Re: [GIT PULL] x86/build changes for v4.17
From: Matthias Kaehlcke
Date: Wed Apr 04 2018 - 19:31:19 EST
El Wed, Apr 04, 2018 at 03:39:24PM -0700 Linus Torvalds ha dit:
> On Wed, Apr 4, 2018 at 3:17 PM, Matthias Kaehlcke <mka@xxxxxxxxxxxx> wrote:
> > Getting our compiler team high to look into this might affect a timely
> > (and correct ...) implementation of asm-goto and others important
> > features. Arnd, do you have another, preferably simple instance to
> > keep our compiler folks (halfway) sane?
> I don't know if clang actually already gets this right or not, but as
> an example of a case where we have a semantic difference between "is
> this a constant or not", a much simpler case is in
> - arch/x86/include/asm/uaccess.h:
> * Test whether a block of memory is a valid user space address.
> * Returns 0 if the range is valid, nonzero otherwise.
> static inline bool __chk_range_not_ok(unsigned long addr, unsigned
> long size, unsigned long limit)
> * If we have used "sizeof()" for the size,
> * we know it won't overflow the limit (but
> * it might overflow the 'addr', so it's
> * important to subtract the size from the
> * limit, not add it to the address).
> if (__builtin_constant_p(size))
> return unlikely(addr > limit - size);
> /* Arbitrary sizes? Be careful about overflow */
> addr += size;
> if (unlikely(addr < size))
> return true;
> return unlikely(addr > limit);
> where the actual check itself is simplified for the constant size case
> (because we know that constant sizes are never going to have the
> overflow issue with the address size limit)
> That inline function itself is then wrapped with a couple of macros,
> and the usual use-case is through "access_ok()", which then typically
> just gets either a sizeof(), or a non-constant length.
> Of course, we've been walking away from having people do "access_ok()
> + __copy_from_user()" (the latter does some conceptually similar
> optimizations on constant sizes), so those probably simply don't
> matter much any more in practice.
> But they are certainly a lot simpler to look at than the more exciting
> 32-bit asm-generic "do_div()" case is ;)
Thanks, that was useful!
>From some experiments it looks like clang, in difference to gcc, does
not treat constant values passed as parameters to inline function as
I'll ask our compiler folks to take a look, with lower priority than
other issues in this thread though.