The patch titled
Subject: kbuild: treat char as always unsigned
has been added to the -mm mm-nonmm-unstable branch. Its filename is
kbuild-treat-char-as-always-unsigned.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/kbuild-treat-char-as-always-unsigned.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Subject: kbuild: treat char as always unsigned
Date: Wed, 19 Oct 2022 14:30:34 -0600
Recently, some compile-time checking I added to the clamp_t family of
functions triggered a build error when a poorly written driver was
compiled on ARM, because the driver assumed that the naked `char` type is
signed, but ARM treats it as unsigned, and the C standard says it's
architecture-dependent.
I doubt this particular driver is the only instance in which unsuspecting
authors make assumptions about `char` with no `signed` or `unsigned`
specifier. We were lucky enough this time that that driver used
`clamp_t(char, negative_value, positive_value)`, so the new checking code
found it, and I've sent a patch to fix it, but there are likely other
places lurking that won't be so easily unearthed.
So let's just eliminate this particular variety of heisensign bugs
entirely. Set `-funsigned-char` globally, so that gcc makes the type
unsigned on all architectures.
This will break things in some places and fix things in others, so this
will likely cause a bit of churn while reconciling the type misuse.
Link: https://lkml.kernel.org/r/20221019203034.3795710-1-Jason@xxxxxxxxx
Link: https://lore.kernel.org/lkml/202210190108.ESC3pc3D-lkp@xxxxxxxxx/
Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
Cc: Masahiro Yamada <masahiroy@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Makefile~kbuild-treat-char-as-always-unsigned
+++ a/Makefile
@@ -562,7 +562,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-P
KBUILD_CFLAGS := -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs \
-fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE \
-Werror=implicit-function-declaration -Werror=implicit-int \
- -Werror=return-type -Wno-format-security \
+ -Werror=return-type -Wno-format-security -funsigned-char \
-std=gnu11
KBUILD_CPPFLAGS := -D__KERNEL__
KBUILD_RUSTFLAGS := $(rust_common_flags) \
_
Patches currently in -mm which might be from Jason@xxxxxxxxx are
wifi-rt2x00-use-explicitly-signed-type-for-clamping.patch
minmax-sanity-check-constant-bounds-when-clamping.patch
minmax-clamp-more-efficiently-by-avoiding-extra-comparison.patch
kbuild-treat-char-as-always-unsigned.patch
