Re: [PATCH v2 2/2] hugetlb: Provide safer dummy values for HPAGE_MASK and HPAGE_SIZE

Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> · Thu, 17 Nov 2011 15:28:41 -0800

On Thu, 17 Nov 2011 13:57:30 -0800
David Daney <ddaney.cavm@xxxxxxxxx> wrote:

> From: David Daney <david.daney@xxxxxxxxxx>
> 
> It was pointed out by David Rientjes that the dummy values for
> HPAGE_MASK and HPAGE_SIZE are quite unsafe.  It they are inadvertently
> used with !CONFIG_HUGETLB_PAGE, compilation would succeed, but the
> resulting code would surly not do anything sensible.
> 
> Place BUG() in the these dummy definitions, as we do in similar
> circumstances in other places, so any abuse can be easily detected.
> 
> Since the only sane place to use these symbols when
> !CONFIG_HUGETLB_PAGE is on dead code paths, the BUG() cause any actual
> code to be emitted by the compiler.

I assume you meant "omitted" here.

But I don't think it's true.  Any such code would occur after testing
is_vm_hugetlb_page() or similar, and would have been omitted anyway.

> --- a/include/linux/hugetlb.h
> +++ b/include/linux/hugetlb.h
> @@ -111,8 +111,9 @@ static inline void copy_huge_page(struct page *dst, struct page *src)
>  #define hugetlb_change_protection(vma, address, end, newprot)
>  
>  #ifndef HPAGE_MASK
> -#define HPAGE_MASK	PAGE_MASK		/* Keep the compiler happy */
> -#define HPAGE_SIZE	PAGE_SIZE
> +/* Keep the compiler happy with some dummy (but BUGgy) values */

That's a quite poor comment.  This?

--- a/include/linux/hugetlb.h~hugetlb-provide-safer-dummy-values-for-hpage_mask-and-hpage_size-fix
+++ a/include/linux/hugetlb.h
@@ -111,7 +111,11 @@ static inline void copy_huge_page(struct
 #define hugetlb_change_protection(vma, address, end, newprot)
 
 #ifndef HPAGE_MASK
-/* Keep the compiler happy with some dummy (but BUGgy) values */
+/*
+ * HPAGE_MASK and friends are defined if !CONFIG_HUGETLB_PAGE as an
+ * ifdef-avoiding convenience.  However they should never be evaluated at
+ * runtime if !CONFIG_HUGETLB_PAGE.
+ */
 #define HPAGE_MASK	({BUG(); 0; })
 #define HPAGE_SIZE	({BUG(); 0; })
 #define HPAGE_SHIFT	({BUG(); 0; })
_

> +#define HPAGE_MASK	({BUG(); 0; })
> +#define HPAGE_SIZE	({BUG(); 0; })
>  #define HPAGE_SHIFT	({BUG(); 0; })

This change means that HPAGE_* cannot be evaluated at compile time.  So

int foo = HPAGE_SIZE;

outside functions will explode.  I guess that's OK - actually desirable
- as such code shouldn't have been compiled anyway.









