f70efe54b9
commit 68fb3ca0e408e00db1c3f8fccdfa19e274c033be upstream.
We've had issues with gcc and 'asm goto' before, and we created a
'asm_volatile_goto()' macro for that in the past: see commits
3f0116c3238a ("compiler/gcc4: Add quirk for 'asm goto' miscompilation
bug") and a9f180345f53 ("compiler/gcc4: Make quirk for
asm_volatile_goto() unconditional").
Then, much later, we ended up removing the workaround in commit
43c249ea0b1e ("compiler-gcc.h: remove ancient workaround for gcc PR
58670") because we no longer supported building the kernel with the
affected gcc versions, but we left the macro uses around.
Now, Sean Christopherson reports a new version of a very similar
problem, which is fixed by re-applying that ancient workaround. But the
problem in question is limited to only the 'asm goto with outputs'
cases, so instead of re-introducing the old workaround as-is, let's
rename and limit the workaround to just that much less common case.
It looks like there are at least two separate issues that all hit in
this area:
(a) some versions of gcc don't mark the asm goto as 'volatile' when it
has outputs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98619
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110420
which is easy to work around by just adding the 'volatile' by hand.
(b) Internal compiler errors:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110422
which are worked around by adding the extra empty 'asm' as a
barrier, as in the original workaround.
but the problem Sean sees may be a third thing since it involves bad
code generation (not an ICE) even with the manually added 'volatile'.
The same old workaround works for this case, even if this feels a
bit like voodoo programming and may only be hiding the issue.
Reported-and-tested-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/all/20240208220604.140859-1-seanjc@google.com/
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Uros Bizjak <ubizjak@gmail.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Cc: Andrew Pinski <quic_apinski@quicinc.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
174 lines
5.0 KiB
C
174 lines
5.0 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef __LINUX_COMPILER_TYPES_H
|
|
#error "Please don't include <linux/compiler-gcc.h> directly, include <linux/compiler.h> instead."
|
|
#endif
|
|
|
|
/*
|
|
* Common definitions for all gcc versions go here.
|
|
*/
|
|
#define GCC_VERSION (__GNUC__ * 10000 \
|
|
+ __GNUC_MINOR__ * 100 \
|
|
+ __GNUC_PATCHLEVEL__)
|
|
|
|
/*
|
|
* This macro obfuscates arithmetic on a variable address so that gcc
|
|
* shouldn't recognize the original var, and make assumptions about it.
|
|
*
|
|
* This is needed because the C standard makes it undefined to do
|
|
* pointer arithmetic on "objects" outside their boundaries and the
|
|
* gcc optimizers assume this is the case. In particular they
|
|
* assume such arithmetic does not wrap.
|
|
*
|
|
* A miscompilation has been observed because of this on PPC.
|
|
* To work around it we hide the relationship of the pointer and the object
|
|
* using this macro.
|
|
*
|
|
* Versions of the ppc64 compiler before 4.1 had a bug where use of
|
|
* RELOC_HIDE could trash r30. The bug can be worked around by changing
|
|
* the inline assembly constraint from =g to =r, in this particular
|
|
* case either is valid.
|
|
*/
|
|
#define RELOC_HIDE(ptr, off) \
|
|
({ \
|
|
unsigned long __ptr; \
|
|
__asm__ ("" : "=r"(__ptr) : "0"(ptr)); \
|
|
(typeof(ptr)) (__ptr + (off)); \
|
|
})
|
|
|
|
#ifdef CONFIG_RETPOLINE
|
|
#define __noretpoline __attribute__((__indirect_branch__("keep")))
|
|
#endif
|
|
|
|
#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
|
|
|
|
#if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__)
|
|
#define __latent_entropy __attribute__((latent_entropy))
|
|
#endif
|
|
|
|
/*
|
|
* calling noreturn functions, __builtin_unreachable() and __builtin_trap()
|
|
* confuse the stack allocation in gcc, leading to overly large stack
|
|
* frames, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365
|
|
*
|
|
* Adding an empty inline assembly before it works around the problem
|
|
*/
|
|
#define barrier_before_unreachable() asm volatile("")
|
|
|
|
/*
|
|
* Mark a position in code as unreachable. This can be used to
|
|
* suppress control flow warnings after asm blocks that transfer
|
|
* control elsewhere.
|
|
*/
|
|
#define unreachable() \
|
|
do { \
|
|
annotate_unreachable(); \
|
|
barrier_before_unreachable(); \
|
|
__builtin_unreachable(); \
|
|
} while (0)
|
|
|
|
/*
|
|
* GCC 'asm goto' with outputs miscompiles certain code sequences:
|
|
*
|
|
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110420
|
|
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110422
|
|
*
|
|
* Work it around via the same compiler barrier quirk that we used
|
|
* to use for the old 'asm goto' workaround.
|
|
*
|
|
* Also, always mark such 'asm goto' statements as volatile: all
|
|
* asm goto statements are supposed to be volatile as per the
|
|
* documentation, but some versions of gcc didn't actually do
|
|
* that for asms with outputs:
|
|
*
|
|
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98619
|
|
*/
|
|
#define asm_goto_output(x...) \
|
|
do { asm volatile goto(x); asm (""); } while (0)
|
|
|
|
#if defined(CONFIG_ARCH_USE_BUILTIN_BSWAP)
|
|
#define __HAVE_BUILTIN_BSWAP32__
|
|
#define __HAVE_BUILTIN_BSWAP64__
|
|
#define __HAVE_BUILTIN_BSWAP16__
|
|
#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
|
|
|
|
#if GCC_VERSION >= 70000
|
|
#define KASAN_ABI_VERSION 5
|
|
#else
|
|
#define KASAN_ABI_VERSION 4
|
|
#endif
|
|
|
|
#ifdef CONFIG_SHADOW_CALL_STACK
|
|
#define __noscs __attribute__((__no_sanitize__("shadow-call-stack")))
|
|
#endif
|
|
|
|
#if __has_attribute(__no_sanitize_address__)
|
|
#define __no_sanitize_address __attribute__((no_sanitize_address))
|
|
#else
|
|
#define __no_sanitize_address
|
|
#endif
|
|
|
|
#if defined(__SANITIZE_THREAD__) && __has_attribute(__no_sanitize_thread__)
|
|
#define __no_sanitize_thread __attribute__((no_sanitize_thread))
|
|
#else
|
|
#define __no_sanitize_thread
|
|
#endif
|
|
|
|
#if __has_attribute(__no_sanitize_undefined__)
|
|
#define __no_sanitize_undefined __attribute__((no_sanitize_undefined))
|
|
#else
|
|
#define __no_sanitize_undefined
|
|
#endif
|
|
|
|
#if defined(CONFIG_KCOV) && __has_attribute(__no_sanitize_coverage__)
|
|
#define __no_sanitize_coverage __attribute__((no_sanitize_coverage))
|
|
#else
|
|
#define __no_sanitize_coverage
|
|
#endif
|
|
|
|
/*
|
|
* Treat __SANITIZE_HWADDRESS__ the same as __SANITIZE_ADDRESS__ in the kernel,
|
|
* matching the defines used by Clang.
|
|
*/
|
|
#ifdef __SANITIZE_HWADDRESS__
|
|
#define __SANITIZE_ADDRESS__
|
|
#endif
|
|
|
|
/*
|
|
* GCC does not support KMSAN.
|
|
*/
|
|
#define __no_sanitize_memory
|
|
#define __no_kmsan_checks
|
|
|
|
/*
|
|
* Turn individual warnings and errors on and off locally, depending
|
|
* on version.
|
|
*/
|
|
#define __diag_GCC(version, severity, s) \
|
|
__diag_GCC_ ## version(__diag_GCC_ ## severity s)
|
|
|
|
/* Severity used in pragma directives */
|
|
#define __diag_GCC_ignore ignored
|
|
#define __diag_GCC_warn warning
|
|
#define __diag_GCC_error error
|
|
|
|
#define __diag_str1(s) #s
|
|
#define __diag_str(s) __diag_str1(s)
|
|
#define __diag(s) _Pragma(__diag_str(GCC diagnostic s))
|
|
|
|
#if GCC_VERSION >= 80000
|
|
#define __diag_GCC_8(s) __diag(s)
|
|
#else
|
|
#define __diag_GCC_8(s)
|
|
#endif
|
|
|
|
#define __diag_ignore_all(option, comment) \
|
|
__diag_GCC(8, ignore, option)
|
|
|
|
/*
|
|
* Prior to 9.1, -Wno-alloc-size-larger-than (and therefore the "alloc_size"
|
|
* attribute) do not work, and must be disabled.
|
|
*/
|
|
#if GCC_VERSION < 90100
|
|
#undef __alloc_size__
|
|
#endif
|