| Message ID | 20220511174531.1098548-1-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Commit | 3b0492c33634ac2cc9ff3cb32e20205c4f8977c1 |
| Headers | show |
| Series | lib: overflow: Always build 64-bit test cases | expand |
On Wed, May 11, 2022 at 10:45 AM Kees Cook <keescook@chromium.org> wrote: > > There shouldn't be a reason to not build the 64-bit test cases on 32-bit > systems; the types exist there too. Remove the #ifdefs. > > Reported-by: kernel test robot <lkp@intel.com> > Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com > Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions") > Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> > Cc: Vitor Massaru Iha <vitor@massaru.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: Daniel Latypov <dlatypov@google.com> > Signed-off-by: Kees Cook <keescook@chromium.org> Tested-by: Daniel Latypov <dlatypov@google.com> Makes sense and looks good to me, I was able to run it via $ ./tools/testing/kunit/kunit.py run --arch=i386 --build_dir=kunit_i386/ overflow Raw output was: # u64_overflow_test: 17 u64 arithmetic tests finished ok 7 - u64_overflow_test # s64_overflow_test: 21 s64 arithmetic tests finished ok 8 - s64_overflow_test
On 11/05/2022 19.45, Kees Cook wrote: > There shouldn't be a reason to not build the 64-bit test cases on 32-bit > systems; the types exist there too. Remove the #ifdefs. > > Reported-by: kernel test robot <lkp@intel.com> > Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com > Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions") The patch is fine, but I disagree with that Fixes tag. Back then, i.e. when the overflow checkers were implemented via macros on old enough compilers, they simply didn't work for 64 bit types (because of the usual 64 bit division problems) - so anybody trying to use the multiply overflow checker, including of course the test suite, would get a build error on old compilers. You yourself did that: "[kees: add output to commit log, drop u64 tests on 32-bit]" Nowadays, where they are always merely thin wrappers around the compiler builtin because we assume gcc >= 5.1 and whatever new enough clang, sure, I think the 64 bit ones always work (though I don't think I want to know what horrible code the compiler must generate to do the multiply overflow checks). So please fix the commit message so that it instead says that this restriction is no longer necessary because such and such history. Rasmus
On 12/05/2022 14.10, Rasmus Villemoes wrote: > On 11/05/2022 19.45, Kees Cook wrote: >> There shouldn't be a reason to not build the 64-bit test cases on 32-bit >> systems; the types exist there too. Remove the #ifdefs. >> >> Reported-by: kernel test robot <lkp@intel.com> >> Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com >> Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions") > > The patch is fine, but I disagree with that Fixes tag. Back then, i.e. > when the overflow checkers were implemented via macros on old enough > compilers, they simply didn't work for 64 bit types (because of the > usual 64 bit division problems) - so anybody trying to use the multiply > overflow checker, including of course the test suite, would get a build > error on old compilers. You yourself did that: "[kees: add output to > commit log, drop u64 tests on 32-bit]" > And if you want something that can be backported, getting rid of that "defined but unused" warning while also enabling checking of the overflow fallbacks that were actually usable (the add and sub ones), you could do a two-step thing, the first step being something like (completely untested) diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c index 475f0c064bf6..f46c0f6e26c4 100644 --- a/lib/overflow_kunit.c +++ b/lib/overflow_kunit.c @@ -236,8 +236,10 @@ static void do_test_ ## t(struct kunit *test, const struct test_ ## t *p) \ check_one_op(t, fmt, add, "+", p->a, p->b, p->sum, p->s_of); \ check_one_op(t, fmt, add, "+", p->b, p->a, p->sum, p->s_of); \ check_one_op(t, fmt, sub, "-", p->a, p->b, p->diff, p->d_of); \ - check_one_op(t, fmt, mul, "*", p->a, p->b, p->prod, p->p_of); \ - check_one_op(t, fmt, mul, "*", p->b, p->a, p->prod, p->p_of); \ + if (BITS_PER_LONG == 64 || sizeof(t) < 8) { \ + check_one_op(t, fmt, mul, "*", p->a, p->b, p->prod, p->p_of); \ + check_one_op(t, fmt, mul, "*", p->b, p->a, p->prod, p->p_of); \ + } \ } \ \ static void t ## _overflow_test(struct kunit *test) { \ @@ -255,10 +257,8 @@ DEFINE_TEST_FUNC(u16, "%d"); DEFINE_TEST_FUNC(s16, "%d"); DEFINE_TEST_FUNC(u32, "%u"); DEFINE_TEST_FUNC(s32, "%d"); -#if BITS_PER_LONG == 64 DEFINE_TEST_FUNC(u64, "%llu"); DEFINE_TEST_FUNC(s64, "%lld"); -#endif static void overflow_shift_test(struct kunit *test) { and then in a second, not-for-backporting, patch remove that if() again. Rasmus
On Wed, May 11, 2022 at 10:45 AM Kees Cook <keescook@chromium.org> wrote: > > There shouldn't be a reason to not build the 64-bit test cases on 32-bit > systems; the types exist there too. Remove the #ifdefs. I think this is breaking 32b ARM for clang-13 and older? https://github.com/ClangBuiltLinux/linux/issues/1636 > > Reported-by: kernel test robot <lkp@intel.com> > Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com > Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions") > Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> > Cc: Vitor Massaru Iha <vitor@massaru.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: Daniel Latypov <dlatypov@google.com> > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > lib/overflow_kunit.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c > index 475f0c064bf6..ac37bb543476 100644 > --- a/lib/overflow_kunit.c > +++ b/lib/overflow_kunit.c > @@ -255,10 +255,8 @@ DEFINE_TEST_FUNC(u16, "%d"); > DEFINE_TEST_FUNC(s16, "%d"); > DEFINE_TEST_FUNC(u32, "%u"); > DEFINE_TEST_FUNC(s32, "%d"); > -#if BITS_PER_LONG == 64 > DEFINE_TEST_FUNC(u64, "%llu"); > DEFINE_TEST_FUNC(s64, "%lld"); > -#endif > > static void overflow_shift_test(struct kunit *test) > { > @@ -650,10 +648,8 @@ static struct kunit_case overflow_test_cases[] = { > KUNIT_CASE(s16_overflow_test), > KUNIT_CASE(u32_overflow_test), > KUNIT_CASE(s32_overflow_test), > -#if BITS_PER_LONG == 64 > KUNIT_CASE(u64_overflow_test), > KUNIT_CASE(s64_overflow_test), > -#endif > KUNIT_CASE(overflow_shift_test), > KUNIT_CASE(overflow_allocation_test), > KUNIT_CASE(overflow_size_helpers_test), > -- > 2.32.0 >
On Mon, May 16, 2022 at 02:35:45PM -0700, Nick Desaulniers wrote: > On Wed, May 11, 2022 at 10:45 AM Kees Cook <keescook@chromium.org> wrote: > > > > There shouldn't be a reason to not build the 64-bit test cases on 32-bit > > systems; the types exist there too. Remove the #ifdefs. > > I think this is breaking 32b ARM for clang-13 and older? > https://github.com/ClangBuiltLinux/linux/issues/1636 Ah-ha, that's the combo I hadn't found. Thank you!
diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c index 475f0c064bf6..ac37bb543476 100644 --- a/lib/overflow_kunit.c +++ b/lib/overflow_kunit.c @@ -255,10 +255,8 @@ DEFINE_TEST_FUNC(u16, "%d"); DEFINE_TEST_FUNC(s16, "%d"); DEFINE_TEST_FUNC(u32, "%u"); DEFINE_TEST_FUNC(s32, "%d"); -#if BITS_PER_LONG == 64 DEFINE_TEST_FUNC(u64, "%llu"); DEFINE_TEST_FUNC(s64, "%lld"); -#endif static void overflow_shift_test(struct kunit *test) { @@ -650,10 +648,8 @@ static struct kunit_case overflow_test_cases[] = { KUNIT_CASE(s16_overflow_test), KUNIT_CASE(u32_overflow_test), KUNIT_CASE(s32_overflow_test), -#if BITS_PER_LONG == 64 KUNIT_CASE(u64_overflow_test), KUNIT_CASE(s64_overflow_test), -#endif KUNIT_CASE(overflow_shift_test), KUNIT_CASE(overflow_allocation_test), KUNIT_CASE(overflow_size_helpers_test),
There shouldn't be a reason to not build the 64-bit test cases on 32-bit systems; the types exist there too. Remove the #ifdefs. Reported-by: kernel test robot <lkp@intel.com> Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions") Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Vitor Massaru Iha <vitor@massaru.org> Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> Cc: Daniel Latypov <dlatypov@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> --- lib/overflow_kunit.c | 4 ---- 1 file changed, 4 deletions(-)