From: Andrew Morton <akpm@linux-foundation.org>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: <linux-kernel@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Sasha Levin <sasha.levin@oracle.com>,
Randy Dunlap <rdunlap@infradead.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Jonathan Corbet <corbet@lwn.net>, Michal Marek <mmarek@suse.cz>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Yury Gribov <y.gribov@samsung.com>,
Dmitry Vyukov <dvyukov@google.com>,
Konstantin Khlebnikov <koct9i@gmail.com>,
Kostya Serebryany <kcc@google.com>, <x86@kernel.org>,
<linux-doc@vger.kernel.org>, <linux-kbuild@vger.kernel.org>
Subject: Re: [PATCH v4 3/3] UBSAN: run-time undefined behavior sanity checker
Date: Tue, 8 Dec 2015 15:59:14 -0800 [thread overview]
Message-ID: <20151208155914.d0b005c82906f3203660fd47@linux-foundation.org> (raw)
In-Reply-To: <1449157807-20298-4-git-send-email-aryabinin@virtuozzo.com>
On Thu, 3 Dec 2015 18:50:07 +0300 Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
> UBSAN uses compile-time instrumentation to catch undefined behavior (UB).
> Compiler inserts code that perform certain kinds of checks before
> operations that could cause UB. If check fails (i.e. UB detected)
> __ubsan_handle_* function called to print error message.
>
> So the most of the work is done by compiler. This patch just
> implements ubsan handlers printing errors.
>
> GCC has this capability since 4.9.x [1] (see -fsanitize=undefined
> option and its suboptions).
> However GCC 5.x has more checkers implemented [2].
> Article [3] has a bit more details about UBSAN in the GCC.
>
> ...
>
> +#ifdef CONFIG_ARCH_SUPPORTS_INT128
> +typedef __int128 s_max;
> +typedef unsigned __int128 u_max;
> +#else
In file included from lib/ubsan.c:21:
lib/ubsan.h:77: error: expected '=', ',', ';', 'asm' or '__attribute__' before 's_max'
lib/ubsan.h:78: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'u_max'
lib/ubsan.c:89: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'get_signed_val'
gcc-4.4.4 doesn't appear to like __int128. The only other use of
__int128 is include/linux/math64.h:mul_u64_u32_shr() and it uses
defined(__SIZEOF_INT128__) as well.
Using that gives me
lib/ubsan.c: In function 'val_to_string':
lib/ubsan.c:127: warning: right shift count >= width of type
lib/ubsan.c:128: warning: right shift count >= width of type
so I bodged that site too. I need to get an mmotm release out the door.
--- a/lib/ubsan.c~ubsan-run-time-undefined-behavior-sanity-checker-fix-3
+++ a/lib/ubsan.c
@@ -120,7 +120,7 @@ static void val_to_string(char *str, siz
{
if (type_is_int(type)) {
if (type_bit_width(type) == 128) {
-#ifdef CONFIG_ARCH_SUPPORTS_INT128
+#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
u_max val = get_unsigned_val(type, value);
scnprintf(str, size, "0x%08x%08x%08x%08x",
--- a/lib/ubsan.h~ubsan-run-time-undefined-behavior-sanity-checker-fix-3
+++ a/lib/ubsan.h
@@ -73,7 +73,7 @@ struct invalid_value_data {
struct type_descriptor *type;
};
-#ifdef CONFIG_ARCH_SUPPORTS_INT128
+#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
typedef __int128 s_max;
typedef unsigned __int128 u_max;
#else
_
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Morton <akpm@linux-foundation.org>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Sasha Levin <sasha.levin@oracle.com>,
Randy Dunlap <rdunlap@infradead.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Jonathan Corbet <corbet@lwn.net>, Michal Marek <mmarek@suse.cz>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Yury Gribov <y.gribov@samsung.com>,
Dmitry Vyukov <dvyukov@google.com>,
Konstantin Khlebnikov <koct9i@gmail.com>,
Kostya Serebryany <kcc@google.com>,
x86@kernel.org, linux-doc@vger.kernel.org,
linux-kbuild@vger.kernel.org
Subject: Re: [PATCH v4 3/3] UBSAN: run-time undefined behavior sanity checker
Date: Tue, 8 Dec 2015 15:59:14 -0800 [thread overview]
Message-ID: <20151208155914.d0b005c82906f3203660fd47@linux-foundation.org> (raw)
In-Reply-To: <1449157807-20298-4-git-send-email-aryabinin@virtuozzo.com>
On Thu, 3 Dec 2015 18:50:07 +0300 Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
> UBSAN uses compile-time instrumentation to catch undefined behavior (UB).
> Compiler inserts code that perform certain kinds of checks before
> operations that could cause UB. If check fails (i.e. UB detected)
> __ubsan_handle_* function called to print error message.
>
> So the most of the work is done by compiler. This patch just
> implements ubsan handlers printing errors.
>
> GCC has this capability since 4.9.x [1] (see -fsanitize=undefined
> option and its suboptions).
> However GCC 5.x has more checkers implemented [2].
> Article [3] has a bit more details about UBSAN in the GCC.
>
> ...
>
> +#ifdef CONFIG_ARCH_SUPPORTS_INT128
> +typedef __int128 s_max;
> +typedef unsigned __int128 u_max;
> +#else
In file included from lib/ubsan.c:21:
lib/ubsan.h:77: error: expected '=', ',', ';', 'asm' or '__attribute__' before 's_max'
lib/ubsan.h:78: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'u_max'
lib/ubsan.c:89: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'get_signed_val'
gcc-4.4.4 doesn't appear to like __int128. The only other use of
__int128 is include/linux/math64.h:mul_u64_u32_shr() and it uses
defined(__SIZEOF_INT128__) as well.
Using that gives me
lib/ubsan.c: In function 'val_to_string':
lib/ubsan.c:127: warning: right shift count >= width of type
lib/ubsan.c:128: warning: right shift count >= width of type
so I bodged that site too. I need to get an mmotm release out the door.
--- a/lib/ubsan.c~ubsan-run-time-undefined-behavior-sanity-checker-fix-3
+++ a/lib/ubsan.c
@@ -120,7 +120,7 @@ static void val_to_string(char *str, siz
{
if (type_is_int(type)) {
if (type_bit_width(type) == 128) {
-#ifdef CONFIG_ARCH_SUPPORTS_INT128
+#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
u_max val = get_unsigned_val(type, value);
scnprintf(str, size, "0x%08x%08x%08x%08x",
--- a/lib/ubsan.h~ubsan-run-time-undefined-behavior-sanity-checker-fix-3
+++ a/lib/ubsan.h
@@ -73,7 +73,7 @@ struct invalid_value_data {
struct type_descriptor *type;
};
-#ifdef CONFIG_ARCH_SUPPORTS_INT128
+#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
typedef __int128 s_max;
typedef unsigned __int128 u_max;
#else
_
next prev parent reply other threads:[~2015-12-08 23:59 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-03 15:50 [PATCH v4 0/3] UBSAN: run-time undefined behavior sanity checker Andrey Ryabinin
2015-12-03 15:50 ` Andrey Ryabinin
2015-12-03 15:50 ` [PATCH v4 1/3] kernel: printk: specify alignment for struct printk_log Andrey Ryabinin
2015-12-03 15:50 ` Andrey Ryabinin
2015-12-03 15:50 ` [PATCH v4 2/3] mac80211: Prevent build failure with CONFIG_UBSAN=y Andrey Ryabinin
2015-12-03 15:50 ` Andrey Ryabinin
2015-12-03 17:05 ` Johannes Berg
2015-12-03 19:18 ` Andrey Ryabinin
2015-12-03 15:50 ` [PATCH v4 3/3] UBSAN: run-time undefined behavior sanity checker Andrey Ryabinin
2015-12-03 15:50 ` Andrey Ryabinin
2015-12-04 14:27 ` kbuild test robot
2015-12-04 14:27 ` kbuild test robot
2015-12-05 0:40 ` Andrew Morton
2015-12-08 23:59 ` Andrew Morton [this message]
2015-12-08 23:59 ` Andrew Morton
2015-12-10 1:15 ` Daniel Axtens
2015-12-05 0:37 ` [PATCH v4 0/3] " Andrew Morton
2015-12-05 0:37 ` Andrew Morton
2015-12-07 16:48 ` Andrey Ryabinin
2015-12-07 16:48 ` Andrey Ryabinin
2015-12-10 15:48 ` Andrey Ryabinin
2015-12-10 15:48 ` Andrey Ryabinin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151208155914.d0b005c82906f3203660fd47@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=hpa@zytor.com \
--cc=kcc@google.com \
--cc=koct9i@gmail.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mingo@redhat.com \
--cc=mmarek@suse.cz \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
--cc=sasha.levin@oracle.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=y.gribov@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.