Message ID | 20200603233203.1695403-11-keescook@chromium.org (mailing list archive) |
---|---|
State | Not Applicable, archived |
Headers | show |
Series | Remove uninitialized_var() macro | expand |
On 2020-06-03 16:32, Kees Cook wrote: > Using uninitialized_var() is dangerous as it papers over real bugs[1] > (or can in the future), and suppresses unrelated compiler warnings > (e.g. "unused variable"). If the compiler thinks it is uninitialized, > either simply initialize the variable or make compiler changes. Thank you for having done this work! Reviewed-by: Bart van Assche <bvanassche@acm.org>
Hi Kees, On Thu, Jun 4, 2020 at 1:32 AM Kees Cook <keescook@chromium.org> wrote: > > Using uninitialized_var() is dangerous as it papers over real bugs[1] > (or can in the future), and suppresses unrelated compiler warnings > (e.g. "unused variable"). If the compiler thinks it is uninitialized, > either simply initialize the variable or make compiler changes. > > As recommended[2] by[3] Linus[4], remove the macro. > > [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ > [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ > [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ > [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ > > Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> > Signed-off-by: Kees Cook <keescook@chromium.org> > --- +1, one less trick split between `compiler*` files. Reviewed-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com> Cheers, Miguel
diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 790c0c6b8552..019f444b500b 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -5,8 +5,6 @@ /* Compiler specific definitions for Clang compiler */ -#define uninitialized_var(x) x = *(&(x)) - /* same as gcc, this was present in clang-2.6 so we can assume it works * with any version that can compile the kernel */ diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index d7ee4c6bad48..ac3e29ae32de 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -58,12 +58,6 @@ (typeof(ptr)) (__ptr + (off)); \ }) -/* - * A trick to suppress uninitialized variable warning without generating any - * code - */ -#define uninitialized_var(x) x = x - #ifdef CONFIG_RETPOLINE #define __noretpoline __attribute__((__indirect_branch__("keep"))) #endif diff --git a/tools/include/linux/compiler.h b/tools/include/linux/compiler.h index 180f7714a5f1..29cbb73f2ae0 100644 --- a/tools/include/linux/compiler.h +++ b/tools/include/linux/compiler.h @@ -108,8 +108,6 @@ # define noinline #endif -#define uninitialized_var(x) x = *(&(x)) - #include <linux/types.h> /* diff --git a/tools/virtio/linux/kernel.h b/tools/virtio/linux/kernel.h index 6683b4a70b05..1e14ab967c11 100644 --- a/tools/virtio/linux/kernel.h +++ b/tools/virtio/linux/kernel.h @@ -109,8 +109,6 @@ static inline void free_page(unsigned long addr) const typeof( ((type *)0)->member ) *__mptr = (ptr); \ (type *)( (char *)__mptr - offsetof(type,member) );}) -#define uninitialized_var(x) x = x - # ifndef likely # define likely(x) (__builtin_expect(!!(x), 1)) # endif
Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. As recommended[2] by[3] Linus[4], remove the macro. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> --- include/linux/compiler-clang.h | 2 -- include/linux/compiler-gcc.h | 6 ------ tools/include/linux/compiler.h | 2 -- tools/virtio/linux/kernel.h | 2 -- 4 files changed, 12 deletions(-)