Re: [PATCH] compiler: Don't perform compiletime_assert with -O0.

From: Andrew Morton
Date: Wed Aug 30 2017 - 18:59:17 EST

Next message: Andrea Arcangeli: "Re: [PATCH 02/13] mm/rmap: update to new mmu_notifier semantic"
Previous message: kernel test robot: "d5923ebd7c ("Merge branch 'WIP.x86/fpu'"): BUG: kernel hang in early-boot stage, last printk: Booting the kernel."
In reply to: Joe Stringer: "Re: [PATCH] compiler: Don't perform compiletime_assert with -O0."
Next in thread: Joe Stringer: "Re: [PATCH] compiler: Don't perform compiletime_assert with -O0."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 29 Aug 2017 16:01:14 -0700 Joe Stringer <joe@xxxxxxx> wrote:

> Recent changes[0] to make use of __compiletime_assert() from
> container_of() increased the usage of this macro, allowing developers to
> notice type conflicts in usage of container_of() at compile time.
> However, the implementation of __compiletime_assert relies on compiler
> optimizations to report an error. This means that if a developer uses
> "-O0" with any code that performs container_of(), the compiler will
> always report an error regardless of whether there is an actual problem
> in the code.
>
> This patch disables compile_time_assert when optimizations are disabled
> to allow such code to compile with CFLAGS="-O0".

I'm wondering if we should backport this into -stable. Probably not,
as I doubt if many people use -O0 - it's a pretty weird thing to do. I
used to use it a bit because it makes the ".lst" files (intermingled .c
and .s files) make more sense. In fact I'm wondering how you even
noticed this?

So unless disagreed with, I think I'll leave this out of -stable. I
redid the changelog somewhat, presenting it as a fix against
c7acec713d14c6c:

From: Joe Stringer <joe@xxxxxxx>
Subject: include/linux/compiler.h: don't perform compiletime_assert with -O0

c7acec713d14c6c ("kernel.h: handle pointers to arrays better in
container_of()") made use of __compiletime_assert() from container_of()
thus increasing the usage of this macro, allowing developers to notice
type conflicts in usage of container_of() at compile time.

However, the implementation of __compiletime_assert relies on compiler
optimizations to report an error. This means that if a developer uses
"-O0" with any code that performs container_of(), the compiler will always
report an error regardless of whether there is an actual problem in the
code.

This patch disables compile_time_assert when optimizations are disabled to
allow such code to compile with CFLAGS="-O0".

Example compilation failure:

./include/linux/compiler.h:547:38: error: call to `__compiletime_assert_94' declared with attribute error: pointer type mismatch in container_of()
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
./include/linux/compiler.h:530:4: note: in definition of macro `__compiletime_assert'
prefix ## suffix(); \
^~~~~~
./include/linux/compiler.h:547:2: note: in expansion of macro `_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
./include/linux/build_bug.h:46:37: note: in expansion of macro `compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
./include/linux/kernel.h:860:2: note: in expansion of macro `BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
^~~~~~~~~~~~~~~~

Link: http://lkml.kernel.org/r/20170829230114.11662-1-joe@xxxxxxx
Fixes: c7acec713d14c6c ("kernel.h: handle pointers to arrays better in container_of()")
Signed-off-by: Joe Stringer <joe@xxxxxxx>
Cc: Ian Abbott <abbotti@xxxxxxxxx>
Cc: Arnd Bergmann <arnd@xxxxxxxx>
Cc: Michal Nazarewicz <mina86@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

include/linux/compiler.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff -puN include/linux/compiler.h~compiler-dont-perform-compiletime_assert-with-o0 include/linux/compiler.h
--- a/include/linux/compiler.h~compiler-dont-perform-compiletime_assert-with-o0
+++ a/include/linux/compiler.h
@@ -517,7 +517,8 @@ static __always_inline void __write_once
# define __compiletime_error_fallback(condition) do { } while (0)
#endif

-#define __compiletime_assert(condition, msg, prefix, suffix) \
+#ifdef __OPTIMIZE__
+# define __compiletime_assert(condition, msg, prefix, suffix) \
do { \
bool __cond = !(condition); \
extern void prefix ## suffix(void) __compiletime_error(msg); \
@@ -525,6 +526,9 @@ static __always_inline void __write_once
prefix ## suffix(); \
__compiletime_error_fallback(__cond); \
} while (0)
+#else
+# define __compiletime_assert(condition, msg, prefix, suffix)
+#endif

#define _compiletime_assert(condition, msg, prefix, suffix) \
__compiletime_assert(condition, msg, prefix, suffix)
_

Next message: Andrea Arcangeli: "Re: [PATCH 02/13] mm/rmap: update to new mmu_notifier semantic"
Previous message: kernel test robot: "d5923ebd7c ("Merge branch 'WIP.x86/fpu'"): BUG: kernel hang in early-boot stage, last printk: Booting the kernel."
In reply to: Joe Stringer: "Re: [PATCH] compiler: Don't perform compiletime_assert with -O0."
Next in thread: Joe Stringer: "Re: [PATCH] compiler: Don't perform compiletime_assert with -O0."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]