Re: [PATCH v2] kbuild: Disable -Wdefault-const-init-unsafe

[Nathan Chancellor <nathan@kernel.org>]

On Fri, May 09, 2025 at 10:04:23PM +0900, Masahiro Yamada wrote:
> On Wed, May 7, 2025 at 6:06 AM Nathan Chancellor <nathan@kernel.org> wrote:
> >
> > A new on by default warning in clang [1] aims to flags instances where
> > const variables without static or thread local storage or const members
> > in aggregate types are not initialized because it can lead to an
> > indeterminate value. This is quite noisy for the kernel due to
> > instances originating from header files such as:
> >
> >   drivers/gpu/drm/i915/gt/intel_ring.h:62:2: error: default initialization of an object of type 'typeof (ring->size)' (aka 'const unsigned int') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
> >      62 |         typecheck(typeof(ring->size), next);
> >         |         ^
> >   include/linux/typecheck.h:10:9: note: expanded from macro 'typecheck'
> >      10 | ({      type __dummy; \
> >         |              ^
> >
> >   include/net/ip.h:478:14: error: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigned long') leaves the object uninitialized [-Werror,-Wdefault-const-init-var-unsafe]
> >     478 |                 if (mtu && time_before(jiffies, rt->dst.expires))
> >         |                            ^
> >   include/linux/jiffies.h:138:26: note: expanded from macro 'time_before'
> >     138 | #define time_before(a,b)        time_after(b,a)
> >         |                                 ^
> >   include/linux/jiffies.h:128:3: note: expanded from macro 'time_after'
> >     128 |         (typecheck(unsigned long, a) && \
> >         |          ^
> >   include/linux/typecheck.h:11:12: note: expanded from macro 'typecheck'
> >      11 |         typeof(x) __dummy2; \
> >         |                   ^
> >
> >   include/linux/list.h:409:27: warning: default initialization of an object of type 'union (unnamed union at include/linux/list.h:409:27)' with const member leaves the object uninitialized [-Wdefault-const-init-field-unsafe]
> >     409 |         struct list_head *next = smp_load_acquire(&head->next);
> >         |                                  ^
> >   include/asm-generic/barrier.h:176:29: note: expanded from macro 'smp_load_acquire'
> >     176 | #define smp_load_acquire(p) __smp_load_acquire(p)
> >         |                             ^
> >   arch/arm64/include/asm/barrier.h:164:59: note: expanded from macro '__smp_load_acquire'
> >     164 |         union { __unqual_scalar_typeof(*p) __val; char __c[1]; } __u;   \
> >         |                                                                  ^
> >   include/linux/list.h:409:27: note: member '__val' declared 'const' here
> >
> >   crypto/scatterwalk.c:66:22: error: default initialization of an object of type 'struct scatter_walk' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
> >      66 |         struct scatter_walk walk;
> >         |                             ^
> >   include/crypto/algapi.h:112:15: note: member 'addr' declared 'const' here
> >     112 |                 void *const addr;
> >         |                             ^
> >
> >   fs/hugetlbfs/inode.c:733:24: error: default initialization of an object of type 'struct vm_area_struct' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
> >     733 |         struct vm_area_struct pseudo_vma;
> >         |                               ^
> >   include/linux/mm_types.h:803:20: note: member 'vm_flags' declared 'const' here
> >     803 |                 const vm_flags_t vm_flags;
> >         |                                  ^
> >
> > Silencing the instances from typecheck.h is difficult because '= {}' is
> > not available in older but supported compilers and '= {0}' would cause
> > warnings about a literal 0 being treated as NULL. While it might be
> > possible to come up with a local hack to silence the warning for
> > clang-21+, it may not be worth it since -Wuninitialized will still
> > trigger if an uninitialized const variable is actually used.
> >
> > In all audited cases of the "field" variant of the warning, the members
> > are either not used in the particular call path, modified through other
> > means such as memset() / memcpy() because the containing object is not
> > const, or are within a union with other non-const members.
> >
> > Since this warning does not appear to have a high signal to noise ratio,
> > just disable it.
> >
> > Cc: stable@vger.kernel.org
> > Link: https://github.com/llvm/llvm-project/commit/576161cb6069e2c7656a8ef530727a0f4aefff30 [1]
> > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> > Closes: https://lore.kernel.org/CA+G9fYuNjKcxFKS_MKPRuga32XbndkLGcY-PVuoSwzv6VWbY=w@mail.gmail.com/
> > Reported-by: Marcus Seyfarth <m.seyfarth@gmail.com>
> > Closes: https://github.com/ClangBuiltLinux/linux/issues/2088
> > Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> > ---
> > Changes in v2:
> > - Disable -Wdefault-const-init-var-unsafe as well, as '= {}' does not
> >   work in typecheck() for all supported compilers and it may not be
> >   worth a local hack.
> > - Link to v1: https://lore.kernel.org/r/20250501-default-const-init-clang-v1-0-3d2c6c185dbb@kernel.org
> 
> 
> 
> Applied to linux-kbuild.
> Thanks.
> 
> I fixed up the conflict with the -Wdefault-const-init-field-unsafe patch.
> 
> Please check if it is correct.

This patch should replace the -Wdefault-const-init-field-unsafe patch,
not be applied on top. -Wdefault-const-init-unsafe contains both
-Wdefault-const-init-field-unsafe and -Wdefault-const-init-var-unsafe.

Cheers,
Nathan