Fix linking problems/warnings in ubsan #7198
Conversation
| unsigned long lhs, unsigned long rhs); | ||
| void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *data, | ||
| unsigned long idx); | ||
| void __ubsan_handle_type_mismatch_v1(void *data_, void *ptr); |
There was a problem hiding this comment.
How did you find the proper declaration of this and the other __ubsan_handle_ functions?
Do you have a link?
There was a problem hiding this comment.
Hi,
There are at least 3 ways
- gcc gives warning during compilation and shows correct prototype at the same time. So one can rely on this gcc warning messages to figure out correct function signature. The initial idea behind this was to fix warnings.
For example:
core/kernel/ubsan.c:78:6: warning: conflicting types for built-in function ‘__ubsan_handle_type_mismatch_v1’; expected ‘void(void *, void *)’ [-Wbuiltin-declaration-mismatch]
78 | void __ubsan_handle_type_mismatch_v1(void *data_, unsigned long ptr);
- one can refer to linux kernel implementation
- look into gcc . I hope I gave a link to correct place
| print_loc(__func__, &data->loc); | ||
| if (ubsan_panic) | ||
| panic(); | ||
| panic(); |
There was a problem hiding this comment.
Doesn't this result in a warning?
There was a problem hiding this comment.
Hi,
I think the opposite results in a warning, since this function marked with attribute noreturn. So if it doesn't call explicitly any other noreturn function or doesn't end with infinite loop I get the warning.
core/kernel/ubsan.c: In function ‘__ubsan_handle_builtin_unreachable’:
core/kernel/ubsan.c:188:1: warning: ‘noreturn’ function does return
188 | }
That is the reason why I treated noreturn functions in a little bit special way here.
There was a problem hiding this comment.
That means that this function has an implicit noreturn attribute. How about adding it explicitly to be clear?
There was a problem hiding this comment.
That means that this function has an implicit noreturn attribute. How about adding it explicitly to be clear?
That was exactly my thought and I tried to do this. But for some weird reason I get the warning message in this case
core/kernel/ubsan.c:182:1: warning: ignoring attribute ‘noreturn’ in declaration of a built-in function ‘__ubsan_handle_builtin_unreachable’ because it conflicts with attribute ‘const’ [-Wattributes]
182 | {
| ^
After some research I found this. So I can mark it as noreturn, but we will see this warning. If you are okay, then I will do that.
There was a problem hiding this comment.
Fair enough, it seems like a forever bug in GCC, let's keep it as it is.
core/kernel/ubsan.c
Outdated
| static volatile bool ubsan_panic = true; | ||
|
|
||
| static void ubsan_handle_error(const char *func, struct source_location *loc, | ||
| bool should_panic) |
There was a problem hiding this comment.
Please align with the opening ( on the line above.
|
@jenswi-linaro hi, can you guide me please, what else should be done here? Thanks. |
|
Hi @alexhoppus
Nothing more, just wait for CI to complete. If it passes I will merge this PR. Thanks! |
|
Regarding the CI Code style errors:
|
Add UBSan handler __ubsan_handle_invalid_builtin, which support __builtin* functions validation. In some cases when __builtin functions are used, undefined behaviour might be triggered by invalid arguments. E.g. passing 0 as the argument to __builtin_ctz or __builtin_clz invokes undefined behavior and is diagnosed by UBSan. Signed-off-by: Aleksandr Iashchenko <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Latest gcc versions utilize void * as argument type for most of the ubsan related handlers prototypes. Reproduced with gcc 11.2 . Signed-off-by: Aleksandr Iashchenko <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
There is only __ubsan_handle_builtin_unreachable interface in gcc. It was there starting from version 4.9.0. Signed-off-by: Aleksandr Iashchenko <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Move panic invocation to common function. That makes entire code a little bit more compact and removes duplications. Also remove volatile modifier from ubsan_panic variable to make checkpatch happy. Signed-off-by: Aleksandr Iashchenko <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
|
Thanks for the reply.
Fixed in this place and all other places, should be ok now.
I'm not sure which comment do you mean. The volatile variable, checkpatch complained to, was not introduced by me, but anyway I removed volatile modifier to make checkpatch happy. Per my understanding removing this volatile modifier shouldn't affect anything. I squashed this change directly to last commit, hope that is ok. Thanks. |
|
Regarding the CI Code style errors:
Sorry I forgot to submit the review comment... but that's what I meant. Thanks. |
|
|
The following changes are done in ubsan subsystem:
__ubsan_handle_invalid_builtincallback was added. This ubsan handlerwill be invoked when undefined behavior appears in
__builtin_*functions. That could happen if invalid arguments were provided.
E.g. passing 0 as the argument to
__builtin_ctz_or__builtin_clz_invokesundefined behavior and could be potentially caught by ubsan.
I was not able to build latest optee for vexpress-qemu_armv8a
(CFG_CORE_SANITIZE_UNDEFINED=y)
without this change, because this callback was generated in
libmbedtls code
with latest (or more or less fresh) gcc ubsan interfaces. That creates
warnings during compilation. These warnings were fixed.
__ubsan_handle_unreachableshould be__ubsan_handle_builtin_unreachable.At least that corresponds to latest gcc and to what was there since version 4.9.0