Received: by 10.213.65.68 with SMTP id h4csp1106022imn;
        Wed, 4 Apr 2018 12:43:33 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+AC7tp3vjdz0WvDALU7eP4zJXK9/giCOdLm9J8hqfUeWUMA9tABmokEu1/rDmoVH4r66G2
X-Received: by 2002:a17:902:4324:: with SMTP id i33-v6mr6868306pld.379.1522871013708;
        Wed, 04 Apr 2018 12:43:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522871013; cv=none;
        d=google.com; s=arc-20160816;
        b=MMuqZuOpz8Bk1T5m6kCZrlFmniSmfAyZd4iBy42190AdCCRqyBcjFWxXE4JJRkrUW1
         4VCEAzrhi5MYDlg5dbznDzYJCld8WYiq5ZV3VR9c0P2VCQSrMJ3e9yBdsmK8L4WTIssK
         ZXP4kaaMCOzdntA8WPIcwRvzz5etBf1QIZVQFug05g5X0DIK+O5BwKe3IcoNSS/F9Um0
         opEUCgdGougza5LioNj9ObWGcm7K2oWNUo95M4ucGyK7niX034Tho5bA0NYXvKc5mhzf
         GIXb2qAa8c6gz2gXMYE2HGQMQJqO1SOqUaobAPI3xwLLB0HOITdjX7ukySNcX/eL9/OZ
         fXEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=TvdTcNL2rpCNijMh6fVC7/pJnidewoZ8nflChmFR/IQ=;
        b=SUsjAp8aeFrTJVHCeY1/Sj1VOaEtKCeba1kKlimRAqltpjYHev4Io5mrTWw4OkWrZ7
         3fInARYg/7yNZFshgsECYGRvMh86iHPsnK0PzKEZcdFaZnnCNtBw6PA+XRMLJIXXOWkJ
         8FKp9Q+3lfKhRyh5W2QrXeljucwY/xD1LV7/nz75q4LiU+y6NVnlzFPH4ueYcEe0BmrM
         P5FZ4NIzxGYMXATa7vH/p3lI0USGPNPFX9xcJ9naOGqVnGlC3l7MfJwIXzbI4gHFEfZA
         M2iWzfi8UV5HtnAyo/PyykEE/o3CQCG+ZVOq79P6Jr19xN78NCyLC69irx03oTbEK4rR
         Aq4Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=Fi1GQsZ0;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=R5YTCDWM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k196si4111930pgc.700.2018.04.04.12.43.18;
        Wed, 04 Apr 2018 12:43:33 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=Fi1GQsZ0;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=R5YTCDWM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751561AbeDDTmJ (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Wed, 4 Apr 2018 15:42:09 -0400
Received: from mail-it0-f68.google.com ([209.85.214.68]:34892 "EHLO
        mail-it0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751399AbeDDTmI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Apr 2018 15:42:08 -0400
Received: by mail-it0-f68.google.com with SMTP id v194-v6so146712itb.0
        for <linux-kernel@vger.kernel.org>; Wed, 04 Apr 2018 12:42:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=TvdTcNL2rpCNijMh6fVC7/pJnidewoZ8nflChmFR/IQ=;
        b=Fi1GQsZ0m9uEw9YJV3+//dH/A+SQ1bJd2djDuwUTWWzDeknxM/z6Q4ZqWLRNoJUPG8
         OtpL5mtaRtPa4r2u0zZXHKhfV3wmMzfWhWrePSiYOPInoAhNXbnz3d56NUANHsa339JM
         oafVuuB4FMRvuiNa35bcUkWPIn0GcxtdfWl+Czxo9jN96WqKb3JxuqZOqUodg71QESWA
         tEKB8e77/NACQ5HhuRQwNcG2t7I+rG0khNWIj736j7RHCTBChoMtIcZW5q1B+DOjGyBj
         aWi5Oik+4xyZBoAOTkTW7D63y+1eeV3f3V36uPAfUvSItpLvwCLJDgLCzt+AUbWWt4cr
         FcYQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=TvdTcNL2rpCNijMh6fVC7/pJnidewoZ8nflChmFR/IQ=;
        b=R5YTCDWMh9Ji/28EGPg+MGXELF5vDXuqV9q4PZt9Xz8KtCmuah51lCS4+4OiG4UfTp
         /WMncg3a0BfoSgbVkeXf4BeGCC95/iWyfEYkUDCsJt1SqZHOO/JP07Gjukr3oH3U+EVw
         wD5BeSYZ8tA6Ebt+EkaOb1GgXB83zG0Fm4oF8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=TvdTcNL2rpCNijMh6fVC7/pJnidewoZ8nflChmFR/IQ=;
        b=kDP+8SE4rb3GETahW0hrCl8qHNtAr7KsF1XKIl1RThpmZ2arOyE9kwgxgpjMSMGMxv
         TZaft+2pbntTwLKPKf87vvYahk3Nd2Yxj3GnlzkROiaK33YvistnZzFR+Z9zTnqI7g3q
         /0ReWKq55INMX60LQwW/H4JpsX681bWN0tvxP/9GA7kcn/dLNXEDeC0WdB9Bn740obpY
         XtfcdLRcUscln0DRTAKcwUqT19UtyKBLT+QjXOby1JPXDa/Wlv8FGLQ2uszPK1M7Nnhi
         2l+ujnUXTE0/m+wdch7g4ZwkSlLanfWz2bLXN2Y4d1S1ijw0k6VEQ2MeMpDljlJVIvf5
         o7wA==
X-Gm-Message-State: ALQs6tA4QmVbA8ix0Ku1zJAqG1565nwu2HZ78SUxIHuYT6merCVZ8r/7
        ZfP2ha3ffh4jiOGg55TN2m/0tnqGbncvlkkwzlx4ido2
X-Received: by 2002:a24:5b02:: with SMTP id g2-v6mr11046417itb.100.1522870927259;
 Wed, 04 Apr 2018 12:42:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.95.15 with HTTP; Wed, 4 Apr 2018 12:42:06 -0700 (PDT)
In-Reply-To: <CAA2zVHoteRJeGM=kmsZmaKP97K0LJhVF872KhpWE192A-=B4SA@mail.gmail.com>
References: <20180402095033.nfzcrmxvpm46dhbl@gmail.com> <CA+55aFzV8L-uv9706ryJ2mP9VGBuzqFVPu1cgYY+sZAtDAroqg@mail.gmail.com>
 <20180403085904.GY4082@hirez.programming.kicks-ass.net> <20180403095118.rpf7tj577dppvx7d@gmail.com>
 <20180403180658.GE87376@google.com> <CAKwvOdkaBNTyNjackJcWYkdfwyR2wjAruMFqN8LuYqC8V0ii_A@mail.gmail.com>
 <20180404093823.GC25996@kroah.com> <CAKwvOdmk-e5NCkyMT_LX2i5F1X+xGP+ZxAjaJasjgE6FaXKi6w@mail.gmail.com>
 <20180404165914.GA9034@kroah.com> <CAA2zVHoteRJeGM=kmsZmaKP97K0LJhVF872KhpWE192A-=B4SA@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Wed, 4 Apr 2018 12:42:06 -0700
X-Google-Sender-Auth: lZF43To9ro3eqOWuj8m58lN2LDc
Message-ID: <CA+55aFysRcOu7F-kZKNWp_fY1DViQoz7OmXUBeD0xhXROvPYqA@mail.gmail.com>
Subject: Re: [GIT PULL] x86/build changes for v4.17
To:     James Y Knight <jyknight@google.com>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Matthias Kaehlcke <mka@chromium.org>,
        Ingo Molnar <mingo@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Chandler Carruth <chandlerc@google.com>,
        Stephen Hines <srhines@google.com>,
        Kees Cook <keescook@google.com>, groeck@chromium.org,
        Greg Hackmann <ghackmann@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Apr 4, 2018 at 12:26 PM, James Y Knight <jyknight@google.com> wrote:
>
> (OTOH, I _do_ expect clang to eventually gain support for a flag to treat
> NULL-pointer deref as a legal operation instead of UB. I'm not really sure
> it makes sense for the linux kernel, but it's a useful feature for the
> compiler to provide in any case, so why not...)

I would actually argue that this is more closely related to
"-fno-strict-overflow" than to "-fno-delete-null-pointer-checks'.

It just happens to be about pointer arithmetic, rather than about
signed integers. We *will* do arithmetic with NULL pointers that can
wrap.

Yes, the kernel does odd things with pointers in general. I won't
apologize for it, because we have really good reasons for doing so.

The whole "we take offsets of pointers even *backwards*" is because we
extensively rely on embedding structures inside each other. If clang
actually did proper optimization, it would have noticed that the
"offset backwards" was followed by an "offset forwards" and then a
NULL pointer check, and that there actually was no actual real
wrapping or non-contiguous behavior in reality.

But clang didn't do that, and instead blindly said "you're going
forwards and the result can't be NULL", without ever looking at "oh,
they went backwards first".

So honestly, part of the problem we had with clang was that it was too
*stupid* to see that what we did wasn't actually invalid even by
clang's own standards!

I'm not saying that the kernel use is really standards compliant,
because there definitely are those temporary pointer values (that are
never used!) that point outside an object.

But honestly, the clang "optimization" is really quite debatable, and
we'd want to turn it off - or just have clang be smarter enough that
it sees that "oh, it all stays within the object after all".

We do other things to pointers that the standard may not cover. Deal
with it. Any malloc() library will similarly just depend on pointer
arithmetic really working. We may admittedly take it to some
ridiculous degrees, with the whole "ok, we assign negative values to
pointers as error cases" in addition to the "we use container_of() to
look uip pointers *backwards*" thing.

So we'd definitely want that "-fno-strict-overflow" to affect pointer
arithmetic too (or have a separate flag for the pointer equivalent of
"we play games that may temporarily wrap pointer values around"..

                 Linus