Re: [PATCH v2] kbuild: treat char as always unsigned
Thread information
[Search the linux-kernel archive]
[PATCH] kbuild: treat char as always signed Jason A. Donenfeld ` Segher Boessenkool ` Linus Torvalds ` Linus Torvalds ` Nick Desaulniers ` Linus Torvalds ` Andy Shevchenko ` Linus Torvalds ` Segher Boessenkool ` Linus Torvalds ` Nick Desaulniers ` Linus Torvalds ` Kees Cook ` Linus Torvalds ` Jason A. Donenfeld ` Linus Torvalds ` Jason A. Donenfeld ` Segher Boessenkool ` David Laight ` Segher Boessenkool ` Gabriel Paubert ` Linus Torvalds ` Gabriel Paubert ` Linus Torvalds ` Gabriel Paubert ` Kees Cook ` Jason A. Donenfeld ` Kees Cook ` Linus Torvalds ` Jason A. Donenfeld ` [PATCH v2] kbuild: treat char as always unsigned Jason A. Donenfeld ` Linus Torvalds ` Jason A. Donenfeld ` Linus Torvalds ` Jason A. Donenfeld ` Kees Cook ` Jason A. Donenfeld ` Segher Boessenkool ` Dan Carpenter ` Dan Carpenter ` Jason A. Donenfeld ` Linus Torvalds ` Jason A. Donenfeld ` Kalle Valo ` David Laight ` Jason A. Donenfeld [this message] ` Guenter Roeck ` Geert Uytterhoeven ` Guenter Roeck ` Rasmus Villemoes ` Guenter Roeck ` Linus Torvalds ` Guenter Roeck ` Linus Torvalds ` Linus Torvalds ` Guenter Roeck ` Geert Uytterhoeven ` David Laight ` Geert Uytterhoeven ` David Laight ` David Laight ` Geert Uytterhoeven ` Andreas Schwab ` Geert Uytterhoeven ` [PATCH] kbuild: treat char as always signed David Laight ` make ctype ascii only? (was [PATCH] kbuild: treat char as always signed) Rasmus Villemoes ` Linus Torvalds ` Rasmus Villemoes ` Linus Torvalds ` [PATCH] kbuild: treat char as always signed kernel test robot ` Jason A. Donenfeld
| From: | "Jason A. Donenfeld" <Jason-AT-zx2c4.com> | |
| To: | Dan Carpenter <dan.carpenter-AT-oracle.com> | |
| Subject: | Re: [PATCH v2] kbuild: treat char as always unsigned | |
| Date: | Mon, 24 Oct 2022 17:17:47 +0200 | |
| Message-ID: | <[email protected]> | |
| Cc: | linux-kernel-AT-vger.kernel.org, linux-kbuild-AT-vger.kernel.org, linux-arch-AT-vger.kernel.org, linux-toolchains-AT-vger.kernel.org, Masahiro Yamada <masahiroy-AT-kernel.org>, Kees Cook <keescook-AT-chromium.org>, Andrew Morton <akpm-AT-linux-foundation.org>, Linus Torvalds <torvalds-AT-linux-foundation.org>, Andy Shevchenko <andriy.shevchenko-AT-linux.intel.com>, Greg Kroah-Hartman <gregkh-AT-linuxfoundation.org> |
On Mon, Oct 24, 2022 at 12:24:24PM +0300, Dan Carpenter wrote: > On Wed, Oct 19, 2022 at 02:30:34PM -0600, Jason A. Donenfeld wrote: > > Recently, some compile-time checking I added to the clamp_t family of > > functions triggered a build error when a poorly written driver was > > compiled on ARM, because the driver assumed that the naked `char` type > > is signed, but ARM treats it as unsigned, and the C standard says it's > > architecture-dependent. > > > > I doubt this particular driver is the only instance in which > > unsuspecting authors make assumptions about `char` with no `signed` or > > `unsigned` specifier. We were lucky enough this time that that driver > > used `clamp_t(char, negative_value, positive_value)`, so the new > > checking code found it, and I've sent a patch to fix it, but there are > > likely other places lurking that won't be so easily unearthed. > > > > So let's just eliminate this particular variety of heisensign bugs > > entirely. Set `-funsigned-char` globally, so that gcc makes the type > > unsigned on all architectures. > > > > This will break things in some places and fix things in others, so this > > will likely cause a bit of churn while reconciling the type misuse. > > > > This is a very daring change and obviously is going to introduce bugs. > It might be better to create a static checker rule that says "char" > without explicit signedness can only be used for strings. Indeed this would be great. > > arch/parisc/kernel/drivers.c:337 print_hwpath() warn: impossible condition '(path->bc[i] == -1) => (0-255 == (-1))' > arch/parisc/kernel/drivers.c:410 setup_bus_id() warn: impossible condition '(path.bc[i] == -1) => (0-255 == (-1))' > arch/parisc/kernel/drivers.c:486 create_parisc_device() warn: impossible condition '(modpath->bc[i] == -1) => (0-255 == (-1))' > arch/parisc/kernel/drivers.c:759 hwpath_to_device() warn: impossible condition '(modpath->bc[i] == -1) => (0-255 == (-1))' > drivers/media/dvb-frontends/stv0288.c:471 stv0288_set_frontend() warn: assigning (-9) to unsigned variable 'tm' > drivers/media/dvb-frontends/stv0288.c:471 stv0288_set_frontend() warn: we never enter this loop > drivers/misc/sgi-gru/grumain.c:711 gru_check_chiplet_assignment() warn: 'gts->ts_user_chiplet_id' is unsigned > drivers/net/wireless/cisco/airo.c:5316 proc_wepkey_on_close() warn: assigning (-16) to unsigned variable 'key[i / 3]' > drivers/net/wireless/ralink/rt2x00/rt2800lib.c:9415 rt2800_iq_search() warn: assigning (-32) to unsigned variable 'idx0' > drivers/net/wireless/ralink/rt2x00/rt2800lib.c:9470 rt2800_iq_search() warn: assigning (-32) to unsigned variable 'perr' > drivers/video/fbdev/sis/init301.c:3549 SiS_GetCRT2Data301() warn: 'SiS_Pr->SiS_EModeIDTable[ModeIdIndex]->ROMMODEIDX661' is unsigned > sound/pci/au88x0/au88x0_core.c:2029 vortex_adb_checkinout() warn: signedness bug returning '(-22)' > sound/pci/au88x0/au88x0_core.c:2046 vortex_adb_checkinout() warn: signedness bug returning '(-12)' > sound/pci/au88x0/au88x0_core.c:2125 vortex_adb_allocroute() warn: 'vortex_adb_checkinout(vortex, (0), en, 0)' is unsigned > sound/pci/au88x0/au88x0_core.c:2170 vortex_adb_allocroute() warn: 'vortex_adb_checkinout(vortex, stream->resources, en, 4)' is unsigned > sound/pci/rme9652/hdsp.c:3953 hdsp_channel_buffer_location() warn: 'hdsp->channel_map[channel]' is unsigned > sound/pci/rme9652/rme9652.c:1833 rme9652_channel_buffer_location() warn: 'rme9652->channel_map[channel]' is unsigned Thanks. I'll fix these up. Jason