+ linux-bitsh-add-compile-time-sanity-check-of-genmask-inputs.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled
     Subject: linux/bits.h: add compile time sanity check of GENMASK inputs
has been added to the -mm tree.  Its filename is
     linux-bitsh-add-compile-time-sanity-check-of-genmask-inputs.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/linux-bitsh-add-compile-time-sanity-check-of-genmask-inputs.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/linux-bitsh-add-compile-time-sanity-check-of-genmask-inputs.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Rikard Falkeborn <rikard.falkeborn@xxxxxxxxx>
Subject: linux/bits.h: add compile time sanity check of GENMASK inputs

GENMASK() and GENMASK_ULL() are supposed to be called with the high bit as
the first argument and the low bit as the second argument.  Mixing them
will return a mask with zero bits set.

Recent commits show getting this wrong is not uncommon, see e.g.  commit
aa4c0c9091b0 ("net: stmmac: Fix misuses of GENMASK macro") and commit
9bdd7bb3a844 ("clocksource/drivers/npcm: Fix misuse of GENMASK macro").

To prevent such mistakes from appearing again, add compile time sanity
checking to the arguments of GENMASK() and GENMASK_ULL().  If both the
arguments are known at compile time, and the low bit is higher than the
high bit, break the build to detect the mistake immediately.

Since GENMASK() is used in declarations, BUILD_BUG_ON_ZERO() must be used
instead of BUILD_BUG_ON(), and __is_constexpr() must be used instead of
__builtin_constant_p().

If successful, BUILD_BUG_OR_ZERO() returns 0 of type size_t.  To avoid
problems with implicit conversions, cast the result of BUILD_BUG_OR_ZERO
to unsigned long.

Since both BUILD_BUG_ON_ZERO() and __is_constexpr() only uses sizeof() on
the arguments passed to them, neither of them evaluate the expression
unless it is a VLA.  Therefore, GENMASK(1, x++) still behaves as expected.

Commit 95b980d62d52 ("linux/bits.h: make BIT(), GENMASK(), and friends
available in assembly") made the macros in linux/bits.h available in
assembly.  Since neither BUILD_BUG_OR_ZERO() or __is_constexpr() are asm
compatible, disable the checks if the file is included in an asm file.

Link: http://lkml.kernel.org/r/20190801230358.4193-2-rikard.falkeborn@xxxxxxxxx
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@xxxxxxxxx>
Cc: https://lore.kernel.org/r/20190729143109.18683-1-johannes@xxxxxxxxxxxxxxxx
Cc: Joe Perches <joe@xxxxxxxxxxx>
Cc: linux-kernel@xxxxxxxxxxxxxxx
Cc: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 include/linux/bits.h |   22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

--- a/include/linux/bits.h~linux-bitsh-add-compile-time-sanity-check-of-genmask-inputs
+++ a/include/linux/bits.h
@@ -18,12 +18,30 @@
  * position @high. For example
  * GENMASK_ULL(39, 21) gives us the 64bit vector 0x000000ffffe00000.
  */
-#define GENMASK(high, low) \
+#ifndef __ASSEMBLY__
+#include <linux/build_bug.h>
+#define GENMASK_INPUT_CHECK(high, low) \
+	((unsigned long)BUILD_BUG_ON_ZERO(__builtin_choose_expr( \
+		__is_constexpr(high) && __is_constexpr(low), \
+		(low) > (high), UL(0))))
+#else
+/*
+ * BUILD_BUG_ON_ZERO and __is_constexpr() are not available in h files
+ * included from asm files, disable the input check if that is the case.
+ */
+#define GENMASK_INPUT_CHECK(high, low) UL(0)
+#endif
+
+#define __GENMASK(high, low) \
 	(((~UL(0)) - (UL(1) << (low)) + 1) & \
 	 (~UL(0) >> (BITS_PER_LONG - 1 - (high))))
+#define GENMASK(high, low) \
+	(GENMASK_INPUT_CHECK(high, low) + __GENMASK(high, low))
 
-#define GENMASK_ULL(high, low) \
+#define __GENMASK_ULL(high, low) \
 	(((~ULL(0)) - (ULL(1) << (low)) + 1) & \
 	 (~ULL(0) >> (BITS_PER_LONG_LONG - 1 - (high))))
+#define GENMASK_ULL(high, low) \
+	(GENMASK_INPUT_CHECK(high, low) + __GENMASK_ULL(high, low))
 
 #endif	/* __LINUX_BITS_H */
_

Patches currently in -mm which might be from rikard.falkeborn@xxxxxxxxx are

linux-bitsh-clarify-macro-argument-names.patch
linux-bitsh-add-compile-time-sanity-check-of-genmask-inputs.patch
[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux