> + * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> + * detect if someone changes it.
> + *
> + * The implementation uses gcc's reluctance to create a negative array, but gcc
> + * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> + * inline functions).  Luckily, in 4.3 they added the "error" function
> + * attribute just for this type of case.  Thus, we use a negative sized array
> + * (should always create an error on gcc versions older than 4.4) and then call
> + * an undefined function with the error attribute (should always create an
> + * error on gcc 4.3 and later).  If for some reason, neither creates a
> + * compile-time error, we'll still have a link-time error, which is harder to
> + * track down.
> + */
> +#ifndef __OPTIMIZE__
> +#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> +#else
> +#define BUILD_BUG_ON(condition) \
> +	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> +#endif
> +
> +/**
> + * BUILD_BUG - break compile if used.
> + *
> + * If you have some code that you expect the compiler to eliminate at
> + * build time, you should use BUILD_BUG to detect if it is
> + * unexpectedly used.
> + */
> +#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> +
> +#endif	/* __CHECKER__ */
> +
> +#endif	/* _LINUX_BUILD_BUG_H */

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of()
  2017-05-25 12:03 ` [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of() Ian Abbott
  2017-05-25 14:07     ` Michal Nazarewicz
@ 2017-05-25 14:07     ` Michal Nazarewicz
  1 sibling, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:07 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> If the first parameter of container_of() is a pointer to a
> non-const-qualified array type (and the third parameter names a
> non-const-qualified array member), the local variable __mptr will be
> defined with a const-qualified array type.  In ISO C, these types are
> incompatible.  They work as expected in GNU C, but some versions will
> issue warnings.  For example, GCC 4.9 produces the warning
> "initialization from incompatible pointer type".
>
> Here is an example of where the problem occurs:
>
> -------------------------------------------------------
>  #include <linux/kernel.h>
>  #include <linux/module.h>
>
> MODULE_LICENSE("GPL");
>
> struct st {
> 	int a;
> 	char b[16];
> };
>
> static int __init example_init(void) {
> 	struct st t = { .a = 101, .b = "hello" };
> 	char (*p)[16] = &t.b;
> 	struct st *x = container_of(p, struct st, b);
> 	printk(KERN_DEBUG "%p %p\n", (void *)&t, (void *)x);
> 	return 0;
> }
>
> static void __exit example_exit(void) {
> }
>
> module_init(example_init);
> module_exit(example_exit);
> -------------------------------------------------------
>
> Building the module with gcc-4.9 results in these warnings (where '{m}'
> is the module source and '{k}' is the kernel source):
>
> -------------------------------------------------------
> In file included from {m}/example.c:1:0:
> {m}/example.c: In function ‘example_init’:
> {k}/include/linux/kernel.h:854:48: warning: initialization from
> incompatible pointer type
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> {k}/include/linux/kernel.h:854:48: warning: (near initialization for
> ‘x’)
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> -------------------------------------------------------
>
> Replace the type checking performed by the macro to avoid these
> warnings.  Make sure `*(ptr)` either has type compatible with the
> member, or has type compatible with `void`, ignoring qualifiers.  Raise
> compiler errors if this is not true.  This is stronger than the previous
> behaviour, which only resulted in compiler warnings for a type mismatch.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Michal Nazarewicz <mina86@mina86.com>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Cc: Johannes Berg <johannes.berg@intel.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Alexander Potapenko <glider@google.com>
> Acked-by: Michal Nazarewicz <mina86@mina86.com>
> ---
> v2: Rebased and altered description to provide an example of when the
> compiler warnings occur.  v1 (from 2016-10-10) also modified a
> 'container_of_safe()' macro that never made it out of "linux-next".
> v3: Added back some type checking at the suggestion of Michal
> Nazarewicz with some helpful hints by Peter Zijlstra.
> v4: No change.
> v5: Added Acked-by for Michal Nazarewicz.  Included <linux/build_bug.h>
> instead of <linux/bug.h> to avoid a circular dependency that resulted in
> build failures when <asm/bug.h> was included before <linux/kernel.h>.
> ---
>  include/linux/kernel.h | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 13bc08aba704..1c9c11c9f1a8 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -11,6 +11,7 @@
>  #include <linux/log2.h>
>  #include <linux/typecheck.h>
>  #include <linux/printk.h>
> +#include <linux/build_bug.h>
>  #include <asm/byteorder.h>
>  #include <uapi/linux/kernel.h>
>  
> @@ -850,9 +851,11 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
>   * @member:	the name of the member within the struct.
>   *
>   */
> -#define container_of(ptr, type, member) ({			\
> -	const typeof( ((type *)0)->member ) *__mptr = (ptr);	\
> -	(type *)( (char *)__mptr - offsetof(type,member) );})
> +#define container_of(ptr, type, member) ({				\
> +	BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) &&	\
> +			 !__same_type(*(ptr), void),			\
> +			 "pointer type mismatch in container_of()");	\
> +	((type *)((char *)(ptr) - offsetof(type, member))); })
>  
>  /* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
>  #ifdef CONFIG_FTRACE_MCOUNT_RECORD

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of()
@ 2017-05-25 14:07     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:07 UTC (permalink / raw)
  To: linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Ian Abbott, Jakub Kicinski,
	Johannes Berg, Kees Cook, Peter Zijlstra, Rasmus Villemoes,
	Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> If the first parameter of container_of() is a pointer to a
> non-const-qualified array type (and the third parameter names a
> non-const-qualified array member), the local variable __mptr will be
> defined with a const-qualified array type.  In ISO C, these types are
> incompatible.  They work as expected in GNU C, but some versions will
> issue warnings.  For example, GCC 4.9 produces the warning
> "initialization from incompatible pointer type".
>
> Here is an example of where the problem occurs:
>
> -------------------------------------------------------
>  #include <linux/kernel.h>
>  #include <linux/module.h>
>
> MODULE_LICENSE("GPL");
>
> struct st {
> 	int a;
> 	char b[16];
> };
>
> static int __init example_init(void) {
> 	struct st t = { .a = 101, .b = "hello" };
> 	char (*p)[16] = &t.b;
> 	struct st *x = container_of(p, struct st, b);
> 	printk(KERN_DEBUG "%p %p\n", (void *)&t, (void *)x);
> 	return 0;
> }
>
> static void __exit example_exit(void) {
> }
>
> module_init(example_init);
> module_exit(example_exit);
> -------------------------------------------------------
>
> Building the module with gcc-4.9 results in these warnings (where '{m}'
> is the module source and '{k}' is the kernel source):
>
> -------------------------------------------------------
> In file included from {m}/example.c:1:0:
> {m}/example.c: In function ‘example_init’:
> {k}/include/linux/kernel.h:854:48: warning: initialization from
> incompatible pointer type
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> {k}/include/linux/kernel.h:854:48: warning: (near initialization for
> ‘x’)
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> -------------------------------------------------------
>
> Replace the type checking performed by the macro to avoid these
> warnings.  Make sure `*(ptr)` either has type compatible with the
> member, or has type compatible with `void`, ignoring qualifiers.  Raise
> compiler errors if this is not true.  This is stronger than the previous
> behaviour, which only resulted in compiler warnings for a type mismatch.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Michal Nazarewicz <mina86@mina86.com>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Cc: Johannes Berg <johannes.berg@intel.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Alexander Potapenko <glider@google.com>
> Acked-by: Michal Nazarewicz <mina86@mina86.com>
> ---
> v2: Rebased and altered description to provide an example of when the
> compiler warnings occur.  v1 (from 2016-10-10) also modified a
> 'container_of_safe()' macro that never made it out of "linux-next".
> v3: Added back some type checking at the suggestion of Michal
> Nazarewicz with some helpful hints by Peter Zijlstra.
> v4: No change.
> v5: Added Acked-by for Michal Nazarewicz.  Included <linux/build_bug.h>
> instead of <linux/bug.h> to avoid a circular dependency that resulted in
> build failures when <asm/bug.h> was included before <linux/kernel.h>.
> ---
>  include/linux/kernel.h | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 13bc08aba704..1c9c11c9f1a8 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -11,6 +11,7 @@
>  #include <linux/log2.h>
>  #include <linux/typecheck.h>
>  #include <linux/printk.h>
> +#include <linux/build_bug.h>
>  #include <asm/byteorder.h>
>  #include <uapi/linux/kernel.h>
>  
> @@ -850,9 +851,11 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
>   * @member:	the name of the member within the struct.
>   *
>   */
> -#define container_of(ptr, type, member) ({			\
> -	const typeof( ((type *)0)->member ) *__mptr = (ptr);	\
> -	(type *)( (char *)__mptr - offsetof(type,member) );})
> +#define container_of(ptr, type, member) ({				\
> +	BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) &&	\
> +			 !__same_type(*(ptr), void),			\
> +			 "pointer type mismatch in container_of()");	\
> +	((type *)((char *)(ptr) - offsetof(type, member))); })
>  
>  /* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
>  #ifdef CONFIG_FTRACE_MCOUNT_RECORD

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of()
@ 2017-05-25 14:07     ` Michal Nazarewicz
  0 siblings, 0 replies; 31+ messages in thread
From: Michal Nazarewicz @ 2017-05-25 14:07 UTC (permalink / raw)
  To: Ian Abbott, linux-kernel, linux-arch
  Cc: Alexander Potapenko, Andrew Morton, Arnd Bergmann,
	Borislav Petkov, Hidehiro Kawai, Jakub Kicinski, Johannes Berg,
	Kees Cook, Peter Zijlstra, Rasmus Villemoes, Steven Rostedt

On Thu, May 25 2017, Ian Abbott wrote:
> If the first parameter of container_of() is a pointer to a
> non-const-qualified array type (and the third parameter names a
> non-const-qualified array member), the local variable __mptr will be
> defined with a const-qualified array type.  In ISO C, these types are
> incompatible.  They work as expected in GNU C, but some versions will
> issue warnings.  For example, GCC 4.9 produces the warning
> "initialization from incompatible pointer type".
>
> Here is an example of where the problem occurs:
>
> -------------------------------------------------------
>  #include <linux/kernel.h>
>  #include <linux/module.h>
>
> MODULE_LICENSE("GPL");
>
> struct st {
> 	int a;
> 	char b[16];
> };
>
> static int __init example_init(void) {
> 	struct st t = { .a = 101, .b = "hello" };
> 	char (*p)[16] = &t.b;
> 	struct st *x = container_of(p, struct st, b);
> 	printk(KERN_DEBUG "%p %p\n", (void *)&t, (void *)x);
> 	return 0;
> }
>
> static void __exit example_exit(void) {
> }
>
> module_init(example_init);
> module_exit(example_exit);
> -------------------------------------------------------
>
> Building the module with gcc-4.9 results in these warnings (where '{m}'
> is the module source and '{k}' is the kernel source):
>
> -------------------------------------------------------
> In file included from {m}/example.c:1:0:
> {m}/example.c: In function ‘example_init’:
> {k}/include/linux/kernel.h:854:48: warning: initialization from
> incompatible pointer type
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> {k}/include/linux/kernel.h:854:48: warning: (near initialization for
> ‘x’)
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> -------------------------------------------------------
>
> Replace the type checking performed by the macro to avoid these
> warnings.  Make sure `*(ptr)` either has type compatible with the
> member, or has type compatible with `void`, ignoring qualifiers.  Raise
> compiler errors if this is not true.  This is stronger than the previous
> behaviour, which only resulted in compiler warnings for a type mismatch.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Michal Nazarewicz <mina86@mina86.com>

Acked-by: Michal Nazarewicz <mina86@mina86.com>

> Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Cc: Johannes Berg <johannes.berg@intel.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Alexander Potapenko <glider@google.com>
> Acked-by: Michal Nazarewicz <mina86@mina86.com>
> ---
> v2: Rebased and altered description to provide an example of when the
> compiler warnings occur.  v1 (from 2016-10-10) also modified a
> 'container_of_safe()' macro that never made it out of "linux-next".
> v3: Added back some type checking at the suggestion of Michal
> Nazarewicz with some helpful hints by Peter Zijlstra.
> v4: No change.
> v5: Added Acked-by for Michal Nazarewicz.  Included <linux/build_bug.h>
> instead of <linux/bug.h> to avoid a circular dependency that resulted in
> build failures when <asm/bug.h> was included before <linux/kernel.h>.
> ---
>  include/linux/kernel.h | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 13bc08aba704..1c9c11c9f1a8 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -11,6 +11,7 @@
>  #include <linux/log2.h>
>  #include <linux/typecheck.h>
>  #include <linux/printk.h>
> +#include <linux/build_bug.h>
>  #include <asm/byteorder.h>
>  #include <uapi/linux/kernel.h>
>  
> @@ -850,9 +851,11 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
>   * @member:	the name of the member within the struct.
>   *
>   */
> -#define container_of(ptr, type, member) ({			\
> -	const typeof( ((type *)0)->member ) *__mptr = (ptr);	\
> -	(type *)( (char *)__mptr - offsetof(type,member) );})
> +#define container_of(ptr, type, member) ({				\
> +	BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) &&	\
> +			 !__same_type(*(ptr), void),			\
> +			 "pointer type mismatch in container_of()");	\
> +	((type *)((char *)(ptr) - offsetof(type, member))); })
>  
>  /* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
>  #ifdef CONFIG_FTRACE_MCOUNT_RECORD

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h>
  2017-05-25 12:03 ` [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h> Ian Abbott
  2017-05-25 14:06     ` Michal Nazarewicz
@ 2017-05-25 18:30   ` Kees Cook
  1 sibling, 0 replies; 31+ messages in thread
From: Kees Cook @ 2017-05-25 18:30 UTC (permalink / raw)
  To: Ian Abbott
  Cc: LKML, linux-arch, Alexander Potapenko, Andrew Morton,
	Arnd Bergmann, Borislav Petkov, Hidehiro Kawai, Jakub Kicinski,
	Johannes Berg, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

On Thu, May 25, 2017 at 5:03 AM, Ian Abbott <abbotti@mev.co.uk> wrote:
> Including <linux/bug.h> pulls in a lot of bloat from <asm/bug.h> and
> <asm-generic/bug.h> that is not needed to call the BUILD_BUG() family of
> macros.  Split them out into their own header, <linux/build_bug.h>.
>
> Also correct some checkpatch.pl errors for the BUILD_BUG_ON_ZERO() and
> BUILD_BUG_ON_NULL() macros by adding parentheses around the bitfield
> widths that begin with a minus sign.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>

Oh yes, thank you. I've had a few places where I would have liked to
use BUILD_BUG_ON() but avoided it due to the header soup. :)

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> ---
> v5: Actually, there was no v1 thru v4.  I called this v5 to match the
> series.
> ---
>  include/linux/bug.h       | 74 +----------------------------------------
>  include/linux/build_bug.h | 84 +++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 85 insertions(+), 73 deletions(-)
>  create mode 100644 include/linux/build_bug.h
>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 483207cb99fb..5d5554c874fd 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -3,6 +3,7 @@
>
>  #include <asm/bug.h>
>  #include <linux/compiler.h>
> +#include <linux/build_bug.h>
>
>  enum bug_trap_type {
>         BUG_TRAP_TYPE_NONE = 0,
> @@ -13,82 +14,9 @@ enum bug_trap_type {
>  struct pt_regs;
>
>  #ifdef __CHECKER__
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> -#define BUILD_BUG_ON_ZERO(e) (0)
> -#define BUILD_BUG_ON_NULL(e) ((void *)0)
> -#define BUILD_BUG_ON_INVALID(e) (0)
> -#define BUILD_BUG_ON_MSG(cond, msg) (0)
> -#define BUILD_BUG_ON(condition) (0)
> -#define BUILD_BUG() (0)
>  #define MAYBE_BUILD_BUG_ON(cond) (0)
>  #else /* __CHECKER__ */
>
> -/* Force a compilation error if a constant expression is not a power of 2 */
> -#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)       \
> -       BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> -#define BUILD_BUG_ON_NOT_POWER_OF_2(n)                 \
> -       BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> -
> -/*
> - * Force a compilation error if condition is true, but also produce a
> - * result (of value 0 and type size_t), so the expression can be used
> - * e.g. in a structure initializer (or where-ever else comma expressions
> - * aren't permitted).
> - */
> -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> -
> -/*
> - * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> - * expression but avoids the generation of any code, even if that expression
> - * has side-effects.
> - */
> -#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> -
> -/**
> - * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> - *                   error message.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * See BUILD_BUG_ON for description.
> - */
> -#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> -
> -/**
> - * BUILD_BUG_ON - break compile if a condition is true.
> - * @condition: the condition which the compiler should know is false.
> - *
> - * If you have some code which relies on certain constants being equal, or
> - * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> - * detect if someone changes it.
> - *
> - * The implementation uses gcc's reluctance to create a negative array, but gcc
> - * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> - * inline functions).  Luckily, in 4.3 they added the "error" function
> - * attribute just for this type of case.  Thus, we use a negative sized array
> - * (should always create an error on gcc versions older than 4.4) and then call
> - * an undefined function with the error attribute (should always create an
> - * error on gcc 4.3 and later).  If for some reason, neither creates a
> - * compile-time error, we'll still have a link-time error, which is harder to
> - * track down.
> - */
> -#ifndef __OPTIMIZE__
> -#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> -#else
> -#define BUILD_BUG_ON(condition) \
> -       BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> -#endif
> -
> -/**
> - * BUILD_BUG - break compile if used.
> - *
> - * If you have some code that you expect the compiler to eliminate at
> - * build time, you should use BUILD_BUG to detect if it is
> - * unexpectedly used.
> - */
> -#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> -
>  #define MAYBE_BUILD_BUG_ON(cond)                       \
>         do {                                            \
>                 if (__builtin_constant_p((cond)))       \
> diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
> new file mode 100644
> index 000000000000..b7d22d60008a
> --- /dev/null
> +++ b/include/linux/build_bug.h
> @@ -0,0 +1,84 @@
> +#ifndef _LINUX_BUILD_BUG_H
> +#define _LINUX_BUILD_BUG_H
> +
> +#include <linux/compiler.h>
> +
> +#ifdef __CHECKER__
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n) (0)
> +#define BUILD_BUG_ON_ZERO(e) (0)
> +#define BUILD_BUG_ON_NULL(e) ((void *)0)
> +#define BUILD_BUG_ON_INVALID(e) (0)
> +#define BUILD_BUG_ON_MSG(cond, msg) (0)
> +#define BUILD_BUG_ON(condition) (0)
> +#define BUILD_BUG() (0)
> +#else /* __CHECKER__ */
> +
> +/* Force a compilation error if a constant expression is not a power of 2 */
> +#define __BUILD_BUG_ON_NOT_POWER_OF_2(n)       \
> +       BUILD_BUG_ON(((n) & ((n) - 1)) != 0)
> +#define BUILD_BUG_ON_NOT_POWER_OF_2(n)                 \
> +       BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0))
> +
> +/*
> + * Force a compilation error if condition is true, but also produce a
> + * result (of value 0 and type size_t), so the expression can be used
> + * e.g. in a structure initializer (or where-ever else comma expressions
> + * aren't permitted).
> + */
> +#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> +#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:(-!!(e)); }))
> +
> +/*
> + * BUILD_BUG_ON_INVALID() permits the compiler to check the validity of the
> + * expression but avoids the generation of any code, even if that expression
> + * has side-effects.
> + */
> +#define BUILD_BUG_ON_INVALID(e) ((void)(sizeof((__force long)(e))))
> +
> +/**
> + * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
> + *                   error message.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * See BUILD_BUG_ON for description.
> + */
> +#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
> +
> +/**
> + * BUILD_BUG_ON - break compile if a condition is true.
> + * @condition: the condition which the compiler should know is false.
> + *
> + * If you have some code which relies on certain constants being equal, or
> + * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
> + * detect if someone changes it.
> + *
> + * The implementation uses gcc's reluctance to create a negative array, but gcc
> + * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
> + * inline functions).  Luckily, in 4.3 they added the "error" function
> + * attribute just for this type of case.  Thus, we use a negative sized array
> + * (should always create an error on gcc versions older than 4.4) and then call
> + * an undefined function with the error attribute (should always create an
> + * error on gcc 4.3 and later).  If for some reason, neither creates a
> + * compile-time error, we'll still have a link-time error, which is harder to
> + * track down.
> + */
> +#ifndef __OPTIMIZE__
> +#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
> +#else
> +#define BUILD_BUG_ON(condition) \
> +       BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
> +#endif
> +
> +/**
> + * BUILD_BUG - break compile if used.
> + *
> + * If you have some code that you expect the compiler to eliminate at
> + * build time, you should use BUILD_BUG to detect if it is
> + * unexpectedly used.
> + */
> +#define BUILD_BUG() BUILD_BUG_ON_MSG(1, "BUILD_BUG failed")
> +
> +#endif /* __CHECKER__ */
> +
> +#endif /* _LINUX_BUILD_BUG_H */
> --
> 2.11.0
>



-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of()
  2017-05-25 12:03 ` [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of() Ian Abbott
  2017-05-25 14:07     ` Michal Nazarewicz
@ 2017-05-25 18:35   ` Kees Cook
  2017-05-26 13:57     ` Ian Abbott
  1 sibling, 1 reply; 31+ messages in thread
From: Kees Cook @ 2017-05-25 18:35 UTC (permalink / raw)
  To: Ian Abbott
  Cc: LKML, linux-arch, Alexander Potapenko, Andrew Morton,
	Arnd Bergmann, Borislav Petkov, Hidehiro Kawai, Jakub Kicinski,
	Johannes Berg, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

On Thu, May 25, 2017 at 5:03 AM, Ian Abbott <abbotti@mev.co.uk> wrote:
> If the first parameter of container_of() is a pointer to a
> non-const-qualified array type (and the third parameter names a
> non-const-qualified array member), the local variable __mptr will be
> defined with a const-qualified array type.  In ISO C, these types are
> incompatible.  They work as expected in GNU C, but some versions will
> issue warnings.  For example, GCC 4.9 produces the warning
> "initialization from incompatible pointer type".
>
> Here is an example of where the problem occurs:
>
> -------------------------------------------------------
>  #include <linux/kernel.h>
>  #include <linux/module.h>
>
> MODULE_LICENSE("GPL");
>
> struct st {
>         int a;
>         char b[16];
> };
>
> static int __init example_init(void) {
>         struct st t = { .a = 101, .b = "hello" };
>         char (*p)[16] = &t.b;
>         struct st *x = container_of(p, struct st, b);
>         printk(KERN_DEBUG "%p %p\n", (void *)&t, (void *)x);
>         return 0;
> }
>
> static void __exit example_exit(void) {
> }
>
> module_init(example_init);
> module_exit(example_exit);
> -------------------------------------------------------
>
> Building the module with gcc-4.9 results in these warnings (where '{m}'
> is the module source and '{k}' is the kernel source):
>
> -------------------------------------------------------
> In file included from {m}/example.c:1:0:
> {m}/example.c: In function ‘example_init’:
> {k}/include/linux/kernel.h:854:48: warning: initialization from
> incompatible pointer type
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> {k}/include/linux/kernel.h:854:48: warning: (near initialization for
> ‘x’)
>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>                                                 ^
> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>   struct st *x = container_of(p, struct st, b);
>                  ^
> -------------------------------------------------------
>
> Replace the type checking performed by the macro to avoid these
> warnings.  Make sure `*(ptr)` either has type compatible with the
> member, or has type compatible with `void`, ignoring qualifiers.  Raise
> compiler errors if this is not true.  This is stronger than the previous
> behaviour, which only resulted in compiler warnings for a type mismatch.
>
> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Michal Nazarewicz <mina86@mina86.com>
> Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Cc: Johannes Berg <johannes.berg@intel.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Alexander Potapenko <glider@google.com>
> Acked-by: Michal Nazarewicz <mina86@mina86.com>

Seems reasonable to me. I think this actually improves the errors
reported when something is mismatched in container_of(). Silly
question: does this pass an allyesconfig?

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
> v2: Rebased and altered description to provide an example of when the
> compiler warnings occur.  v1 (from 2016-10-10) also modified a
> 'container_of_safe()' macro that never made it out of "linux-next".
> v3: Added back some type checking at the suggestion of Michal
> Nazarewicz with some helpful hints by Peter Zijlstra.
> v4: No change.
> v5: Added Acked-by for Michal Nazarewicz.  Included <linux/build_bug.h>
> instead of <linux/bug.h> to avoid a circular dependency that resulted in
> build failures when <asm/bug.h> was included before <linux/kernel.h>.
> ---
>  include/linux/kernel.h | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 13bc08aba704..1c9c11c9f1a8 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -11,6 +11,7 @@
>  #include <linux/log2.h>
>  #include <linux/typecheck.h>
>  #include <linux/printk.h>
> +#include <linux/build_bug.h>
>  #include <asm/byteorder.h>
>  #include <uapi/linux/kernel.h>
>
> @@ -850,9 +851,11 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
>   * @member:    the name of the member within the struct.
>   *
>   */
> -#define container_of(ptr, type, member) ({                     \
> -       const typeof( ((type *)0)->member ) *__mptr = (ptr);    \
> -       (type *)( (char *)__mptr - offsetof(type,member) );})
> +#define container_of(ptr, type, member) ({                             \
> +       BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) &&   \
> +                        !__same_type(*(ptr), void),                    \
> +                        "pointer type mismatch in container_of()");    \
> +       ((type *)((char *)(ptr) - offsetof(type, member))); })
>
>  /* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
>  #ifdef CONFIG_FTRACE_MCOUNT_RECORD
> --
> 2.11.0
>



-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of()
  2017-05-25 18:35   ` Kees Cook
@ 2017-05-26 13:57     ` Ian Abbott
  0 siblings, 0 replies; 31+ messages in thread
From: Ian Abbott @ 2017-05-26 13:57 UTC (permalink / raw)
  To: Kees Cook
  Cc: LKML, linux-arch, Alexander Potapenko, Andrew Morton,
	Arnd Bergmann, Borislav Petkov, Hidehiro Kawai, Jakub Kicinski,
	Johannes Berg, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes, Steven Rostedt

On 25/05/17 19:35, Kees Cook wrote:
> On Thu, May 25, 2017 at 5:03 AM, Ian Abbott <abbotti@mev.co.uk> wrote:
>> If the first parameter of container_of() is a pointer to a
>> non-const-qualified array type (and the third parameter names a
>> non-const-qualified array member), the local variable __mptr will be
>> defined with a const-qualified array type.  In ISO C, these types are
>> incompatible.  They work as expected in GNU C, but some versions will
>> issue warnings.  For example, GCC 4.9 produces the warning
>> "initialization from incompatible pointer type".
>>
>> Here is an example of where the problem occurs:
>>
>> -------------------------------------------------------
>>  #include <linux/kernel.h>
>>  #include <linux/module.h>
>>
>> MODULE_LICENSE("GPL");
>>
>> struct st {
>>         int a;
>>         char b[16];
>> };
>>
>> static int __init example_init(void) {
>>         struct st t = { .a = 101, .b = "hello" };
>>         char (*p)[16] = &t.b;
>>         struct st *x = container_of(p, struct st, b);
>>         printk(KERN_DEBUG "%p %p\n", (void *)&t, (void *)x);
>>         return 0;
>> }
>>
>> static void __exit example_exit(void) {
>> }
>>
>> module_init(example_init);
>> module_exit(example_exit);
>> -------------------------------------------------------
>>
>> Building the module with gcc-4.9 results in these warnings (where '{m}'
>> is the module source and '{k}' is the kernel source):
>>
>> -------------------------------------------------------
>> In file included from {m}/example.c:1:0:
>> {m}/example.c: In function ‘example_init’:
>> {k}/include/linux/kernel.h:854:48: warning: initialization from
>> incompatible pointer type
>>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>>                                                 ^
>> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>>   struct st *x = container_of(p, struct st, b);
>>                  ^
>> {k}/include/linux/kernel.h:854:48: warning: (near initialization for
>> ‘x’)
>>   const typeof( ((type *)0)->member ) *__mptr = (ptr); \
>>                                                 ^
>> {m}/example.c:14:17: note: in expansion of macro ‘container_of’
>>   struct st *x = container_of(p, struct st, b);
>>                  ^
>> -------------------------------------------------------
>>
>> Replace the type checking performed by the macro to avoid these
>> warnings.  Make sure `*(ptr)` either has type compatible with the
>> member, or has type compatible with `void`, ignoring qualifiers.  Raise
>> compiler errors if this is not true.  This is stronger than the previous
>> behaviour, which only resulted in compiler warnings for a type mismatch.
>>
>> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
>> Cc: Andrew Morton <akpm@linux-foundation.org>
>> Cc: Michal Nazarewicz <mina86@mina86.com>
>> Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
>> Cc: Borislav Petkov <bp@suse.de>
>> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
>> Cc: Johannes Berg <johannes.berg@intel.com>
>> Cc: Peter Zijlstra <peterz@infradead.org>
>> Cc: Alexander Potapenko <glider@google.com>
>> Acked-by: Michal Nazarewicz <mina86@mina86.com>
>
> Seems reasonable to me. I think this actually improves the errors
> reported when something is mismatched in container_of(). Silly
> question: does this pass an allyesconfig?

Yes for ARCH=i386 at least.

>
> Acked-by: Kees Cook <keescook@chromium.org>

Thanks!

-- 
-=( Ian Abbott @ MEV Ltd.    E-mail: <abbotti@mev.co.uk> )=-
-=(                          Web: http://www.mev.co.uk/  )=-

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype
  2017-05-25 12:03 ` [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype Ian Abbott
@ 2017-06-08 14:07   ` Steven Rostedt
  2017-06-12 14:13     ` Ian Abbott
  0 siblings, 1 reply; 31+ messages in thread
From: Steven Rostedt @ 2017-06-08 14:07 UTC (permalink / raw)
  To: Ian Abbott
  Cc: linux-kernel, linux-arch, Alexander Potapenko, Andrew Morton,
	Arnd Bergmann, Borislav Petkov, Hidehiro Kawai, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes

On Thu, 25 May 2017 13:03:11 +0100
Ian Abbott <abbotti@mev.co.uk> wrote:

> The declaration of `__warn()` has `struct pt_regs *regs` as one of its
> parameters.  This can result in compiler warnings if `struct regs` is
> not already declared.  Add an empty declaration of `struct pt_regs` to
> avoid the warnings.
> 

Not sure if this has been pulled already or not, but I have a small nit.

> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Acked-by: Arnd Bergmann <arnd@arndb.de>
> Acked-by: Michal Nazarewicz <mina86@mina86.com>
> ---
> v3: Actually, there was no v1 or v2.  I called this v3 to match the
> series.
> v4: Corrected 'Acked-by:' line in patch description.
> v5: Added Acked-by for Michal Nazarewicz.
> ---
>  include/asm-generic/bug.h | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
> index d6f4aed479a1..87191357d303 100644
> --- a/include/asm-generic/bug.h
> +++ b/include/asm-generic/bug.h
> @@ -97,6 +97,7 @@ extern void warn_slowpath_null(const char *file, const int line);
>  
>  /* used internally by panic.c */
>  struct warn_args;
> +struct pt_regs;

Probably be better to move pt_regs above the comment. For one, it is
used before warn_args in the function below. Two, it's not defined
internally by panic.c like warn_args is.

-- Steve


>  
>  void __warn(const char *file, int line, void *caller, unsigned taint,
>  	    struct pt_regs *regs, struct warn_args *args);

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype
  2017-06-08 14:07   ` Steven Rostedt
@ 2017-06-12 14:13     ` Ian Abbott
  2017-06-12 14:15       ` Steven Rostedt
  0 siblings, 1 reply; 31+ messages in thread
From: Ian Abbott @ 2017-06-12 14:13 UTC (permalink / raw)
  To: Steven Rostedt
  Cc: linux-kernel, linux-arch, Alexander Potapenko, Andrew Morton,
	Arnd Bergmann, Borislav Petkov, Hidehiro Kawai, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes

On 08/06/17 15:07, Steven Rostedt wrote:
> On Thu, 25 May 2017 13:03:11 +0100
> Ian Abbott <abbotti@mev.co.uk> wrote:
>
>> The declaration of `__warn()` has `struct pt_regs *regs` as one of its
>> parameters.  This can result in compiler warnings if `struct regs` is
>> not already declared.  Add an empty declaration of `struct pt_regs` to
>> avoid the warnings.
>>
>
> Not sure if this has been pulled already or not, but I have a small nit.

It's already in linux-next master.

>
>> Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
>> Cc: Arnd Bergmann <arnd@arndb.de>
>> Acked-by: Arnd Bergmann <arnd@arndb.de>
>> Acked-by: Michal Nazarewicz <mina86@mina86.com>
>> ---
>> v3: Actually, there was no v1 or v2.  I called this v3 to match the
>> series.
>> v4: Corrected 'Acked-by:' line in patch description.
>> v5: Added Acked-by for Michal Nazarewicz.
>> ---
>>  include/asm-generic/bug.h | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
>> index d6f4aed479a1..87191357d303 100644
>> --- a/include/asm-generic/bug.h
>> +++ b/include/asm-generic/bug.h
>> @@ -97,6 +97,7 @@ extern void warn_slowpath_null(const char *file, const int line);
>>
>>  /* used internally by panic.c */
>>  struct warn_args;
>> +struct pt_regs;
>
> Probably be better to move pt_regs above the comment. For one, it is
> used before warn_args in the function below. Two, it's not defined
> internally by panic.c like warn_args is.

Alternatively, the comment could be placed on the same line as `struct 
warn_args;`.  I don't think it's a big enough of a deal to patch it for 
the sake of it, tbh.

>
> -- Steve
>
>
>>
>>  void __warn(const char *file, int line, void *caller, unsigned taint,
>>  	    struct pt_regs *regs, struct warn_args *args);
>


-- 
-=( Ian Abbott @ MEV Ltd.    E-mail: <abbotti@mev.co.uk> )=-
-=(                          Web: http://www.mev.co.uk/  )=-

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype
  2017-06-12 14:13     ` Ian Abbott
@ 2017-06-12 14:15       ` Steven Rostedt
  0 siblings, 0 replies; 31+ messages in thread
From: Steven Rostedt @ 2017-06-12 14:15 UTC (permalink / raw)
  To: Ian Abbott
  Cc: linux-kernel, linux-arch, Alexander Potapenko, Andrew Morton,
	Arnd Bergmann, Borislav Petkov, Hidehiro Kawai, Jakub Kicinski,
	Johannes Berg, Kees Cook, Michal Nazarewicz, Peter Zijlstra,
	Rasmus Villemoes

On Mon, 12 Jun 2017 15:13:54 +0100
Ian Abbott <abbotti@mev.co.uk> wrote:

> >> diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
> >> index d6f4aed479a1..87191357d303 100644
> >> --- a/include/asm-generic/bug.h
> >> +++ b/include/asm-generic/bug.h
> >> @@ -97,6 +97,7 @@ extern void warn_slowpath_null(const char *file, const int line);
> >>
> >>  /* used internally by panic.c */
> >>  struct warn_args;
> >> +struct pt_regs;  
> >
> > Probably be better to move pt_regs above the comment. For one, it is
> > used before warn_args in the function below. Two, it's not defined
> > internally by panic.c like warn_args is.  
> 
> Alternatively, the comment could be placed on the same line as `struct 
> warn_args;`.  I don't think it's a big enough of a deal to patch it for 
> the sake of it, tbh.

trivial clean up patches are fine to add for merge windows.

Could just write a patch and send it to the trivial maintainer.

-- Steve

^ permalink raw reply	[flat|nested] 31+ messages in thread

end of thread, other threads:[~2017-06-12 14:16 UTC | newest]

Thread overview: 31+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-25 12:03 [PATCH v5 0/6] kernel.h: container_of() pointer checking Ian Abbott
2017-05-25 12:03 ` [PATCH v5 1/6] asm-generic/bug.h: declare struct pt_regs; before function prototype Ian Abbott
2017-06-08 14:07   ` Steven Rostedt
2017-06-12 14:13     ` Ian Abbott
2017-06-12 14:15       ` Steven Rostedt
2017-05-25 12:03 ` [PATCH v5 2/6] linux/bug.h: correct formatting of block comment Ian Abbott
2017-05-25 13:58   ` Michal Nazarewicz
2017-05-25 13:58     ` Michal Nazarewicz
2017-05-25 13:58     ` Michal Nazarewicz
2017-05-25 12:03 ` [PATCH v5 3/6] linux/bug.h: correct "(foo*)" should be "(foo *)" Ian Abbott
2017-05-25 13:59   ` Michal Nazarewicz
2017-05-25 13:59     ` Michal Nazarewicz
2017-05-25 13:59     ` Michal Nazarewicz
2017-05-25 12:03 ` [PATCH v5 4/6] linux/bug.h: correct "space required before that '-'" Ian Abbott
2017-05-25 14:01   ` Michal Nazarewicz
2017-05-25 14:01     ` Michal Nazarewicz
2017-05-25 14:01     ` Michal Nazarewicz
2017-05-25 14:02   ` Michal Nazarewicz
2017-05-25 14:02     ` Michal Nazarewicz
2017-05-25 14:02     ` Michal Nazarewicz
2017-05-25 12:03 ` [PATCH v5 5/6] bug: split BUILD_BUG stuff out into <linux/build_bug.h> Ian Abbott
2017-05-25 14:06   ` Michal Nazarewicz
2017-05-25 14:06     ` Michal Nazarewicz
2017-05-25 14:06     ` Michal Nazarewicz
2017-05-25 18:30   ` Kees Cook
2017-05-25 12:03 ` [PATCH v5 6/6] kernel.h: handle pointers to arrays better in container_of() Ian Abbott
2017-05-25 14:07   ` Michal Nazarewicz
2017-05-25 14:07     ` Michal Nazarewicz
2017-05-25 14:07     ` Michal Nazarewicz
2017-05-25 18:35   ` Kees Cook
2017-05-26 13:57     ` Ian Abbott

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.