Re: [PATCH] Fix _IOC_TYPECHECK sparse error

From: Hans Verkuil
Date: Mon May 12 2014 - 09:18:16 EST

Next message: Tetsuo Handa: "[PATCH (for 3.15) 0/5] Fix cross rename regressions for LSM."
Previous message: Michal Hocko: "Re: [PATCH 01/14] cgroup: remove css_parent()"
In reply to: Andrew Morton: "Re: [PATCH] Fix _IOC_TYPECHECK sparse error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/09/2014 10:59 PM, Andrew Morton wrote:
> On Fri, 09 May 2014 09:43:58 +0200 Hans Verkuil <hverkuil@xxxxxxxxx> wrote:
>
>> Andrew, can you merge this for 3.15 or 3.16 (you decide)? While it fixes a sparse error
>> for the media subsystem, it is not really appropriate to go through our media tree.
>>
>> Thanks,
>>
>> Hans
>>
>>
>> When running sparse over drivers/media/v4l2-core/v4l2-ioctl.c I get these
>> errors:
>>
>> drivers/media/v4l2-core/v4l2-ioctl.c:2043:9: error: bad integer constant expression
>> drivers/media/v4l2-core/v4l2-ioctl.c:2044:9: error: bad integer constant expression
>> drivers/media/v4l2-core/v4l2-ioctl.c:2045:9: error: bad integer constant expression
>> drivers/media/v4l2-core/v4l2-ioctl.c:2046:9: error: bad integer constant expression
>>
>> etc.
>>
>> The root cause of that turns out to be in include/asm-generic/ioctl.h:
>>
>> #include <uapi/asm-generic/ioctl.h>
>>
>> /* provoke compile error for invalid uses of size argument */
>> extern unsigned int __invalid_size_argument_for_IOC;
>> #define _IOC_TYPECHECK(t) \
>> ((sizeof(t) == sizeof(t[1]) && \
>> sizeof(t) < (1 << _IOC_SIZEBITS)) ? \
>> sizeof(t) : __invalid_size_argument_for_IOC)
>>
>> If it is defined as this (as is already done if __KERNEL__ is not defined):
>>
>> #define _IOC_TYPECHECK(t) (sizeof(t))
>>
>> then all is well with the world.
>>
>> This patch allows sparse to work correctly.
>>
>> --- a/include/asm-generic/ioctl.h
>> +++ b/include/asm-generic/ioctl.h
>> @@ -3,10 +3,15 @@
>>
>> #include <uapi/asm-generic/ioctl.h>
>>
>> +#ifdef __CHECKER__
>> +#define _IOC_TYPECHECK(t) (sizeof(t))
>> +#else
>> /* provoke compile error for invalid uses of size argument */
>> extern unsigned int __invalid_size_argument_for_IOC;
>> #define _IOC_TYPECHECK(t) \
>> ((sizeof(t) == sizeof(t[1]) && \
>> sizeof(t) < (1 << _IOC_SIZEBITS)) ? \
>> sizeof(t) : __invalid_size_argument_for_IOC)
>> +#endif
>> +
>> #endif /* _ASM_GENERIC_IOCTL_H */
>
> Can't we use BUILD_BUG_ON() here? That's neater, more standard and
> BUILD_BUG_ON() already has sparse handling.

I don't think so. BUILD_BUG_ON is not meant to be used in an expression, whereas
_IOC_TYPECHECK(t) is (it should return sizeof(t)).

This looked promising at first sight:

#define _IOC_TYPECHECK(t) \
({BUILD_BUG_ON(sizeof(t) == sizeof(t[1]) && sizeof(t) < (1 << _IOC_SIZEBITS)); \
sizeof(t);})

But it leads to 'case label does not reduce to an integer constant' compile errors.

And a typical ioctl define expands to this horror:

case (((2U) << (((0 +8)+8)+14)) | ((('M')) << (0 +8)) | (((1)) << 0) | (((({do { bool __cond = !(!(sizeof(int) == sizeof(int[1]) && sizeof(int) < (1 << 14))); extern void __compiletime_assert_1909(void) __attribute__((error("BUILD_BUG_ON failed: " "sizeof(int) == sizeof(int[1]) && sizeof(int) < (1 << _IOC_SIZEBITS)"))); if (__cond) __compiletime_assert_1909(); do { } while (0); } while (0); sizeof(int);}))) << ((0 +8)+8))):

which also explains the errors: case labels with function calls in them won't compile.

So I think my proposed patch is the best approach.

Regards,

Hans
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tetsuo Handa: "[PATCH (for 3.15) 0/5] Fix cross rename regressions for LSM."
Previous message: Michal Hocko: "Re: [PATCH 01/14] cgroup: remove css_parent()"
In reply to: Andrew Morton: "Re: [PATCH] Fix _IOC_TYPECHECK sparse error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]