Message ID | Za6JwRpknVIlfhPF@work |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-33594-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp2733701dyb; Mon, 22 Jan 2024 09:49:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IEl8LAPYDtYJSeDGAdPVvJ+wqbCs5Pjp74mJgSkkP+PY2ngg4oCfEIWlkn1i6d8GHVJhLuS X-Received: by 2002:a05:6a21:998f:b0:196:57e0:23b3 with SMTP id ve15-20020a056a21998f00b0019657e023b3mr6179542pzb.29.1705945794193; Mon, 22 Jan 2024 09:49:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705945794; cv=pass; d=google.com; s=arc-20160816; b=jz1LEtaESaiM11tWKF0RVAgzUmzv9t9/vPfLbg+ynv4W1QR7nq+acoIeF4gS/MUGHF iJcPI7BbIhHzzmE4x52t8ZagqF2mdyWXI8ZscJWrVYVQXkGNq5GKBD3xzoBjnEPE/43g KYIN8R2Qmp7597nKbK+IyEkMRZdFw0V/4uHlt6dwRzppS4xFvdQsFyOKapzfr1NH8+Xs 5+ruXHFQzT83he1qik0Uor6gz/kI3un/qqCRYTKOmmCjEh5FOAuyzrxI8i2YBgbL0F4E lC3wGDai0ts+2sgHvW1eldPZ7Zzv5yQrMw9VrsOnBVYG++/di5pVui1bCjYyxPbQJWdP /UMw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:message-id:subject:cc:to:from:date :dkim-signature; bh=uAf7qAb+b0DQihPbCostd89YHewKHcon4h5QapJWi+k=; fh=ldboKHTefwSO4qhwiDnhCfuuTfOmB0Unv125xiBk8l0=; b=N74f9hiulmoWYhEA8a6+UGVVJzTkTdUrF51Jn4XuNyi7UYNR5qd0XXheYx5wMXOGhA JHOWLlBnM6V5qnoXv48FkghrrWD8t3LANrQoxjTaqF0aJDVB+dUFk6LXaSUjtL946RTC u3KkkE6UwiX86IaD9Zm7NwDn4znN7qy77YMF0fPhRxsuEP76T05l7Cz2WNhdyQwu3Rp1 x9FZGGxTYC4Dm+xhb7nbJZctUzNL6+V6x7l56OKIPuOR+prN+B7ZnkRd/jQRCrHL1AoY IHryP7zERwKj5HkCxkM0TcwYNBsJfMktL1An1UIVp5tAaUGgMPRVWTgwFvfAKnzEibuL fwcg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aIZioLnI; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-33594-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-33594-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id u27-20020a056a00099b00b006dbd415d777si3622949pfg.239.2024.01.22.09.49.53 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 09:49:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-33594-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aIZioLnI; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-33594-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-33594-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 889A8B2B4E9 for <ouuuleilei@gmail.com>; Mon, 22 Jan 2024 16:55:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B398646459; Mon, 22 Jan 2024 15:29:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="aIZioLnI" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 002174644F; Mon, 22 Jan 2024 15:29:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705937349; cv=none; b=TxQv8xFon26glvfnL2niHH1A31MtnelcxaQmMJt2JZ3d/RIzbHcRGE6Hy5IGSjEQmHqpqP2KqWWjF3LsZntrsuNMPPb7nqlzv/lYo7F2JOHYLrRBYoHoXw0/O67tM4z/C0nahV20JupEZFiAnL2Ckd9yZ18UgijaOk6uYRgfj3E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705937349; c=relaxed/simple; bh=1k1aOxkjj4SQFLxC9IWD4IuMl5NQhpbLNoabYXHAOqc=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=RXu2+4S5EI0L4qGls8lx93FAJqu3mTOjbtLInqMoXzpDJEmxQ0cLjiRixhGQVydf0KYftxt9qBnXhvzQQdt1+lkG5zALDG1LtNob0PxWS6JZL2WExmsOTCZDTVHnzzlZvnFokYPwQ3zo1eP1bguTTWLocvGE3DGLGoIlSkGZl4s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=aIZioLnI; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 05754C433C7; Mon, 22 Jan 2024 15:29:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1705937348; bh=1k1aOxkjj4SQFLxC9IWD4IuMl5NQhpbLNoabYXHAOqc=; h=Date:From:To:Cc:Subject:From; b=aIZioLnIt7idds+mjKCSbxY7Wm4kLfL11yF7BVk4yKHZJgygo+yaqgi+LV8kqS/Uc CNIqnQgLYMgVl7E1Y7hVa0aTJXdzNu/M+gVS54NkPLoozqIF5k7XGdVLSQQYzSXt6l rjukQa6Yyl4mcInTY+/Vm2boW6/RpuTY/DEDZ9mT9iPeOWaGjyMEEvvrZwTICUdSxu EGq51ETxQNGTZ05AvoohMoKy44+z3/Ez18SFDgX5PI/NHeDmZbaV34RBwJxMs32oqh xp5m4nz834+gigoDaN7cbtXvfFb1XcerxU4Xftya2av95OBjdws+QEInvCGe2hnuGm bh1ut3QHX6slQ== Date: Mon, 22 Jan 2024 09:29:05 -0600 From: "Gustavo A. R. Silva" <gustavoars@kernel.org> To: Linus Torvalds <torvalds@linux-foundation.org> Cc: Kees Cook <keescook@chromium.org>, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" <gustavoars@kernel.org> Subject: [GIT PULL] Enable -Wstringop-overflow globally Message-ID: <Za6JwRpknVIlfhPF@work> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788813816964719629 X-GMAIL-MSGID: 1788813816964719629 |
Series |
[GIT,PULL] Enable -Wstringop-overflow globally
|
|
Pull-request
git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git tags/Wstringop-overflow-for-6.8-rc2Message
Gustavo A. R. Silva
Jan. 22, 2024, 3:29 p.m. UTC
The following changes since commit 6613476e225e090cc9aad49be7fa504e290dd33d: Linux 6.8-rc1 (2024-01-21 14:11:32 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git tags/Wstringop-overflow-for-6.8-rc2 for you to fetch changes up to a5e0ace04fbf56c1794b1a2fa7a93672753b3fc7: init: Kconfig: Disable -Wstringop-overflow for GCC-11 (2024-01-21 17:45:31 -0600) ---------------------------------------------------------------- Enable -Wstringop-overflow globally Hi Linus, Please, pull the following patches that enable -Wstringop-overflow, globally. These patches have been baking in linux-next for a whole development cycle. I waited for the release of -rc1 to run a final build-test on top of it before sending this pull request. Fortunatelly, after building 358 kernels overnight (basically all supported archs with a wide variety of configs), no more warnings have surfaced! :) Thus, we are in a good position to enable this compiler option for all versions of GCC that support it, with the exception of GCC-11, which appears to have some issues with this option[1]. [1] https://lore.kernel.org/lkml/b3c99290-40bc-426f-b3d2-1aa903f95c4e@embeddedor.com/ Thanks -- Gustavo ---------------------------------------------------------------- Gustavo A. R. Silva (2): Makefile: Enable -Wstringop-overflow globally init: Kconfig: Disable -Wstringop-overflow for GCC-11 Makefile | 4 ++++ init/Kconfig | 12 ++++++++++++ scripts/Makefile.extrawarn | 2 -- 3 files changed, 16 insertions(+), 2 deletions(-)
Comments
The pull request you sent on Mon, 22 Jan 2024 09:29:05 -0600:
> git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git tags/Wstringop-overflow-for-6.8-rc2
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/610347effc2ecb5ededf5037e82240b151f883ab
Thank you!
On Mon, 22 Jan 2024 at 07:29, Gustavo A. R. Silva <gustavoars@kernel.org> wrote: > > Enable -Wstringop-overflow globally I suspect I'll have to revert this. On arm64, I get a "writing 16 bytes into a region of size 0" in the Xe driver drivers/gpu/drm/xe/xe_gt_pagefault.c:340 but I haven't looked into it much yet. It's not some gcc-11 issue, though, this is with gcc version 13.2.1 It looks like the kernel test robot reported this too (for s390), at https://lore.kernel.org/all/202401161031.hjGJHMiJ-lkp@intel.com/T/ and in that case it was gcc-13.2.0. So I don't think the issue is about gcc-11 at all, but about other random details. Linus
On 1/26/24 15:22, Linus Torvalds wrote: > On Mon, 22 Jan 2024 at 07:29, Gustavo A. R. Silva <gustavoars@kernel.org> wrote: >> >> Enable -Wstringop-overflow globally > > I suspect I'll have to revert this. > > On arm64, I get a "writing 16 bytes into a region of size 0" in the Xe driver > > drivers/gpu/drm/xe/xe_gt_pagefault.c:340 > > but I haven't looked into it much yet. > > It's not some gcc-11 issue, though, this is with gcc version 13.2.1 > > It looks like the kernel test robot reported this too (for s390), at > > https://lore.kernel.org/all/202401161031.hjGJHMiJ-lkp@intel.com/T/ > > and in that case it was gcc-13.2.0. > > So I don't think the issue is about gcc-11 at all, but about other > random details. Let me take a look. -- Gustavo
On Fri, Jan 26, 2024 at 03:30:20PM -0600, Gustavo A. R. Silva wrote: > > > On 1/26/24 15:22, Linus Torvalds wrote: > > On Mon, 22 Jan 2024 at 07:29, Gustavo A. R. Silva <gustavoars@kernel.org> wrote: > > > > > > Enable -Wstringop-overflow globally > > > > I suspect I'll have to revert this. > > > > On arm64, I get a "writing 16 bytes into a region of size 0" in the Xe driver > > > > drivers/gpu/drm/xe/xe_gt_pagefault.c:340 > > > > but I haven't looked into it much yet. > > > > It's not some gcc-11 issue, though, this is with gcc version 13.2.1 > > > > It looks like the kernel test robot reported this too (for s390), at > > > > https://lore.kernel.org/all/202401161031.hjGJHMiJ-lkp@intel.com/T/ > > > > and in that case it was gcc-13.2.0. > > > > So I don't think the issue is about gcc-11 at all, but about other > > random details. > > Let me take a look. I think xe has some other weird problems too. This may be related (under allocating): ./drivers/gpu/drm/xe/xe_vm.c: In function 'xe_vma_create': ./drivers/gpu/drm/xe/xe_vm.c:806:21: warning: allocation of insufficient size '224' for type 'struct xe_vma' with size '368' [-Walloc-size] 806 | vma = kzalloc(sizeof(*vma) - sizeof(struct xe_userptr), | ^
On Fri, 26 Jan 2024 at 14:24, Kees Cook <keescook@chromium.org> wrote: > > I think xe has some other weird problems too. This may be related (under > allocating): > > ../drivers/gpu/drm/xe/xe_vm.c: In function 'xe_vma_create': > ../drivers/gpu/drm/xe/xe_vm.c:806:21: warning: allocation of insufficient size '224' for type 'struct xe_vma' with size '368' [-Walloc-size] > 806 | vma = kzalloc(sizeof(*vma) - sizeof(struct xe_userptr), > | ^ That code is indeed odd, but there's a comment in the xe_vma definition /** * @userptr: user pointer state, only allocated for VMAs that are * user pointers */ struct xe_userptr userptr; although I agree that it should probably simply be made a final variably-sized array instead (and then you make that array size be 0/1). Linus
From: Linus Torvalds > Sent: 26 January 2024 22:36 > > On Fri, 26 Jan 2024 at 14:24, Kees Cook <keescook@chromium.org> wrote: > > > > I think xe has some other weird problems too. This may be related (under > > allocating): > > > > ../drivers/gpu/drm/xe/xe_vm.c: In function 'xe_vma_create': > > ../drivers/gpu/drm/xe/xe_vm.c:806:21: warning: allocation of insufficient size '224' for type > 'struct xe_vma' with size '368' [-Walloc-size] > > 806 | vma = kzalloc(sizeof(*vma) - sizeof(struct xe_userptr), > > | ^ > > That code is indeed odd, but there's a comment in the xe_vma definition > > /** > * @userptr: user pointer state, only allocated for VMAs that are > * user pointers > */ > struct xe_userptr userptr; > > although I agree that it should probably simply be made a final > variably-sized array instead (and then you make that array size be > 0/1). That entire code is odd. It isn't obvious that the flag values that cause the short allocate are the same ones that control whether the extra data is accessed. Never mind the oddities with the 'flags |= ' assignments int the 'remap next' path. Anyone know how many of these actually get allocated (and their lifetimes)? How much difference would it make to allocate 368 (maybe 384?) bytes instead of 224 (likely 256). David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On 1/27/24 09:11, David Laight wrote: > From: Linus Torvalds >> Sent: 26 January 2024 22:36 >> >> On Fri, 26 Jan 2024 at 14:24, Kees Cook <keescook@chromium.org> wrote: >>> >>> I think xe has some other weird problems too. This may be related (under >>> allocating): >>> >>> ../drivers/gpu/drm/xe/xe_vm.c: In function 'xe_vma_create': >>> ../drivers/gpu/drm/xe/xe_vm.c:806:21: warning: allocation of insufficient size '224' for type >> 'struct xe_vma' with size '368' [-Walloc-size] >>> 806 | vma = kzalloc(sizeof(*vma) - sizeof(struct xe_userptr), >>> | ^ >> >> That code is indeed odd, but there's a comment in the xe_vma definition >> >> /** >> * @userptr: user pointer state, only allocated for VMAs that are >> * user pointers >> */ >> struct xe_userptr userptr; >> >> although I agree that it should probably simply be made a final >> variably-sized array instead (and then you make that array size be >> 0/1). > > That entire code is odd. > It isn't obvious that the flag values that cause the short allocate > are the same ones that control whether the extra data is accessed. > > Never mind the oddities with the 'flags |= ' assignments int the > 'remap next' path. > > Anyone know how many of these actually get allocated (and their > lifetimes)? > How much difference would it make to allocate 368 (maybe 384?) > bytes instead of 224 (likely 256). [CC+ xen list and maintainers] Probably the xen maintainer can help us out here. -- Gustavo > > David > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK > Registration No: 1397386 (Wales)
Hi, On 1/27/24 20:53, Gustavo A. R. Silva wrote: > > > On 1/27/24 09:11, David Laight wrote: >> From: Linus Torvalds >>> Sent: 26 January 2024 22:36 >>> >>> On Fri, 26 Jan 2024 at 14:24, Kees Cook <keescook@chromium.org> wrote: >>>> >>>> I think xe has some other weird problems too. This may be related >>>> (under >>>> allocating): >>>> >>>> ../drivers/gpu/drm/xe/xe_vm.c: In function 'xe_vma_create': >>>> ../drivers/gpu/drm/xe/xe_vm.c:806:21: warning: allocation of >>>> insufficient size '224' for type >>> 'struct xe_vma' with size '368' [-Walloc-size] >>>> 806 | vma = kzalloc(sizeof(*vma) - sizeof(struct >>>> xe_userptr), >>>> | ^ >>> >>> That code is indeed odd, but there's a comment in the xe_vma definition >>> >>> /** >>> * @userptr: user pointer state, only allocated for VMAs >>> that are >>> * user pointers >>> */ >>> struct xe_userptr userptr; >>> >>> although I agree that it should probably simply be made a final >>> variably-sized array instead (and then you make that array size be >>> 0/1). >> >> That entire code is odd. >> It isn't obvious that the flag values that cause the short allocate >> are the same ones that control whether the extra data is accessed. >> >> Never mind the oddities with the 'flags |= ' assignments int the >> 'remap next' path. >> >> Anyone know how many of these actually get allocated (and their >> lifetimes)? >> How much difference would it make to allocate 368 (maybe 384?) >> bytes instead of 224 (likely 256). > > [CC+ xen list and maintainers] > > Probably the xen maintainer can help us out here. Unfortunately the number of these can be quite large, and with a long lifetime which I guess was the reason that size optimization was done in the first place. Ideally IMO this should've been subclassed to an xe_userptr_vma, but until we have a chance to clean that up, We can look at the variable-sized array or simply allocate the full size until we get to that. Thanks, Thomas > > -- > Gustavo > >> >> David >> >> - >> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, >> MK1 1PT, UK >> Registration No: 1397386 (Wales)
On Fri, Jan 26, 2024, at 22:22, Linus Torvalds wrote: > On Mon, 22 Jan 2024 at 07:29, Gustavo A. R. Silva <gustavoars@kernel.org> wrote: >> >> Enable -Wstringop-overflow globally > > I suspect I'll have to revert this. > > On arm64, I get a "writing 16 bytes into a region of size 0" in the Xe driver > > drivers/gpu/drm/xe/xe_gt_pagefault.c:340 > > but I haven't looked into it much yet. > > It's not some gcc-11 issue, though, this is with gcc version 13.2.1 > > It looks like the kernel test robot reported this too (for s390), at > > https://lore.kernel.org/all/202401161031.hjGJHMiJ-lkp@intel.com/T/ > > and in that case it was gcc-13.2.0. > > So I don't think the issue is about gcc-11 at all, but about other > random details. I did a creduce pass on this warning when it first showed up and opened a gcc bug report as well as a driver workaround: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113214 https://lore.kernel.org/lkml/20240103114819.2913937-1-arnd@kernel.org/#r The reply in bugzilla is that sanitizers are expected to randomly produce false-positive warnings like this one. In this case it's -fsanitize=thread (KCSAN) that triggers it. There are other warnings that have similar problems, so I guess we could work around it by having certain warnings moved back to W=1 when any sanitizers are enabled. Arnd
On Thu, 1 Feb 2024 at 23:53, Arnd Bergmann <arnd@arndb.de> wrote: > > I did a creduce pass on this warning when it first showed up > and opened a gcc bug report as well as a driver workaround: > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113214 > https://lore.kernel.org/lkml/20240103114819.2913937-1-arnd@kernel.org/#r Ugh. The fact that *that* patch to the Xe driver makes a difference to the compiler actually only makes me even less happy about this. The "&a[b]" -> "a+b" transformation is _literally_ just syntactic. They are EXACTLY the same expression, and any compiler person or sanitizer person who treats them differently is just completely incompetent and bonkers. That transformation should have been done fairly early in the compiler, later passes shouldn't see any kind of difference. At most you might have a sanity check at that point to say that "a" should be a pointer (because _technically_ it could be 'b' that is the pointer expression, but at that point I understand why a compiler would say "you're doing some silly sh*t" and give a warning) So while I think your driver workaround is fine - and I personally actually generally prefer the simpler pointer addition syntax - I do not think it's fine at all that the compiler then warns for one and not the other. It's just a sign of some serious confusion in some part of the compiler. And yes, I suspect Pinski is right in that bugzilla entry that it's a sanitizer that causes this, and that's mainly because I hope to $DEITY that no _core_ C compiler person would ever make that mistake. Linus