173a3efd3e
Looking at functions with large stack frames across all architectures led me discovering that BUG() suffers from the same problem as fortify_panic(), which I've added a workaround for already. In short, variables that go out of scope by calling a noreturn function or __builtin_unreachable() keep using stack space in functions afterwards. A workaround that was identified is to insert an empty assembler statement just before calling the function that doesn't return. I'm adding a macro "barrier_before_unreachable()" to document this, and insert calls to that in all instances of BUG() that currently suffer from this problem. The files that saw the largest change from this had these frame sizes before, and much less with my patch: fs/ext4/inode.c:82:1: warning: the frame size of 1672 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/ext4/namei.c:434:1: warning: the frame size of 904 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/ext4/super.c:2279:1: warning: the frame size of 1160 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/ext4/xattr.c:146:1: warning: the frame size of 1168 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/f2fs/inode.c:152:1: warning: the frame size of 1424 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_core.c:1195:1: warning: the frame size of 1068 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_core.c:395:1: warning: the frame size of 1084 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_ftp.c:298:1: warning: the frame size of 928 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_ftp.c:418:1: warning: the frame size of 908 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_lblcr.c:718:1: warning: the frame size of 960 bytes is larger than 800 bytes [-Wframe-larger-than=] drivers/net/xen-netback/netback.c:1500:1: warning: the frame size of 1088 bytes is larger than 800 bytes [-Wframe-larger-than=] In case of ARC and CRIS, it turns out that the BUG() implementation actually does return (or at least the compiler thinks it does), resulting in lots of warnings about uninitialized variable use and leaving noreturn functions, such as: block/cfq-iosched.c: In function 'cfq_async_queue_prio': block/cfq-iosched.c:3804:1: error: control reaches end of non-void function [-Werror=return-type] include/linux/dmaengine.h: In function 'dma_maxpq': include/linux/dmaengine.h:1123:1: error: control reaches end of non-void function [-Werror=return-type] This makes them call __builtin_trap() instead, which should normally dump the stack and kill the current process, like some of the other architectures already do. I tried adding barrier_before_unreachable() to panic() and fortify_panic() as well, but that had very little effect, so I'm not submitting that patch. Vineet said: : For ARC, it is double win. : : 1. Fixes 3 -Wreturn-type warnings : : | ../net/core/ethtool.c:311:1: warning: control reaches end of non-void function : [-Wreturn-type] : | ../kernel/sched/core.c:3246:1: warning: control reaches end of non-void function : [-Wreturn-type] : | ../include/linux/sunrpc/svc_xprt.h:180:1: warning: control reaches end of : non-void function [-Wreturn-type] : : 2. bloat-o-meter reports code size improvements as gcc elides the : generated code for stack return. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365 Link: http://lkml.kernel.org/r/20171219114112.939391-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Vineet Gupta <vgupta@synopsys.com> [arch/arc] Tested-by: Vineet Gupta <vgupta@synopsys.com> [arch/arc] Cc: Mikael Starvik <starvik@axis.com> Cc: Jesper Nilsson <jesper.nilsson@axis.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Christopher Li <sparse@chrisli.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Will Deacon <will.deacon@arm.com> Cc: "Steven Rostedt (VMware)" <rostedt@goodmis.org> Cc: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
243 lines
6.6 KiB
C
243 lines
6.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _ASM_GENERIC_BUG_H
|
|
#define _ASM_GENERIC_BUG_H
|
|
|
|
#include <linux/compiler.h>
|
|
|
|
#define CUT_HERE "------------[ cut here ]------------\n"
|
|
|
|
#ifdef CONFIG_GENERIC_BUG
|
|
#define BUGFLAG_WARNING (1 << 0)
|
|
#define BUGFLAG_ONCE (1 << 1)
|
|
#define BUGFLAG_DONE (1 << 2)
|
|
#define BUGFLAG_TAINT(taint) ((taint) << 8)
|
|
#define BUG_GET_TAINT(bug) ((bug)->flags >> 8)
|
|
#endif
|
|
|
|
#ifndef __ASSEMBLY__
|
|
#include <linux/kernel.h>
|
|
|
|
#ifdef CONFIG_BUG
|
|
|
|
#ifdef CONFIG_GENERIC_BUG
|
|
struct bug_entry {
|
|
#ifndef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
|
|
unsigned long bug_addr;
|
|
#else
|
|
signed int bug_addr_disp;
|
|
#endif
|
|
#ifdef CONFIG_DEBUG_BUGVERBOSE
|
|
#ifndef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
|
|
const char *file;
|
|
#else
|
|
signed int file_disp;
|
|
#endif
|
|
unsigned short line;
|
|
#endif
|
|
unsigned short flags;
|
|
};
|
|
#endif /* CONFIG_GENERIC_BUG */
|
|
|
|
/*
|
|
* Don't use BUG() or BUG_ON() unless there's really no way out; one
|
|
* example might be detecting data structure corruption in the middle
|
|
* of an operation that can't be backed out of. If the (sub)system
|
|
* can somehow continue operating, perhaps with reduced functionality,
|
|
* it's probably not BUG-worthy.
|
|
*
|
|
* If you're tempted to BUG(), think again: is completely giving up
|
|
* really the *only* solution? There are usually better options, where
|
|
* users don't need to reboot ASAP and can mostly shut down cleanly.
|
|
*/
|
|
#ifndef HAVE_ARCH_BUG
|
|
#define BUG() do { \
|
|
printk("BUG: failure at %s:%d/%s()!\n", __FILE__, __LINE__, __func__); \
|
|
barrier_before_unreachable(); \
|
|
panic("BUG!"); \
|
|
} while (0)
|
|
#endif
|
|
|
|
#ifndef HAVE_ARCH_BUG_ON
|
|
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
|
|
#endif
|
|
|
|
#ifdef __WARN_FLAGS
|
|
#define __WARN_TAINT(taint) __WARN_FLAGS(BUGFLAG_TAINT(taint))
|
|
#define __WARN_ONCE_TAINT(taint) __WARN_FLAGS(BUGFLAG_ONCE|BUGFLAG_TAINT(taint))
|
|
|
|
#define WARN_ON_ONCE(condition) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
if (unlikely(__ret_warn_on)) \
|
|
__WARN_ONCE_TAINT(TAINT_WARN); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
/*
|
|
* WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
|
|
* significant issues that need prompt attention if they should ever
|
|
* appear at runtime. Use the versions with printk format strings
|
|
* to provide better diagnostics.
|
|
*/
|
|
#ifndef __WARN_TAINT
|
|
extern __printf(3, 4)
|
|
void warn_slowpath_fmt(const char *file, const int line,
|
|
const char *fmt, ...);
|
|
extern __printf(4, 5)
|
|
void warn_slowpath_fmt_taint(const char *file, const int line, unsigned taint,
|
|
const char *fmt, ...);
|
|
extern void warn_slowpath_null(const char *file, const int line);
|
|
#define WANT_WARN_ON_SLOWPATH
|
|
#define __WARN() warn_slowpath_null(__FILE__, __LINE__)
|
|
#define __WARN_printf(arg...) warn_slowpath_fmt(__FILE__, __LINE__, arg)
|
|
#define __WARN_printf_taint(taint, arg...) \
|
|
warn_slowpath_fmt_taint(__FILE__, __LINE__, taint, arg)
|
|
#else
|
|
extern __printf(1, 2) void __warn_printk(const char *fmt, ...);
|
|
#define __WARN() __WARN_TAINT(TAINT_WARN)
|
|
#define __WARN_printf(arg...) do { __warn_printk(arg); __WARN(); } while (0)
|
|
#define __WARN_printf_taint(taint, arg...) \
|
|
do { __warn_printk(arg); __WARN_TAINT(taint); } while (0)
|
|
#endif
|
|
|
|
/* used internally by panic.c */
|
|
struct warn_args;
|
|
struct pt_regs;
|
|
|
|
void __warn(const char *file, int line, void *caller, unsigned taint,
|
|
struct pt_regs *regs, struct warn_args *args);
|
|
|
|
#ifndef WARN_ON
|
|
#define WARN_ON(condition) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
if (unlikely(__ret_warn_on)) \
|
|
__WARN(); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#ifndef WARN
|
|
#define WARN(condition, format...) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
if (unlikely(__ret_warn_on)) \
|
|
__WARN_printf(format); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#define WARN_TAINT(condition, taint, format...) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
if (unlikely(__ret_warn_on)) \
|
|
__WARN_printf_taint(taint, format); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
|
|
#ifndef WARN_ON_ONCE
|
|
#define WARN_ON_ONCE(condition) ({ \
|
|
static bool __section(.data.once) __warned; \
|
|
int __ret_warn_once = !!(condition); \
|
|
\
|
|
if (unlikely(__ret_warn_once && !__warned)) { \
|
|
__warned = true; \
|
|
WARN_ON(1); \
|
|
} \
|
|
unlikely(__ret_warn_once); \
|
|
})
|
|
#endif
|
|
|
|
#define WARN_ONCE(condition, format...) ({ \
|
|
static bool __section(.data.once) __warned; \
|
|
int __ret_warn_once = !!(condition); \
|
|
\
|
|
if (unlikely(__ret_warn_once && !__warned)) { \
|
|
__warned = true; \
|
|
WARN(1, format); \
|
|
} \
|
|
unlikely(__ret_warn_once); \
|
|
})
|
|
|
|
#define WARN_TAINT_ONCE(condition, taint, format...) ({ \
|
|
static bool __section(.data.once) __warned; \
|
|
int __ret_warn_once = !!(condition); \
|
|
\
|
|
if (unlikely(__ret_warn_once && !__warned)) { \
|
|
__warned = true; \
|
|
WARN_TAINT(1, taint, format); \
|
|
} \
|
|
unlikely(__ret_warn_once); \
|
|
})
|
|
|
|
#else /* !CONFIG_BUG */
|
|
#ifndef HAVE_ARCH_BUG
|
|
#define BUG() do {} while (1)
|
|
#endif
|
|
|
|
#ifndef HAVE_ARCH_BUG_ON
|
|
#define BUG_ON(condition) do { if (condition) BUG(); } while (0)
|
|
#endif
|
|
|
|
#ifndef HAVE_ARCH_WARN_ON
|
|
#define WARN_ON(condition) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#ifndef WARN
|
|
#define WARN(condition, format...) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
no_printk(format); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#define WARN_ON_ONCE(condition) WARN_ON(condition)
|
|
#define WARN_ONCE(condition, format...) WARN(condition, format)
|
|
#define WARN_TAINT(condition, taint, format...) WARN(condition, format)
|
|
#define WARN_TAINT_ONCE(condition, taint, format...) WARN(condition, format)
|
|
|
|
#endif
|
|
|
|
/*
|
|
* WARN_ON_SMP() is for cases that the warning is either
|
|
* meaningless for !SMP or may even cause failures.
|
|
* This is usually used for cases that we have
|
|
* WARN_ON(!spin_is_locked(&lock)) checks, as spin_is_locked()
|
|
* returns 0 for uniprocessor settings.
|
|
* It can also be used with values that are only defined
|
|
* on SMP:
|
|
*
|
|
* struct foo {
|
|
* [...]
|
|
* #ifdef CONFIG_SMP
|
|
* int bar;
|
|
* #endif
|
|
* };
|
|
*
|
|
* void func(struct foo *zoot)
|
|
* {
|
|
* WARN_ON_SMP(!zoot->bar);
|
|
*
|
|
* For CONFIG_SMP, WARN_ON_SMP() should act the same as WARN_ON(),
|
|
* and should be a nop and return false for uniprocessor.
|
|
*
|
|
* if (WARN_ON_SMP(x)) returns true only when CONFIG_SMP is set
|
|
* and x is true.
|
|
*/
|
|
#ifdef CONFIG_SMP
|
|
# define WARN_ON_SMP(x) WARN_ON(x)
|
|
#else
|
|
/*
|
|
* Use of ({0;}) because WARN_ON_SMP(x) may be used either as
|
|
* a stand alone line statement or as a condition in an if ()
|
|
* statement.
|
|
* A simple "0" would cause gcc to give a "statement has no effect"
|
|
* warning.
|
|
*/
|
|
# define WARN_ON_SMP(x) ({0;})
|
|
#endif
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
#endif
|