On Thu, Jun 17, 2021 at 12:51 AM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Wed, Jun 16, 2021 at 9:22 AM Tom Rix <trix@xxxxxxxxxx> wrote:
> >
> > to fix, add an unreachable() to the generic BUG()
> >
> > diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
> > index f152b9bb916f..b250e06d7de2 100644
> > --- a/include/asm-generic/bug.h
> > +++ b/include/asm-generic/bug.h
> > @@ -177,7 +177,10 @@ void __warn(const char *file, int line, void
> > *caller, unsigned taint,
> >
> > #else /* !CONFIG_BUG */
> > #ifndef HAVE_ARCH_BUG
> > -#define BUG() do {} while (1)
> > +#define BUG() do { \
> > + do {} while (1); \
> > + unreachable(); \
> > + } while (0)
> > #endif
>
> I'm a bit surprised that the compiler doesn't make that code after an
> infinite loop automatically be marked "unreachable". But at the same I
> can imagine the compiler doing some checks without doing real flow
> analysis, and doing "oh, that conditional branch is unconditional".
>
> So this patch at least makes sense to me and I have no objections to
> it, even if it makes me go "silly compiler, we shouldn't have to tell
> you this".
>
> So Ack from me on this.
I've tried to figure out what the compiler is trying to do here, and it's
still weird. When I saw the patch posted, I misread it as having just
unreachable() without the loop, and that would have been bad
because it triggers undefined behavior.
What I found is a minimal test case of
static int f(void)
{
do {} while (1);
}
to trigger the warning with any version of gcc (not clang), but none of
these other variations cause a warning:
// not static -> no warning!
int f(void)
{
do {} while (1);
}
// some return statement anywhere in the function, no warning
static int f(int i)
{
if (i)
return 0;
do {} while (1);
}
// annotated as never returning, as discussed in this thread
static int __attribute__((noreturn)) f(void)
{
do {} while (1);
}
// unreachable annotation, as suggested by Tom
static int f(void)
{
do {} while (1);
__builtin_unreachable();
}
The last three are obviously intentional, as the warning is only for functions
that can *never* return but lack an annotation. I have no idea why the warning
is only for static functions though.
All my randconfig builds for arm/arm64/x86 missed this problem since those
architectures have a custom BUG() implementation with an inline asm.
I've taken them out now and found only two other instances of the issue so far:
arbitrary_virt_to_machine() and ppc64 get_hugepd_cache_index(). My preference
would be to annotate these as __noreturn, but change to the asm-generic
BUG() is probably better.
Arnd
