All of lore.kernel.org
 help / color / mirror / Atom feed
From: Yingchi Long <me@inclyc.cn>
To: bp@alien8.de
Cc: chang.seok.bae@intel.com, dave.hansen@linux.intel.com,
	david.laight@aculab.com, hpa@zytor.com,
	linux-kernel@vger.kernel.org, me@inclyc.cn, mingo@redhat.com,
	ndesaulniers@google.com, pbonzini@redhat.com, tglx@linutronix.de,
	x86@kernel.org
Subject: [PATCH RESEND v4] x86/fpu: use _Alignof to avoid UB in TYPE_ALIGN
Date: Fri, 18 Nov 2022 08:55:35 +0800	[thread overview]
Message-ID: <20221118005535.1120026-1-me@inclyc.cn> (raw)
In-Reply-To: <Y2KhCyofvfG5W5hE@zn.tnic>

From: YingChi Long <me@inclyc.cn>

Link: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm

WG14 N2350 made very clear that it is an undefined behavior having type
definitions with in "offsetof". Replace the macro "TYPE_ALIGN" to
builtin "_Alignof" to avoid undefined behavior.

I've grepped all source files to find any type definitions within
"offsetof".

    offsetof\(struct .*\{ .*,

This implementation of macro "TYPE_ALIGN" seemes to be the only case of
type definitions within offsetof in the kernel codebase.

Link: https://reviews.llvm.org/D133574

A clang patch has been made that rejects any definitions within
__builtin_offsetof (usually #defined with "offsetof"), and tested
compiling the kernel using clang, there are no error if this patch
applied.

Link: https://gcc.gnu.org/onlinedocs/gcc/Alignment.html
Link: https://godbolt.org/z/sPs1GEhbT

ISO C11 _Alignof is subtly different from the GNU C extension
__alignof__. __alignof__ is the preferred alignment and _Alignof the
minimal alignment. For 'long long' on x86 these are 8 and 4
respectively.

The macro TYPE_ALIGN being replacing has behavior that matches _Alignof
rather than __alignof__.

Signed-off-by: YingChi Long <me@inclyc.cn>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
---
v4:
- commit message changes suggested by Borislav Petkov

v3:
- commit message changes suggested by Nick and David

v3: https://lore.kernel.org/all/20221006141442.2475978-1-me@inclyc.cn/

v2: https://lore.kernel.org/all/20220927153338.4177854-1-me@inclyc.cn/
Signed-off-by: Yingchi Long <me@inclyc.cn>
---
 arch/x86/kernel/fpu/init.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
index 8946f89761cc..851eb13edc01 100644
--- a/arch/x86/kernel/fpu/init.c
+++ b/arch/x86/kernel/fpu/init.c
@@ -133,9 +133,6 @@ static void __init fpu__init_system_generic(void)
 	fpu__init_system_mxcsr();
 }

-/* Get alignment of the TYPE. */
-#define TYPE_ALIGN(TYPE) offsetof(struct { char x; TYPE test; }, test)
-
 /*
  * Enforce that 'MEMBER' is the last field of 'TYPE'.
  *
@@ -143,8 +140,8 @@ static void __init fpu__init_system_generic(void)
  * because that's how C aligns structs.
  */
 #define CHECK_MEMBER_AT_END_OF(TYPE, MEMBER) \
-	BUILD_BUG_ON(sizeof(TYPE) != ALIGN(offsetofend(TYPE, MEMBER), \
-					   TYPE_ALIGN(TYPE)))
+	BUILD_BUG_ON(sizeof(TYPE) !=         \
+		     ALIGN(offsetofend(TYPE, MEMBER), _Alignof(TYPE)))

 /*
  * We append the 'struct fpu' to the task_struct:
--
2.37.4


  parent reply	other threads:[~2022-11-18  0:56 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-25 15:31 [PATCH] x86/fpu: use __alignof__ to avoid UB in TYPE_ALIGN YingChi Long
2022-09-26  9:01 ` Peter Zijlstra
2022-09-26 13:18   ` YingChi Long
2022-09-26 19:02     ` Nick Desaulniers
2022-09-27  8:20     ` David Laight
2022-09-27 15:33 ` [PATCH v2] x86/fpu: use _Alignof " YingChi Long
2022-09-27 15:58   ` David Laight
2022-09-27 16:44     ` YingChi Long
2022-09-27 17:07       ` YingChi Long
2022-09-28  8:09       ` David Laight
2022-09-28 11:23         ` YingChi Long
2022-10-05  7:29   ` YingChi Long
2022-10-05 18:30     ` Nick Desaulniers
2022-10-05 18:38       ` Nick Desaulniers
2022-10-05 18:57         ` Nick Desaulniers
2022-10-06  8:12           ` David Laight
2022-10-06 14:14 ` [PATCH v3] " YingChi Long
2022-10-06 17:34   ` Nick Desaulniers
2022-10-18  0:52   ` YingChi Long
2022-10-29 12:25   ` [PATCH RESEND " YingChi Long
2022-10-31 18:29     ` Nick Desaulniers
2022-11-02 16:55     ` Borislav Petkov
2022-11-02 18:07       ` YingChi Long
2022-11-02 18:14       ` [PATCH v4] " YingChi Long
2022-11-02 21:41       ` [PATCH RESEND v3] " David Laight
2022-11-18  0:55       ` Yingchi Long [this message]
2022-11-22 16:26 ` [tip: x86/fpu] x86/fpu: Use _Alignof to avoid undefined behavior " tip-bot2 for YingChi Long

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221118005535.1120026-1-me@inclyc.cn \
    --to=me@inclyc.cn \
    --cc=bp@alien8.de \
    --cc=chang.seok.bae@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=david.laight@aculab.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=ndesaulniers@google.com \
    --cc=pbonzini@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.