Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings triggered by is_signed_type()

From: Bart Van Assche
Date: Thu Aug 25 2022 - 13:39:11 EST

Next message: Bjorn Helgaas: "Re: [PATCH] earlyprintk: Clean up pciserial"
Previous message: Dave Hansen: "Re: [PATCH] x86/mm: Refuse W^X violations"
In reply to: Linus Torvalds: "Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings triggered by is_signed_type()"
Next in thread: Kees Cook: "Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings triggered by is_signed_type()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/24/22 17:40, Linus Torvalds wrote:

Actually, thinking about it, that was simple enough.

-#define is_signed_type(type) (((type)(-1)) < (type)1)
+#define is_signed_type(type) (((type)(-1)) < (__force type)1)

should work.

It looks a bit odd, because we only force one side.

But we only need to force one side, because the '-1' doesn't have any
issues with bitwise types, the same way 0 doesn't.

So only '1' needs to be force-cast to avoid a warning about casting an
integer to a bitwise type.

And since that -1 counts as an unrestricted value after a cast, now
the ordered comparison doesn't warn either.

Now, admittedly I think sparse should also allow a forced cast of an
unrestricted value to be unrestricted, so I think I should do this

static int restricted_value(struct expression *v, struct symbol *type)
{
- if (v->type == EXPR_CAST)
+ if (v->type == EXPR_CAST || v->type = EXPR_FORCE_CAST)
v = v->cast_expression;

in sparse, but even without that the above "is_signed_type()" macro
should make sparse happy (with that current tree of mine).

And since we don't now need to cast 0, gcc won't complain about that
NULL pointer comparison.

Does that solve things for you?

Yes, thank you! No sparse warnings are triggered by the is_signed_type()
macro and the gcc warning about ordered comparison of a pointer with the
null pointer is gone.

The patch I came up with is available below. If nobody picks it up from
this email I will try to find an appropriate kernel maintainer to send
this kernel patch to.

Thanks,

Bart.

From: Bart Van Assche <bvanassche@xxxxxxx>
Date: Tue, 23 Aug 2022 12:59:25 -0700
Subject: [PATCH] tracing: Define the is_signed_type() macro once

There are two definitions of the is_signed_type() macro: one in
<linux/overflow.h> and a second definition in <linux/trace_events.h>.

As suggested by Linus Torvalds, move the definition of the
is_signed_type() macro into the <linux/compiler.h> header file. Change
the definition of the is_signed_type() macro to make sure that it does
not trigger any sparse warnings with future versions of sparse for
bitwise types. See also:
https://lore.kernel.org/all/CAHk-=whjH6p+qzwUdx5SOVVHjS3WvzJQr6mDUwhEyTf6pJWzaQ@xxxxxxxxxxxxxx/
https://lore.kernel.org/all/CAHk-=wjQGnVfb4jehFR0XyZikdQvCZouE96xR_nnf5kqaM5qqQ@xxxxxxxxxxxxxx/

Cc: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
---
include/linux/compiler.h | 6 ++++++
include/linux/overflow.h | 1 -
include/linux/trace_events.h | 2 --
3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 01ce94b58b42..7713d7bcdaea 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -239,6 +239,12 @@ static inline void *offset_to_ptr(const int *off)
/* &a[0] degrades to a pointer: a different type from an array */
#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))

+/*
+ * Whether 'type' is a signed type or an unsigned type. Supports scalar types,
+ * bool and also pointer types.
+ */
+#define is_signed_type(type) (((type)(-1)) < (__force type)1)
+
/*
* This is needed in functions which generate the stack canary, see
* arch/x86/kernel/smpboot.c::start_secondary() for an example.
diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index f1221d11f8e5..0eb3b192f07a 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -30,7 +30,6 @@
* https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html -
* credit to Christian Biere.
*/
-#define is_signed_type(type) (((type)(-1)) < (type)1)
#define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type)))
#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
#define type_min(T) ((T)((T)-type_max(T)-(T)1))
diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h
index b18759a673c6..8401dec93c15 100644
--- a/include/linux/trace_events.h
+++ b/include/linux/trace_events.h
@@ -814,8 +814,6 @@ extern int trace_add_event_call(struct trace_event_call *call);
extern int trace_remove_event_call(struct trace_event_call *call);
extern int trace_event_get_offsets(struct trace_event_call *call);

-#define is_signed_type(type) (((type)(-1)) < (type)1)
-
int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set);
int trace_set_clr_event(const char *system, const char *event, int set);
int trace_array_set_clr_event(struct trace_array *tr, const char *system,

Next message: Bjorn Helgaas: "Re: [PATCH] earlyprintk: Clean up pciserial"
Previous message: Dave Hansen: "Re: [PATCH] x86/mm: Refuse W^X violations"
In reply to: Linus Torvalds: "Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings triggered by is_signed_type()"
Next in thread: Kees Cook: "Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings triggered by is_signed_type()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]