compiler.h: Fix undefined BUILD_BUG_ON_ZERO()

Message ID	20241115204602.249590-1-philipp.reisner@linbit.com (mailing list archive)
State	New
Headers	show Received: from mail-ej1-f43.google.com (mail-ej1-f43.google.com [209.85.218.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4BB971D63E0 for <linux-sparse@vger.kernel.org>; Fri, 15 Nov 2024 20:46:06 +0000 (UTC) From: Philipp Reisner <philipp.reisner@linbit.com> To: Linus Torvalds <torvalds@linux-foundation.org> Cc: Kees Cook <keescook@chromium.org>, Luc Van Oostenryck <luc.vanoostenryck@gmail.com>, linux-sparse@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] compiler.h: Fix undefined BUILD_BUG_ON_ZERO() Date: Fri, 15 Nov 2024 21:46:02 +0100 Message-ID: <20241115204602.249590-1-philipp.reisner@linbit.com> In-Reply-To: <CAHk-=wiPZmd1hrsUoP+9vPg2=E0Jj6Li77_BZcV9GocbJg8fag@mail.gmail.com> References: <CAHk-=wiPZmd1hrsUoP+9vPg2=E0Jj6Li77_BZcV9GocbJg8fag@mail.gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	compiler.h: Fix undefined BUILD_BUG_ON_ZERO() \| expand compiler.h: Fix undefined BUILD_BUG_ON_ZERO()

Message ID

20241115204602.249590-1-philipp.reisner@linbit.com (mailing list archive)

State

New

Headers

From: Philipp Reisner <philipp.reisner@linbit.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
	Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
	linux-sparse@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH] compiler.h: Fix undefined BUILD_BUG_ON_ZERO()
Date: Fri, 15 Nov 2024 21:46:02 +0100
Message-ID: <20241115204602.249590-1-philipp.reisner@linbit.com>
In-Reply-To: 
 <CAHk-=wiPZmd1hrsUoP+9vPg2=E0Jj6Li77_BZcV9GocbJg8fag@mail.gmail.com>
References: 
 <CAHk-=wiPZmd1hrsUoP+9vPg2=E0Jj6Li77_BZcV9GocbJg8fag@mail.gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

compiler.h: Fix undefined BUILD_BUG_ON_ZERO() | expand

Commit Message

Philipp Reisner Nov. 15, 2024, 8:46 p.m. UTC

<linux/compiler.h> defines __must_be_array() and __must_be_cstr() and
both expand to BUILD_BUG_ON_ZERO(), but <linux/build_bug.h> defines
BUILD_BUG_ON_ZERO(). Including <linux/build_bug.h> in
<linux/compiler.h> would create a cyclic dependency as
<linux/build_bug.h> already includes <linux/compiler.h>.

Fix that by defining __BUILD_BUG_ON_ZERO_MSG() in <linux/compiler.h>
and using that for __must_be_array() and __must_be_cstr().

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
---
 include/linux/compiler.h | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

Comments

Kees Cook Nov. 15, 2024, 8:48 p.m. UTC | #1

On Fri, Nov 15, 2024 at 09:46:02PM +0100, Philipp Reisner wrote:
> <linux/compiler.h> defines __must_be_array() and __must_be_cstr() and
> both expand to BUILD_BUG_ON_ZERO(), but <linux/build_bug.h> defines
> BUILD_BUG_ON_ZERO(). Including <linux/build_bug.h> in
> <linux/compiler.h> would create a cyclic dependency as
> <linux/build_bug.h> already includes <linux/compiler.h>.
> 
> Fix that by defining __BUILD_BUG_ON_ZERO_MSG() in <linux/compiler.h>
> and using that for __must_be_array() and __must_be_cstr().
> 
> Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>

Thanks for finding a simple way to make this work sanely. :)

Acked-by: Kees Cook <kees@kernel.org>

Linus, do you want a PR for this, or will you apply it directly?

Thanks!

-Kees

> ---
>  include/linux/compiler.h | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index 4d4e23b6e3e7..469a64dd6495 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -239,11 +239,18 @@ static inline void *offset_to_ptr(const int *off)
>  
>  #endif /* __ASSEMBLY__ */
>  
> +#ifdef __CHECKER__
> +#define __BUILD_BUG_ON_ZERO_MSG(e, msg) (0)
> +#else /* __CHECKER__ */
> +#define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);}))
> +#endif /* __CHECKER__ */
> +
>  /* &a[0] degrades to a pointer: a different type from an array */
> -#define __must_be_array(a)	BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
> +#define __must_be_array(a)	__BUILD_BUG_ON_ZERO_MSG(__same_type((a), &(a)[0]), "must be array")
>  
>  /* Require C Strings (i.e. NUL-terminated) lack the "nonstring" attribute. */
> -#define __must_be_cstr(p)	BUILD_BUG_ON_ZERO(__annotated(p, nonstring))
> +#define __must_be_cstr(p) \
> +	__BUILD_BUG_ON_ZERO_MSG(__annotated(p, nonstring), "must be cstr (NUL-terminated)")
>  
>  /*
>   * This returns a constant expression while determining if an argument is
> -- 
> 2.47.0
>

Linus Torvalds Nov. 15, 2024, 9:57 p.m. UTC | #2

On Fri, 15 Nov 2024 at 12:46, Philipp Reisner
<philipp.reisner@linbit.com> wrote:
>
> Fix that by defining __BUILD_BUG_ON_ZERO_MSG() in <linux/compiler.h>
> and using that for __must_be_array() and __must_be_cstr().

Ack, that cast to 'int' seems good too, to make sure the
__BUILD_BUG_ON_ZERO_MSG() test doesn't unintentionally change the type
of the expression it is in.

I do wonder if we actually need that "#ifdef __CHECKER__"? I think
sparse is perfectly fine with a _Static_assert(). Or does the checking
cause some other issues?

            Linus

Linus Torvalds Nov. 15, 2024, 9:58 p.m. UTC | #3

On Fri, 15 Nov 2024 at 12:48, Kees Cook <kees@kernel.org> wrote:
>
> Linus, do you want a PR for this, or will you apply it directly?

Well, I'm certainly not applying it this late for 6.12 - who knows
what compiler issues it can trigger - and for the merge window I will
have forgotten it.

So put it in your tree and have it go through linux-next to see that
it's ok. It *looks* fine to me, but...

            Linus

Kees Cook Nov. 17, 2024, 5:26 a.m. UTC | #4

On Fri, 15 Nov 2024 21:46:02 +0100, Philipp Reisner wrote:
> <linux/compiler.h> defines __must_be_array() and __must_be_cstr() and
> both expand to BUILD_BUG_ON_ZERO(), but <linux/build_bug.h> defines
> BUILD_BUG_ON_ZERO(). Including <linux/build_bug.h> in
> <linux/compiler.h> would create a cyclic dependency as
> <linux/build_bug.h> already includes <linux/compiler.h>.
> 
> Fix that by defining __BUILD_BUG_ON_ZERO_MSG() in <linux/compiler.h>
> and using that for __must_be_array() and __must_be_cstr().
> 
> [...]

Applied to for-next/hardening, thanks!

[1/1] compiler.h: Fix undefined BUILD_BUG_ON_ZERO()
      https://git.kernel.org/kees/c/d7a516c6eeae

Take care,

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 4d4e23b6e3e7..469a64dd6495 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -239,11 +239,18 @@  static inline void *offset_to_ptr(const int *off)
 
 #endif /* __ASSEMBLY__ */
 
+#ifdef __CHECKER__
+#define __BUILD_BUG_ON_ZERO_MSG(e, msg) (0)
+#else /* __CHECKER__ */
+#define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);}))
+#endif /* __CHECKER__ */
+
 /* &a[0] degrades to a pointer: a different type from an array */
-#define __must_be_array(a)	BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
+#define __must_be_array(a)	__BUILD_BUG_ON_ZERO_MSG(__same_type((a), &(a)[0]), "must be array")
 
 /* Require C Strings (i.e. NUL-terminated) lack the "nonstring" attribute. */
-#define __must_be_cstr(p)	BUILD_BUG_ON_ZERO(__annotated(p, nonstring))
+#define __must_be_cstr(p) \
+	__BUILD_BUG_ON_ZERO_MSG(__annotated(p, nonstring), "must be cstr (NUL-terminated)")
 
 /*
  * This returns a constant expression while determining if an argument is

compiler.h: Fix undefined BUILD_BUG_ON_ZERO()

Commit Message

Comments

Patch