| Message ID | 20221029122552.2855941-1-me@inclyc.cn |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp1330394wru;
Sat, 29 Oct 2022 05:45:39 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM5YGW4rk7fc5K0Oe+L8UR3WHsKgf7NMLHZCgAXVhoNeJsR+FRR9kdfcDXN8KY5TWit18wtX
X-Received: by 2002:a05:6402:4301:b0:461:96bb:b238 with SMTP id
m1-20020a056402430100b0046196bbb238mr4133156edc.328.1667047539516;
Sat, 29 Oct 2022 05:45:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1667047539; cv=none;
d=google.com; s=arc-20160816;
b=FvgC0IH70DXfmppHx/3ePb/v2eyzCOB0JagYFAP8bsEDX+LMhTo9dY4pIQ8HwSFW9t
ZLhlou/iSplN09uW5xYIxxF/EV1FJktxedPbFOZdbab90KM3Wngn/XZayBM63fpPSq54
bEPfD3W2dWuvHURd/SlHG38nKm1A2zvZvj8lv4TYSV7VmhmPnyPpVYuPB95eMaNXp4cy
nV2j1fhlxwH7VGXFVLR2FU+JbZLNegatlxE48LbOMhsj5Q2SBlpKPY72MzcJk5sjx6VR
f+HevWfwjUnEBrx2JYN0/fQN7duu1P869uGzUybBost0DBFFU1Vy/bpSicbKWPg1wWCT
SQxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from;
bh=3/oFhysJZr1k7COMZAgBa0WiHXdhhOME8z3lm49b8io=;
b=D77VqX0RGVtra3prNf65quIBfw4NMwDPVjA/lYKaFY3cw5Xk3xKhgdoj5HoSEYadXO
IAGDAyeRg5WD5LILDTh+Lv9edAC3yyqdVLPUqoo0aDW9t8ynh0/FFojJCnGCDu85Hbo5
H4ULyW7RqOapEzf6xGZsBqVbzcNOfxon5UDFpFuqa8NI+NkR954c7hKIELzSwic8Rge4
SfrQlbGF/pHrJpQ7pOmZC4/KFL0zMMo3lzbNUPc1clDidrTlo/2J07MZGo3jdhtweitn
x7GEQwujYTZnSwrJy5m+etVe6BcAB0Boy52+BJ968c93djc8Bcd6RkBdqcz8PgCs3uAa
csiA==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=inclyc.cn
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
nb17-20020a1709071c9100b0078def5c29e3si1846681ejc.596.2022.10.29.05.45.15;
Sat, 29 Oct 2022 05:45:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=inclyc.cn
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229587AbiJ2M0f (ORCPT <rfc822;pusanteemu@gmail.com> + 99 others);
Sat, 29 Oct 2022 08:26:35 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33628 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229473AbiJ2M0e (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sat, 29 Oct 2022 08:26:34 -0400
Received: from mail-m118205.qiye.163.com (mail-m118205.qiye.163.com
[115.236.118.205])
by lindbergh.monkeyblade.net (Postfix) with ESMTP id E9629645D9
for <linux-kernel@vger.kernel.org>;
Sat, 29 Oct 2022 05:26:30 -0700 (PDT)
Received: from localhost.localdomain (unknown [221.212.176.48])
by mail-m118205.qiye.163.com (HMail) with ESMTPA id 081482C15D6;
Sat, 29 Oct 2022 20:26:28 +0800 (CST)
From: YingChi Long <me@inclyc.cn>
To: me@inclyc.cn
Cc: bp@alien8.de, chang.seok.bae@intel.com,
dave.hansen@linux.intel.com, david.laight@aculab.com,
hpa@zytor.com, linux-kernel@vger.kernel.org, mingo@redhat.com,
ndesaulniers@google.com, pbonzini@redhat.com, tglx@linutronix.de,
x86@kernel.org
Subject: [PATCH RESEND v3] x86/fpu: use _Alignof to avoid UB in TYPE_ALIGN
Date: Sat, 29 Oct 2022 20:25:52 +0800
Message-Id: <20221029122552.2855941-1-me@inclyc.cn>
X-Mailer: git-send-email 2.37.4
In-Reply-To: <20221006141442.2475978-1-me@inclyc.cn>
References: <20221006141442.2475978-1-me@inclyc.cn>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly
tZV1koWUFPN1dZLVlBSVdZDwkaFQgSH1lBWUIdQh1WQx9OGEkYQx9DTUtDVQIWExYaEhckFA4PWV
dZGBILWUFZSUlKVUlKSVVKTE1VT0NZV1kWGg8SFR0UWUFZT0tIVUpJS0NOTVVKS0tVS1kG
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Kyo6Hyo*LDlOKzQRMxIYHxQz
KVYwCxRVSlVKTU1MS09NSEJLS0pJVTMWGhIXVRYeOxIVGBcCGFUYFUVZV1kSC1lBWUlJSlVJSklV
SkxNVU9DWVdZCAFZQUhOQ083Bg++
X-HM-Tid: 0a8423b5374e2d27kusn081482c15d6
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1746985074092761822?=
X-GMAIL-MSGID: =?utf-8?q?1748026040598872823?=
|
| Series |
[RESEND,v3] x86/fpu: use _Alignof to avoid UB in TYPE_ALIGN
|
|
Commit Message
Yingchi Long
Oct. 29, 2022, 12:25 p.m. UTC
WG14 N2350 made very clear that it is an UB having type definitions with
in "offsetof". This patch change the implementation of macro
"TYPE_ALIGN" to builtin "_Alignof" to avoid undefined behavior.
I've grepped all source files to find any type definitions within
"offsetof".
offsetof\(struct .*\{ .*,
This implementation of macro "TYPE_ALIGN" seemes to be the only case of
type definitions within offsetof in the kernel codebase.
I've made a clang patch that rejects any definitions within
__builtin_offsetof (usually #defined with "offsetof"), and tested
compiling with this patch, there are no error if this patch applied.
ISO C11 _Alignof is subtly different from the GNU C extension
__alignof__. __alignof__ is the preferred alignment and _Alignof the
minimal alignment. For 'long long' on x86 these are 8 and 4
respectively.
The macro TYPE_ALIGN we're replacing has behavior that matches
_Alignof rather than __alignof__.
Signed-off-by: YingChi Long <me@inclyc.cn>
Link: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm
Link: https://godbolt.org/z/sPs1GEhbT
Link: https://gcc.gnu.org/onlinedocs/gcc/Alignment.html
Link: https://reviews.llvm.org/D133574
---
v3:
- commit message changes suggested by Nick and David
v2: https://lore.kernel.org/all/20220927153338.4177854-1-me@inclyc.cn/
Signed-off-by: YingChi Long <me@inclyc.cn>
---
arch/x86/kernel/fpu/init.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--
2.37.4
Comments
On Sat, Oct 29, 2022 at 5:27 AM YingChi Long <me@inclyc.cn> wrote: > > WG14 N2350 made very clear that it is an UB having type definitions with > in "offsetof". This patch change the implementation of macro > "TYPE_ALIGN" to builtin "_Alignof" to avoid undefined behavior. > > I've grepped all source files to find any type definitions within > "offsetof". > > offsetof\(struct .*\{ .*, > > This implementation of macro "TYPE_ALIGN" seemes to be the only case of > type definitions within offsetof in the kernel codebase. > > I've made a clang patch that rejects any definitions within > __builtin_offsetof (usually #defined with "offsetof"), and tested > compiling with this patch, there are no error if this patch applied. > > ISO C11 _Alignof is subtly different from the GNU C extension > __alignof__. __alignof__ is the preferred alignment and _Alignof the > minimal alignment. For 'long long' on x86 these are 8 and 4 > respectively. > > The macro TYPE_ALIGN we're replacing has behavior that matches > _Alignof rather than __alignof__. > > Signed-off-by: YingChi Long <me@inclyc.cn> > Link: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm > Link: https://godbolt.org/z/sPs1GEhbT > Link: https://gcc.gnu.org/onlinedocs/gcc/Alignment.html > Link: https://reviews.llvm.org/D133574 YingChi, You may retain my reviewed by tag when resending a rebased patch that hasn't changed significantly. Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> That reminds me, I need to resend one of my own patches; the x86 maintainers must be very busy. > --- > v3: > - commit message changes suggested by Nick and David > > v2: https://lore.kernel.org/all/20220927153338.4177854-1-me@inclyc.cn/ > Signed-off-by: YingChi Long <me@inclyc.cn> > --- > arch/x86/kernel/fpu/init.c | 7 ++----- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c > index 8946f89761cc..851eb13edc01 100644 > --- a/arch/x86/kernel/fpu/init.c > +++ b/arch/x86/kernel/fpu/init.c > @@ -133,9 +133,6 @@ static void __init fpu__init_system_generic(void) > fpu__init_system_mxcsr(); > } > > -/* Get alignment of the TYPE. */ > -#define TYPE_ALIGN(TYPE) offsetof(struct { char x; TYPE test; }, test) > - > /* > * Enforce that 'MEMBER' is the last field of 'TYPE'. > * > @@ -143,8 +140,8 @@ static void __init fpu__init_system_generic(void) > * because that's how C aligns structs. > */ > #define CHECK_MEMBER_AT_END_OF(TYPE, MEMBER) \ > - BUILD_BUG_ON(sizeof(TYPE) != ALIGN(offsetofend(TYPE, MEMBER), \ > - TYPE_ALIGN(TYPE))) > + BUILD_BUG_ON(sizeof(TYPE) != \ > + ALIGN(offsetofend(TYPE, MEMBER), _Alignof(TYPE))) > > /* > * We append the 'struct fpu' to the task_struct: > -- > 2.37.4 >
On Sat, Oct 29, 2022 at 08:25:52PM +0800, YingChi Long wrote: > WG14 N2350 made very clear that it is an UB having type definitions > with in "offsetof". Pls put the working group URL note here, not below in a Link tag. Also, write out "UB" pls. > This patch change the implementation of macro Avoid having "This patch" or "This commit" in the commit message. It is tautologically useless. Also, do $ git grep 'This patch' Documentation/process for more details. > "TYPE_ALIGN" to builtin "_Alignof" to avoid undefined behavior. But you don't change the implementation of TYPE_ALIGN - you replace it with _Alignof(). > I've grepped all source files to find any type definitions within > "offsetof". > > offsetof\(struct .*\{ .*, > > This implementation of macro "TYPE_ALIGN" seemes to be the only case > of type definitions within offsetof in the kernel codebase. > > I've made a clang patch that rejects any definitions within > __builtin_offsetof (usually #defined with "offsetof"), and tested > compiling with this patch, there are no error if this patch applied. What does that paragraph have to do with fixing the kernel? Is this patch going to be part of clang? If so, which version? Does gcc need it too? If so, should a gcc bug be opened too? > ISO C11 _Alignof is subtly different from the GNU C extension > __alignof__. __alignof__ is the preferred alignment and _Alignof the > minimal alignment. For 'long long' on x86 these are 8 and 4 > respectively. > > The macro TYPE_ALIGN we're replacing has behavior that matches Who's "we"? > _Alignof rather than __alignof__. > > Signed-off-by: YingChi Long <me@inclyc.cn> > Link: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm > Link: https://godbolt.org/z/sPs1GEhbT Put that link in the text above where you talk about the *align* differences. > Link: https://gcc.gnu.org/onlinedocs/gcc/Alignment.html > Link: https://reviews.llvm.org/D133574 Aha, that's the clang patch. Put it in the text above too pls. Thx.
> What does that paragraph have to do with fixing the kernel? The clang patch D133574 has been made to satisfy the requirements of WG14 N2350. Compiling the kernel with this patched clang allows me to test where type definitions are used in the kernel in the first argument of offsetof. > Is this patch going to be part of clang? If so, which version? Yes. Probably clang-16 because this patch is not landed to LLVM codebase currently. The kernel needs this patch to be successfully compiled, in order not to break the ability of LLVM mainline to compile the kernel, I am happy to not landing D133574 for now. > Does gcc need it too? Since WG14 N2350 is generally applied to the C standard, I feel that GCC should reject/fire a warning pointing out type definitions within offsetof. > If so, should a gcc bug be opened too? I'm not very familiar with the GCC community, but I thought it should be good to file a bug. Link: https://reviews.llvm.org/D133574
From: Borislav Petkov > Sent: 02 November 2022 16:56 > > On Sat, Oct 29, 2022 at 08:25:52PM +0800, YingChi Long wrote: > > WG14 N2350 made very clear that it is an UB having type definitions > > with in "offsetof". > > Pls put the working group URL note here, not below in a Link tag. > > Also, write out "UB" pls. I'm also pretty sure it is only undefined because a compiler is allowed to add padding between structure members. So the type definition inside offsetof() could be laid out differently from any other similar definition. However the kernel requires that the compiler only adds the minimum padding required to align members. So in the kernel it is actually fine. OTOH using Alignof() (etc) is cleaner. This is all similar to (probably) why clang objects to arithmetic on NULL (ie implementing offsetof by looking at the address of a field when NULL is cast to the struct type). This is only undefined because the NULL pointer might not have the all-zero bit pattern. But pretty much every C ABI uses the zero bit pattern for NULL. If it used any other value then most of the memset() of structures would need changing. So for portability they ought to generate warnings as well. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c index 8946f89761cc..851eb13edc01 100644 --- a/arch/x86/kernel/fpu/init.c +++ b/arch/x86/kernel/fpu/init.c @@ -133,9 +133,6 @@ static void __init fpu__init_system_generic(void) fpu__init_system_mxcsr(); } -/* Get alignment of the TYPE. */ -#define TYPE_ALIGN(TYPE) offsetof(struct { char x; TYPE test; }, test) - /* * Enforce that 'MEMBER' is the last field of 'TYPE'. * @@ -143,8 +140,8 @@ static void __init fpu__init_system_generic(void) * because that's how C aligns structs. */ #define CHECK_MEMBER_AT_END_OF(TYPE, MEMBER) \ - BUILD_BUG_ON(sizeof(TYPE) != ALIGN(offsetofend(TYPE, MEMBER), \ - TYPE_ALIGN(TYPE))) + BUILD_BUG_ON(sizeof(TYPE) != \ + ALIGN(offsetofend(TYPE, MEMBER), _Alignof(TYPE))) /* * We append the 'struct fpu' to the task_struct: