[PATCH] hardening: Require clang 20.1.0 for __counted_by

[PATCH] hardening: Require clang 20.1.0 for __counted_by

[Nathan Chancellor]

After an innocuous change in -next that modified a structure that
contains __counted_by, clang-19 start crashing when building certain
files in drivers/gpu/drm/xe. When assertions are enabled, the more
descriptive failure is:

  clang: clang/lib/AST/RecordLayoutBuilder.cpp:3335: const ASTRecordLayout &clang::ASTContext::getASTRecordLayout(const RecordDecl *) const: Assertion `D && "Cannot get layout of forward declarations!"' failed.

According to a reverse bisect, a tangential change to the LLVM IR
generation phase of clang during the LLVM 20 development cycle [1]
resolves this problem. Bump the version of clang that enables
CONFIG_CC_HAS_COUNTED_BY to 20.1.0 to ensure that this issue cannot be
hit.

Link: https://github.com/llvm/llvm-project/commit/160fb1121cdf703c3ef5e61fb26c5659eb581489 [1]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
---
Should this be marked for stable? If this makes 6.17 final, I think we
are fine for mainline and newer but I wonder if a patch that adds
__counted_by to a structure would ever be backported and expose this
problem there.
---
 init/Kconfig | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/init/Kconfig b/init/Kconfig
index af4c2f085455..a2675ee1ef8c 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -117,10 +117,11 @@ config CC_HAS_NO_PROFILE_FN_ATTR
 
 config CC_HAS_COUNTED_BY
 	bool
-	# clang needs to be at least 19.1.3 to avoid __bdos miscalculations
-	# https://github.com/llvm/llvm-project/pull/110497
-	# https://github.com/llvm/llvm-project/pull/112636
-	default y if CC_IS_CLANG && CLANG_VERSION >= 190103
+	# clang needs to be at least 20.1.0 to avoid potential crashes
+	# when building structures that contain __counted_by
+	# https://github.com/ClangBuiltLinux/linux/issues/2114
+	# https://github.com/llvm/llvm-project/commit/160fb1121cdf703c3ef5e61fb26c5659eb581489
+	default y if CC_IS_CLANG && CLANG_VERSION >= 200100
 	# supported since gcc 15.1.0
 	# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
 	default y if CC_IS_GCC && GCC_VERSION >= 150100

---
base-commit: f627b51aaa041cba715b59026cf2d9cb1476c7ed
change-id: 20250807-fix-counted_by-clang-19-470d53f93aa0

Best regards,
--  
Nathan Chancellor <nathan@kernel.org>

Re: [PATCH] hardening: Require clang 20.1.0 for __counted_by

[Justin Stitt]

Hi,

On Thu, Aug 7, 2025 at 2:36 PM Nathan Chancellor <nathan@kernel.org> wrote:
>
> After an innocuous change in -next that modified a structure that
> contains __counted_by, clang-19 start crashing when building certain
> files in drivers/gpu/drm/xe. When assertions are enabled, the more
> descriptive failure is:

Since this is just now breaking builds, it is OK to bump up the
minimum compiler version just in time.

For future travelers, the "innocuous change" popped up in -next as
Commit 535c445eb94c ("drm/xe: Add dependency scheduler for GT TLB
invalidations to bind queues"). I am not sure why the additional
struct member caused this crash but it seems like Bill's clang patch
solved it -- so I won't look into it any further.

>
>   clang: clang/lib/AST/RecordLayoutBuilder.cpp:3335: const ASTRecordLayout &clang::ASTContext::getASTRecordLayout(const RecordDecl *) const: Assertion `D && "Cannot get layout of forward declarations!"' failed.
>
> According to a reverse bisect, a tangential change to the LLVM IR
> generation phase of clang during the LLVM 20 development cycle [1]
> resolves this problem. Bump the version of clang that enables
> CONFIG_CC_HAS_COUNTED_BY to 20.1.0 to ensure that this issue cannot be
> hit.
>
> Link: https://github.com/llvm/llvm-project/commit/160fb1121cdf703c3ef5e61fb26c5659eb581489 [1]

Reviewed-by: Justin Stitt <justinstitt@google.com>

> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> ---
> Should this be marked for stable? If this makes 6.17 final, I think we
> are fine for mainline and newer but I wonder if a patch that adds
> __counted_by to a structure would ever be backported and expose this
> problem there.
> ---
>  init/Kconfig | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/init/Kconfig b/init/Kconfig
> index af4c2f085455..a2675ee1ef8c 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -117,10 +117,11 @@ config CC_HAS_NO_PROFILE_FN_ATTR
>
>  config CC_HAS_COUNTED_BY
>         bool
> -       # clang needs to be at least 19.1.3 to avoid __bdos miscalculations
> -       # https://github.com/llvm/llvm-project/pull/110497
> -       # https://github.com/llvm/llvm-project/pull/112636
> -       default y if CC_IS_CLANG && CLANG_VERSION >= 190103
> +       # clang needs to be at least 20.1.0 to avoid potential crashes
> +       # when building structures that contain __counted_by
> +       # https://github.com/ClangBuiltLinux/linux/issues/2114
> +       # https://github.com/llvm/llvm-project/commit/160fb1121cdf703c3ef5e61fb26c5659eb581489
> +       default y if CC_IS_CLANG && CLANG_VERSION >= 200100
>         # supported since gcc 15.1.0
>         # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
>         default y if CC_IS_GCC && GCC_VERSION >= 150100
>
> ---
> base-commit: f627b51aaa041cba715b59026cf2d9cb1476c7ed
> change-id: 20250807-fix-counted_by-clang-19-470d53f93aa0
>
> Best regards,
> --
> Nathan Chancellor <nathan@kernel.org>
>

Re: [PATCH] hardening: Require clang 20.1.0 for __counted_by

[Alexander Lobakin]

From: Nathan Chancellor <nathan@kernel.org>
Date: Thu, 07 Aug 2025 14:36:28 -0700

> After an innocuous change in -next that modified a structure that
> contains __counted_by, clang-19 start crashing when building certain
> files in drivers/gpu/drm/xe. When assertions are enabled, the more
> descriptive failure is:
> 
>   clang: clang/lib/AST/RecordLayoutBuilder.cpp:3335: const ASTRecordLayout &clang::ASTContext::getASTRecordLayout(const RecordDecl *) const: Assertion `D && "Cannot get layout of forward declarations!"' failed.
> 
> According to a reverse bisect, a tangential change to the LLVM IR
> generation phase of clang during the LLVM 20 development cycle [1]
> resolves this problem. Bump the version of clang that enables
> CONFIG_CC_HAS_COUNTED_BY to 20.1.0 to ensure that this issue cannot be
> hit.

Any chance for this to go to the next 19.x (if it's planned at all)?
I always use the latest HEAD from llvm-project, but 19 is still widely
used across distros etc =\

> 
> Link: https://github.com/llvm/llvm-project/commit/160fb1121cdf703c3ef5e61fb26c5659eb581489 [1]
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> ---
> Should this be marked for stable? If this makes 6.17 final, I think we
> are fine for mainline and newer but I wonder if a patch that adds
> __counted_by to a structure would ever be backported and expose this
> problem there.

Thanks,
Olek

Re: [PATCH] hardening: Require clang 20.1.0 for __counted_by

[Nathan Chancellor]

On Mon, Aug 11, 2025 at 04:21:32PM +0200, Alexander Lobakin wrote:
> From: Nathan Chancellor <nathan@kernel.org>
> Date: Thu, 07 Aug 2025 14:36:28 -0700
> 
> > After an innocuous change in -next that modified a structure that
> > contains __counted_by, clang-19 start crashing when building certain
> > files in drivers/gpu/drm/xe. When assertions are enabled, the more
> > descriptive failure is:
> > 
> >   clang: clang/lib/AST/RecordLayoutBuilder.cpp:3335: const ASTRecordLayout &clang::ASTContext::getASTRecordLayout(const RecordDecl *) const: Assertion `D && "Cannot get layout of forward declarations!"' failed.
> > 
> > According to a reverse bisect, a tangential change to the LLVM IR
> > generation phase of clang during the LLVM 20 development cycle [1]
> > resolves this problem. Bump the version of clang that enables
> > CONFIG_CC_HAS_COUNTED_BY to 20.1.0 to ensure that this issue cannot be
> > hit.
> 
> Any chance for this to go to the next 19.x (if it's planned at all)?
> I always use the latest HEAD from llvm-project, but 19 is still widely
> used across distros etc =\

Unfortunately not, LLVM does not maintain more than one branch at a
time, so LLVM 19 has been unsupported since LLVM 20.1.0-rc1 was
released back in February :/

Some distros may be willing to patch that in but there is not really a
good way for us to check for that here, so I am not sure it helps much.

Kees and Bill may have thoughts around working around this in the one
spot we know it happens but in my opinion, I would rather do the big
hammer. The deployment of __counted_by in the kernel is only growing so
it is totally possible for us to fix this one instance then run into
another case in a few months, which is more painful for clang than GCC
since it has been supported for a bigger number of releases.

Cheers,
Nathan

Re: [PATCH] hardening: Require clang 20.1.0 for __counted_by

[Alexander Lobakin]

From: Nathan Chancellor <nathan@kernel.org>
Date: Mon, 11 Aug 2025 14:09:06 -0700

> On Mon, Aug 11, 2025 at 04:21:32PM +0200, Alexander Lobakin wrote:
>> From: Nathan Chancellor <nathan@kernel.org>
>> Date: Thu, 07 Aug 2025 14:36:28 -0700
>>
>>> After an innocuous change in -next that modified a structure that
>>> contains __counted_by, clang-19 start crashing when building certain
>>> files in drivers/gpu/drm/xe. When assertions are enabled, the more
>>> descriptive failure is:
>>>
>>>   clang: clang/lib/AST/RecordLayoutBuilder.cpp:3335: const ASTRecordLayout &clang::ASTContext::getASTRecordLayout(const RecordDecl *) const: Assertion `D && "Cannot get layout of forward declarations!"' failed.
>>>
>>> According to a reverse bisect, a tangential change to the LLVM IR
>>> generation phase of clang during the LLVM 20 development cycle [1]
>>> resolves this problem. Bump the version of clang that enables
>>> CONFIG_CC_HAS_COUNTED_BY to 20.1.0 to ensure that this issue cannot be
>>> hit.
>>
>> Any chance for this to go to the next 19.x (if it's planned at all)?
>> I always use the latest HEAD from llvm-project, but 19 is still widely
>> used across distros etc =\
> 
> Unfortunately not, LLVM does not maintain more than one branch at a
> time, so LLVM 19 has been unsupported since LLVM 20.1.0-rc1 was
> released back in February :/

Aaah okay, I didn't know that, thanks!

BTW 21-rc1 was released roughly a month ago, does this mean that 20.x is
already unsupported?

> Cheers,
> Nathan

Olek

Re: [PATCH] hardening: Require clang 20.1.0 for __counted_by

[Nathan Chancellor]

On Tue, Aug 12, 2025 at 06:28:29PM +0200, Alexander Lobakin wrote:
> Aaah okay, I didn't know that, thanks!

https://discourse.llvm.org/t/rfc-llvm-releases-every-two-weeks/84245 has
some more information about that recent change if you or anyone else is
interested.

> BTW 21-rc1 was released roughly a month ago, does this mean that 20.x is
> already unsupported?

Correct, LLVM 20.1.8 was the last release for release/20.x.

Cheers,
Nathan

Re: [PATCH] hardening: Require clang 20.1.0 for __counted_by

[Kees Cook]

On Thu, 07 Aug 2025 14:36:28 -0700, Nathan Chancellor wrote:
> After an innocuous change in -next that modified a structure that
> contains __counted_by, clang-19 start crashing when building certain
> files in drivers/gpu/drm/xe. When assertions are enabled, the more
> descriptive failure is:
> 
>   clang: clang/lib/AST/RecordLayoutBuilder.cpp:3335: const ASTRecordLayout &clang::ASTContext::getASTRecordLayout(const RecordDecl *) const: Assertion `D && "Cannot get layout of forward declarations!"' failed.
> 
> [...]

Applied to for-linus/hardening, thanks!

[1/1] hardening: Require clang 20.1.0 for __counted_by
      https://git.kernel.org/kees/c/871fcff457f9

Take care,

-- 
Kees Cook