Message ID | 20210927121338.938994-1-arnd@kernel.org (mailing list archive) |
---|---|
State | Not Applicable, archived |
Headers | show |
Series | ACPI: avoid NULL pointer arithmetic | expand |
Bob, this is ACPICA material. Would it be possible to apply this to the upstream from the patch or do you need a PR for this? On 9/27/2021 2:13 PM, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > There are some very old macros for doing an open-coded offsetof() and > cast between pointer and integer in ACPI headers. clang-14 now complains > about these: > > drivers/acpi/acpica/tbfadt.c:86:3: error: performing pointer subtraction with a null pointer has undefined behavior [-Werror,-Wnull-pointer-subtraction] > ACPI_FADT_OFFSET(pm_timer_block), > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actbl.h:376:47: note: expanded from macro 'ACPI_FADT_OFFSET' > #define ACPI_FADT_OFFSET(f) (u16) ACPI_OFFSET (struct acpi_table_fadt, f) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actypes.h:511:41: note: expanded from macro 'ACPI_OFFSET' > #define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actypes.h:505:79: note: expanded from macro 'ACPI_PTR_DIFF' > #define ACPI_PTR_DIFF(a, b) ((acpi_size) (ACPI_CAST_PTR (u8, (a)) - ACPI_CAST_PTR (u8, (b)))) > ^ ~~~~~~~~~~~~~~~~~~~~~~~ > Convert them to the modern equivalents. > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > include/acpi/actypes.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h > index 92c71dfce0d5..285bc7b73de3 100644 > --- a/include/acpi/actypes.h > +++ b/include/acpi/actypes.h > @@ -507,8 +507,8 @@ typedef u64 acpi_integer; > /* Pointer/Integer type conversions */ > > #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) > -#define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) > -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > +#define ACPI_TO_INTEGER(p) ((uintptr_t)(p)) > +#define ACPI_OFFSET(d, f) offsetof(d, f) > #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) > #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i) >
I can take this patch as-is, I think. I'll try for the next acpica release later this week. -----Original Message----- From: Wysocki, Rafael J <rafael.j.wysocki@intel.com> Sent: Tuesday, September 28, 2021 10:44 AM To: Arnd Bergmann <arnd@kernel.org>; Moore, Robert <robert.moore@intel.com> Cc: Arnd Bergmann <arnd@arndb.de>; Nathan Chancellor <nathan@kernel.org>; Nick Desaulniers <ndesaulniers@google.com>; Erik Kaneda <erik.kaneda@intel.com>; linux-acpi@vger.kernel.org; devel@acpica.org; linux-kernel@vger.kernel.org; llvm@lists.linux.dev; Len Brown <lenb@kernel.org>; Rafael J. Wysocki <rafael@kernel.org> Subject: Re: [PATCH] ACPI: avoid NULL pointer arithmetic Bob, this is ACPICA material. Would it be possible to apply this to the upstream from the patch or do you need a PR for this? On 9/27/2021 2:13 PM, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > There are some very old macros for doing an open-coded offsetof() and > cast between pointer and integer in ACPI headers. clang-14 now > complains about these: > > drivers/acpi/acpica/tbfadt.c:86:3: error: performing pointer subtraction with a null pointer has undefined behavior [-Werror,-Wnull-pointer-subtraction] > ACPI_FADT_OFFSET(pm_timer_block), > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actbl.h:376:47: note: expanded from macro 'ACPI_FADT_OFFSET' > #define ACPI_FADT_OFFSET(f) (u16) ACPI_OFFSET (struct acpi_table_fadt, f) > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actypes.h:511:41: note: expanded from macro 'ACPI_OFFSET' > #define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actypes.h:505:79: note: expanded from macro 'ACPI_PTR_DIFF' > #define ACPI_PTR_DIFF(a, b) ((acpi_size) (ACPI_CAST_PTR (u8, (a)) - ACPI_CAST_PTR (u8, (b)))) > > ^ ~~~~~~~~~~~~~~~~~~~~~~~ Convert them to the modern equivalents. > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > include/acpi/actypes.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h index > 92c71dfce0d5..285bc7b73de3 100644 > --- a/include/acpi/actypes.h > +++ b/include/acpi/actypes.h > @@ -507,8 +507,8 @@ typedef u64 acpi_integer; > /* Pointer/Integer type conversions */ > > #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) > -#define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) > -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > +#define ACPI_TO_INTEGER(p) ((uintptr_t)(p)) > +#define ACPI_OFFSET(d, f) offsetof(d, f) > #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) > #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i) >
On Tue, Sep 28, 2021 at 10:39 PM Moore, Robert <robert.moore@intel.com> wrote: > > I can take this patch as-is, I think. I'll try for the next acpica release later this week. Thanks! > -----Original Message----- > From: Wysocki, Rafael J <rafael.j.wysocki@intel.com> > Sent: Tuesday, September 28, 2021 10:44 AM > To: Arnd Bergmann <arnd@kernel.org>; Moore, Robert <robert.moore@intel.com> > Cc: Arnd Bergmann <arnd@arndb.de>; Nathan Chancellor <nathan@kernel.org>; Nick Desaulniers <ndesaulniers@google.com>; Erik Kaneda <erik.kaneda@intel.com>; linux-acpi@vger.kernel.org; devel@acpica.org; linux-kernel@vger.kernel.org; llvm@lists.linux.dev; Len Brown <lenb@kernel.org>; Rafael J. Wysocki <rafael@kernel.org> > Subject: Re: [PATCH] ACPI: avoid NULL pointer arithmetic > > Bob, this is ACPICA material. > > Would it be possible to apply this to the upstream from the patch or do you need a PR for this? > > On 9/27/2021 2:13 PM, Arnd Bergmann wrote: > > From: Arnd Bergmann <arnd@arndb.de> > > > > There are some very old macros for doing an open-coded offsetof() and > > cast between pointer and integer in ACPI headers. clang-14 now > > complains about these: > > > > drivers/acpi/acpica/tbfadt.c:86:3: error: performing pointer subtraction with a null pointer has undefined behavior [-Werror,-Wnull-pointer-subtraction] > > ACPI_FADT_OFFSET(pm_timer_block), > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > include/acpi/actbl.h:376:47: note: expanded from macro 'ACPI_FADT_OFFSET' > > #define ACPI_FADT_OFFSET(f) (u16) ACPI_OFFSET (struct acpi_table_fadt, f) > > > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > include/acpi/actypes.h:511:41: note: expanded from macro 'ACPI_OFFSET' > > #define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > > > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > include/acpi/actypes.h:505:79: note: expanded from macro 'ACPI_PTR_DIFF' > > #define ACPI_PTR_DIFF(a, b) ((acpi_size) (ACPI_CAST_PTR (u8, (a)) - ACPI_CAST_PTR (u8, (b)))) > > > > ^ ~~~~~~~~~~~~~~~~~~~~~~~ Convert them to the modern equivalents. > > > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > > --- > > include/acpi/actypes.h | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h index > > 92c71dfce0d5..285bc7b73de3 100644 > > --- a/include/acpi/actypes.h > > +++ b/include/acpi/actypes.h > > @@ -507,8 +507,8 @@ typedef u64 acpi_integer; > > /* Pointer/Integer type conversions */ > > > > #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) > > -#define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) > > -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > > +#define ACPI_TO_INTEGER(p) ((uintptr_t)(p)) > > +#define ACPI_OFFSET(d, f) offsetof(d, f) > > #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) > > #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i) > > > >
On Mon, Sep 27, 2021 at 2:13 PM Arnd Bergmann <arnd@kernel.org> wrote: > > From: Arnd Bergmann <arnd@arndb.de> > > There are some very old macros for doing an open-coded offsetof() and > cast between pointer and integer in ACPI headers. clang-14 now complains > about these: > > drivers/acpi/acpica/tbfadt.c:86:3: error: performing pointer subtraction with a null pointer has undefined behavior [-Werror,-Wnull-pointer-subtraction] > ACPI_FADT_OFFSET(pm_timer_block), > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actbl.h:376:47: note: expanded from macro 'ACPI_FADT_OFFSET' > #define ACPI_FADT_OFFSET(f) (u16) ACPI_OFFSET (struct acpi_table_fadt, f) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actypes.h:511:41: note: expanded from macro 'ACPI_OFFSET' > #define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/acpi/actypes.h:505:79: note: expanded from macro 'ACPI_PTR_DIFF' > #define ACPI_PTR_DIFF(a, b) ((acpi_size) (ACPI_CAST_PTR (u8, (a)) - ACPI_CAST_PTR (u8, (b)))) > ^ ~~~~~~~~~~~~~~~~~~~~~~~ > Convert them to the modern equivalents. > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > include/acpi/actypes.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h > index 92c71dfce0d5..285bc7b73de3 100644 > --- a/include/acpi/actypes.h > +++ b/include/acpi/actypes.h > @@ -507,8 +507,8 @@ typedef u64 acpi_integer; > /* Pointer/Integer type conversions */ > > #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) > -#define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) > -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > +#define ACPI_TO_INTEGER(p) ((uintptr_t)(p)) > +#define ACPI_OFFSET(d, f) offsetof(d, f) > #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) > #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i) > > -- Queued up as 5.16 material, converted into an upstream ACPICA pull request and submitted, thanks!
On Wed, Sep 29, 2021 at 8:47 PM Rafael J. Wysocki <rafael@kernel.org> wrote: > > On Mon, Sep 27, 2021 at 2:13 PM Arnd Bergmann <arnd@kernel.org> wrote: > > > > From: Arnd Bergmann <arnd@arndb.de> > > > > There are some very old macros for doing an open-coded offsetof() and > > cast between pointer and integer in ACPI headers. clang-14 now complains > > about these: > > > > drivers/acpi/acpica/tbfadt.c:86:3: error: performing pointer subtraction with a null pointer has undefined behavior [-Werror,-Wnull-pointer-subtraction] > > ACPI_FADT_OFFSET(pm_timer_block), > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > include/acpi/actbl.h:376:47: note: expanded from macro 'ACPI_FADT_OFFSET' > > #define ACPI_FADT_OFFSET(f) (u16) ACPI_OFFSET (struct acpi_table_fadt, f) > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > include/acpi/actypes.h:511:41: note: expanded from macro 'ACPI_OFFSET' > > #define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > include/acpi/actypes.h:505:79: note: expanded from macro 'ACPI_PTR_DIFF' > > #define ACPI_PTR_DIFF(a, b) ((acpi_size) (ACPI_CAST_PTR (u8, (a)) - ACPI_CAST_PTR (u8, (b)))) > > ^ ~~~~~~~~~~~~~~~~~~~~~~~ > > Convert them to the modern equivalents. > > > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > > --- > > include/acpi/actypes.h | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h > > index 92c71dfce0d5..285bc7b73de3 100644 > > --- a/include/acpi/actypes.h > > +++ b/include/acpi/actypes.h > > @@ -507,8 +507,8 @@ typedef u64 acpi_integer; > > /* Pointer/Integer type conversions */ > > > > #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) > > -#define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) > > -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > > +#define ACPI_TO_INTEGER(p) ((uintptr_t)(p)) > > +#define ACPI_OFFSET(d, f) offsetof(d, f) > > #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) > > #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i) > > > > -- > > Queued up as 5.16 material, converted into an upstream ACPICA pull > request and submitted, thanks! And reverted from there, because it introduced build issues. Can we use alternative definitions that don't depend on uintptr_t and offsetof()?
On Thu, Sep 30, 2021 at 8:52 PM Rafael J. Wysocki <rafael@kernel.org> wrote: > > On Wed, Sep 29, 2021 at 8:47 PM Rafael J. Wysocki <rafael@kernel.org> wrote: > > > > On Mon, Sep 27, 2021 at 2:13 PM Arnd Bergmann <arnd@kernel.org> wrote: > > > > > > #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) > > > -#define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) > > > -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) > > > +#define ACPI_TO_INTEGER(p) ((uintptr_t)(p)) > > > +#define ACPI_OFFSET(d, f) offsetof(d, f) > > > #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) > > > #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i) > > > > > > -- > > > > Queued up as 5.16 material, converted into an upstream ACPICA pull > > request and submitted, thanks! > > And reverted from there, because it introduced build issues. > > Can we use alternative definitions that don't depend on uintptr_t and > offsetof()? It's a bit tricky, as both were introduced to avoid portability issues. For uintptr_t, we could use 'unsigned long', which works on everything that Linux can run on, but wouldn't work if this code can be compiled for 64-bit Windows. 'size_t' probably works, but likely has the same problem as 'uintptr_t' because they require and additional #include. I see that some code uses acpi_uintptr_t, which looks like it is meant to replace uintptr_t, this is defined as 'void *' in include/acpi/actypes.h, so that probably wouldn't avoid the warning. For offsetof(), we could use __builtin_offsetof(), which would work with any gcc-compatible compiler, if the goal is to avoid including <stddef.h>. If it has to work on other compilers, there is no portable way that doesn't rely on standard headers. The best idea I'd have would be to use "#ifdef offsetof" to choose between the trivial implementation I had and the old one that works for non-standard C but may invoke undefined behavior. Arnd
diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h index 92c71dfce0d5..285bc7b73de3 100644 --- a/include/acpi/actypes.h +++ b/include/acpi/actypes.h @@ -507,8 +507,8 @@ typedef u64 acpi_integer; /* Pointer/Integer type conversions */ #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) -#define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) +#define ACPI_TO_INTEGER(p) ((uintptr_t)(p)) +#define ACPI_OFFSET(d, f) offsetof(d, f) #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i)