diff mbox series

[v3,2/3] build_bug.h: remove negative-array fallback for BUILD_BUG_ON()

Message ID 1542623503-3755-2-git-send-email-yamada.masahiro@socionext.com
State Superseded
Headers show
Series [v3,1/3] compiler_types.h: make __builtin_types_compatible_p() noop for Sparse | expand

Commit Message

Masahiro Yamada Nov. 19, 2018, 10:31 a.m. UTC
The kernel can only be compiled with an optimization option (-O2, -Os,
or the currently proposed -Og). Hence, __OPTIMIZE__ is always defined
in the kernel source.

The fallback for the -O0 case is just hypothetical and pointless.
Moreover, commit 0bb95f80a38f ("Makefile: Globally enable VLA warning")
enabled -Wvla warning. The use of variable length arrays is banned.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Acked-by: Kees Cook <keescook@chromium.org>

---

Changes in v3: None
Changes in v2: None

 include/linux/build_bug.h | 14 --------------
 1 file changed, 14 deletions(-)

-- 
2.7.4

Comments

Nick Desaulniers Nov. 19, 2018, 6:10 p.m. UTC | #1
On Mon, Nov 19, 2018 at 2:32 AM Masahiro Yamada
<yamada.masahiro@socionext.com> wrote:
>

> The kernel can only be compiled with an optimization option (-O2, -Os,

> or the currently proposed -Og). Hence, __OPTIMIZE__ is always defined

> in the kernel source.

>

> The fallback for the -O0 case is just hypothetical and pointless.

> Moreover, commit 0bb95f80a38f ("Makefile: Globally enable VLA warning")

> enabled -Wvla warning. The use of variable length arrays is banned.

>

> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

> Acked-by: Kees Cook <keescook@chromium.org>

> ---

>

> Changes in v3: None

> Changes in v2: None

>

>  include/linux/build_bug.h | 14 --------------

>  1 file changed, 14 deletions(-)

>

> diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h

> index 43d1fd5..d415c64 100644

> --- a/include/linux/build_bug.h

> +++ b/include/linux/build_bug.h

> @@ -51,23 +51,9 @@

>   * If you have some code which relies on certain constants being equal, or

>   * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to

>   * detect if someone changes it.

> - *

> - * The implementation uses gcc's reluctance to create a negative array, but gcc

> - * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to

> - * inline functions).  Luckily, in 4.3 they added the "error" function

> - * attribute just for this type of case.  Thus, we use a negative sized array

> - * (should always create an error on gcc versions older than 4.4) and then call

> - * an undefined function with the error attribute (should always create an

> - * error on gcc 4.3 and later).  If for some reason, neither creates a

> - * compile-time error, we'll still have a link-time error, which is harder to

> - * track down.

>   */

> -#ifndef __OPTIMIZE__

> -#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))

> -#else

>  #define BUILD_BUG_ON(condition) \

>         BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)

> -#endif

>

>  /**

>   * BUILD_BUG - break compile if used.

> --

> 2.7.4

>


Yep seems fine.
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

Tested an arm64 defconfig with Clang + this patch. Then tested again
with a `BUILD_BUG_ON(4 != 5)` to verify this still breaks the build.
Tested-by: Nick Desaulniers <ndesaulniers@google.com>


-- 
Thanks,
~Nick Desaulniers
diff mbox series

Patch

diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
index 43d1fd5..d415c64 100644
--- a/include/linux/build_bug.h
+++ b/include/linux/build_bug.h
@@ -51,23 +51,9 @@ 
  * If you have some code which relies on certain constants being equal, or
  * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to
  * detect if someone changes it.
- *
- * The implementation uses gcc's reluctance to create a negative array, but gcc
- * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to
- * inline functions).  Luckily, in 4.3 they added the "error" function
- * attribute just for this type of case.  Thus, we use a negative sized array
- * (should always create an error on gcc versions older than 4.4) and then call
- * an undefined function with the error attribute (should always create an
- * error on gcc 4.3 and later).  If for some reason, neither creates a
- * compile-time error, we'll still have a link-time error, which is harder to
- * track down.
  */
-#ifndef __OPTIMIZE__
-#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
-#else
 #define BUILD_BUG_ON(condition) \
 	BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
-#endif
 
 /**
  * BUILD_BUG - break compile if used.