Negative sized arrays wont create a compile-time error in some cases starting with gcc 4.4 (e.g., inlined functions), but gcc 4.3 introduced the error function attribute that will. This patch modifies BUILD_BUG_ON to behave like BUILD_BUG already does, using the error function attribute so that you don't have to build the entire kernel to discover that you have a problem, and then enjoy trying to track it down from a link-time error. Also, we are only including asm/bug.h and then expecting that linux/compiler.h will eventually be included to define __linktime_error (used in BUILD_BUG_ON). This patch includes it directly for clarity and to avoid the possibility of changes in <arch>/*/include/asm/bug.h being changed or not including linux/compiler.h for some reason. Signed-off-by: Daniel Santos <daniel.santos@xxxxxxxxx> Acked-by: Borislav Petkov <bp@xxxxxxxxx> --- include/linux/bug.h | 30 ++++++++++++++++++------------ 1 files changed, 18 insertions(+), 12 deletions(-) diff --git a/include/linux/bug.h b/include/linux/bug.h index 298a916..03259d7 100644 --- a/include/linux/bug.h +++ b/include/linux/bug.h @@ -2,6 +2,7 @@ #define _LINUX_BUG_H #include <asm/bug.h> +#include <linux/compiler.h> enum bug_trap_type { BUG_TRAP_TYPE_NONE = 0, @@ -42,24 +43,29 @@ struct pt_regs; * @condition: the condition which the compiler should know is false. * * If you have some code which relies on certain constants being equal, or - * other compile-time-evaluated condition, you should use BUILD_BUG_ON to + * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to * detect if someone changes it. * - * The implementation uses gcc's reluctance to create a negative array, but - * gcc (as of 4.4) only emits that error for obvious cases (eg. not arguments - * to inline functions). So as a fallback we use the optimizer; if it can't - * prove the condition is false, it will cause a link error on the undefined - * "__build_bug_on_failed". This error message can be harder to track down - * though, hence the two different methods. + * The implementation uses gcc's reluctance to create a negative array, but gcc + * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to + * inline functions). Luckily, in 4.3 they added the "error" function + * attribute just for this type of case. Thus, we use a negative sized array + * (should always create an error on gcc versions older than 4.4) and then call + * an undefined function with the error attribute (should always create an + * error on gcc 4.3 and later). If for some reason, neither creates a + * compile-time error, we'll still have a link-time error, which is harder to + * track down. */ #ifndef __OPTIMIZE__ #define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)])) #else -extern int __build_bug_on_failed; -#define BUILD_BUG_ON(condition) \ - do { \ - ((void)sizeof(char[1 - 2*!!(condition)])); \ - if (condition) __build_bug_on_failed = 1; \ +#define BUILD_BUG_ON(condition) \ + do { \ + extern void __build_bug_on_failed(void) \ + __compiletime_error("BUILD_BUG_ON failed"); \ + ((void)sizeof(char[1 - 2*!!(condition)])); \ + if (condition) \ + __build_bug_on_failed(); \ } while(0) #endif -- 1.7.3.4 -- To unsubscribe from this list: send the line "unsubscribe linux-sparse" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html