Commit 9975f852ce1b ("powerpc/uaccess: Remove calls to __get_user_bad()
and __put_user_bad()") switch to BUILD_BUG() in the default case, which
leaves x uninitialized. This will not be an issue because the build will
be broken in that case but clang does static analysis before it realizes
the default case will be done so it warns about x being uninitialized
(trimmed for brevity):
In file included from mm/mprotect.c:13:
In file included from ./include/linux/hugetlb.h:28:
In file included from ./include/linux/mempolicy.h:16:
./include/linux/pagemap.h:772:16: warning: variable '__gu_val' is used
uninitialized whenever switch default is taken [-Wsometimes-uninitialized]
if (unlikely(__get_user(c, uaddr) != 0))
^~~~~~~~~~~~~~~~~~~~
./arch/powerpc/include/asm/uaccess.h:266:2: note: expanded from macro '__get_user'
__get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./arch/powerpc/include/asm/uaccess.h:235:2: note: expanded from macro
'__get_user_size_allowed'
default: BUILD_BUG(); \
^~~~~~~
Commit 5cd29b1fd3e8 ("powerpc/uaccess: Use asm goto for get_user when
compiler supports it") added an initialization for x because of the same
reason. Do the same thing here so there is no warning across all
versions of clang.
Link: https://github.com/ClangBuiltLinux/linux/issues/1359
Signed-off-by: Nathan Chancellor <[email protected]>
---
arch/powerpc/include/asm/uaccess.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
index a4e791bcd3fe..a09e4240c5b1 100644
--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -232,7 +232,7 @@ do { \
case 2: __get_user_asm(x, (u16 __user *)ptr, retval, "lhz"); break; \
case 4: __get_user_asm(x, (u32 __user *)ptr, retval, "lwz"); break; \
case 8: __get_user_asm2(x, (u64 __user *)ptr, retval); break; \
- default: BUILD_BUG(); \
+ default: x = 0; BUILD_BUG(); \
} \
} while (0)
base-commit: ee6b25fa7c037e42cc5f3b5c024b2a779edab6dd
--
2.31.1.362.g311531c9de
Le 26/04/2021 à 22:35, Nathan Chancellor a écrit :
> Commit 9975f852ce1b ("powerpc/uaccess: Remove calls to __get_user_bad()
> and __put_user_bad()") switch to BUILD_BUG() in the default case, which
> leaves x uninitialized. This will not be an issue because the build will
> be broken in that case but clang does static analysis before it realizes
> the default case will be done so it warns about x being uninitialized
> (trimmed for brevity):
>
> In file included from mm/mprotect.c:13:
> In file included from ./include/linux/hugetlb.h:28:
> In file included from ./include/linux/mempolicy.h:16:
> ./include/linux/pagemap.h:772:16: warning: variable '__gu_val' is used
> uninitialized whenever switch default is taken [-Wsometimes-uninitialized]
> if (unlikely(__get_user(c, uaddr) != 0))
> ^~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:266:2: note: expanded from macro '__get_user'
> __get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:235:2: note: expanded from macro
> '__get_user_size_allowed'
> default: BUILD_BUG(); \
> ^~~~~~~
>
> Commit 5cd29b1fd3e8 ("powerpc/uaccess: Use asm goto for get_user when
> compiler supports it") added an initialization for x because of the same
> reason. Do the same thing here so there is no warning across all
> versions of clang.
Ah yes, I tested with Clang 11 which has CONFIG_CC_HAS_ASM_GOTO_OUTPUT, that's the reason why I hit
that warning only in the CONFIG_CC_HAS_ASM_GOTO_OUTPUT branch.
But regardless, is that normal that Clang warns that on a never taken branch ? That's puzzling.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1359
> Signed-off-by: Nathan Chancellor <[email protected]>
Acked-by: Christophe Leroy <[email protected]>
> ---
> arch/powerpc/include/asm/uaccess.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
> index a4e791bcd3fe..a09e4240c5b1 100644
> --- a/arch/powerpc/include/asm/uaccess.h
> +++ b/arch/powerpc/include/asm/uaccess.h
> @@ -232,7 +232,7 @@ do { \
> case 2: __get_user_asm(x, (u16 __user *)ptr, retval, "lhz"); break; \
> case 4: __get_user_asm(x, (u32 __user *)ptr, retval, "lwz"); break; \
> case 8: __get_user_asm2(x, (u64 __user *)ptr, retval); break; \
> - default: BUILD_BUG(); \
> + default: x = 0; BUILD_BUG(); \
> } \
> } while (0)
>
>
> base-commit: ee6b25fa7c037e42cc5f3b5c024b2a779edab6dd
>
On Tue, Apr 27, 2021 at 07:05:12AM +0200, Christophe Leroy wrote:
>
>
> Le 26/04/2021 ? 22:35, Nathan Chancellor a ?crit?:
> > Commit 9975f852ce1b ("powerpc/uaccess: Remove calls to __get_user_bad()
> > and __put_user_bad()") switch to BUILD_BUG() in the default case, which
> > leaves x uninitialized. This will not be an issue because the build will
> > be broken in that case but clang does static analysis before it realizes
> > the default case will be done so it warns about x being uninitialized
> > (trimmed for brevity):
> >
> > In file included from mm/mprotect.c:13:
> > In file included from ./include/linux/hugetlb.h:28:
> > In file included from ./include/linux/mempolicy.h:16:
> > ./include/linux/pagemap.h:772:16: warning: variable '__gu_val' is used
> > uninitialized whenever switch default is taken [-Wsometimes-uninitialized]
> > if (unlikely(__get_user(c, uaddr) != 0))
> > ^~~~~~~~~~~~~~~~~~~~
> > ./arch/powerpc/include/asm/uaccess.h:266:2: note: expanded from macro '__get_user'
> > __get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ./arch/powerpc/include/asm/uaccess.h:235:2: note: expanded from macro
> > '__get_user_size_allowed'
> > default: BUILD_BUG(); \
> > ^~~~~~~
> >
> > Commit 5cd29b1fd3e8 ("powerpc/uaccess: Use asm goto for get_user when
> > compiler supports it") added an initialization for x because of the same
> > reason. Do the same thing here so there is no warning across all
> > versions of clang.
>
> Ah yes, I tested with Clang 11 which has CONFIG_CC_HAS_ASM_GOTO_OUTPUT,
> that's the reason why I hit that warning only in the
> CONFIG_CC_HAS_ASM_GOTO_OUTPUT branch.
>
> But regardless, is that normal that Clang warns that on a never taken branch ? That's puzzling.
It seems to be related to the fact that the value of sizeof is assigned
to a variable. At this point in the pipeline, clang does not realize
that the default branch is never taken because __gu_size has not
actually been evaluated. If you stuck a numeric constant in there, it
would not fire.
A simple example: https://godbolt.org/z/jbrqEbh1j
It is possible that could be improved in clang but I am not sure.
> >
> > Link: https://github.com/ClangBuiltLinux/linux/issues/1359
> > Signed-off-by: Nathan Chancellor <[email protected]>
>
> Acked-by: Christophe Leroy <[email protected]>
Thanks for taking a look!
Cheers,
Nathan
> > ---
> > arch/powerpc/include/asm/uaccess.h | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
> > index a4e791bcd3fe..a09e4240c5b1 100644
> > --- a/arch/powerpc/include/asm/uaccess.h
> > +++ b/arch/powerpc/include/asm/uaccess.h
> > @@ -232,7 +232,7 @@ do { \
> > case 2: __get_user_asm(x, (u16 __user *)ptr, retval, "lhz"); break; \
> > case 4: __get_user_asm(x, (u32 __user *)ptr, retval, "lwz"); break; \
> > case 8: __get_user_asm2(x, (u64 __user *)ptr, retval); break; \
> > - default: BUILD_BUG(); \
> > + default: x = 0; BUILD_BUG(); \
> > } \
> > } while (0)
> >
> > base-commit: ee6b25fa7c037e42cc5f3b5c024b2a779edab6dd
> >
On Mon, 26 Apr 2021 13:35:18 -0700, Nathan Chancellor wrote:
> Commit 9975f852ce1b ("powerpc/uaccess: Remove calls to __get_user_bad()
> and __put_user_bad()") switch to BUILD_BUG() in the default case, which
> leaves x uninitialized. This will not be an issue because the build will
> be broken in that case but clang does static analysis before it realizes
> the default case will be done so it warns about x being uninitialized
> (trimmed for brevity):
>
> [...]
Applied to powerpc/next.
[1/1] powerpc: Avoid clang uninitialized warning in __get_user_size_allowed
https://git.kernel.org/powerpc/c/f9cd5f91a897ea0c45d0059ceeb091cee78c6ebe
cheers