| Message ID | 20190531060109.124476-1-natechancellor@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [4.19] compiler.h: give up __compiletime_assert_fallback() | expand |
On Thu, May 30, 2019 at 11:01:10PM -0700, Nathan Chancellor wrote: > From: Masahiro Yamada <yamada.masahiro@socionext.com> > > commit 81b45683487a51b0f4d3b29d37f20d6d078544e4 upstream. > > __compiletime_assert_fallback() is supposed to stop building earlier > by using the negative-array-size method in case the compiler does not > support "error" attribute, but has never worked like that. > > You can simply try: > > BUILD_BUG_ON(1); > > GCC immediately terminates the build, but Clang does not report > anything because Clang does not support the "error" attribute now. > It will later fail at link time, but __compiletime_assert_fallback() > is not working at least. > > The root cause is commit 1d6a0d19c855 ("bug.h: prevent double evaluation > of `condition' in BUILD_BUG_ON"). Prior to that commit, BUILD_BUG_ON() > was checked by the negative-array-size method *and* the link-time trick. > Since that commit, the negative-array-size is not effective because > '__cond' is no longer constant. As the comment in <linux/build_bug.h> > says, GCC (and Clang as well) only emits the error for obvious cases. > > When '__cond' is a variable, > > ((void)sizeof(char[1 - 2 * __cond])) > > ... is not obvious for the compiler to know the array size is negative. > > Reverting that commit would break BUILD_BUG() because negative-size-array > is evaluated before the code is optimized out. > > Let's give up __compiletime_assert_fallback(). This commit does not > change the current behavior since it just rips off the useless code. > > Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> > Reviewed-by: Kees Cook <keescook@chromium.org> > Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> > Signed-off-by: Kees Cook <keescook@chromium.org> > Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> > --- > > Hi Greg and Sasha, > > Please pick up this patch for 4.19. It fixes an insane amount of spam > from the drivers/gpu/drm/i915 subsystem because they enable the -Wvla > warning and we have been carrying it in our CI for a while. Now applied, thanks. greg k-h
diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 81c2238b884c..bb22908c79e8 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -319,29 +319,14 @@ static inline void *offset_to_ptr(const int *off) #endif #ifndef __compiletime_error # define __compiletime_error(message) -/* - * Sparse complains of variable sized arrays due to the temporary variable in - * __compiletime_assert. Unfortunately we can't just expand it out to make - * sparse see a constant array size without breaking compiletime_assert on old - * versions of GCC (e.g. 4.2.4), so hide the array from sparse altogether. - */ -# ifndef __CHECKER__ -# define __compiletime_error_fallback(condition) \ - do { ((void)sizeof(char[1 - 2 * condition])); } while (0) -# endif -#endif -#ifndef __compiletime_error_fallback -# define __compiletime_error_fallback(condition) do { } while (0) #endif #ifdef __OPTIMIZE__ # define __compiletime_assert(condition, msg, prefix, suffix) \ do { \ - int __cond = !(condition); \ extern void prefix ## suffix(void) __compiletime_error(msg); \ - if (__cond) \ + if (!(condition)) \ prefix ## suffix(); \ - __compiletime_error_fallback(__cond); \ } while (0) #else # define __compiletime_assert(condition, msg, prefix, suffix) do { } while (0)