From: Masahiro Yamada <yamada.masahiro@socionext.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Daniel Santos <daniel.santos@pobox.com>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Christopher Li <sparse@chrisli.org>,
linux-sparse@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2] compiler.h: give up __compiletime_assert_fallback()
Date: Sun, 26 Aug 2018 03:16:29 +0900 [thread overview]
Message-ID: <1535220989-27645-1-git-send-email-yamada.masahiro@socionext.com> (raw)
__compiletime_assert_fallback() is supposed to stop building earlier
by using the negative-array-size method in case the compiler does not
support "error" attribute, but has never worked like that.
You can simply try:
BUILD_BUG_ON(1);
GCC immediately terminates the build, but Clang does not report
anything because Clang does not support the "error" attribute now.
It will later fail at link time, but __compiletime_assert_fallback()
is not working at least.
The root cause is commit 1d6a0d19c855 ("bug.h: prevent double evaluation
of `condition' in BUILD_BUG_ON"). Prior to that commit, BUILD_BUG_ON()
was checked by the negative-array-size method *and* the link-time trick.
Since that commit, the negative-array-size is not effective because
'__cond' is no longer constant. As the comment in <linux/build_bug.h>
says, GCC (and Clang as well) only emits the error for obvious cases.
When '__cond' is a variable,
((void)sizeof(char[1 - 2 * __cond]))
... is not obvious for the compiler to know the array size is negative.
Reverting that commit would break BUILD_BUG() because negative-size-array
is evaluated before the code is optimized out.
Let's give up __compiletime_assert_fallback(). This commit does not
change the current behavior since it just rips off the useless code.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
---
Changes in v2:
- Rebase
include/linux/compiler.h | 17 +----------------
1 file changed, 1 insertion(+), 16 deletions(-)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 681d866..87c776c 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -314,29 +314,14 @@ static inline void *offset_to_ptr(const int *off)
#endif
#ifndef __compiletime_error
# define __compiletime_error(message)
-/*
- * Sparse complains of variable sized arrays due to the temporary variable in
- * __compiletime_assert. Unfortunately we can't just expand it out to make
- * sparse see a constant array size without breaking compiletime_assert on old
- * versions of GCC (e.g. 4.2.4), so hide the array from sparse altogether.
- */
-# ifndef __CHECKER__
-# define __compiletime_error_fallback(condition) \
- do { ((void)sizeof(char[1 - 2 * condition])); } while (0)
-# endif
-#endif
-#ifndef __compiletime_error_fallback
-# define __compiletime_error_fallback(condition) do { } while (0)
#endif
#ifdef __OPTIMIZE__
# define __compiletime_assert(condition, msg, prefix, suffix) \
do { \
- int __cond = !(condition); \
extern void prefix ## suffix(void) __compiletime_error(msg); \
- if (__cond) \
+ if (!(condition)) \
prefix ## suffix(); \
- __compiletime_error_fallback(__cond); \
} while (0)
#else
# define __compiletime_assert(condition, msg, prefix, suffix) do { } while (0)
--
2.7.4
next reply other threads:[~2018-08-25 18:17 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-25 18:16 Masahiro Yamada [this message]
2018-08-27 20:05 ` [PATCH v2] compiler.h: give up __compiletime_assert_fallback() Daniel Santos
2018-08-27 20:09 ` Nick Desaulniers
2018-08-27 20:42 ` Daniel Santos
2018-08-27 21:01 ` Nick Desaulniers
2018-08-28 10:55 ` Arnd Bergmann
2018-08-28 13:46 ` Masahiro Yamada
2018-08-28 23:00 ` Nick Desaulniers
2018-08-31 16:46 ` Nick Desaulniers
2018-09-26 18:00 ` Matthias Kaehlcke
2018-09-26 18:03 ` Nick Desaulniers
2018-09-26 18:26 ` Kees Cook
2018-09-26 18:42 ` Greg KH
2018-09-26 18:45 ` Kees Cook
2018-09-26 19:03 ` Greg KH
2018-09-26 19:29 ` Nick Desaulniers
2018-09-26 19:35 ` Kees Cook
2018-10-10 6:10 ` Joel Stanley
2018-10-10 7:03 ` Miguel Ojeda
2018-10-10 14:49 ` Kees Cook
2018-10-11 2:48 ` Masahiro Yamada
2018-10-11 15:15 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1535220989-27645-1-git-send-email-yamada.masahiro@socionext.com \
--to=yamada.masahiro@socionext.com \
--cc=daniel.santos@pobox.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=ndesaulniers@google.com \
--cc=sparse@chrisli.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).