public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Nathan Chancellor <nathan@kernel.org>
To: Yury Norov <yury.norov@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Nilay Shroff <nilay@linux.ibm.com>,
	linux-kernel@vger.kernel.org, briannorris@chromium.org,
	kees@kernel.org, gustavoars@kernel.org,
	steffen.klassert@secunet.com, daniel.m.jordan@oracle.com,
	gjoyce@ibm.com, linux-crypto@vger.kernel.org,
	linux@weissschuh.net
Subject: Re: [PATCHv3] gcc: disable '-Wstrignop-overread' universally for gcc-13+ and FORTIFY_SOURCE
Date: Mon, 9 Dec 2024 15:24:20 -0700	[thread overview]
Message-ID: <20241209222420.GA3596039@ax162> (raw)
In-Reply-To: <Z1dWinzDPuC8iEXk@yury-ThinkPad>

On Mon, Dec 09, 2024 at 12:43:54PM -0800, Yury Norov wrote:
> On Mon, Dec 09, 2024 at 01:03:00PM -0700, Nathan Chancellor wrote:
> > Maybe people are not using CONFIG_WERROR=y and W=e when hitting this so
> > they do not notice? It also only became visible in 6.12 because of the
> > 'inline' -> '__always_inline' changes in bitmap.h and cpumask.h, since
> > prior to that, the size of the objects being passed to memcpy() were not
> > known, so FORTIFY could not catch them (another +1 for that change).
> 
> Thanks, but I'm actually not happy with that series (ab6b1010dab68f6d4).
> The original motivation was that one part of compiler decided to outline
> the pure wrappers or lightweight inline implementation for small bitmaps,
> like those fitting inside a machine word. 
> 
> After that, another part of compiler started complaining that outlined
> helpers mismatch the sections - .text and .init.data.

Not another part of the compiler but modpost, a kernel tool, started
complaining. If modpost could perform control flow analysis, it could
avoid false positives such as the one from ab6b1010dab68 by seeing more
of the callchain rather than just the outlined function being called
with a potentially discarded variable.

> (Not mentioning that the helpers were not designed to be real outlined
> functions, and doing that adds ~3k to kernel image.)

Isn't the point of '__always_inline' to convey this to the compiler? As
far as I understand it, the C standard permits the compiler is
completely free to ignore 'inline', which could happen for any number of
reasons, especially with code generation options such as the sanitizers
or other instrumentation. If you know that these functions need to be
inlined to generate better code but the compiler doesn't, why not tell
it?

> I don't like forcing compiler to do this or that, but in this case I
> just don't know how to teach it to outline the function twice, if it
> wants to do that. This should be done automatically, I guess...

I do not think that I understand what you are getting at or asking for
here, sorry. Are you saying you would expect the compiler to split
bitmap_and() into basically bitmap_and_small_const_nbits() and
__bitmap_and() then decide which to call in cpumask_and() based on the
condition of small_const_nbits(nbits) at a particular site? Isn't that
basically what we are allowing the compiler to figure out by always
inlining these functions into their call sites?

> Similarly, I don't know how to teach it to keep the functions inlined,
> other than forcing it to do so.

That's pretty much what '__always_inline' is, right? It's you as the
programmer saying "I know that this needs to be inlined for xyz reason
so I really need you to do it". Otherwise, you are just asking to tweak
a heuristic.

Cheers,
Nathan

  reply	other threads:[~2024-12-09 22:24 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-08 16:12 [PATCHv3] gcc: disable '-Wstrignop-overread' universally for gcc-13+ and FORTIFY_SOURCE Nilay Shroff
2024-12-08 18:25 ` Yury Norov
2024-12-09 19:35   ` Nathan Chancellor
2024-12-10  8:28     ` Nilay Shroff
2024-12-10 16:14       ` Nathan Chancellor
2024-12-11  9:16         ` Nilay Shroff
2024-12-09  6:45 ` Greg Kroah-Hartman
2024-12-09 17:09   ` Nilay Shroff
2024-12-09 20:03   ` Nathan Chancellor
2024-12-09 20:43     ` Yury Norov
2024-12-09 22:24       ` Nathan Chancellor [this message]
2024-12-12 18:24 ` Kees Cook
2024-12-12 18:47   ` Kees Cook
2024-12-12 19:34     ` Yury Norov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241209222420.GA3596039@ax162 \
    --to=nathan@kernel.org \
    --cc=briannorris@chromium.org \
    --cc=daniel.m.jordan@oracle.com \
    --cc=gjoyce@ibm.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=gustavoars@kernel.org \
    --cc=kees@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@weissschuh.net \
    --cc=nilay@linux.ibm.com \
    --cc=steffen.klassert@secunet.com \
    --cc=yury.norov@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox