[PATCH bpf-next] bpf: avoid uninitialized warnings in verifier_global

BPF Archive mirror
 help / color / mirror / Atom feed

* [PATCH bpf-next] bpf: avoid uninitialized warnings in verifier_global_subprogs.c
@ 2024-05-07 14:05 Jose E. Marchesi
  2024-05-07 17:41 ` Yonghong Song
  0 siblings, 1 reply; 4+ messages in thread
From: Jose E. Marchesi @ 2024-05-07 14:05 UTC (permalink / raw
  To: bpf
  Cc: Jose E . Marchesi, david.faust, cupertino.miranda, Yonghong Song,
	Eduard Zingerman

The BPF selftest verifier_global_subprogs.c contains code that
purposedly performs out of bounds access to memory, to check whether
the kernel verifier is able to catch them.  For example:

  __noinline int global_unsupp(const int *mem)
  {
	if (!mem)
		return 0;
	return mem[100]; /* BOOM */
  }

With -O1 and higher and no inlining, GCC notices this fact and emits a
"maybe uninitialized" warning.  This is by design.  Note that the
emission of these warnings is highly dependent on the precise
optimizations that are performed.

This patch adds a compiler pragma to verifier_global_subprogs.c to
ignore these warnings.

Tested in bpf-next master.
No regressions.

Signed-off-by: Jose E. Marchesi <jose.marchesi@oracle.com>
Cc: david.faust@oracle.com
Cc: cupertino.miranda@oracle.com
Cc: Yonghong Song <yonghong.song@linux.dev>
Cc: Eduard Zingerman <eddyz87@gmail.com>
---
 tools/testing/selftests/bpf/progs/verifier_global_subprogs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
index baff5ffe9405..d05dc218b7e9 100644
--- a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
+++ b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
@@ -8,6 +8,11 @@
 #include "xdp_metadata.h"
 #include "bpf_kfuncs.h"
 
+/* The compiler may be able to detect the access to uninitialized
+   memory in the routines performing out of bound memory accesses and
+   emit warnings about it.  This is the case of GCC. */
+#pragma GCC diagnostic ignored "-Wuninitialized"
+
 int arr[1];
 int unkn_idx;
 const volatile bool call_dead_subprog = false;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next] bpf: avoid uninitialized warnings in verifier_global_subprogs.c
  2024-05-07 14:05 [PATCH bpf-next] bpf: avoid uninitialized warnings in verifier_global_subprogs.c Jose E. Marchesi
@ 2024-05-07 17:41 ` Yonghong Song
  2024-05-07 18:20   ` Jose E. Marchesi
  0 siblings, 1 reply; 4+ messages in thread
From: Yonghong Song @ 2024-05-07 17:41 UTC (permalink / raw
  To: Jose E. Marchesi, bpf; +Cc: david.faust, cupertino.miranda, Eduard Zingerman


On 5/7/24 7:05 AM, Jose E. Marchesi wrote:
> The BPF selftest verifier_global_subprogs.c contains code that
> purposedly performs out of bounds access to memory, to check whether
> the kernel verifier is able to catch them.  For example:
>
>    __noinline int global_unsupp(const int *mem)
>    {
> 	if (!mem)
> 		return 0;
> 	return mem[100]; /* BOOM */
>    }
>
> With -O1 and higher and no inlining, GCC notices this fact and emits a
> "maybe uninitialized" warning.  This is by design.  Note that the
> emission of these warnings is highly dependent on the precise
> optimizations that are performed.

Interesting. The error message is 'maybe uninitialized' but not
an error to complain out-of-bound access. But anyway, since gcc
produces a warning, your patch silences it and LGTM.

Acked-by: Yonghong Song <yonghong.song@linux.dev>

>
> This patch adds a compiler pragma to verifier_global_subprogs.c to
> ignore these warnings.
>
> Tested in bpf-next master.
> No regressions.
>
> Signed-off-by: Jose E. Marchesi <jose.marchesi@oracle.com>
> Cc: david.faust@oracle.com
> Cc: cupertino.miranda@oracle.com
> Cc: Yonghong Song <yonghong.song@linux.dev>
> Cc: Eduard Zingerman <eddyz87@gmail.com>
> ---
>   tools/testing/selftests/bpf/progs/verifier_global_subprogs.c | 5 +++++
>   1 file changed, 5 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
> index baff5ffe9405..d05dc218b7e9 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
> @@ -8,6 +8,11 @@
>   #include "xdp_metadata.h"
>   #include "bpf_kfuncs.h"
>   
> +/* The compiler may be able to detect the access to uninitialized
> +   memory in the routines performing out of bound memory accesses and
> +   emit warnings about it.  This is the case of GCC. */
> +#pragma GCC diagnostic ignored "-Wuninitialized"
> +
>   int arr[1];
>   int unkn_idx;
>   const volatile bool call_dead_subprog = false;

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next] bpf: avoid uninitialized warnings in verifier_global_subprogs.c
  2024-05-07 17:41 ` Yonghong Song
@ 2024-05-07 18:20   ` Jose E. Marchesi
  2024-05-07 19:46     ` Yonghong Song
  0 siblings, 1 reply; 4+ messages in thread
From: Jose E. Marchesi @ 2024-05-07 18:20 UTC (permalink / raw
  To: Yonghong Song; +Cc: bpf, david.faust, cupertino.miranda, Eduard Zingerman


> On 5/7/24 7:05 AM, Jose E. Marchesi wrote:
>> The BPF selftest verifier_global_subprogs.c contains code that
>> purposedly performs out of bounds access to memory, to check whether
>> the kernel verifier is able to catch them.  For example:
>>
>>    __noinline int global_unsupp(const int *mem)
>>    {
>> 	if (!mem)
>> 		return 0;
>> 	return mem[100]; /* BOOM */
>>    }
>>
>> With -O1 and higher and no inlining, GCC notices this fact and emits a
>> "maybe uninitialized" warning.  This is by design.  Note that the
>> emission of these warnings is highly dependent on the precise
>> optimizations that are performed.
>
> Interesting. The error message is 'maybe uninitialized' but not
> an error to complain out-of-bound access. But anyway, since gcc
> produces a warning, your patch silences it and LGTM.
>
> Acked-by: Yonghong Song <yonghong.song@linux.dev>

Please hold on.  The right warning to inhibit is -Wmaybe-uninitialized,
which is GCC specific.

So it must be:

  #if !defined(__clang__)
  #pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
  #endif

Unless you disagree I am testing this and will send a V2 with your
Acked-by.

Sorry about this.  I hate to be erratic, but so many small patches
today.

>>
>> This patch adds a compiler pragma to verifier_global_subprogs.c to
>> ignore these warnings.
>>
>> Tested in bpf-next master.
>> No regressions.
>>
>> Signed-off-by: Jose E. Marchesi <jose.marchesi@oracle.com>
>> Cc: david.faust@oracle.com
>> Cc: cupertino.miranda@oracle.com
>> Cc: Yonghong Song <yonghong.song@linux.dev>
>> Cc: Eduard Zingerman <eddyz87@gmail.com>
>> ---
>>   tools/testing/selftests/bpf/progs/verifier_global_subprogs.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git
>> a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>> b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>> index baff5ffe9405..d05dc218b7e9 100644
>> --- a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>> +++ b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>> @@ -8,6 +8,11 @@
>>   #include "xdp_metadata.h"
>>   #include "bpf_kfuncs.h"
>>   +/* The compiler may be able to detect the access to uninitialized
>> +   memory in the routines performing out of bound memory accesses and
>> +   emit warnings about it.  This is the case of GCC. */
>> +#pragma GCC diagnostic ignored "-Wuninitialized"
>> +
>>   int arr[1];
>>   int unkn_idx;
>>   const volatile bool call_dead_subprog = false;

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next] bpf: avoid uninitialized warnings in verifier_global_subprogs.c
  2024-05-07 18:20   ` Jose E. Marchesi
@ 2024-05-07 19:46     ` Yonghong Song
  0 siblings, 0 replies; 4+ messages in thread
From: Yonghong Song @ 2024-05-07 19:46 UTC (permalink / raw
  To: Jose E. Marchesi; +Cc: bpf, david.faust, cupertino.miranda, Eduard Zingerman


On 5/7/24 11:20 AM, Jose E. Marchesi wrote:
>> On 5/7/24 7:05 AM, Jose E. Marchesi wrote:
>>> The BPF selftest verifier_global_subprogs.c contains code that
>>> purposedly performs out of bounds access to memory, to check whether
>>> the kernel verifier is able to catch them.  For example:
>>>
>>>     __noinline int global_unsupp(const int *mem)
>>>     {
>>> 	if (!mem)
>>> 		return 0;
>>> 	return mem[100]; /* BOOM */
>>>     }
>>>
>>> With -O1 and higher and no inlining, GCC notices this fact and emits a
>>> "maybe uninitialized" warning.  This is by design.  Note that the
>>> emission of these warnings is highly dependent on the precise
>>> optimizations that are performed.
>> Interesting. The error message is 'maybe uninitialized' but not
>> an error to complain out-of-bound access. But anyway, since gcc
>> produces a warning, your patch silences it and LGTM.
>>
>> Acked-by: Yonghong Song <yonghong.song@linux.dev>
> Please hold on.  The right warning to inhibit is -Wmaybe-uninitialized,
> which is GCC specific.
>
> So it must be:
>
>    #if !defined(__clang__)
>    #pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
>    #endif
>
> Unless you disagree I am testing this and will send a V2 with your
> Acked-by.

I thought -Wmaybe-unitialized also available to clang but just checked
that clang does not have this. So your above change looks good to me.

>
> Sorry about this.  I hate to be erratic, but so many small patches
> today.
>
>>> This patch adds a compiler pragma to verifier_global_subprogs.c to
>>> ignore these warnings.
>>>
>>> Tested in bpf-next master.
>>> No regressions.
>>>
>>> Signed-off-by: Jose E. Marchesi <jose.marchesi@oracle.com>
>>> Cc: david.faust@oracle.com
>>> Cc: cupertino.miranda@oracle.com
>>> Cc: Yonghong Song <yonghong.song@linux.dev>
>>> Cc: Eduard Zingerman <eddyz87@gmail.com>
>>> ---
>>>    tools/testing/selftests/bpf/progs/verifier_global_subprogs.c | 5 +++++
>>>    1 file changed, 5 insertions(+)
>>>
>>> diff --git
>>> a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>>> b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>>> index baff5ffe9405..d05dc218b7e9 100644
>>> --- a/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>>> +++ b/tools/testing/selftests/bpf/progs/verifier_global_subprogs.c
>>> @@ -8,6 +8,11 @@
>>>    #include "xdp_metadata.h"
>>>    #include "bpf_kfuncs.h"
>>>    +/* The compiler may be able to detect the access to uninitialized
>>> +   memory in the routines performing out of bound memory accesses and
>>> +   emit warnings about it.  This is the case of GCC. */
>>> +#pragma GCC diagnostic ignored "-Wuninitialized"
>>> +
>>>    int arr[1];
>>>    int unkn_idx;
>>>    const volatile bool call_dead_subprog = false;

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-05-07 19:46 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-07 14:05 [PATCH bpf-next] bpf: avoid uninitialized warnings in verifier_global_subprogs.c Jose E. Marchesi
2024-05-07 17:41 ` Yonghong Song
2024-05-07 18:20   ` Jose E. Marchesi
2024-05-07 19:46     ` Yonghong Song

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).