* [PATCH v1 0/2] nolibc updates for Linux 5.20
@ 2022-05-19 17:21 Ammar Faizi
2022-05-19 17:21 ` [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions Ammar Faizi
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Ammar Faizi @ 2022-05-19 17:21 UTC (permalink / raw)
To: Paul E. McKenney, Willy Tarreau
Cc: Ammar Faizi, Alviro Iskandar Setiawan, Linux Kernel Mailing List,
GNU/Weeb Mailing List, Facebook Kernel Team
Hi Willy,
Hi Paul,
Not much to do this time. Only small nolibc updates here. There are two
patches in this series.
1. Address Willy's comment about overflow checking in the multiplication
operation [1]. This patch supports overflow checking for older
compiler versions. Currently, we use `__builtin_mul_overflow()` that
doesn't exist in older compiler versions. Instead of using this
built-in, use a simple division to check for overflow in the `calloc()`
function.
2. The compiler can warn us about wrong `printf` arguments. This patch
enables the warnings. Currently, only two functions use this attribute:
`printf` and `fprintf`.
Hopefully, I can send more updates for 5.21+.
Thank you!
Link: https://lore.kernel.org/lkml/[email protected] [1]
Signed-off-by: Alviro Iskandar Setiawan <[email protected]>
Signed-off-by: Ammar Faizi <[email protected]>
---
Alviro Iskandar Setiawan (1):
tools/nolibc/stdio: Add format attribute to enable printf warnings
Ammar Faizi (1):
tools/nolibc/stdlib: Support overflow checking for older compiler versions
tools/include/nolibc/stdio.h | 4 ++--
tools/include/nolibc/stdlib.h | 7 +++----
2 files changed, 5 insertions(+), 6 deletions(-)
base-commit: 9a9e459ed0e76710f1258b6c1d4c0316b52b4b08
prerequisite-patch-id: e4a9acdc12961f2d4c6bb99e4790b8ffa9d15174
prerequisite-patch-id: 5a618e6a72c7d2beef4ba2c2cf01dadfbaf9a996
prerequisite-patch-id: 1bcffd448f6984eee80d86560af19672cd4ae716
prerequisite-patch-id: 3e31c80bd4dd532e30b4bba76e5d98647e21184b
prerequisite-patch-id: 34e531967a67791d5b3c3e071527de7235715906
prerequisite-patch-id: 14105c6ae9dcc068ddf12a7c1bf431066199b813
prerequisite-patch-id: 4299173943ea579f538da00488fb1a7b1a690a79
prerequisite-patch-id: dd85164f2ec9eb8cea64ab801abac614f9d0c8f5
prerequisite-patch-id: 2c1b940635d1564e26b9959eb57cf9fa6983cb2f
--
Ammar Faizi
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions
2022-05-19 17:21 [PATCH v1 0/2] nolibc updates for Linux 5.20 Ammar Faizi
@ 2022-05-19 17:21 ` Ammar Faizi
2022-05-20 4:19 ` Willy Tarreau
2022-05-20 11:29 ` Alviro Iskandar Setiawan
2022-05-19 17:21 ` [PATCH v1 2/2] tools/nolibc/stdio: Add format attribute to enable printf warnings Ammar Faizi
2022-05-20 4:23 ` [PATCH v1 0/2] nolibc updates for Linux 5.20 Willy Tarreau
2 siblings, 2 replies; 8+ messages in thread
From: Ammar Faizi @ 2022-05-19 17:21 UTC (permalink / raw)
To: Paul E. McKenney, Willy Tarreau
Cc: Ammar Faizi, Alviro Iskandar Setiawan, Linux Kernel Mailing List,
GNU/Weeb Mailing List, Facebook Kernel Team
Previously, we used __builtin_mul_overflow() to check for overflow in
the multiplication operation in the calloc() function. However, older
compiler versions don't support this built-in. This patch changes the
overflow checking mechanism to make it work on any compiler version
by using a division method to check for overflow. No functional change
intended. While in there, remove the unused variable `void *orig`.
Link: https://lore.kernel.org/lkml/[email protected]
Suggested-by: Willy Tarreau <[email protected]>
Cc: Alviro Iskandar Setiawan <[email protected]>
Signed-off-by: Ammar Faizi <[email protected]>
---
tools/include/nolibc/stdlib.h | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/tools/include/nolibc/stdlib.h b/tools/include/nolibc/stdlib.h
index 8fd32eaf8037..92378c4b9660 100644
--- a/tools/include/nolibc/stdlib.h
+++ b/tools/include/nolibc/stdlib.h
@@ -128,10 +128,9 @@ void *malloc(size_t len)
static __attribute__((unused))
void *calloc(size_t size, size_t nmemb)
{
- void *orig;
- size_t res = 0;
+ size_t x = size * nmemb;
- if (__builtin_expect(__builtin_mul_overflow(nmemb, size, &res), 0)) {
+ if (__builtin_expect(size && ((x / size) != nmemb), 0)) {
SET_ERRNO(ENOMEM);
return NULL;
}
@@ -140,7 +139,7 @@ void *calloc(size_t size, size_t nmemb)
* No need to zero the heap, the MAP_ANONYMOUS in malloc()
* already does it.
*/
- return malloc(res);
+ return malloc(x);
}
static __attribute__((unused))
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 2/2] tools/nolibc/stdio: Add format attribute to enable printf warnings
2022-05-19 17:21 [PATCH v1 0/2] nolibc updates for Linux 5.20 Ammar Faizi
2022-05-19 17:21 ` [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions Ammar Faizi
@ 2022-05-19 17:21 ` Ammar Faizi
2022-05-20 4:21 ` Willy Tarreau
2022-05-20 4:23 ` [PATCH v1 0/2] nolibc updates for Linux 5.20 Willy Tarreau
2 siblings, 1 reply; 8+ messages in thread
From: Ammar Faizi @ 2022-05-19 17:21 UTC (permalink / raw)
To: Paul E. McKenney, Willy Tarreau
Cc: Alviro Iskandar Setiawan, Ammar Faizi, Linux Kernel Mailing List,
GNU/Weeb Mailing List, Facebook Kernel Team
From: Alviro Iskandar Setiawan <[email protected]>
When we use printf and fprintf functions from the nolibc, we don't
get any warning from the compiler if we have the wrong arguments.
For example, the following calls will compile silently:
```
printf("%s %s\n", "aaa");
fprintf(stdout, "%s %s\n", "xxx", 1);
```
(Note the wrong arguments).
Those calls are undefined behavior. The compiler can help us warn
about the above mistakes by adding a `printf` format attribute to
those functions declaration. This patch adds it, and now it yields
these warnings for those mistakes:
```
warning: format `%s` expects a matching `char *` argument [-Wformat=]
warning: format `%s` expects argument of type `char *`, but argument 4 has type `int` [-Wformat=]
```
[ ammarfaizi2: Simplify the attribute placement. ]
Signed-off-by: Alviro Iskandar Setiawan <[email protected]>
Signed-off-by: Ammar Faizi <[email protected]>
---
tools/include/nolibc/stdio.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/include/nolibc/stdio.h b/tools/include/nolibc/stdio.h
index 15dedf8d0902..a3cebc4bc3ac 100644
--- a/tools/include/nolibc/stdio.h
+++ b/tools/include/nolibc/stdio.h
@@ -273,7 +273,7 @@ int vfprintf(FILE *stream, const char *fmt, va_list args)
return written;
}
-static __attribute__((unused))
+static __attribute__((unused, format(printf, 2, 3)))
int fprintf(FILE *stream, const char *fmt, ...)
{
va_list args;
@@ -285,7 +285,7 @@ int fprintf(FILE *stream, const char *fmt, ...)
return ret;
}
-static __attribute__((unused))
+static __attribute__((unused, format(printf, 1, 2)))
int printf(const char *fmt, ...)
{
va_list args;
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions
2022-05-19 17:21 ` [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions Ammar Faizi
@ 2022-05-20 4:19 ` Willy Tarreau
2022-05-20 11:29 ` Alviro Iskandar Setiawan
1 sibling, 0 replies; 8+ messages in thread
From: Willy Tarreau @ 2022-05-20 4:19 UTC (permalink / raw)
To: Ammar Faizi
Cc: Paul E. McKenney, Alviro Iskandar Setiawan,
Linux Kernel Mailing List, GNU/Weeb Mailing List,
Facebook Kernel Team
Hi Ammar,
On Fri, May 20, 2022 at 12:21:15AM +0700, Ammar Faizi wrote:
> diff --git a/tools/include/nolibc/stdlib.h b/tools/include/nolibc/stdlib.h
> index 8fd32eaf8037..92378c4b9660 100644
> --- a/tools/include/nolibc/stdlib.h
> +++ b/tools/include/nolibc/stdlib.h
> @@ -128,10 +128,9 @@ void *malloc(size_t len)
> static __attribute__((unused))
> void *calloc(size_t size, size_t nmemb)
> {
> - void *orig;
> - size_t res = 0;
> + size_t x = size * nmemb;
>
> - if (__builtin_expect(__builtin_mul_overflow(nmemb, size, &res), 0)) {
> + if (__builtin_expect(size && ((x / size) != nmemb), 0)) {
Ah, that approach is even better than mine, I'm seeing that on x86 the
compiler simply checks the overflow flag after the multiply, that's
perfect!
Acked-by: Willy Tarreau <[email protected]>
Willy
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1 2/2] tools/nolibc/stdio: Add format attribute to enable printf warnings
2022-05-19 17:21 ` [PATCH v1 2/2] tools/nolibc/stdio: Add format attribute to enable printf warnings Ammar Faizi
@ 2022-05-20 4:21 ` Willy Tarreau
0 siblings, 0 replies; 8+ messages in thread
From: Willy Tarreau @ 2022-05-20 4:21 UTC (permalink / raw)
To: Ammar Faizi
Cc: Paul E. McKenney, Alviro Iskandar Setiawan,
Linux Kernel Mailing List, GNU/Weeb Mailing List,
Facebook Kernel Team
On Fri, May 20, 2022 at 12:21:16AM +0700, Ammar Faizi wrote:
> From: Alviro Iskandar Setiawan <[email protected]>
>
> When we use printf and fprintf functions from the nolibc, we don't
> get any warning from the compiler if we have the wrong arguments.
> For example, the following calls will compile silently:
> ```
> printf("%s %s\n", "aaa");
> fprintf(stdout, "%s %s\n", "xxx", 1);
> ```
> (Note the wrong arguments).
>
> Those calls are undefined behavior. The compiler can help us warn
> about the above mistakes by adding a `printf` format attribute to
> those functions declaration.
I'm shocked I forgot it, I use it all the time, I'm even seeing this
as a bug fix for the series I sent. Thanks for fixing this mistake of
mine!
Acked-by: Willy Tarreau <[email protected]>
Willy
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1 0/2] nolibc updates for Linux 5.20
2022-05-19 17:21 [PATCH v1 0/2] nolibc updates for Linux 5.20 Ammar Faizi
2022-05-19 17:21 ` [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions Ammar Faizi
2022-05-19 17:21 ` [PATCH v1 2/2] tools/nolibc/stdio: Add format attribute to enable printf warnings Ammar Faizi
@ 2022-05-20 4:23 ` Willy Tarreau
2 siblings, 0 replies; 8+ messages in thread
From: Willy Tarreau @ 2022-05-20 4:23 UTC (permalink / raw)
To: Paul E. McKenney
Cc: Ammar Faizi, Alviro Iskandar Setiawan, Linux Kernel Mailing List,
GNU/Weeb Mailing List, Facebook Kernel Team
On Fri, May 20, 2022 at 12:21:14AM +0700, Ammar Faizi wrote:
> Not much to do this time. Only small nolibc updates here. There are two
> patches in this series.
>
> 1. Address Willy's comment about overflow checking in the multiplication
> operation [1]. This patch supports overflow checking for older
> compiler versions. Currently, we use `__builtin_mul_overflow()` that
> doesn't exist in older compiler versions. Instead of using this
> built-in, use a simple division to check for overflow in the `calloc()`
> function.
>
> 2. The compiler can warn us about wrong `printf` arguments. This patch
> enables the warnings. Currently, only two functions use this attribute:
> `printf` and `fprintf`.
Paul, in summary I'm perfectly fine with the whole series, you can take it.
Thanks!
Willy
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions
2022-05-19 17:21 ` [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions Ammar Faizi
2022-05-20 4:19 ` Willy Tarreau
@ 2022-05-20 11:29 ` Alviro Iskandar Setiawan
2022-05-20 17:32 ` Paul E. McKenney
1 sibling, 1 reply; 8+ messages in thread
From: Alviro Iskandar Setiawan @ 2022-05-20 11:29 UTC (permalink / raw)
To: Ammar Faizi
Cc: Paul E. McKenney, Willy Tarreau, Linux Kernel Mailing List,
GNU/Weeb Mailing List, Facebook Kernel Team
On Fri, May 20, 2022 at 12:21 AM Ammar Faizi <[email protected]> wrote:
> Previously, we used __builtin_mul_overflow() to check for overflow in
> the multiplication operation in the calloc() function. However, older
> compiler versions don't support this built-in. This patch changes the
> overflow checking mechanism to make it work on any compiler version
> by using a division method to check for overflow. No functional change
> intended. While in there, remove the unused variable `void *orig`.
>
> Link: https://lore.kernel.org/lkml/[email protected]
> Suggested-by: Willy Tarreau <[email protected]>
> Cc: Alviro Iskandar Setiawan <[email protected]>
> Signed-off-by: Ammar Faizi <[email protected]>
Reviewed-by: Alviro Iskandar Setiawan <[email protected]>
tq
-- Viro
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions
2022-05-20 11:29 ` Alviro Iskandar Setiawan
@ 2022-05-20 17:32 ` Paul E. McKenney
0 siblings, 0 replies; 8+ messages in thread
From: Paul E. McKenney @ 2022-05-20 17:32 UTC (permalink / raw)
To: Alviro Iskandar Setiawan
Cc: Ammar Faizi, Willy Tarreau, Linux Kernel Mailing List,
GNU/Weeb Mailing List, Facebook Kernel Team
On Fri, May 20, 2022 at 06:29:56PM +0700, Alviro Iskandar Setiawan wrote:
> On Fri, May 20, 2022 at 12:21 AM Ammar Faizi <[email protected]> wrote:
> > Previously, we used __builtin_mul_overflow() to check for overflow in
> > the multiplication operation in the calloc() function. However, older
> > compiler versions don't support this built-in. This patch changes the
> > overflow checking mechanism to make it work on any compiler version
> > by using a division method to check for overflow. No functional change
> > intended. While in there, remove the unused variable `void *orig`.
> >
> > Link: https://lore.kernel.org/lkml/[email protected]
> > Suggested-by: Willy Tarreau <[email protected]>
> > Cc: Alviro Iskandar Setiawan <[email protected]>
> > Signed-off-by: Ammar Faizi <[email protected]>
>
> Reviewed-by: Alviro Iskandar Setiawan <[email protected]>
>
> tq
>
> -- Viro
I have queued both patches with yours and Willy Tarreau's reviews
and acks. Thank you all!
Thanx, Paul
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-05-20 17:32 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-19 17:21 [PATCH v1 0/2] nolibc updates for Linux 5.20 Ammar Faizi
2022-05-19 17:21 ` [PATCH v1 1/2] tools/nolibc/stdlib: Support overflow checking for older compiler versions Ammar Faizi
2022-05-20 4:19 ` Willy Tarreau
2022-05-20 11:29 ` Alviro Iskandar Setiawan
2022-05-20 17:32 ` Paul E. McKenney
2022-05-19 17:21 ` [PATCH v1 2/2] tools/nolibc/stdio: Add format attribute to enable printf warnings Ammar Faizi
2022-05-20 4:21 ` Willy Tarreau
2022-05-20 4:23 ` [PATCH v1 0/2] nolibc updates for Linux 5.20 Willy Tarreau
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox