From: Nathan Chancellor <nathan@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-hardening@vger.kernel.org
Subject: Re: [GIT PULL] Enable -Wimplicit-fallthrough for Clang for 5.14-rc7
Date: Thu, 19 Aug 2021 13:17:54 -0700 [thread overview]
Message-ID: <9ef3265b-a5e7-d21b-68a8-ad137ac6ebfd@kernel.org> (raw)
In-Reply-To: <CAHk-=whXUJbqhjkRSjOQ2Tm5OmyKv3_JUTh8pxxvykGaC+fM0Q@mail.gmail.com>
On 8/19/2021 12:19 PM, Linus Torvalds wrote:
> On Wed, Aug 18, 2021 at 9:02 PM Gustavo A. R. Silva
> <gustavoars@kernel.org> wrote:
>>
>> Enable -Wimplicit-fallthrough for Clang for 5.14-rc7
>
> No. Much too late in the release, particularly knowing that we have
> Clang pre-releases that claim to be 14.0.0 and get this wrong.
>
> So no way does this happen like this.
>
> That's doubly true since the clang support for this all adds exactly
> _zero_ upside, only downside: we made the gcc checks be stricter, and
> gcc ends up having (a) more wide coverage and (b) doesn't have the
> bugs clang has.
For what it's worth, clang's version of -Wimplicit-fallthrough would
have caught the bug in commit 652b44453ea9 ("habanalabs/gaudi: fix
missing code in ECC handling"). Yes, small fix in the sea of patches
that were needed to address clang's more pedantic version of the warning
but this version of the warning is completely in line with the kernel's
stance of switch statements in Documentation/process/deprecated.rst:
"All switch/case blocks must end in one of:
* break;
* fallthrough;
* continue;
* goto <label>;
* return [expression];"
> Honestly, I think the clang "version 14 or more" check is simply
> buggy. We *know* that check fails. Don't do it.
>
> Make it "strictly more than 14.0.0" which hopefully doesn't fail, is
> cheap and easy, and which will make clang work correctly in the not
> too distant future.
Just to give some more context, Clang is not like GCC where x.0.0 is the
development version and x.1.0 is the stable release. The first stable
version of clang-14 will be clang 14.0.0 when it is released, just as it
is now, so making it "strictly more than 14.0.0" will just delay
enabling this even more despite the issue being fixed now. Intel already
upgraded the clang they use for testing to one that is fixed and Mark
Brown said Arm does testing with clang-14 but they regularly upgrade as
well. Nobody should get bitten by this check in its current form unless
they are not upgrading their development version of clang but in that
case, they are doing it wrong to begin with in my opinion (would it not
be the same as someone using v5.13-rc1 when v5.13-rc6 is out?)
If we waited until the next merge window, that would certainly give
various entities enough time to upgrade their pre-release versions.
However, if you are truly opposed to a version check, can we at least
just check for the presence of -Wunreachable-code-fallthrough as I
suggested before? Yes, it is slightly more expensive as we have to call
the compiler rather than using make builtins but then your concern of
-Wimplicit-fallthrough getting enabled when it is buggy is completely
addressed and people who have a fixed toolchain get access to the
warning now.
Cheers,
Nathan
next prev parent reply other threads:[~2021-08-19 20:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-19 4:05 [GIT PULL] Enable -Wimplicit-fallthrough for Clang for 5.14-rc7 Gustavo A. R. Silva
2021-08-19 19:19 ` Linus Torvalds
2021-08-19 20:17 ` Nathan Chancellor [this message]
2021-08-19 20:37 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9ef3265b-a5e7-d21b-68a8-ad137ac6ebfd@kernel.org \
--to=nathan@kernel.org \
--cc=gustavoars@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ndesaulniers@google.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.