| Message ID | 20240129185427.2952727-2-rjones@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [[repost] ] block/blkio: Don't assume size_t is 64 bit | expand |
On Mon, Jan 29, 2024 at 06:53:55PM +0000, Richard W.M. Jones wrote: > With GCC 14 the code failed to compile on i686 (and was wrong for any > version of GCC): > > ../block/blkio.c: In function ‘blkio_file_open’: > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > 857 | &s->mem_region_alignment); > | ^~~~~~~~~~~~~~~~~~~~~~~~ > | | > | size_t * {aka unsigned int *} > In file included from ../block/blkio.c:12: > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > | ~~~~~~~~~~^~~~~ I wish gcc could point this out even when compiling on a 64-bit platform where size_t and uint64_t happen to share the same type, by reasoning about the underlying typedefs being different. But that's a bigger task for gcc, and not one for this group. > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > --- > block/blkio.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) Reviewed-by: Eric Blake <eblake@redhat.com>
Am 29.01.2024 um 19:53 hat Richard W.M. Jones geschrieben: > With GCC 14 the code failed to compile on i686 (and was wrong for any > version of GCC): > > ../block/blkio.c: In function ‘blkio_file_open’: > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > 857 | &s->mem_region_alignment); > | ^~~~~~~~~~~~~~~~~~~~~~~~ > | | > | size_t * {aka unsigned int *} > In file included from ../block/blkio.c:12: > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > | ~~~~~~~~~~^~~~~ > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Why not simply make BDRVBlkioState.mem_region_alignment a uint64_t instead of keeping it size_t and doing an additional conversion with a check that requires an #if (probably to avoid a warning on 64 bit hosts because the condition is never true)? Kevin > block/blkio.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/block/blkio.c b/block/blkio.c > index 0a0a6c0f5fd..52d78935147 100644 > --- a/block/blkio.c > +++ b/block/blkio.c > @@ -794,6 +794,7 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, > const char *blkio_driver = bs->drv->protocol_name; > BDRVBlkioState *s = bs->opaque; > int ret; > + uint64_t val; > > ret = blkio_create(blkio_driver, &s->blkio); > if (ret < 0) { > @@ -854,7 +855,7 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, > > ret = blkio_get_uint64(s->blkio, > "mem-region-alignment", > - &s->mem_region_alignment); > + &val); > if (ret < 0) { > error_setg_errno(errp, -ret, > "failed to get mem-region-alignment: %s", > @@ -862,6 +863,15 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, > blkio_destroy(&s->blkio); > return ret; > } > +#if HOST_LONG_BITS == 32 > + if (val > SIZE_MAX) { > + error_setg_errno(errp, ERANGE, > + "mem-region-alignment too large for size_t"); > + blkio_destroy(&s->blkio); > + return -ERANGE; > + } > +#endif > + s->mem_region_alignment = (size_t)val; > > ret = blkio_get_bool(s->blkio, > "may-pin-mem-regions", > -- > 2.43.0 >
On Tue, Jan 30, 2024 at 09:51:59AM +0100, Kevin Wolf wrote: > Am 29.01.2024 um 19:53 hat Richard W.M. Jones geschrieben: > > With GCC 14 the code failed to compile on i686 (and was wrong for any > > version of GCC): > > > > ../block/blkio.c: In function ‘blkio_file_open’: > > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > > 857 | &s->mem_region_alignment); > > | ^~~~~~~~~~~~~~~~~~~~~~~~ > > | | > > | size_t * {aka unsigned int *} > > In file included from ../block/blkio.c:12: > > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > > | ~~~~~~~~~~^~~~~ > > > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > > Why not simply make BDRVBlkioState.mem_region_alignment a uint64_t > instead of keeping it size_t and doing an additional conversion with > a check that requires an #if (probably to avoid a warning on 64 bit > hosts because the condition is never true)? The smaller change (attached) does work on i686, but this worries me a little (although it doesn't give any error or warning): if (((uintptr_t)host | size) % s->mem_region_alignment) { error_setg(errp, "unaligned buf %p with size %zu", host, size); return BMRR_FAIL; } Rich. > Kevin > > > block/blkio.c | 12 +++++++++++- > > 1 file changed, 11 insertions(+), 1 deletion(-) > > > > diff --git a/block/blkio.c b/block/blkio.c > > index 0a0a6c0f5fd..52d78935147 100644 > > --- a/block/blkio.c > > +++ b/block/blkio.c > > @@ -794,6 +794,7 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, > > const char *blkio_driver = bs->drv->protocol_name; > > BDRVBlkioState *s = bs->opaque; > > int ret; > > + uint64_t val; > > > > ret = blkio_create(blkio_driver, &s->blkio); > > if (ret < 0) { > > @@ -854,7 +855,7 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, > > > > ret = blkio_get_uint64(s->blkio, > > "mem-region-alignment", > > - &s->mem_region_alignment); > > + &val); > > if (ret < 0) { > > error_setg_errno(errp, -ret, > > "failed to get mem-region-alignment: %s", > > @@ -862,6 +863,15 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, > > blkio_destroy(&s->blkio); > > return ret; > > } > > +#if HOST_LONG_BITS == 32 > > + if (val > SIZE_MAX) { > > + error_setg_errno(errp, ERANGE, > > + "mem-region-alignment too large for size_t"); > > + blkio_destroy(&s->blkio); > > + return -ERANGE; > > + } > > +#endif > > + s->mem_region_alignment = (size_t)val; > > > > ret = blkio_get_bool(s->blkio, > > "may-pin-mem-regions", > > -- > > 2.43.0 > >
Am 30.01.2024 um 11:30 hat Richard W.M. Jones geschrieben: > On Tue, Jan 30, 2024 at 09:51:59AM +0100, Kevin Wolf wrote: > > Am 29.01.2024 um 19:53 hat Richard W.M. Jones geschrieben: > > > With GCC 14 the code failed to compile on i686 (and was wrong for any > > > version of GCC): > > > > > > ../block/blkio.c: In function ‘blkio_file_open’: > > > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > > > 857 | &s->mem_region_alignment); > > > | ^~~~~~~~~~~~~~~~~~~~~~~~ > > > | | > > > | size_t * {aka unsigned int *} > > > In file included from ../block/blkio.c:12: > > > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > > > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > > > | ~~~~~~~~~~^~~~~ > > > > > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > > > > Why not simply make BDRVBlkioState.mem_region_alignment a uint64_t > > instead of keeping it size_t and doing an additional conversion with > > a check that requires an #if (probably to avoid a warning on 64 bit > > hosts because the condition is never true)? > > The smaller change (attached) does work on i686, but this worries me a > little (although it doesn't give any error or warning): > > if (((uintptr_t)host | size) % s->mem_region_alignment) { > error_setg(errp, "unaligned buf %p with size %zu", host, size); > return BMRR_FAIL; > } I don't see the problem? The calculation will now be done in 64 bits even on a 32 bit host, but that seems fine to me. Is there a trap I'm missing? Kevin > From 500f3a81652dcefa79a4864c1f3fa6747c16952e Mon Sep 17 00:00:00 2001 > From: "Richard W.M. Jones" <rjones@redhat.com> > Date: Mon, 29 Jan 2024 18:20:46 +0000 > Subject: [PATCH] block/blkio: Make s->mem_region_alignment be 64 bits > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > With GCC 14 the code failed to compile on i686 (and was wrong for any > version of GCC): > > ../block/blkio.c: In function ‘blkio_file_open’: > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > 857 | &s->mem_region_alignment); > | ^~~~~~~~~~~~~~~~~~~~~~~~ > | | > | size_t * {aka unsigned int *} > In file included from ../block/blkio.c:12: > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > | ~~~~~~~~~~^~~~~ > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > --- > block/blkio.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/block/blkio.c b/block/blkio.c > index 0a0a6c0f5fd..bc2f21784c7 100644 > --- a/block/blkio.c > +++ b/block/blkio.c > @@ -68,7 +68,7 @@ typedef struct { > CoQueue bounce_available; > > /* The value of the "mem-region-alignment" property */ > - size_t mem_region_alignment; > + uint64_t mem_region_alignment; > > /* Can we skip adding/deleting blkio_mem_regions? */ > bool needs_mem_regions; > -- > 2.43.0 >
On Tue, Jan 30, 2024 at 01:04:46PM +0100, Kevin Wolf wrote: > Am 30.01.2024 um 11:30 hat Richard W.M. Jones geschrieben: > > On Tue, Jan 30, 2024 at 09:51:59AM +0100, Kevin Wolf wrote: > > > Am 29.01.2024 um 19:53 hat Richard W.M. Jones geschrieben: > > > > With GCC 14 the code failed to compile on i686 (and was wrong for any > > > > version of GCC): > > > > > > > > ../block/blkio.c: In function ‘blkio_file_open’: > > > > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > > > > 857 | &s->mem_region_alignment); > > > > | ^~~~~~~~~~~~~~~~~~~~~~~~ > > > > | | > > > > | size_t * {aka unsigned int *} > > > > In file included from ../block/blkio.c:12: > > > > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > > > > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > > > > | ~~~~~~~~~~^~~~~ > > > > > > > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > > > > > > Why not simply make BDRVBlkioState.mem_region_alignment a uint64_t > > > instead of keeping it size_t and doing an additional conversion with > > > a check that requires an #if (probably to avoid a warning on 64 bit > > > hosts because the condition is never true)? > > > > The smaller change (attached) does work on i686, but this worries me a > > little (although it doesn't give any error or warning): > > > > if (((uintptr_t)host | size) % s->mem_region_alignment) { > > error_setg(errp, "unaligned buf %p with size %zu", host, size); > > return BMRR_FAIL; > > } > > I don't see the problem? The calculation will now be done in 64 bits > even on a 32 bit host, but that seems fine to me. Is there a trap I'm > missing? I guess not. Stefan, any comments on whether we need to worry about huge mem-region-alignment? I'll post the updated patch as a new message in a second. Rich. > Kevin > > > From 500f3a81652dcefa79a4864c1f3fa6747c16952e Mon Sep 17 00:00:00 2001 > > From: "Richard W.M. Jones" <rjones@redhat.com> > > Date: Mon, 29 Jan 2024 18:20:46 +0000 > > Subject: [PATCH] block/blkio: Make s->mem_region_alignment be 64 bits > > MIME-Version: 1.0 > > Content-Type: text/plain; charset=UTF-8 > > Content-Transfer-Encoding: 8bit > > > > With GCC 14 the code failed to compile on i686 (and was wrong for any > > version of GCC): > > > > ../block/blkio.c: In function ‘blkio_file_open’: > > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > > 857 | &s->mem_region_alignment); > > | ^~~~~~~~~~~~~~~~~~~~~~~~ > > | | > > | size_t * {aka unsigned int *} > > In file included from ../block/blkio.c:12: > > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > > | ~~~~~~~~~~^~~~~ > > > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > > --- > > block/blkio.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/block/blkio.c b/block/blkio.c > > index 0a0a6c0f5fd..bc2f21784c7 100644 > > --- a/block/blkio.c > > +++ b/block/blkio.c > > @@ -68,7 +68,7 @@ typedef struct { > > CoQueue bounce_available; > > > > /* The value of the "mem-region-alignment" property */ > > - size_t mem_region_alignment; > > + uint64_t mem_region_alignment; > > > > /* Can we skip adding/deleting blkio_mem_regions? */ > > bool needs_mem_regions; > > -- > > 2.43.0 > >
On Tue, Jan 30, 2024 at 12:19:37PM +0000, Richard W.M. Jones wrote: > On Tue, Jan 30, 2024 at 01:04:46PM +0100, Kevin Wolf wrote: > > Am 30.01.2024 um 11:30 hat Richard W.M. Jones geschrieben: > > > On Tue, Jan 30, 2024 at 09:51:59AM +0100, Kevin Wolf wrote: > > > > Am 29.01.2024 um 19:53 hat Richard W.M. Jones geschrieben: > > > > > With GCC 14 the code failed to compile on i686 (and was wrong for any > > > > > version of GCC): > > > > > > > > > > ../block/blkio.c: In function ‘blkio_file_open’: > > > > > ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] > > > > > 857 | &s->mem_region_alignment); > > > > > | ^~~~~~~~~~~~~~~~~~~~~~~~ > > > > > | | > > > > > | size_t * {aka unsigned int *} > > > > > In file included from ../block/blkio.c:12: > > > > > /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} > > > > > 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); > > > > > | ~~~~~~~~~~^~~~~ > > > > > > > > > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > > > > > > > > Why not simply make BDRVBlkioState.mem_region_alignment a uint64_t > > > > instead of keeping it size_t and doing an additional conversion with > > > > a check that requires an #if (probably to avoid a warning on 64 bit > > > > hosts because the condition is never true)? > > > > > > The smaller change (attached) does work on i686, but this worries me a > > > little (although it doesn't give any error or warning): > > > > > > if (((uintptr_t)host | size) % s->mem_region_alignment) { > > > error_setg(errp, "unaligned buf %p with size %zu", host, size); > > > return BMRR_FAIL; > > > } > > > > I don't see the problem? The calculation will now be done in 64 bits > > even on a 32 bit host, but that seems fine to me. Is there a trap I'm > > missing? > > I guess not. Stefan, any comments on whether we need to worry about > huge mem-region-alignment? I'll post the updated patch as a new > message in a second. An alignment of 32 or more bits is not required in any scenario that I'm aware of. Stefan
diff --git a/block/blkio.c b/block/blkio.c index 0a0a6c0f5fd..52d78935147 100644 --- a/block/blkio.c +++ b/block/blkio.c @@ -794,6 +794,7 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, const char *blkio_driver = bs->drv->protocol_name; BDRVBlkioState *s = bs->opaque; int ret; + uint64_t val; ret = blkio_create(blkio_driver, &s->blkio); if (ret < 0) { @@ -854,7 +855,7 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, ret = blkio_get_uint64(s->blkio, "mem-region-alignment", - &s->mem_region_alignment); + &val); if (ret < 0) { error_setg_errno(errp, -ret, "failed to get mem-region-alignment: %s", @@ -862,6 +863,15 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, blkio_destroy(&s->blkio); return ret; } +#if HOST_LONG_BITS == 32 + if (val > SIZE_MAX) { + error_setg_errno(errp, ERANGE, + "mem-region-alignment too large for size_t"); + blkio_destroy(&s->blkio); + return -ERANGE; + } +#endif + s->mem_region_alignment = (size_t)val; ret = blkio_get_bool(s->blkio, "may-pin-mem-regions",
With GCC 14 the code failed to compile on i686 (and was wrong for any version of GCC): ../block/blkio.c: In function ‘blkio_file_open’: ../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from incompatible pointer type [-Wincompatible-pointer-types] 857 | &s->mem_region_alignment); | ^~~~~~~~~~~~~~~~~~~~~~~~ | | | size_t * {aka unsigned int *} In file included from ../block/blkio.c:12: /usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’} 49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t *value); | ~~~~~~~~~~^~~~~ Signed-off-by: Richard W.M. Jones <rjones@redhat.com> --- block/blkio.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)