From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Nathan Chancellor <nathan@kernel.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: Nick Desaulniers <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com,
Paul Mackerras <paulus@samba.org>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH] powerpc: Avoid clang uninitialized warning in __get_user_size_allowed
Date: Tue, 27 Apr 2021 07:05:12 +0200 [thread overview]
Message-ID: <32a0f305-031b-e4da-345d-0f03b2b42189@csgroup.eu> (raw)
In-Reply-To: <20210426203518.981550-1-nathan@kernel.org>
Le 26/04/2021 à 22:35, Nathan Chancellor a écrit :
> Commit 9975f852ce1b ("powerpc/uaccess: Remove calls to __get_user_bad()
> and __put_user_bad()") switch to BUILD_BUG() in the default case, which
> leaves x uninitialized. This will not be an issue because the build will
> be broken in that case but clang does static analysis before it realizes
> the default case will be done so it warns about x being uninitialized
> (trimmed for brevity):
>
> In file included from mm/mprotect.c:13:
> In file included from ./include/linux/hugetlb.h:28:
> In file included from ./include/linux/mempolicy.h:16:
> ./include/linux/pagemap.h:772:16: warning: variable '__gu_val' is used
> uninitialized whenever switch default is taken [-Wsometimes-uninitialized]
> if (unlikely(__get_user(c, uaddr) != 0))
> ^~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:266:2: note: expanded from macro '__get_user'
> __get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:235:2: note: expanded from macro
> '__get_user_size_allowed'
> default: BUILD_BUG(); \
> ^~~~~~~
>
> Commit 5cd29b1fd3e8 ("powerpc/uaccess: Use asm goto for get_user when
> compiler supports it") added an initialization for x because of the same
> reason. Do the same thing here so there is no warning across all
> versions of clang.
Ah yes, I tested with Clang 11 which has CONFIG_CC_HAS_ASM_GOTO_OUTPUT, that's the reason why I hit
that warning only in the CONFIG_CC_HAS_ASM_GOTO_OUTPUT branch.
But regardless, is that normal that Clang warns that on a never taken branch ? That's puzzling.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1359
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> ---
> arch/powerpc/include/asm/uaccess.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
> index a4e791bcd3fe..a09e4240c5b1 100644
> --- a/arch/powerpc/include/asm/uaccess.h
> +++ b/arch/powerpc/include/asm/uaccess.h
> @@ -232,7 +232,7 @@ do { \
> case 2: __get_user_asm(x, (u16 __user *)ptr, retval, "lhz"); break; \
> case 4: __get_user_asm(x, (u32 __user *)ptr, retval, "lwz"); break; \
> case 8: __get_user_asm2(x, (u64 __user *)ptr, retval); break; \
> - default: BUILD_BUG(); \
> + default: x = 0; BUILD_BUG(); \
> } \
> } while (0)
>
>
> base-commit: ee6b25fa7c037e42cc5f3b5c024b2a779edab6dd
>
WARNING: multiple messages have this Message-ID (diff)
From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Nathan Chancellor <nathan@kernel.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: clang-built-linux@googlegroups.com,
linuxppc-dev@lists.ozlabs.org,
Nick Desaulniers <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org, Paul Mackerras <paulus@samba.org>
Subject: Re: [PATCH] powerpc: Avoid clang uninitialized warning in __get_user_size_allowed
Date: Tue, 27 Apr 2021 07:05:12 +0200 [thread overview]
Message-ID: <32a0f305-031b-e4da-345d-0f03b2b42189@csgroup.eu> (raw)
In-Reply-To: <20210426203518.981550-1-nathan@kernel.org>
Le 26/04/2021 à 22:35, Nathan Chancellor a écrit :
> Commit 9975f852ce1b ("powerpc/uaccess: Remove calls to __get_user_bad()
> and __put_user_bad()") switch to BUILD_BUG() in the default case, which
> leaves x uninitialized. This will not be an issue because the build will
> be broken in that case but clang does static analysis before it realizes
> the default case will be done so it warns about x being uninitialized
> (trimmed for brevity):
>
> In file included from mm/mprotect.c:13:
> In file included from ./include/linux/hugetlb.h:28:
> In file included from ./include/linux/mempolicy.h:16:
> ./include/linux/pagemap.h:772:16: warning: variable '__gu_val' is used
> uninitialized whenever switch default is taken [-Wsometimes-uninitialized]
> if (unlikely(__get_user(c, uaddr) != 0))
> ^~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:266:2: note: expanded from macro '__get_user'
> __get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:235:2: note: expanded from macro
> '__get_user_size_allowed'
> default: BUILD_BUG(); \
> ^~~~~~~
>
> Commit 5cd29b1fd3e8 ("powerpc/uaccess: Use asm goto for get_user when
> compiler supports it") added an initialization for x because of the same
> reason. Do the same thing here so there is no warning across all
> versions of clang.
Ah yes, I tested with Clang 11 which has CONFIG_CC_HAS_ASM_GOTO_OUTPUT, that's the reason why I hit
that warning only in the CONFIG_CC_HAS_ASM_GOTO_OUTPUT branch.
But regardless, is that normal that Clang warns that on a never taken branch ? That's puzzling.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1359
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> ---
> arch/powerpc/include/asm/uaccess.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
> index a4e791bcd3fe..a09e4240c5b1 100644
> --- a/arch/powerpc/include/asm/uaccess.h
> +++ b/arch/powerpc/include/asm/uaccess.h
> @@ -232,7 +232,7 @@ do { \
> case 2: __get_user_asm(x, (u16 __user *)ptr, retval, "lhz"); break; \
> case 4: __get_user_asm(x, (u32 __user *)ptr, retval, "lwz"); break; \
> case 8: __get_user_asm2(x, (u64 __user *)ptr, retval); break; \
> - default: BUILD_BUG(); \
> + default: x = 0; BUILD_BUG(); \
> } \
> } while (0)
>
>
> base-commit: ee6b25fa7c037e42cc5f3b5c024b2a779edab6dd
>
next prev parent reply other threads:[~2021-04-27 5:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-26 20:35 [PATCH] powerpc: Avoid clang uninitialized warning in __get_user_size_allowed Nathan Chancellor
2021-04-26 20:35 ` Nathan Chancellor
2021-04-27 5:05 ` Christophe Leroy [this message]
2021-04-27 5:05 ` Christophe Leroy
2021-04-28 21:41 ` Nathan Chancellor
2021-04-28 21:41 ` Nathan Chancellor
2021-04-29 14:01 ` Michael Ellerman
2021-04-29 14:01 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32a0f305-031b-e4da-345d-0f03b2b42189@csgroup.eu \
--to=christophe.leroy@csgroup.eu \
--cc=clang-built-linux@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.