| Message ID | 20231206-enable-wincompatible-function-pointer-types-strict-w-1-v2-2-91311b4c37b0@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Enable -Wincompatible-function-pointer-types-strict under W=1 | expand |
On Wed, Dec 06, 2023 at 09:49:47AM -0700, Nathan Chancellor wrote: > -Wincompatible-function-pointer-types-strict aims to catch clang kernel > Control Flow Integrity (kCFI) violations at build time (rather than run > time) by validating function pointer assignments against the expected > prototype, similar to the existing -Wincompatible-function-pointer-types > that is considered a hard error in the kernel. The -strict variant > requires the types to match exactly, as opposed to just matching in > terms of ABI compatibility. This is primarily visible with int/unsigned > int in lieu of enum types or vice versa. > > The tree is not completely clean, so this warning cannot currently be > enabled unconditionally. However, there are only warnings in one > subsystem ('drivers/counter'), so it is really close. In order to > benefit from CI infrastructure that tests with W=1, enable this warning > at that level, so that new instances have a chance of being caught and > fixed during development. > > This should eventually be a hard error in a similar manner as > Wincompatible-function-pointer-types but some subsystems test > with W=1 + CONFIG_WERROR=n, so it would be rude to break their builds > when they do not care about warnings outside of their subsystem. > > Link: https://github.com/ClangBuiltLinux/linux/issues/1750 > Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> > Signed-off-by: Nathan Chancellor <nathan@kernel.org> Keeping these from leaking in is always good. Thanks! Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn index 3f94915fab37..1452dd874a07 100644 --- a/scripts/Makefile.extrawarn +++ b/scripts/Makefile.extrawarn @@ -99,6 +99,7 @@ KBUILD_CFLAGS += $(call cc-option, -Wformat-overflow) KBUILD_CFLAGS += $(call cc-option, -Wformat-truncation) KBUILD_CFLAGS += $(call cc-option, -Wstringop-overflow) KBUILD_CFLAGS += $(call cc-option, -Wstringop-truncation) +KBUILD_CFLAGS += $(call cc-option, -Wincompatible-function-pointer-types-strict) KBUILD_CPPFLAGS += -Wundef KBUILD_CPPFLAGS += -DKBUILD_EXTRA_WARN1
-Wincompatible-function-pointer-types-strict aims to catch clang kernel Control Flow Integrity (kCFI) violations at build time (rather than run time) by validating function pointer assignments against the expected prototype, similar to the existing -Wincompatible-function-pointer-types that is considered a hard error in the kernel. The -strict variant requires the types to match exactly, as opposed to just matching in terms of ABI compatibility. This is primarily visible with int/unsigned int in lieu of enum types or vice versa. The tree is not completely clean, so this warning cannot currently be enabled unconditionally. However, there are only warnings in one subsystem ('drivers/counter'), so it is really close. In order to benefit from CI infrastructure that tests with W=1, enable this warning at that level, so that new instances have a chance of being caught and fixed during development. This should eventually be a hard error in a similar manner as Wincompatible-function-pointer-types but some subsystems test with W=1 + CONFIG_WERROR=n, so it would be rude to break their builds when they do not care about warnings outside of their subsystem. Link: https://github.com/ClangBuiltLinux/linux/issues/1750 Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Nathan Chancellor <nathan@kernel.org> --- scripts/Makefile.extrawarn | 1 + 1 file changed, 1 insertion(+)