2018-09-20 17:22:46

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 00/15] Compiler Attributes

The Compiler Attributes series is an effort to disentangle
the include/linux/compiler*.h headers and bring them up to date.

The main idea behind the series is to use feature checking macros
(i.e. __has_attribute) instead of compiler version checks (e.g. GCC_VERSION),
which are compiler-agnostic (so they can be shared, reducing the size
of compiler-specific headers) and version-agnostic.

Other related improvements have been performed in the headers as well,
which on top of the use of __has_attribute it has amounted to a significant
simplification of these headers (e.g. GCC_VERSION is now only guarding 4
non-attribute macros).

This series should also help the efforts to support compiling the kernel
with clang and icc. A fair amount of documentation and comments have also
been added, clarified or removed; and the headers are now more readable,
which should help kernel developers in general.

The series was triggered due to the move to gcc >= 4.6. In turn, this series
has also triggered Sparse to gain the ability to recognize __has_attribute
on its own.

Finally, the nonstring variable attribute series has been applied on top
of this one.

You can also fetch it from:

https://github.com/ojeda/linux/tree/compiler-attributes-v5

Enjoy!

Cheers,
Miguel

Cc: Andreas Dilger <[email protected]>
Cc: Masahiro Yamada <[email protected]>
Cc: Michal Marek <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Mauro Carvalho Chehab <[email protected]>
Cc: Olof Johansson <[email protected]>
Cc: Konstantin Ryabitsev <[email protected]>
Cc: David S. Miller <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Paul Lawrence <[email protected]>
Cc: Sandipan Das <[email protected]>
Cc: Andrey Konovalov <[email protected]>
Cc: David Woodhouse <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Philippe Ombredanne <[email protected]>
Cc: Paul Burton <[email protected]>
Cc: David Rientjes <[email protected]>
Cc: Willy Tarreau <[email protected]>
Cc: Martin Sebor <[email protected]>
Cc: Christopher Li <[email protected]>
Cc: Jonathan Corbet <[email protected]>
Cc: Theodore Ts'o <[email protected]>
Cc: Geert Uytterhoeven <[email protected]>
Cc: Rasmus Villemoes <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Arnd Bergmann <[email protected]>
Cc: Dominique Martinet <[email protected]>
Cc: Stefan Agner <[email protected]>
Cc: Luc Van Oostenryck <[email protected]>
Cc: Nick Desaulniers <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]

v4 -> v5

* Removed the 2 __naked patches, since Greg just applied them to master;
and rebased on top of that. The only change in the range-diff is in
"Compiler Attributes: always use the extra-underscores syntax" due
to the move of __naked to compiler_types.h.

* Applied the nonstring series on top of this one (last 4 patches).
Rationale:
- the nonstring series would anyway be modified again by this one
(so it has been rebased after the general cleanup).
- ext4's "local" nonstring was merged
- easier to manage (and easier to see the end result)

The first 2 patches of the last 4 add the warning back at W=1 and
add the __nonstring attribute. The other two serve as an example
of usage and as a cleanup.

* Cc lists removed from each commit; using a single list in the cover letter;
and a new, revised list of Cc (wider audience).

Miguel Ojeda (15):
Compiler Attributes: remove unused attributes
Compiler Attributes: always use the extra-underscores syntax
Compiler Attributes: remove unneeded tests
Compiler Attributes: homogenize __must_be_array
Compiler Attributes: remove unneeded sparse (__CHECKER__) tests
Compiler Attributes: add missing SPDX ID in compiler_types.h
Compiler Attributes: use feature checks instead of version checks
Compiler Attributes: KENTRY used twice the "used" attribute
Compiler Attributes: remove uses of __attribute__ from compiler.h
Compiler Attributes: add Doc/process/programming-language.rst
Compiler Attributes: add MAINTAINERS entry
Compiler Attributes: add support for __nonstring (gcc >= 8)
Compiler Attributes: enable -Wstringop-truncation on W=1 (gcc >= 8)
Compiler Attributes: auxdisplay: panel: use __nonstring
Compiler Attributes: ext4: remove local __nonstring definition

Documentation/process/index.rst | 1 +
.../process/programming-language.rst | 45 +++
MAINTAINERS | 5 +
drivers/auxdisplay/panel.c | 7 +-
fs/ext4/ext4.h | 9 -
include/linux/compiler-clang.h | 5 -
include/linux/compiler-gcc.h | 70 +----
include/linux/compiler-intel.h | 9 -
include/linux/compiler.h | 19 +-
include/linux/compiler_attributes.h | 258 ++++++++++++++++++
include/linux/compiler_types.h | 101 +------
scripts/Makefile.extrawarn | 1 +
12 files changed, 341 insertions(+), 189 deletions(-)
create mode 100644 Documentation/process/programming-language.rst
create mode 100644 include/linux/compiler_attributes.h

--
2.17.1


2018-09-30 17:46:24

by Miguel Ojeda

[permalink] [raw]
Subject: Re: [PATCH v5 00/15] Compiler Attributes

On Mon, Sep 24, 2018 at 4:36 PM Luc Van Oostenryck
<[email protected]> wrote:
>
> On Thu, Sep 20, 2018 at 07:22:46PM +0200, Miguel Ojeda wrote:
> > The Compiler Attributes series is an effort to disentangle
> > the include/linux/compiler*.h headers and bring them up to date.
> >
> > The main idea behind the series is to use feature checking macros
> > (i.e. __has_attribute) instead of compiler version checks (e.g. GCC_VERSION),
> > which are compiler-agnostic (so they can be shared, reducing the size
> > of compiler-specific headers) and version-agnostic.
> >
> > Other related improvements have been performed in the headers as well,
> > which on top of the use of __has_attribute it has amounted to a significant
> > simplification of these headers (e.g. GCC_VERSION is now only guarding 4
> > non-attribute macros).
> >
> > This series should also help the efforts to support compiling the kernel
> > with clang and icc. A fair amount of documentation and comments have also
> > been added, clarified or removed; and the headers are now more readable,
> > which should help kernel developers in general.
> >
> > The series was triggered due to the move to gcc >= 4.6. In turn, this series
> > has also triggered Sparse to gain the ability to recognize __has_attribute
> > on its own.
> >
> > Finally, the nonstring variable attribute series has been applied on top
> > of this one.
>
> Hi Miguel,
> Feel free to add my
> Reviewed-by: Luc Van Oostenryck <[email protected]>
> on patches 11-15 (I think the others ones already have it).
>

Done for both Nick and you!

Cheers,
Miguel

2018-09-24 20:38:42

by Luc Van Oostenryck

[permalink] [raw]
Subject: Re: [PATCH v5 00/15] Compiler Attributes

On Thu, Sep 20, 2018 at 07:22:46PM +0200, Miguel Ojeda wrote:
> The Compiler Attributes series is an effort to disentangle
> the include/linux/compiler*.h headers and bring them up to date.
>
> The main idea behind the series is to use feature checking macros
> (i.e. __has_attribute) instead of compiler version checks (e.g. GCC_VERSION),
> which are compiler-agnostic (so they can be shared, reducing the size
> of compiler-specific headers) and version-agnostic.
>
> Other related improvements have been performed in the headers as well,
> which on top of the use of __has_attribute it has amounted to a significant
> simplification of these headers (e.g. GCC_VERSION is now only guarding 4
> non-attribute macros).
>
> This series should also help the efforts to support compiling the kernel
> with clang and icc. A fair amount of documentation and comments have also
> been added, clarified or removed; and the headers are now more readable,
> which should help kernel developers in general.
>
> The series was triggered due to the move to gcc >= 4.6. In turn, this series
> has also triggered Sparse to gain the ability to recognize __has_attribute
> on its own.
>
> Finally, the nonstring variable attribute series has been applied on top
> of this one.

Hi Miguel,
Feel free to add my
Reviewed-by: Luc Van Oostenryck <[email protected]>
on patches 11-15 (I think the others ones already have it).

-- Luc

2018-09-30 17:49:03

by Miguel Ojeda

[permalink] [raw]
Subject: Re: [PATCH v5 12/15] Compiler Attributes: add support for __nonstring (gcc >= 8)

On Thu, Sep 20, 2018 at 10:08 PM Kees Cook <[email protected]> wrote:
>
> Reviewed-by: Kees Cook <[email protected]>
>

Done! Thanks!

Cheers,
Miguel

2018-09-30 17:50:21

by Miguel Ojeda

[permalink] [raw]
Subject: Re: [PATCH v5 13/15] Compiler Attributes: enable -Wstringop-truncation on W=1 (gcc >= 8)

On Thu, Sep 20, 2018 at 9:56 PM Kees Cook <[email protected]> wrote:
>
> Yessss. :)
>
> Reviewed-by: Kees Cook <[email protected]>

Done! Thanks! :)

Cheers,
Miguel

2018-09-20 17:22:47

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 01/15] Compiler Attributes: remove unused attributes

__optimize and __deprecate_for_modules are unused in
the whole kernel tree. Simply drop them.

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler-gcc.h | 2 --
include/linux/compiler.h | 4 ----
include/linux/compiler_types.h | 1 -
3 files changed, 7 deletions(-)

diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 4d36b27214fd..1302b425e625 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -81,8 +81,6 @@

#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)

-#define __optimize(level) __attribute__((__optimize__(level)))
-
#define __compiletime_object_size(obj) __builtin_object_size(obj, 0)

#ifndef __CHECKER__
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 681d866efb1e..7c0157d50964 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -301,10 +301,6 @@ static inline void *offset_to_ptr(const int *off)

#endif /* __ASSEMBLY__ */

-#ifndef __optimize
-# define __optimize(level)
-#endif
-
/* Compile time object size, -1 for unknown */
#ifndef __compiletime_object_size
# define __compiletime_object_size(obj) -1
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index db192becfec4..a19562cb047c 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -108,7 +108,6 @@ struct ftrace_likely_data {

/* Don't. Just don't. */
#define __deprecated
-#define __deprecated_for_modules

#endif /* __KERNEL__ */

--
2.17.1

2018-09-20 17:22:48

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 02/15] Compiler Attributes: always use the extra-underscores syntax

The attribute syntax optionally allows to surround attribute names
with "__" in order to avoid collisions with macros of the same name
(see https://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html).

This homogenizes all attributes to use the syntax with underscores.
While there are currently only a handful of cases of some TUs defining
macros like "error" which may collide with the attributes,
this should prevent futures surprises.

This has been done only for "standard" attributes supported by
the major compilers. In other words, those of third-party tools
(e.g. sparse, plugins...) have not been changed for the moment.

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler-clang.h | 2 +-
include/linux/compiler-gcc.h | 12 +++++-----
include/linux/compiler-intel.h | 2 +-
include/linux/compiler.h | 8 +++----
include/linux/compiler_types.h | 42 +++++++++++++++++-----------------
5 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
index b1ce500fe8b3..d11cad61ba5c 100644
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@@ -21,7 +21,7 @@
#define __SANITIZE_ADDRESS__
#endif

-#define __no_sanitize_address __attribute__((no_sanitize("address")))
+#define __no_sanitize_address __attribute__((__no_sanitize__("address")))

/*
* Not all versions of clang implement the the type-generic versions
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 1302b425e625..7a1de7683df5 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -76,7 +76,7 @@
#endif

#ifdef RETPOLINE
-#define __noretpoline __attribute__((indirect_branch("keep")))
+#define __noretpoline __attribute__((__indirect_branch__("keep")))
#endif

#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
@@ -84,8 +84,8 @@
#define __compiletime_object_size(obj) __builtin_object_size(obj, 0)

#ifndef __CHECKER__
-#define __compiletime_warning(message) __attribute__((warning(message)))
-#define __compiletime_error(message) __attribute__((error(message)))
+#define __compiletime_warning(message) __attribute__((__warning__(message)))
+#define __compiletime_error(message) __attribute__((__error__(message)))

#ifdef LATENT_ENTROPY_PLUGIN
#define __latent_entropy __attribute__((latent_entropy))
@@ -134,7 +134,7 @@
* optimizer that something else uses this function or variable, thus preventing
* this.
*/
-#define __visible __attribute__((externally_visible))
+#define __visible __attribute__((__externally_visible__))

/* gcc version specific checks */

@@ -191,7 +191,7 @@
* should not be applied to that function.
* Conflicts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
*/
-#define __no_sanitize_address __attribute__((no_sanitize_address))
+#define __no_sanitize_address __attribute__((__no_sanitize_address__))
#endif

#if GCC_VERSION >= 50100
@@ -199,7 +199,7 @@
* Mark structures as requiring designated initializers.
* https://gcc.gnu.org/onlinedocs/gcc/Designated-Inits.html
*/
-#define __designated_init __attribute__((designated_init))
+#define __designated_init __attribute__((__designated_init__))
#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
#endif

diff --git a/include/linux/compiler-intel.h b/include/linux/compiler-intel.h
index 4c7f9befa9f6..fef8bb3e53ef 100644
--- a/include/linux/compiler-intel.h
+++ b/include/linux/compiler-intel.h
@@ -42,4 +42,4 @@
* and may be redefined here because they should not be shared with other
* compilers, like clang.
*/
-#define __visible __attribute__((externally_visible))
+#define __visible __attribute__((__externally_visible__))
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 7c0157d50964..ec4a28bad2c6 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -24,7 +24,7 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
long ______r; \
static struct ftrace_likely_data \
__attribute__((__aligned__(4))) \
- __attribute__((section("_ftrace_annotated_branch"))) \
+ __attribute__((__section__("_ftrace_annotated_branch"))) \
______f = { \
.data.func = __func__, \
.data.file = __FILE__, \
@@ -60,7 +60,7 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
int ______r; \
static struct ftrace_branch_data \
__attribute__((__aligned__(4))) \
- __attribute__((section("_ftrace_branch"))) \
+ __attribute__((__section__("_ftrace_branch"))) \
______f = { \
.func = __func__, \
.file = __FILE__, \
@@ -146,7 +146,7 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
extern typeof(sym) sym; \
static const unsigned long __kentry_##sym \
__used \
- __attribute__((section("___kentry" "+" #sym ), used)) \
+ __attribute__((__section__("___kentry" "+" #sym ), used)) \
= (unsigned long)&sym;
#endif

@@ -287,7 +287,7 @@ unsigned long read_word_at_a_time(const void *addr)
* visible to the compiler.
*/
#define __ADDRESSABLE(sym) \
- static void * __attribute__((section(".discard.addressable"), used)) \
+ static void * __attribute__((__section__(".discard.addressable"), used)) \
__PASTE(__addressable_##sym, __LINE__) = (void *)&sym;

/**
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index a19562cb047c..8fbdd47dd3d0 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -195,26 +195,26 @@ struct ftrace_likely_data {
* would be.
* [...]
*/
-#define __pure __attribute__((pure))
-#define __aligned(x) __attribute__((aligned(x)))
-#define __aligned_largest __attribute__((aligned))
-#define __printf(a, b) __attribute__((format(printf, a, b)))
-#define __scanf(a, b) __attribute__((format(scanf, a, b)))
-#define __maybe_unused __attribute__((unused))
-#define __always_unused __attribute__((unused))
-#define __mode(x) __attribute__((mode(x)))
+#define __pure __attribute__((__pure__))
+#define __aligned(x) __attribute__((__aligned__(x)))
+#define __aligned_largest __attribute__((__aligned__))
+#define __printf(a, b) __attribute__((__format__(printf, a, b)))
+#define __scanf(a, b) __attribute__((__format__(scanf, a, b)))
+#define __maybe_unused __attribute__((__unused__))
+#define __always_unused __attribute__((__unused__))
+#define __mode(x) __attribute__((__mode__(x)))
#define __malloc __attribute__((__malloc__))
#define __used __attribute__((__used__))
-#define __noreturn __attribute__((noreturn))
-#define __packed __attribute__((packed))
-#define __weak __attribute__((weak))
-#define __alias(symbol) __attribute__((alias(#symbol)))
-#define __cold __attribute__((cold))
+#define __noreturn __attribute__((__noreturn__))
+#define __packed __attribute__((__packed__))
+#define __weak __attribute__((__weak__))
+#define __alias(symbol) __attribute__((__alias__(#symbol)))
+#define __cold __attribute__((__cold__))
#define __section(S) __attribute__((__section__(#S)))


#ifdef CONFIG_ENABLE_MUST_CHECK
-#define __must_check __attribute__((warn_unused_result))
+#define __must_check __attribute__((__warn_unused_result__))
#else
#define __must_check
#endif
@@ -222,7 +222,7 @@ struct ftrace_likely_data {
#if defined(CC_USING_HOTPATCH) && !defined(__CHECKER__)
#define notrace __attribute__((hotpatch(0, 0)))
#else
-#define notrace __attribute__((no_instrument_function))
+#define notrace __attribute__((__no_instrument_function__))
#endif

/*
@@ -231,7 +231,7 @@ struct ftrace_likely_data {
* stack and frame pointer being set up and there is no chance to
* restore the lr register to the value before mcount was called.
*/
-#define __naked __attribute__((naked)) notrace
+#define __naked __attribute__((__naked__)) notrace

#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)

@@ -242,7 +242,7 @@ struct ftrace_likely_data {
* defined so the gnu89 semantics are the default.
*/
#ifdef __GNUC_STDC_INLINE__
-# define __gnu_inline __attribute__((gnu_inline))
+# define __gnu_inline __attribute__((__gnu_inline__))
#else
# define __gnu_inline
#endif
@@ -262,17 +262,17 @@ struct ftrace_likely_data {
#if !defined(CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING) || \
!defined(CONFIG_OPTIMIZE_INLINING)
#define inline \
- inline __attribute__((always_inline, unused)) notrace __gnu_inline
+ inline __attribute__((__always_inline__, __unused__)) notrace __gnu_inline
#else
-#define inline inline __attribute__((unused)) notrace __gnu_inline
+#define inline inline __attribute__((__unused__)) notrace __gnu_inline
#endif

#define __inline__ inline
#define __inline inline
-#define noinline __attribute__((noinline))
+#define noinline __attribute__((__noinline__))

#ifndef __always_inline
-#define __always_inline inline __attribute__((always_inline))
+#define __always_inline inline __attribute__((__always_inline__))
#endif

/*
--
2.17.1

2018-09-20 17:22:49

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 03/15] Compiler Attributes: remove unneeded tests

Attributes const and always_inline have tests around them
which are unneeded, since they are supported by gcc >= 4.6,
clang >= 3 and icc >= 13. https://godbolt.org/z/DFPq37

In the case of gnu_inline, we do not need to test for
__GNUC_STDC_INLINE__ because, regardless of the current
inlining behavior, we can simply always force the old
GCC inlining behavior by using the attribute in all cases.

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler_types.h | 23 +++--------------------
1 file changed, 3 insertions(+), 20 deletions(-)

diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index 8fbdd47dd3d0..5ff9cda893f4 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -158,10 +158,6 @@ struct ftrace_likely_data {
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))

-#ifndef __attribute_const__
-#define __attribute_const__ __attribute__((__const__))
-#endif
-
#ifndef __noclone
#define __noclone
#endif
@@ -196,6 +192,7 @@ struct ftrace_likely_data {
* [...]
*/
#define __pure __attribute__((__pure__))
+#define __attribute_const__ __attribute__((__const__))
#define __aligned(x) __attribute__((__aligned__(x)))
#define __aligned_largest __attribute__((__aligned__))
#define __printf(a, b) __attribute__((__format__(printf, a, b)))
@@ -211,6 +208,8 @@ struct ftrace_likely_data {
#define __alias(symbol) __attribute__((__alias__(#symbol)))
#define __cold __attribute__((__cold__))
#define __section(S) __attribute__((__section__(#S)))
+#define __always_inline inline __attribute__((__always_inline__))
+#define __gnu_inline __attribute__((__gnu_inline__))


#ifdef CONFIG_ENABLE_MUST_CHECK
@@ -235,18 +234,6 @@ struct ftrace_likely_data {

#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)

-/*
- * Feature detection for gnu_inline (gnu89 extern inline semantics). Either
- * __GNUC_STDC_INLINE__ is defined (not using gnu89 extern inline semantics,
- * and we opt in to the gnu89 semantics), or __GNUC_STDC_INLINE__ is not
- * defined so the gnu89 semantics are the default.
- */
-#ifdef __GNUC_STDC_INLINE__
-# define __gnu_inline __attribute__((__gnu_inline__))
-#else
-# define __gnu_inline
-#endif
-
/*
* Force always-inline if the user requests it so via the .config.
* GCC does not warn about unused static inline functions for
@@ -271,10 +258,6 @@ struct ftrace_likely_data {
#define __inline inline
#define noinline __attribute__((__noinline__))

-#ifndef __always_inline
-#define __always_inline inline __attribute__((__always_inline__))
-#endif
-
/*
* Rather then using noinline to prevent stack consumption, use
* noinline_for_stack instead. For documentation reasons.
--
2.17.1

2018-09-20 17:22:51

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 05/15] Compiler Attributes: remove unneeded sparse (__CHECKER__) tests

Sparse knows about a few more attributes now, so we can remove
the __CHECKER__ conditions from them (which, in turn, allow us
to move some of them later on to compiler_attributes.h).

* assume_aligned: since sparse's commit ffc860b ("sparse:
ignore __assume_aligned__ attribute"), included in 0.5.1

* error: since sparse's commit 0a04210 ("sparse: Add 'error'
to ignored attributes"), included in 0.5.0

* hotpatch: since sparse's commit 6043210 ("sparse/parse.c:
ignore hotpatch attribute"), included in 0.5.1

* warning: since sparse's commit 977365d ("Avoid "attribute
'warning': unknown attribute" warning"), included in 0.4.2

On top of that, __must_be_array does not need it either because:

* Even ancient versions of sparse do not have a problem

* BUILD_BUG_ON_ZERO() is currently disabled for __CHECKER__

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler-gcc.h | 6 ++----
include/linux/compiler.h | 4 ----
include/linux/compiler_types.h | 2 +-
3 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 3b32bbfa5a49..1ca6a51cfaa9 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -76,14 +76,12 @@

#define __compiletime_object_size(obj) __builtin_object_size(obj, 0)

-#ifndef __CHECKER__
#define __compiletime_warning(message) __attribute__((__warning__(message)))
#define __compiletime_error(message) __attribute__((__error__(message)))

-#ifdef LATENT_ENTROPY_PLUGIN
+#if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__)
#define __latent_entropy __attribute__((latent_entropy))
#endif
-#endif /* __CHECKER__ */

/*
* calling noreturn functions, __builtin_unreachable() and __builtin_trap()
@@ -131,7 +129,7 @@

/* gcc version specific checks */

-#if GCC_VERSION >= 40900 && !defined(__CHECKER__)
+#if GCC_VERSION >= 40900
/*
* __assume_aligned(n, k): Tell the optimizer that the returned
* pointer can be assumed to be k modulo n. The second argument is
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 165b1d5683ed..4030a2940d6b 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -357,11 +357,7 @@ static inline void *offset_to_ptr(const int *off)
compiletime_assert(__native_word(t), \
"Need native word sized stores/loads for atomicity.")

-#ifdef __CHECKER__
-#define __must_be_array(a) 0
-#else
/* &a[0] degrades to a pointer: a different type from an array */
#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
-#endif

#endif /* __LINUX_COMPILER_H */
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index 5ff9cda893f4..a3eceb3ad1b3 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -218,7 +218,7 @@ struct ftrace_likely_data {
#define __must_check
#endif

-#if defined(CC_USING_HOTPATCH) && !defined(__CHECKER__)
+#if defined(CC_USING_HOTPATCH)
#define notrace __attribute__((hotpatch(0, 0)))
#else
#define notrace __attribute__((__no_instrument_function__))
--
2.17.1

2018-09-20 17:22:50

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 04/15] Compiler Attributes: homogenize __must_be_array

Different definitions of __must_be_array:

* gcc: disabled for __CHECKER__

* clang: same definition as gcc's, but without __CHECKER__

* intel: the comment claims __builtin_types_compatible_p()
is unsupported; but icc seems to support it since 13.0.1
(released in 2012). See https://godbolt.org/z/S0l6QQ

Therefore, we can remove all of them and have a single definition
in compiler.h

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler-clang.h | 1 -
include/linux/compiler-gcc.h | 7 -------
include/linux/compiler-intel.h | 3 ---
include/linux/compiler.h | 7 +++++++
4 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
index d11cad61ba5c..fa9532f8d885 100644
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@@ -41,6 +41,5 @@
* compilers, like ICC.
*/
#define barrier() __asm__ __volatile__("" : : : "memory")
-#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
#define __assume_aligned(a, ...) \
__attribute__((__assume_aligned__(a, ## __VA_ARGS__)))
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 7a1de7683df5..3b32bbfa5a49 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -68,13 +68,6 @@
*/
#define uninitialized_var(x) x = x

-#ifdef __CHECKER__
-#define __must_be_array(a) 0
-#else
-/* &a[0] degrades to a pointer: a different type from an array */
-#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
-#endif
-
#ifdef RETPOLINE
#define __noretpoline __attribute__((__indirect_branch__("keep")))
#endif
diff --git a/include/linux/compiler-intel.h b/include/linux/compiler-intel.h
index fef8bb3e53ef..6004b4588bd4 100644
--- a/include/linux/compiler-intel.h
+++ b/include/linux/compiler-intel.h
@@ -29,9 +29,6 @@
*/
#define OPTIMIZER_HIDE_VAR(var) barrier()

-/* Intel ECC compiler doesn't support __builtin_types_compatible_p() */
-#define __must_be_array(a) 0
-
#endif

/* icc has this, but it's called _bswap16 */
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index ec4a28bad2c6..165b1d5683ed 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -357,4 +357,11 @@ static inline void *offset_to_ptr(const int *off)
compiletime_assert(__native_word(t), \
"Need native word sized stores/loads for atomicity.")

+#ifdef __CHECKER__
+#define __must_be_array(a) 0
+#else
+/* &a[0] degrades to a pointer: a different type from an array */
+#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
+#endif
+
#endif /* __LINUX_COMPILER_H */
--
2.17.1

2018-09-20 17:22:52

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 06/15] Compiler Attributes: add missing SPDX ID in compiler_types.h

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler_types.h | 1 +
1 file changed, 1 insertion(+)

diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index a3eceb3ad1b3..ed7c0e4a180e 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __LINUX_COMPILER_TYPES_H
#define __LINUX_COMPILER_TYPES_H

--
2.17.1

2018-09-20 17:22:54

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 08/15] Compiler Attributes: KENTRY used twice the "used" attribute

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 4030a2940d6b..17ee9165ca51 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -146,7 +146,7 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
extern typeof(sym) sym; \
static const unsigned long __kentry_##sym \
__used \
- __attribute__((__section__("___kentry" "+" #sym ), used)) \
+ __attribute__((__section__("___kentry" "+" #sym ))) \
= (unsigned long)&sym;
#endif

--
2.17.1

2018-09-20 17:22:53

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 07/15] Compiler Attributes: use feature checks instead of version checks

Instead of using version checks per-compiler to define (or not)
each attribute, use __has_attribute to test for them, following
the cleanup started with commit 815f0ddb346c
("include/linux/compiler*.h: make compiler-*.h mutually exclusive"),
which is supported on gcc >= 5, clang >= 2.9 and icc >= 17.
In the meantime, to support 4.6 <= gcc < 5, we implement
__has_attribute by hand.

All the attributes that can be unconditionally defined and directly
map to compiler attribute(s) (even if optional) have been moved
to a new file include/linux/compiler_attributes.h

In an effort to make the file as regular as possible, comments
stating the purpose of attributes have been removed. Instead,
links to the compiler docs have been added (i.e. to gcc and,
if available, to clang as well). In addition, they have been sorted.

Finally, if an attribute is optional (i.e. if it is guarded
by __has_attribute), the reason has been stated for future reference.

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler-clang.h | 4 -
include/linux/compiler-gcc.h | 51 ------
include/linux/compiler-intel.h | 6 -
include/linux/compiler_attributes.h | 244 ++++++++++++++++++++++++++++
include/linux/compiler_types.h | 74 ++-------
5 files changed, 254 insertions(+), 125 deletions(-)
create mode 100644 include/linux/compiler_attributes.h

diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
index fa9532f8d885..3e7dafb3ea80 100644
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@@ -21,8 +21,6 @@
#define __SANITIZE_ADDRESS__
#endif

-#define __no_sanitize_address __attribute__((__no_sanitize__("address")))
-
/*
* Not all versions of clang implement the the type-generic versions
* of the builtin overflow checkers. Fortunately, clang implements
@@ -41,5 +39,3 @@
* compilers, like ICC.
*/
#define barrier() __asm__ __volatile__("" : : : "memory")
-#define __assume_aligned(a, ...) \
- __attribute__((__assume_aligned__(a, ## __VA_ARGS__)))
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index 1ca6a51cfaa9..cfac027e1625 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -108,9 +108,6 @@
__builtin_unreachable(); \
} while (0)

-/* Mark a function definition as prohibited from being cloned. */
-#define __noclone __attribute__((__noclone__, __optimize__("no-tracer")))
-
#if defined(RANDSTRUCT_PLUGIN) && !defined(__CHECKER__)
#define __randomize_layout __attribute__((randomize_layout))
#define __no_randomize_layout __attribute__((no_randomize_layout))
@@ -119,32 +116,6 @@
#define randomized_struct_fields_end } __randomize_layout;
#endif

-/*
- * When used with Link Time Optimization, gcc can optimize away C functions or
- * variables which are referenced only from assembly code. __visible tells the
- * optimizer that something else uses this function or variable, thus preventing
- * this.
- */
-#define __visible __attribute__((__externally_visible__))
-
-/* gcc version specific checks */
-
-#if GCC_VERSION >= 40900
-/*
- * __assume_aligned(n, k): Tell the optimizer that the returned
- * pointer can be assumed to be k modulo n. The second argument is
- * optional (default 0), so we use a variadic macro to make the
- * shorthand.
- *
- * Beware: Do not apply this to functions which may return
- * ERR_PTRs. Also, it is probably unwise to apply it to functions
- * returning extra information in the low bits (but in that case the
- * compiler should see some alignment anyway, when the return value is
- * massaged by 'flags = ptr & 3; ptr &= ~3;').
- */
-#define __assume_aligned(a, ...) __attribute__((__assume_aligned__(a, ## __VA_ARGS__)))
-#endif
-
/*
* GCC 'asm goto' miscompiles certain code sequences:
*
@@ -176,32 +147,10 @@
#define KASAN_ABI_VERSION 3
#endif

-#if GCC_VERSION >= 40902
-/*
- * Tell the compiler that address safety instrumentation (KASAN)
- * should not be applied to that function.
- * Conflicts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
- */
-#define __no_sanitize_address __attribute__((__no_sanitize_address__))
-#endif
-
#if GCC_VERSION >= 50100
-/*
- * Mark structures as requiring designated initializers.
- * https://gcc.gnu.org/onlinedocs/gcc/Designated-Inits.html
- */
-#define __designated_init __attribute__((__designated_init__))
#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
#endif

-#if !defined(__noclone)
-#define __noclone /* not needed */
-#endif
-
-#if !defined(__no_sanitize_address)
-#define __no_sanitize_address
-#endif
-
/*
* Turn individual warnings and errors on and off locally, depending
* on version.
diff --git a/include/linux/compiler-intel.h b/include/linux/compiler-intel.h
index 6004b4588bd4..517bd14e1222 100644
--- a/include/linux/compiler-intel.h
+++ b/include/linux/compiler-intel.h
@@ -34,9 +34,3 @@
/* icc has this, but it's called _bswap16 */
#define __HAVE_BUILTIN_BSWAP16__
#define __builtin_bswap16 _bswap16
-
-/* The following are for compatibility with GCC, from compiler-gcc.h,
- * and may be redefined here because they should not be shared with other
- * compilers, like clang.
- */
-#define __visible __attribute__((__externally_visible__))
diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
new file mode 100644
index 000000000000..f0f9fc398440
--- /dev/null
+++ b/include/linux/compiler_attributes.h
@@ -0,0 +1,244 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __LINUX_COMPILER_ATTRIBUTES_H
+#define __LINUX_COMPILER_ATTRIBUTES_H
+
+/*
+ * The attributes in this file are unconditionally defined and they directly
+ * map to compiler attribute(s) -- except those that are optional.
+ *
+ * Any other "attributes" (i.e. those that depend on a configuration option,
+ * on a compiler, on an architecture, on plugins, on other attributes...)
+ * should be defined elsewhere (e.g. compiler_types.h or compiler-*.h).
+ *
+ * This file is meant to be sorted (by actual attribute name,
+ * not by #define identifier). Use the __attribute__((__name__)) syntax
+ * (i.e. with underscores) to avoid future collisions with other macros.
+ * If an attribute is optional, state the reason in the comment.
+ */
+
+/*
+ * To check for optional attributes, we use __has_attribute, which is supported
+ * on gcc >= 5, clang >= 2.9 and icc >= 17. In the meantime, to support
+ * 4.6 <= gcc < 5, we implement __has_attribute by hand.
+ *
+ * sparse does not support __has_attribute (yet) and defines __GNUC_MINOR__
+ * depending on the compiler used to build it; however, these attributes have
+ * no semantic effects for sparse, so it does not matter. Also note that,
+ * in order to avoid sparse's warnings, even the unsupported ones must be
+ * defined to 0.
+ */
+#ifndef __has_attribute
+# define __has_attribute(x) __GCC4_has_attribute_##x
+# define __GCC4_has_attribute___assume_aligned__ (__GNUC_MINOR__ >= 9)
+# define __GCC4_has_attribute___designated_init__ 0
+# define __GCC4_has_attribute___externally_visible__ 1
+# define __GCC4_has_attribute___noclone__ 1
+# define __GCC4_has_attribute___optimize__ 1
+# define __GCC4_has_attribute___no_sanitize_address__ (__GNUC_MINOR__ >= 8)
+#endif
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-alias-function-attribute
+ */
+#define __alias(symbol) __attribute__((__alias__(#symbol)))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-aligned-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-aligned-type-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-aligned-variable-attribute
+ */
+#define __aligned(x) __attribute__((__aligned__(x)))
+#define __aligned_largest __attribute__((__aligned__))
+
+/*
+ * Note: users of __always_inline currently do not write "inline" themselves,
+ * which seems to be required by gcc to apply the attribute according
+ * to its docs (and also "warning: always_inline function might not be
+ * inlinable [-Wattributes]" is emitted).
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-always_005finline-function-attribute
+ * clang: mentioned
+ */
+#define __always_inline inline __attribute__((__always_inline__))
+
+/*
+ * The second argument is optional (default 0), so we use a variadic macro
+ * to make the shorthand.
+ *
+ * Beware: Do not apply this to functions which may return
+ * ERR_PTRs. Also, it is probably unwise to apply it to functions
+ * returning extra information in the low bits (but in that case the
+ * compiler should see some alignment anyway, when the return value is
+ * massaged by 'flags = ptr & 3; ptr &= ~3;').
+ *
+ * Optional: only supported since gcc >= 4.9
+ * Optional: not supported by icc
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-assume_005faligned-function-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#assume-aligned
+ */
+#if __has_attribute(__assume_aligned__)
+# define __assume_aligned(a, ...) __attribute__((__assume_aligned__(a, ## __VA_ARGS__)))
+#else
+# define __assume_aligned(a, ...)
+#endif
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-cold-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Label-Attributes.html#index-cold-label-attribute
+ */
+#define __cold __attribute__((__cold__))
+
+/*
+ * Note the long name.
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-const-function-attribute
+ */
+#define __attribute_const__ __attribute__((__const__))
+
+/*
+ * Don't. Just don't. See commit 771c035372a0 ("deprecate the '__deprecated'
+ * attribute warnings entirely and for good") for more information.
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-deprecated-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-deprecated-type-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-deprecated-variable-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Enumerator-Attributes.html#index-deprecated-enumerator-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#deprecated
+ */
+#define __deprecated
+
+/*
+ * Optional: only supported since gcc >= 5.1
+ * Optional: not supported by clang
+ * Optional: not supported by icc
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-designated_005finit-type-attribute
+ */
+#if __has_attribute(__designated_init__)
+# define __designated_init __attribute__((__designated_init__))
+#else
+# define __designated_init
+#endif
+
+/*
+ * Optional: not supported by clang
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-externally_005fvisible-function-attribute
+ */
+#if __has_attribute(__externally_visible__)
+# define __visible __attribute__((__externally_visible__))
+#else
+# define __visible
+#endif
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-format-function-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#format
+ */
+#define __printf(a, b) __attribute__((__format__(printf, a, b)))
+#define __scanf(a, b) __attribute__((__format__(scanf, a, b)))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-gnu_005finline-function-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#gnu-inline
+ */
+#define __gnu_inline __attribute__((__gnu_inline__))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-malloc-function-attribute
+ */
+#define __malloc __attribute__((__malloc__))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-mode-type-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-mode-variable-attribute
+ */
+#define __mode(x) __attribute__((__mode__(x)))
+
+/*
+ * Optional: not supported by clang
+ * Note: icc does not recognize gcc's no-tracer
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-noclone-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-optimize-function-attribute
+ */
+#if __has_attribute(__noclone__)
+# if __has_attribute(__optimize__)
+# define __noclone __attribute__((__noclone__, __optimize__("no-tracer")))
+# else
+# define __noclone __attribute__((__noclone__))
+# endif
+#else
+# define __noclone
+#endif
+
+/*
+ * Note the missing underscores.
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-noinline-function-attribute
+ * clang: mentioned
+ */
+#define noinline __attribute__((__noinline__))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-noreturn-function-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#noreturn
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#id1
+ */
+#define __noreturn __attribute__((__noreturn__))
+
+/*
+ * Optional: only supported since gcc >= 4.8
+ * Optional: not supported by icc
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-no_005fsanitize_005faddress-function-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#no-sanitize-address-no-address-safety-analysis
+ */
+#if __has_attribute(__no_sanitize_address__)
+# define __no_sanitize_address __attribute__((__no_sanitize_address__))
+#else
+# define __no_sanitize_address
+#endif
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-packed-type-attribute
+ * clang: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-packed-variable-attribute
+ */
+#define __packed __attribute__((__packed__))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-pure-function-attribute
+ */
+#define __pure __attribute__((__pure__))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-section-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-section-variable-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#section-declspec-allocate
+ */
+#define __section(S) __attribute__((__section__(#S)))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-unused-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-unused-type-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-unused-variable-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Label-Attributes.html#index-unused-label-attribute
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#maybe-unused-unused
+ */
+#define __always_unused __attribute__((__unused__))
+#define __maybe_unused __attribute__((__unused__))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-used-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-used-variable-attribute
+ */
+#define __used __attribute__((__used__))
+
+/*
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-weak-function-attribute
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-weak-variable-attribute
+ */
+#define __weak __attribute__((__weak__))
+
+#endif /* __LINUX_COMPILER_ATTRIBUTES_H */
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index ed7c0e4a180e..3439d7d0249a 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -55,6 +55,9 @@ extern void __chk_io_ptr(const volatile void __iomem *);

#ifdef __KERNEL__

+/* Attributes */
+#include <linux/compiler_attributes.h>
+
/* Compiler specific macros. */
#ifdef __clang__
#include <linux/compiler-clang.h>
@@ -79,12 +82,6 @@ extern void __chk_io_ptr(const volatile void __iomem *);
#include <asm/compiler.h>
#endif

-/*
- * Generic compiler-independent macros required for kernel
- * build go below this comment. Actual compiler/compiler version
- * specific implementations come from the above header files
- */
-
struct ftrace_branch_data {
const char *func;
const char *file;
@@ -107,9 +104,6 @@ struct ftrace_likely_data {
unsigned long constant;
};

-/* Don't. Just don't. */
-#define __deprecated
-
#endif /* __KERNEL__ */

#endif /* __ASSEMBLY__ */
@@ -119,10 +113,6 @@ struct ftrace_likely_data {
* compilers. We don't consider that to be an error, so set them to nothing.
* For example, some of them are for compiler specific plugins.
*/
-#ifndef __designated_init
-# define __designated_init
-#endif
-
#ifndef __latent_entropy
# define __latent_entropy
#endif
@@ -140,17 +130,6 @@ struct ftrace_likely_data {
# define randomized_struct_fields_end
#endif

-#ifndef __visible
-#define __visible
-#endif
-
-/*
- * Assume alignment of return value.
- */
-#ifndef __assume_aligned
-#define __assume_aligned(a, ...)
-#endif
-
/* Are two types/vars the same type (ignoring qualifiers)? */
#define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))

@@ -159,10 +138,6 @@ struct ftrace_likely_data {
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))

-#ifndef __noclone
-#define __noclone
-#endif
-
/* Helpers for emitting diagnostics in pragmas. */
#ifndef __diag
#define __diag(string)
@@ -182,37 +157,6 @@ struct ftrace_likely_data {
#define __diag_error(compiler, version, option, comment) \
__diag_ ## compiler(version, error, option)

-/*
- * From the GCC manual:
- *
- * Many functions have no effects except the return value and their
- * return value depends only on the parameters and/or global
- * variables. Such a function can be subject to common subexpression
- * elimination and loop optimization just as an arithmetic operator
- * would be.
- * [...]
- */
-#define __pure __attribute__((__pure__))
-#define __attribute_const__ __attribute__((__const__))
-#define __aligned(x) __attribute__((__aligned__(x)))
-#define __aligned_largest __attribute__((__aligned__))
-#define __printf(a, b) __attribute__((__format__(printf, a, b)))
-#define __scanf(a, b) __attribute__((__format__(scanf, a, b)))
-#define __maybe_unused __attribute__((__unused__))
-#define __always_unused __attribute__((__unused__))
-#define __mode(x) __attribute__((__mode__(x)))
-#define __malloc __attribute__((__malloc__))
-#define __used __attribute__((__used__))
-#define __noreturn __attribute__((__noreturn__))
-#define __packed __attribute__((__packed__))
-#define __weak __attribute__((__weak__))
-#define __alias(symbol) __attribute__((__alias__(#symbol)))
-#define __cold __attribute__((__cold__))
-#define __section(S) __attribute__((__section__(#S)))
-#define __always_inline inline __attribute__((__always_inline__))
-#define __gnu_inline __attribute__((__gnu_inline__))
-
-
#ifdef CONFIG_ENABLE_MUST_CHECK
#define __must_check __attribute__((__warn_unused_result__))
#else
@@ -246,18 +190,20 @@ struct ftrace_likely_data {
* semantics rather than c99. This prevents multiple symbol definition errors
* of extern inline functions at link time.
* A lot of inline functions can cause havoc with function tracing.
+ * Do not use __always_inline here, since currently it expands to inline again
+ * (which would break users of __always_inline).
*/
#if !defined(CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING) || \
!defined(CONFIG_OPTIMIZE_INLINING)
-#define inline \
- inline __attribute__((__always_inline__, __unused__)) notrace __gnu_inline
+#define inline inline __attribute__((__always_inline__)) __gnu_inline \
+ __maybe_unused notrace
#else
-#define inline inline __attribute__((__unused__)) notrace __gnu_inline
+#define inline inline __gnu_inline \
+ __maybe_unused notrace
#endif

#define __inline__ inline
-#define __inline inline
-#define noinline __attribute__((__noinline__))
+#define __inline inline

/*
* Rather then using noinline to prevent stack consumption, use
--
2.17.1

2018-09-20 17:22:56

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 10/15] Compiler Attributes: add Doc/process/programming-language.rst

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
Documentation/process/index.rst | 1 +
.../process/programming-language.rst | 45 +++++++++++++++++++
2 files changed, 46 insertions(+)
create mode 100644 Documentation/process/programming-language.rst

diff --git a/Documentation/process/index.rst b/Documentation/process/index.rst
index 9ae3e317bddf..00558b6d2649 100644
--- a/Documentation/process/index.rst
+++ b/Documentation/process/index.rst
@@ -23,6 +23,7 @@ Below are the essential guides that every developer should read.
code-of-conduct
development-process
submitting-patches
+ programming-language
coding-style
maintainer-pgp-guide
email-clients
diff --git a/Documentation/process/programming-language.rst b/Documentation/process/programming-language.rst
new file mode 100644
index 000000000000..e5f5f065dc24
--- /dev/null
+++ b/Documentation/process/programming-language.rst
@@ -0,0 +1,45 @@
+.. _programming_language:
+
+Programming Language
+====================
+
+The kernel is written in the C programming language [c-language]_.
+More precisely, the kernel is typically compiled with ``gcc`` [gcc]_
+under ``-std=gnu89`` [gcc-c-dialect-options]_: the GNU dialect of ISO C90
+(including some C99 features).
+
+This dialect contains many extensions to the language [gnu-extensions]_,
+and many of them are used within the kernel as a matter of course.
+
+There is some support for compiling the kernel with ``clang`` [clang]_
+and ``icc`` [icc]_ for several of the architectures, although at the time
+of writing it is not completed, requiring third-party patches.
+
+Attributes
+----------
+
+One of the common extensions used throughout the kernel are attributes
+[gcc-attribute-syntax]_. Attributes allow to introduce
+implementation-defined semantics to language entities (like variables,
+functions or types) without having to make significant syntactic changes
+to the language (e.g. adding a new keyword) [n2049]_.
+
+In some cases, attributes are optional (i.e. a compiler not supporting them
+should still produce proper code, even if it is slower or does not perform
+as many compile-time checks/diagnostics).
+
+The kernel defines pseudo-keywords (e.g. ``__pure``) instead of using
+directly the GNU attribute syntax (e.g. ``__attribute__((__pure__))``)
+in order to feature detect which ones can be used and/or to shorten the code.
+
+Please refer to ``include/linux/compiler_attributes.h`` for more information.
+
+.. [c-language] http://www.open-std.org/jtc1/sc22/wg14/www/standards
+.. [gcc] https://gcc.gnu.org
+.. [clang] https://clang.llvm.org
+.. [icc] https://software.intel.com/en-us/c-compilers
+.. [gcc-c-dialect-options] https://gcc.gnu.org/onlinedocs/gcc/C-Dialect-Options.html
+.. [gnu-extensions] https://gcc.gnu.org/onlinedocs/gcc/C-Extensions.html
+.. [gcc-attribute-syntax] https://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html
+.. [n2049] http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2049.pdf
+
--
2.17.1

2018-09-20 17:22:57

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 11/15] Compiler Attributes: add MAINTAINERS entry

Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
MAINTAINERS | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index e993064637ca..74419b8d00ac 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3722,6 +3722,11 @@ L: [email protected]
S: Maintained
F: drivers/platform/x86/compal-laptop.c

+COMPILER ATTRIBUTES
+M: Miguel Ojeda <[email protected]>
+S: Maintained
+F: include/linux/compiler_attributes.h
+
CONEXANT ACCESSRUNNER USB DRIVER
L: [email protected]
W: http://accessrunner.sourceforge.net/
--
2.17.1

2018-09-20 17:22:58

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 12/15] Compiler Attributes: add support for __nonstring (gcc >= 8)

>From the GCC manual:

nonstring

The nonstring variable attribute specifies that an object or member
declaration with type array of char, signed char, or unsigned char,
or pointer to such a type is intended to store character arrays that
do not necessarily contain a terminating NUL. This is useful in detecting
uses of such arrays or pointers with functions that expect NUL-terminated
strings, and to avoid warnings when such an array or pointer is used as
an argument to a bounded string manipulation function such as strncpy.

https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html

This attribute can be used for documentation purposes (i.e. replacing
comments), but it is most helpful when the following warnings are enabled:

-Wstringop-overflow

Warn for calls to string manipulation functions such as memcpy and
strcpy that are determined to overflow the destination buffer.

[...]

-Wstringop-truncation

Warn for calls to bounded string manipulation functions such as
strncat, strncpy, and stpncpy that may either truncate the copied
string or leave the destination unchanged.

[...]

In situations where a character array is intended to store a sequence
of bytes with no terminating NUL such an array may be annotated with
attribute nonstring to avoid this warning. Such arrays, however,
are not suitable arguments to functions that expect NUL-terminated
strings. To help detect accidental misuses of such arrays GCC issues
warnings unless it can prove that the use is safe.

https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html

Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler_attributes.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)

diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
index f0f9fc398440..6b28c1b7310c 100644
--- a/include/linux/compiler_attributes.h
+++ b/include/linux/compiler_attributes.h
@@ -34,6 +34,7 @@
# define __GCC4_has_attribute___externally_visible__ 1
# define __GCC4_has_attribute___noclone__ 1
# define __GCC4_has_attribute___optimize__ 1
+# define __GCC4_has_attribute___nonstring__ 0
# define __GCC4_has_attribute___no_sanitize_address__ (__GNUC_MINOR__ >= 8)
#endif

@@ -181,6 +182,19 @@
*/
#define noinline __attribute__((__noinline__))

+/*
+ * Optional: only supported since gcc >= 8
+ * Optional: not supported by clang
+ * Optional: not supported by icc
+ *
+ * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-nonstring-variable-attribute
+ */
+#if __has_attribute(__nonstring__)
+# define __nonstring __attribute__((__nonstring__))
+#else
+# define __nonstring
+#endif
+
/*
* gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-noreturn-function-attribute
* clang: https://clang.llvm.org/docs/AttributeReference.html#noreturn
--
2.17.1

2018-09-20 17:22:59

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 13/15] Compiler Attributes: enable -Wstringop-truncation on W=1 (gcc >= 8)

Commit 217c3e019675 ("disable stringop truncation warnings for now")
disabled -Wstringop-truncation since it was too noisy.

Having __nonstring available allows us to let GCC know that a string
is not meant to be NUL-terminated, which helps suppressing some
-Wstringop-truncation warnings.

Note that using __nonstring actually triggers other warnings
(-Wstringop-overflow, which is on by default) which may be real
problems. Therefore, cleaning up -Wstringop-truncation warnings
also buys us the ability to uncover further potential problems.

To encourage the use of __nonstring, we put the warning back at W=1.
In the future, if we end up with a fairly warning-free tree,
we might want to enable it by default.

Signed-off-by: Miguel Ojeda <[email protected]>
---
scripts/Makefile.extrawarn | 1 +
1 file changed, 1 insertion(+)

diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
index 8d5357053f86..b8f36f5f43f2 100644
--- a/scripts/Makefile.extrawarn
+++ b/scripts/Makefile.extrawarn
@@ -29,6 +29,7 @@ warning-1 += $(call cc-option, -Wmissing-include-dirs)
warning-1 += $(call cc-option, -Wunused-but-set-variable)
warning-1 += $(call cc-option, -Wunused-const-variable)
warning-1 += $(call cc-option, -Wpacked-not-aligned)
+warning-1 += $(call cc-option, -Wstringop-truncation)
warning-1 += $(call cc-disable-warning, missing-field-initializers)
warning-1 += $(call cc-disable-warning, sign-compare)

--
2.17.1

2018-09-20 17:23:00

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 14/15] Compiler Attributes: auxdisplay: panel: use __nonstring

Let gcc know these arrays are not meant to be NUL-terminated
by annotating them with the new __nonstring variable attribute;
and remove the comment since it conveys the same information.

Signed-off-by: Miguel Ojeda <[email protected]>
---
drivers/auxdisplay/panel.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/auxdisplay/panel.c b/drivers/auxdisplay/panel.c
index 3b25a643058c..21b9b2f2470a 100644
--- a/drivers/auxdisplay/panel.c
+++ b/drivers/auxdisplay/panel.c
@@ -155,10 +155,9 @@ struct logical_input {
int release_data;
} std;
struct { /* valid when type == INPUT_TYPE_KBD */
- /* strings can be non null-terminated */
- char press_str[sizeof(void *) + sizeof(int)];
- char repeat_str[sizeof(void *) + sizeof(int)];
- char release_str[sizeof(void *) + sizeof(int)];
+ char press_str[sizeof(void *) + sizeof(int)] __nonstring;
+ char repeat_str[sizeof(void *) + sizeof(int)] __nonstring;
+ char release_str[sizeof(void *) + sizeof(int)] __nonstring;
} kbd;
} u;
};
--
2.17.1

2018-09-20 17:23:01

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 15/15] Compiler Attributes: ext4: remove local __nonstring definition

Commit 072ebb3bffe6 ("ext4: add nonstring annotations to ext4.h")
introduced a local definition of __nonstring to suppress some false
positives in gcc 8's -Wstringop-truncation.

Since now we support __nonstring for everyone, remove it.

Signed-off-by: Miguel Ojeda <[email protected]>
---
fs/ext4/ext4.h | 9 ---------
1 file changed, 9 deletions(-)

diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index caff935fbeb8..2acdfdad3d3f 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -45,15 +45,6 @@

#include <linux/compiler.h>

-/* Until this gets included into linux/compiler-gcc.h */
-#ifndef __nonstring
-#if defined(GCC_VERSION) && (GCC_VERSION >= 80000)
-#define __nonstring __attribute__((nonstring))
-#else
-#define __nonstring
-#endif
-#endif
-
/*
* The fourth extended filesystem constants/structures
*/
--
2.17.1

2018-09-20 17:22:55

by Miguel Ojeda

[permalink] [raw]
Subject: [PATCH v5 09/15] Compiler Attributes: remove uses of __attribute__ from compiler.h

Suggested-by: Nick Desaulniers <[email protected]>
Reviewed-by: Nick Desaulniers <[email protected]>
Reviewed-by: Luc Van Oostenryck <[email protected]>
Signed-off-by: Miguel Ojeda <[email protected]>
---
include/linux/compiler.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 17ee9165ca51..b5fb034fa6fa 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -23,8 +23,8 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
#define __branch_check__(x, expect, is_constant) ({ \
long ______r; \
static struct ftrace_likely_data \
- __attribute__((__aligned__(4))) \
- __attribute__((__section__("_ftrace_annotated_branch"))) \
+ __aligned(4) \
+ __section("_ftrace_annotated_branch") \
______f = { \
.data.func = __func__, \
.data.file = __FILE__, \
@@ -59,8 +59,8 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
({ \
int ______r; \
static struct ftrace_branch_data \
- __attribute__((__aligned__(4))) \
- __attribute__((__section__("_ftrace_branch"))) \
+ __aligned(4) \
+ __section("_ftrace_branch") \
______f = { \
.func = __func__, \
.file = __FILE__, \
@@ -146,7 +146,7 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
extern typeof(sym) sym; \
static const unsigned long __kentry_##sym \
__used \
- __attribute__((__section__("___kentry" "+" #sym ))) \
+ __section("___kentry" "+" #sym ) \
= (unsigned long)&sym;
#endif

@@ -287,7 +287,7 @@ unsigned long read_word_at_a_time(const void *addr)
* visible to the compiler.
*/
#define __ADDRESSABLE(sym) \
- static void * __attribute__((__section__(".discard.addressable"), used)) \
+ static void * __section(".discard.addressable") __used \
__PASTE(__addressable_##sym, __LINE__) = (void *)&sym;

/**
--
2.17.1

2018-09-20 18:07:53

by Nick Desaulniers

[permalink] [raw]
Subject: Re: [PATCH v5 12/15] Compiler Attributes: add support for __nonstring (gcc >= 8)

On Thu, Sep 20, 2018 at 10:23 AM Miguel Ojeda
<[email protected]> wrote:
>
> From the GCC manual:
>
> nonstring
>
> The nonstring variable attribute specifies that an object or member
> declaration with type array of char, signed char, or unsigned char,
> or pointer to such a type is intended to store character arrays that
> do not necessarily contain a terminating NUL. This is useful in detecting
> uses of such arrays or pointers with functions that expect NUL-terminated
> strings, and to avoid warnings when such an array or pointer is used as
> an argument to a bounded string manipulation function such as strncpy.
>
> https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html
>
> This attribute can be used for documentation purposes (i.e. replacing
> comments), but it is most helpful when the following warnings are enabled:
>
> -Wstringop-overflow
>
> Warn for calls to string manipulation functions such as memcpy and
> strcpy that are determined to overflow the destination buffer.
>
> [...]
>
> -Wstringop-truncation
>
> Warn for calls to bounded string manipulation functions such as
> strncat, strncpy, and stpncpy that may either truncate the copied
> string or leave the destination unchanged.
>
> [...]
>
> In situations where a character array is intended to store a sequence
> of bytes with no terminating NUL such an array may be annotated with
> attribute nonstring to avoid this warning. Such arrays, however,
> are not suitable arguments to functions that expect NUL-terminated
> strings. To help detect accidental misuses of such arrays GCC issues
> warnings unless it can prove that the use is safe.
>
> https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
>
> Signed-off-by: Miguel Ojeda <[email protected]>
> ---
> include/linux/compiler_attributes.h | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
> index f0f9fc398440..6b28c1b7310c 100644
> --- a/include/linux/compiler_attributes.h
> +++ b/include/linux/compiler_attributes.h
> @@ -34,6 +34,7 @@
> # define __GCC4_has_attribute___externally_visible__ 1
> # define __GCC4_has_attribute___noclone__ 1
> # define __GCC4_has_attribute___optimize__ 1
> +# define __GCC4_has_attribute___nonstring__ 0
> # define __GCC4_has_attribute___no_sanitize_address__ (__GNUC_MINOR__ >= 8)
> #endif
>
> @@ -181,6 +182,19 @@
> */
> #define noinline __attribute__((__noinline__))
>
> +/*
> + * Optional: only supported since gcc >= 8
> + * Optional: not supported by clang
> + * Optional: not supported by icc
> + *
> + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-nonstring-variable-attribute
> + */
> +#if __has_attribute(__nonstring__)
> +# define __nonstring __attribute__((__nonstring__))
> +#else
> +# define __nonstring
> +#endif
> +
> /*
> * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-noreturn-function-attribute
> * clang: https://clang.llvm.org/docs/AttributeReference.html#noreturn
> --
> 2.17.1
>

Reviewed-by: Nick Desaulniers <[email protected]>

--
Thanks,
~Nick Desaulniers

2018-09-20 18:11:36

by Nick Desaulniers

[permalink] [raw]
Subject: Re: [PATCH v5 14/15] Compiler Attributes: auxdisplay: panel: use __nonstring

On Thu, Sep 20, 2018 at 10:23 AM Miguel Ojeda
<[email protected]> wrote:
>
> Let gcc know these arrays are not meant to be NUL-terminated
> by annotating them with the new __nonstring variable attribute;
> and remove the comment since it conveys the same information.
>
> Signed-off-by: Miguel Ojeda <[email protected]>
> ---
> drivers/auxdisplay/panel.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/auxdisplay/panel.c b/drivers/auxdisplay/panel.c
> index 3b25a643058c..21b9b2f2470a 100644
> --- a/drivers/auxdisplay/panel.c
> +++ b/drivers/auxdisplay/panel.c
> @@ -155,10 +155,9 @@ struct logical_input {
> int release_data;
> } std;
> struct { /* valid when type == INPUT_TYPE_KBD */
> - /* strings can be non null-terminated */
> - char press_str[sizeof(void *) + sizeof(int)];
> - char repeat_str[sizeof(void *) + sizeof(int)];
> - char release_str[sizeof(void *) + sizeof(int)];
> + char press_str[sizeof(void *) + sizeof(int)] __nonstring;
> + char repeat_str[sizeof(void *) + sizeof(int)] __nonstring;
> + char release_str[sizeof(void *) + sizeof(int)] __nonstring;
> } kbd;
> } u;
> };
> --
> 2.17.1
>

Reviewed-by: Nick Desaulniers <[email protected]>

--
Thanks,
~Nick Desaulniers

2018-09-20 18:13:48

by Nick Desaulniers

[permalink] [raw]
Subject: Re: [PATCH v5 15/15] Compiler Attributes: ext4: remove local __nonstring definition

On Thu, Sep 20, 2018 at 10:23 AM Miguel Ojeda
<[email protected]> wrote:
>
> Commit 072ebb3bffe6 ("ext4: add nonstring annotations to ext4.h")
> introduced a local definition of __nonstring to suppress some false
> positives in gcc 8's -Wstringop-truncation.
>
> Since now we support __nonstring for everyone, remove it.

... from a patch in the current series (Note to other reviewers).

>
> Signed-off-by: Miguel Ojeda <[email protected]>
> ---
> fs/ext4/ext4.h | 9 ---------
> 1 file changed, 9 deletions(-)
>
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index caff935fbeb8..2acdfdad3d3f 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -45,15 +45,6 @@
>
> #include <linux/compiler.h>
>
> -/* Until this gets included into linux/compiler-gcc.h */
> -#ifndef __nonstring
> -#if defined(GCC_VERSION) && (GCC_VERSION >= 80000)
> -#define __nonstring __attribute__((nonstring))
> -#else
> -#define __nonstring
> -#endif
> -#endif
> -
> /*
> * The fourth extended filesystem constants/structures
> */
> --
> 2.17.1
>

Reviewed-by: Nick Desaulniers <[email protected]>

--
Thanks,
~Nick Desaulniers

2018-09-20 18:16:31

by Nick Desaulniers

[permalink] [raw]
Subject: Re: [PATCH v5 13/15] Compiler Attributes: enable -Wstringop-truncation on W=1 (gcc >= 8)

On Thu, Sep 20, 2018 at 10:23 AM Miguel Ojeda
<[email protected]> wrote:
>
> Commit 217c3e019675 ("disable stringop truncation warnings for now")
> disabled -Wstringop-truncation since it was too noisy.
>
> Having __nonstring available allows us to let GCC know that a string
> is not meant to be NUL-terminated, which helps suppressing some
> -Wstringop-truncation warnings.
>
> Note that using __nonstring actually triggers other warnings
> (-Wstringop-overflow, which is on by default) which may be real
> problems. Therefore, cleaning up -Wstringop-truncation warnings
> also buys us the ability to uncover further potential problems.
>
> To encourage the use of __nonstring, we put the warning back at W=1.
> In the future, if we end up with a fairly warning-free tree,
> we might want to enable it by default.
>
> Signed-off-by: Miguel Ojeda <[email protected]>
> ---
> scripts/Makefile.extrawarn | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
> index 8d5357053f86..b8f36f5f43f2 100644
> --- a/scripts/Makefile.extrawarn
> +++ b/scripts/Makefile.extrawarn
> @@ -29,6 +29,7 @@ warning-1 += $(call cc-option, -Wmissing-include-dirs)
> warning-1 += $(call cc-option, -Wunused-but-set-variable)
> warning-1 += $(call cc-option, -Wunused-const-variable)
> warning-1 += $(call cc-option, -Wpacked-not-aligned)
> +warning-1 += $(call cc-option, -Wstringop-truncation)
> warning-1 += $(call cc-disable-warning, missing-field-initializers)
> warning-1 += $(call cc-disable-warning, sign-compare)
>
> --
> 2.17.1
>

I was sad to see these go in the first place.
Reviewed-by: Nick Desaulniers <[email protected]>

--
Thanks,
~Nick Desaulniers

2018-09-20 18:18:17

by Nick Desaulniers

[permalink] [raw]
Subject: Re: [PATCH v5 00/15] Compiler Attributes

On Thu, Sep 20, 2018 at 10:23 AM Miguel Ojeda
<[email protected]> wrote:
>
> The Compiler Attributes series is an effort to disentangle
> the include/linux/compiler*.h headers and bring them up to date.
>
> The main idea behind the series is to use feature checking macros
> (i.e. __has_attribute) instead of compiler version checks (e.g. GCC_VERSION),
> which are compiler-agnostic (so they can be shared, reducing the size
> of compiler-specific headers) and version-agnostic.
>
> Other related improvements have been performed in the headers as well,
> which on top of the use of __has_attribute it has amounted to a significant
> simplification of these headers (e.g. GCC_VERSION is now only guarding 4
> non-attribute macros).
>
> This series should also help the efforts to support compiling the kernel
> with clang and icc. A fair amount of documentation and comments have also
> been added, clarified or removed; and the headers are now more readable,
> which should help kernel developers in general.
>
> The series was triggered due to the move to gcc >= 4.6. In turn, this series
> has also triggered Sparse to gain the ability to recognize __has_attribute
> on its own.
>
> Finally, the nonstring variable attribute series has been applied on top
> of this one.
>
> You can also fetch it from:
>
> https://github.com/ojeda/linux/tree/compiler-attributes-v5
>
> Enjoy!
>
> Cheers,
> Miguel

Thanks for this series. I've reviewed the rest of the patches in the
series that didn't already have my reviewed by tags on them. They
look good to go to me.

>
> Cc: Andreas Dilger <[email protected]>
> Cc: Masahiro Yamada <[email protected]>
> Cc: Michal Marek <[email protected]>
> Cc: Steven Rostedt <[email protected]>
> Cc: Mauro Carvalho Chehab <[email protected]>
> Cc: Olof Johansson <[email protected]>
> Cc: Konstantin Ryabitsev <[email protected]>
> Cc: David S. Miller <[email protected]>
> Cc: Andrey Ryabinin <[email protected]>
> Cc: Kees Cook <[email protected]>
> Cc: Thomas Gleixner <[email protected]>
> Cc: Ingo Molnar <[email protected]>
> Cc: Paul Lawrence <[email protected]>
> Cc: Sandipan Das <[email protected]>
> Cc: Andrey Konovalov <[email protected]>
> Cc: David Woodhouse <[email protected]>
> Cc: Will Deacon <[email protected]>
> Cc: Philippe Ombredanne <[email protected]>
> Cc: Paul Burton <[email protected]>
> Cc: David Rientjes <[email protected]>
> Cc: Willy Tarreau <[email protected]>
> Cc: Martin Sebor <[email protected]>
> Cc: Christopher Li <[email protected]>
> Cc: Jonathan Corbet <[email protected]>
> Cc: Theodore Ts'o <[email protected]>
> Cc: Geert Uytterhoeven <[email protected]>
> Cc: Rasmus Villemoes <[email protected]>
> Cc: Joe Perches <[email protected]>
> Cc: Arnd Bergmann <[email protected]>
> Cc: Dominique Martinet <[email protected]>
> Cc: Stefan Agner <[email protected]>
> Cc: Luc Van Oostenryck <[email protected]>
> Cc: Nick Desaulniers <[email protected]>
> Cc: Andrew Morton <[email protected]>
> Cc: Greg Kroah-Hartman <[email protected]>
> Cc: Linus Torvalds <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
>
> v4 -> v5
>
> * Removed the 2 __naked patches, since Greg just applied them to master;
> and rebased on top of that. The only change in the range-diff is in
> "Compiler Attributes: always use the extra-underscores syntax" due
> to the move of __naked to compiler_types.h.
>
> * Applied the nonstring series on top of this one (last 4 patches).
> Rationale:
> - the nonstring series would anyway be modified again by this one
> (so it has been rebased after the general cleanup).
> - ext4's "local" nonstring was merged
> - easier to manage (and easier to see the end result)
>
> The first 2 patches of the last 4 add the warning back at W=1 and
> add the __nonstring attribute. The other two serve as an example
> of usage and as a cleanup.
>
> * Cc lists removed from each commit; using a single list in the cover letter;
> and a new, revised list of Cc (wider audience).
>
> Miguel Ojeda (15):
> Compiler Attributes: remove unused attributes
> Compiler Attributes: always use the extra-underscores syntax
> Compiler Attributes: remove unneeded tests
> Compiler Attributes: homogenize __must_be_array
> Compiler Attributes: remove unneeded sparse (__CHECKER__) tests
> Compiler Attributes: add missing SPDX ID in compiler_types.h
> Compiler Attributes: use feature checks instead of version checks
> Compiler Attributes: KENTRY used twice the "used" attribute
> Compiler Attributes: remove uses of __attribute__ from compiler.h
> Compiler Attributes: add Doc/process/programming-language.rst
> Compiler Attributes: add MAINTAINERS entry
> Compiler Attributes: add support for __nonstring (gcc >= 8)
> Compiler Attributes: enable -Wstringop-truncation on W=1 (gcc >= 8)
> Compiler Attributes: auxdisplay: panel: use __nonstring
> Compiler Attributes: ext4: remove local __nonstring definition
>
> Documentation/process/index.rst | 1 +
> .../process/programming-language.rst | 45 +++
> MAINTAINERS | 5 +
> drivers/auxdisplay/panel.c | 7 +-
> fs/ext4/ext4.h | 9 -
> include/linux/compiler-clang.h | 5 -
> include/linux/compiler-gcc.h | 70 +----
> include/linux/compiler-intel.h | 9 -
> include/linux/compiler.h | 19 +-
> include/linux/compiler_attributes.h | 258 ++++++++++++++++++
> include/linux/compiler_types.h | 101 +------
> scripts/Makefile.extrawarn | 1 +
> 12 files changed, 341 insertions(+), 189 deletions(-)
> create mode 100644 Documentation/process/programming-language.rst
> create mode 100644 include/linux/compiler_attributes.h
>
> --
> 2.17.1
>


--
Thanks,
~Nick Desaulniers

2018-09-20 19:52:57

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH v5 13/15] Compiler Attributes: enable -Wstringop-truncation on W=1 (gcc >= 8)

On Thu, Sep 20, 2018 at 10:22 AM, Miguel Ojeda
<[email protected]> wrote:
> Commit 217c3e019675 ("disable stringop truncation warnings for now")
> disabled -Wstringop-truncation since it was too noisy.
>
> Having __nonstring available allows us to let GCC know that a string
> is not meant to be NUL-terminated, which helps suppressing some
> -Wstringop-truncation warnings.
>
> Note that using __nonstring actually triggers other warnings
> (-Wstringop-overflow, which is on by default) which may be real
> problems. Therefore, cleaning up -Wstringop-truncation warnings
> also buys us the ability to uncover further potential problems.
>
> To encourage the use of __nonstring, we put the warning back at W=1.
> In the future, if we end up with a fairly warning-free tree,
> we might want to enable it by default.
>
> Signed-off-by: Miguel Ojeda <[email protected]>

Yessss. :)

Reviewed-by: Kees Cook <[email protected]>

-Kees

> ---
> scripts/Makefile.extrawarn | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
> index 8d5357053f86..b8f36f5f43f2 100644
> --- a/scripts/Makefile.extrawarn
> +++ b/scripts/Makefile.extrawarn
> @@ -29,6 +29,7 @@ warning-1 += $(call cc-option, -Wmissing-include-dirs)
> warning-1 += $(call cc-option, -Wunused-but-set-variable)
> warning-1 += $(call cc-option, -Wunused-const-variable)
> warning-1 += $(call cc-option, -Wpacked-not-aligned)
> +warning-1 += $(call cc-option, -Wstringop-truncation)
> warning-1 += $(call cc-disable-warning, missing-field-initializers)
> warning-1 += $(call cc-disable-warning, sign-compare)
>
> --
> 2.17.1
>



--
Kees Cook
Pixel Security

2018-09-20 20:08:40

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH v5 12/15] Compiler Attributes: add support for __nonstring (gcc >= 8)

On Thu, Sep 20, 2018 at 10:22 AM, Miguel Ojeda
<[email protected]> wrote:
> From the GCC manual:
>
> nonstring
>
> The nonstring variable attribute specifies that an object or member
> declaration with type array of char, signed char, or unsigned char,
> or pointer to such a type is intended to store character arrays that
> do not necessarily contain a terminating NUL. This is useful in detecting
> uses of such arrays or pointers with functions that expect NUL-terminated
> strings, and to avoid warnings when such an array or pointer is used as
> an argument to a bounded string manipulation function such as strncpy.
>
> https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html
>
> This attribute can be used for documentation purposes (i.e. replacing
> comments), but it is most helpful when the following warnings are enabled:
>
> -Wstringop-overflow
>
> Warn for calls to string manipulation functions such as memcpy and
> strcpy that are determined to overflow the destination buffer.
>
> [...]
>
> -Wstringop-truncation
>
> Warn for calls to bounded string manipulation functions such as
> strncat, strncpy, and stpncpy that may either truncate the copied
> string or leave the destination unchanged.
>
> [...]
>
> In situations where a character array is intended to store a sequence
> of bytes with no terminating NUL such an array may be annotated with
> attribute nonstring to avoid this warning. Such arrays, however,
> are not suitable arguments to functions that expect NUL-terminated
> strings. To help detect accidental misuses of such arrays GCC issues
> warnings unless it can prove that the use is safe.
>
> https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
>
> Signed-off-by: Miguel Ojeda <[email protected]>

Reviewed-by: Kees Cook <[email protected]>

-Kees

--
Kees Cook
Pixel Security

2018-10-06 17:22:36

by Miguel Ojeda

[permalink] [raw]
Subject: Re: [PATCH v5 00/15] Compiler Attributes

On Sat, Oct 6, 2018 at 9:13 AM Sedat Dilek <[email protected]> wrote:
>
> Hi Miguel,
>
> In my testoings I am booting in QEMU and on bare metal.
> Both tests were successful.

Wow! I only wanted to confirm it booted and/or run for a while -- but
having more information is always good. Thanks a *lot*!

I will add a reference to your email in the commits.

Cheers,
Miguel

2018-10-06 19:41:22

by Miguel Ojeda

[permalink] [raw]
Subject: Re: [PATCH v5 00/15] Compiler Attributes

[CC'ing this message to linux-kernel so that we get it into the
archive at lore.kernel.org]

On Sat, Oct 6, 2018 at 9:13 AM Sedat Dilek <[email protected]> wrote:
>
> On Sun, Sep 30, 2018 at 1:11 PM Miguel Ojeda
> <[email protected]> wrote:
> >
> > Thanks a lot for testing! Which configuration roughly (e.g.
> > allmodconfig)? Did you boot it & run it for a while?
> >
>
> Hi Miguel,
>
> I am doing all my "ClangBuiltLinux" (short: cbl) experiments on
> Debian/testing AMD64 (which will be buster aka version 10).
>
> https://github.com/ClangBuiltLinux/linux
>
> I am using the kernel-config provided by the Debian Kernel Team -
> means be as close to my upstream.
>
> https://packages.debian.org/experimental/linux-image-4.19.0-rc4-amd64-unsigned
>
> Clang version 7 from Debian/unstable is the compiler I am using.
>
> https://packages.debian.org/clang-7
>
> Currently, some Kconfigs are known to be "BROKEN" (with Clang or
> independent of the used compiler).
> CONFIG_HARDENED_USERCOPY=n
> CONFIG_DRM_AMDGPU=n (built as module broken, not sure if this was
> fixed in meantime).
>
> https://github.com/ClangBuiltLinux/linux/issues/7
> https://lists.freedesktop.org/archives/amd-gfx/2018-July/024634.html
>
> In my testoings I am booting in QEMU and on bare metal.
> Both tests were successful.
>
> My last testings of your series v5 was on top of Linux v4.19-rc6.
> I have some more patches included (see below).
>
> My kernel-config and dmesg-log are attached.
>
> Hope this helps.
>
> Regards,
> - Sedat -
>
> P.S.: Some helpful informations
>
> [ VERSION ]
>
> $ cat /proc/version
> Linux version 4.19.0-rc6-1-amd64-cbl ([email protected]@iniza)
> (clang version 7.0.0-3 (tags/RELEASE_700/final)) #1 SMP 2018-10-01
>
> [ PATCH-SET ]
>
> $ git --no-pager log --no-merges --oneline v4.19-rc6..
> c1b160655219 (for-4.19/compiler-attributes-v5) Compiler Attributes:
> ext4: remove local __nonstring definition
> e33fe800b910 Compiler Attributes: auxdisplay: panel: use __nonstring
> 2d5e0d827ee0 Compiler Attributes: enable -Wstringop-truncation on W=1 (gcc >= 8)
> 1ab27d366e9f Compiler Attributes: add support for __nonstring (gcc >= 8)
> 58d53af4577c Compiler Attributes: add MAINTAINERS entry
> 8dbfe0eec5c1 Compiler Attributes: add Doc/process/programming-language.rst
> 5a886fa546eb Compiler Attributes: remove uses of __attribute__ from compiler.h
> 8414944bdb94 Compiler Attributes: KENTRY used twice the "used" attribute
> 16da1f71ccf1 Compiler Attributes: use feature checks instead of version checks
> efe932a226e2 Compiler Attributes: add missing SPDX ID in compiler_types.h
> f5add77ef51a Compiler Attributes: remove unneeded sparse (__CHECKER__) tests
> 5b1c25d038ac Compiler Attributes: homogenize __must_be_array
> 4bce3ce73e44 Compiler Attributes: remove unneeded tests
> 899d7604d8c2 Compiler Attributes: always use the extra-underscores syntax
> 704bd38d6793 Compiler Attributes: remove unused attributes
> ef8c4ed9db80 kbuild: allow to use GCC toolchain not in Clang search path
> 5a4630aadb9a ftrace: Build with CPPFLAGS to get -Qunused-arguments
> 9f9ff0dc3aed (for-4.19/x86-asm-goto-clang-fixes)
> include/linux/compiler*.h: add version detection to asm_volatile_goto
> cca6adeee1db kbuild: add --include-dir flag only for out-of-tree build
> bb5de5d28f73 kbuild: remove unneeded link_multi_deps
> 00d78ab2ba75 kbuild: remove dead code in cmd_files calculation in top Makefile
> 25815cf5ffec kbuild: hide most of targets when running config or mixed targets
> 0d91bf584fe5 kbuild: remove old check for CFLAGS use
> 487c7c7702ab kbuild: prefix Makefile.dtbinst path with $(srctree)
> unconditionally
> 36f546a1bdb5 kallsyms: remove left-over Blackfin code
> 80ffbaa5b1bd kallsyms: reduce size a little on 64-bit
> bac13b5b25c9 x86: Warn clang does not support asm-goto (v2)
> 1e98b02f5c59 (for-4.19/compiletime_assert-clang-fixes) compiler.h:
> give up __compiletime_assert_fallback()
>
> [ QEMU TESTING (run_qemu.sh) ]
> KPATH=$(pwd)
>
> qemu-system-x86_64 -enable-kvm -M pc -kernel $KPATH/bzImage -initrd
> $KPATH/initrd.img -m 512 -net none -serial stdio -append
> "root=/dev/ram0 console=ttyS0 hung_task_panic=1
> earlyprintk=ttyS0,115200"
>
> [ DEBIAN KERNEL VS. CBL KERNEL ]
>
> $ ./scripts/diffconfig /boot/config-4.19.0-rc4-amd64
> /boot/config-4.19.0-rc6-1-amd64-cbl
> -ALLOW_LOCKDOWN_LIFT_BY_SYSRQ n
> -ANDROID_BINDER_DEVICES "binder"
> -ANDROID_BINDER_IPC_SELFTEST n
> -CC_IS_GCC y
> -CHASH m
> -CHASH_SELFTEST n
> -CHASH_STATS n
> -CRYPTO_FIPS y
> -DEBUG_KERNEL_DC n
> -DRM_AMDGPU_CIK y
> -DRM_AMDGPU_GART_DEBUGFS n
> -DRM_AMDGPU_SI y
> -DRM_AMDGPU_USERPTR y
> -DRM_AMD_ACP y
> -DRM_AMD_DC y
> -DRM_AMD_DC_DCN1_0 y
> -DRM_SCHED m
> -HARDENED_USERCOPY_FALLBACK n
> -HARDENED_USERCOPY_PAGESPAN n
> -HSA_AMD m
> -LOCK_DOWN_IN_EFI_SECURE_BOOT y
> -LOCK_DOWN_KERNEL y
> -MODULE_SIG_ALL n
> -MODULE_SIG_FORCE n
> -MODULE_SIG_HASH "sha256"
> -MODULE_SIG_KEY ""
> -MODULE_SIG_SHA1 n
> -MODULE_SIG_SHA224 n
> -MODULE_SIG_SHA256 y
> -MODULE_SIG_SHA384 n
> -MODULE_SIG_SHA512 n
> -PLUGIN_HOSTCC ""
> -PM_GENERIC_DOMAINS y
> -PM_GENERIC_DOMAINS_SLEEP y
> -RTLWIFI_DEBUG_ST y
> -SECURITY_PERF_EVENTS_RESTRICT y
> -X86_X32_DISABLED y
> ANDROID_BINDER_IPC m -> n
> ASHMEM m -> n
> BUILD_SALT "4.19.0-rc4-amd64" -> "4.19.0-rc6-1-amd64-cbl"
> CLANG_VERSION 0 -> 70000
> DRM_AMDGPU m -> n
> GCC_VERSION 80200 -> 0
> HARDENED_USERCOPY y -> n
> MODULE_SIG y -> n
> R8822BE m -> n
> SYSTEM_TRUSTED_KEYS "debian/certs/test-signing-certs.pem" -> ""
> TYPEC_TPS6598X m -> n
> USB_COMMON m -> y
> X86_X32 y -> n
> +CC_IS_CLANG y
> +FB_NVIDIA n
> +FB_RIVA n
>
> - EOT -

Cheers,
Miguel


Attachments:
dmesg_4.19.0-rc6-1-amd64-cbl.txt (67.80 kB)
config-4.19.0-rc6-1-amd64-cbl (200.69 kB)
Download all attachments