Message ID | ac87f9fa-d874-7652-6867-9020ab9236da@redhat.com |
---|---|
State | Superseded |
Headers |
Received: (qmail 42773 invoked by alias); 29 Jul 2019 19:27:13 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <libc-alpha.sourceware.org> List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org> List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org> List-Archive: <http://sourceware.org/ml/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs> Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 42764 invoked by uid 89); 29 Jul 2019 19:27:13 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-17.7 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=lies, desire, Probe, HTo:U*schwab X-HELO: mail-ua1-f68.google.com Return-Path: <carlos@redhat.com> Subject: Re: [PATCH] nptl: Add compiler barrier in nptl/tst-pthread-getattr To: Florian Weimer <fweimer@redhat.com>, Andreas Schwab <schwab@suse.de> Cc: libc-alpha@sourceware.org References: <87blxms3r1.fsf@oldenburg2.str.redhat.com> <mvmr26iuvqu.fsf@suse.de> <87v9vuqjke.fsf@oldenburg2.str.redhat.com> From: Carlos O'Donell <carlos@redhat.com> Message-ID: <ac87f9fa-d874-7652-6867-9020ab9236da@redhat.com> Date: Mon, 29 Jul 2019 15:27:07 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <87v9vuqjke.fsf@oldenburg2.str.redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit |
Commit Message
Carlos O'Donell
July 29, 2019, 7:27 p.m. UTC
On 7/22/19 9:34 AM, Florian Weimer wrote: > * Andreas Schwab: > >> On Jul 22 2019, Florian Weimer <fweimer@redhat.com> wrote: >> >>> Recent GCC versions warn about the attempt to return the address of a >>> local variable: >>> >>> tst-pthread-getattr.c: In function ‘allocate_and_test’: >>> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >>> 54 | return mem; >>> | ^~~ >>> In file included from ../include/alloca.h:3, >>> from tst-pthread-getattr.c:26: >>> ../stdlib/alloca.h:35:23: note: declared here >>> 35 | # define alloca(size) __builtin_alloca (size) >>> | ^~~~~~~~~~~~~~~~~~~~~~~ >>> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >>> 51 | mem = alloca ((size_t) (mem - target)); >>> | ^~~~~~ >>> >>> 2019-07-22 Florian Weimer <fweimer@redhat.com> >>> >>> * nptl/tst-pthread-getattr.c (compiler_barrier): New function. >>> (allocate_and_test): Use it. >> >> Does it work to change the return type to uintptr_t? > > Thanks for the suggestion. I think this is the better fix. Patch > below. This is still a workaround to something that the logic of the test should not be doing. > nptl: Use uintptr_t for address diagnostic in nptl/tst-pthread-getattr > > Recent GCC versions warn about the attempt to return the address of a > local variable: Right. > tst-pthread-getattr.c: In function ‘allocate_and_test’: > tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] > 54 | return mem; > | ^~~ > In file included from ../include/alloca.h:3, > from tst-pthread-getattr.c:26: > ../stdlib/alloca.h:35:23: note: declared here > 35 | # define alloca(size) __builtin_alloca (size) > | ^~~~~~~~~~~~~~~~~~~~~~~ > tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ > 51 | mem = alloca ((size_t) (mem - target)); > | ^~~~~~ > > The address itself is used in a check in the caller, so using > uintptr_t instead is reasonable. Any reason why we wouldn't move the test into the function? I appreciate the desire to make a minimal change here, but I think we can just cleanup the test and not worry about this with any future change and the test gets cleaner. > 2019-07-22 Florian Weimer <fweimer@redhat.com> > > * nptl/tst-pthread-getattr.c (allocate_and_test): Change return > type to uintptr_t. > (check_stack_top): Adjust. e.g. Something like this completely untested patch. ---
Comments
* Carlos O'Donell: >> tst-pthread-getattr.c: In function ‘allocate_and_test’: >> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >> 54 | return mem; >> | ^~~ >> In file included from ../include/alloca.h:3, >> from tst-pthread-getattr.c:26: >> ../stdlib/alloca.h:35:23: note: declared here >> 35 | # define alloca(size) __builtin_alloca (size) >> | ^~~~~~~~~~~~~~~~~~~~~~~ >> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >> 51 | mem = alloca ((size_t) (mem - target)); >> | ^~~~~~ >> >> The address itself is used in a check in the caller, so using >> uintptr_t instead is reasonable. > > Any reason why we wouldn't move the test into the function? I think printf might fault because of its own stack usage (which can easily exceed half a page in some cases). Thanks, Florian
On Jul 29 2019, Florian Weimer <fweimer@redhat.com> wrote: > * Carlos O'Donell: > >>> tst-pthread-getattr.c: In function ‘allocate_and_test’: >>> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >>> 54 | return mem; >>> | ^~~ >>> In file included from ../include/alloca.h:3, >>> from tst-pthread-getattr.c:26: >>> ../stdlib/alloca.h:35:23: note: declared here >>> 35 | # define alloca(size) __builtin_alloca (size) >>> | ^~~~~~~~~~~~~~~~~~~~~~~ >>> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >>> 51 | mem = alloca ((size_t) (mem - target)); >>> | ^~~~~~ >>> >>> The address itself is used in a check in the caller, so using >>> uintptr_t instead is reasonable. >> >> Any reason why we wouldn't move the test into the function? > > I think printf might fault because of its own stack usage (which can > easily exceed half a page in some cases). Then return only the value of the same-page check and print it in the parent. Andreas.
* Andreas Schwab: > On Jul 29 2019, Florian Weimer <fweimer@redhat.com> wrote: > >> * Carlos O'Donell: >> >>>> tst-pthread-getattr.c: In function ‘allocate_and_test’: >>>> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >>>> 54 | return mem; >>>> | ^~~ >>>> In file included from ../include/alloca.h:3, >>>> from tst-pthread-getattr.c:26: >>>> ../stdlib/alloca.h:35:23: note: declared here >>>> 35 | # define alloca(size) __builtin_alloca (size) >>>> | ^~~~~~~~~~~~~~~~~~~~~~~ >>>> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >>>> 51 | mem = alloca ((size_t) (mem - target)); >>>> | ^~~~~~ >>>> >>>> The address itself is used in a check in the caller, so using >>>> uintptr_t instead is reasonable. >>> >>> Any reason why we wouldn't move the test into the function? >> >> I think printf might fault because of its own stack usage (which can >> easily exceed half a page in some cases). > > Then return only the value of the same-page check and print it in the > parent. Sorry, what do you mean? I think the write location is printed for diagnostics. And my patch turns this into uintptr_t, suppressing the compiler warning. Thanks, Florian
On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: > * Andreas Schwab: > >> On Jul 29 2019, Florian Weimer <fweimer@redhat.com> wrote: >> >>> * Carlos O'Donell: >>> >>>>> tst-pthread-getattr.c: In function ‘allocate_and_test’: >>>>> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >>>>> 54 | return mem; >>>>> | ^~~ >>>>> In file included from ../include/alloca.h:3, >>>>> from tst-pthread-getattr.c:26: >>>>> ../stdlib/alloca.h:35:23: note: declared here >>>>> 35 | # define alloca(size) __builtin_alloca (size) >>>>> | ^~~~~~~~~~~~~~~~~~~~~~~ >>>>> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >>>>> 51 | mem = alloca ((size_t) (mem - target)); >>>>> | ^~~~~~ >>>>> >>>>> The address itself is used in a check in the caller, so using >>>>> uintptr_t instead is reasonable. >>>> >>>> Any reason why we wouldn't move the test into the function? >>> >>> I think printf might fault because of its own stack usage (which can >>> easily exceed half a page in some cases). >> >> Then return only the value of the same-page check and print it in the >> parent. > > Sorry, what do you mean? If you don't want to print it in allocate_and_test, print it in main. Andreas.
* Andreas Schwab: > On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: > >> * Andreas Schwab: >> >>> On Jul 29 2019, Florian Weimer <fweimer@redhat.com> wrote: >>> >>>> * Carlos O'Donell: >>>> >>>>>> tst-pthread-getattr.c: In function ‘allocate_and_test’: >>>>>> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >>>>>> 54 | return mem; >>>>>> | ^~~ >>>>>> In file included from ../include/alloca.h:3, >>>>>> from tst-pthread-getattr.c:26: >>>>>> ../stdlib/alloca.h:35:23: note: declared here >>>>>> 35 | # define alloca(size) __builtin_alloca (size) >>>>>> | ^~~~~~~~~~~~~~~~~~~~~~~ >>>>>> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >>>>>> 51 | mem = alloca ((size_t) (mem - target)); >>>>>> | ^~~~~~ >>>>>> >>>>>> The address itself is used in a check in the caller, so using >>>>>> uintptr_t instead is reasonable. >>>>> >>>>> Any reason why we wouldn't move the test into the function? >>>> >>>> I think printf might fault because of its own stack usage (which can >>>> easily exceed half a page in some cases). >>> >>> Then return only the value of the same-page check and print it in the >>> parent. >> >> Sorry, what do you mean? > > If you don't want to print it in allocate_and_test, print it in main. Do you mean to print it in check_stack_top? That's what the current code does. Thanks, Florian
On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: > * Andreas Schwab: > >> On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: >> >>> * Andreas Schwab: >>> >>>> On Jul 29 2019, Florian Weimer <fweimer@redhat.com> wrote: >>>> >>>>> * Carlos O'Donell: >>>>> >>>>>>> tst-pthread-getattr.c: In function ‘allocate_and_test’: >>>>>>> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >>>>>>> 54 | return mem; >>>>>>> | ^~~ >>>>>>> In file included from ../include/alloca.h:3, >>>>>>> from tst-pthread-getattr.c:26: >>>>>>> ../stdlib/alloca.h:35:23: note: declared here >>>>>>> 35 | # define alloca(size) __builtin_alloca (size) >>>>>>> | ^~~~~~~~~~~~~~~~~~~~~~~ >>>>>>> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >>>>>>> 51 | mem = alloca ((size_t) (mem - target)); >>>>>>> | ^~~~~~ >>>>>>> >>>>>>> The address itself is used in a check in the caller, so using >>>>>>> uintptr_t instead is reasonable. >>>>>> >>>>>> Any reason why we wouldn't move the test into the function? >>>>> >>>>> I think printf might fault because of its own stack usage (which can >>>>> easily exceed half a page in some cases). >>>> >>>> Then return only the value of the same-page check and print it in the >>>> parent. >>> >>> Sorry, what do you mean? >> >> If you don't want to print it in allocate_and_test, print it in main. > > Do you mean to print it in check_stack_top? Yes, the caller of allocate_and_test. But compute the check in allocate_and_test, so you don't need to return a handle to the memory that goes out of scope. Andreas.
* Andreas Schwab: > On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: > >> * Andreas Schwab: >> >>> On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: >>> >>>> * Andreas Schwab: >>>> >>>>> On Jul 29 2019, Florian Weimer <fweimer@redhat.com> wrote: >>>>> >>>>>> * Carlos O'Donell: >>>>>> >>>>>>>> tst-pthread-getattr.c: In function ‘allocate_and_test’: >>>>>>>> tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr] >>>>>>>> 54 | return mem; >>>>>>>> | ^~~ >>>>>>>> In file included from ../include/alloca.h:3, >>>>>>>> from tst-pthread-getattr.c:26: >>>>>>>> ../stdlib/alloca.h:35:23: note: declared here >>>>>>>> 35 | # define alloca(size) __builtin_alloca (size) >>>>>>>> | ^~~~~~~~~~~~~~~~~~~~~~~ >>>>>>>> tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’ >>>>>>>> 51 | mem = alloca ((size_t) (mem - target)); >>>>>>>> | ^~~~~~ >>>>>>>> >>>>>>>> The address itself is used in a check in the caller, so using >>>>>>>> uintptr_t instead is reasonable. >>>>>>> >>>>>>> Any reason why we wouldn't move the test into the function? >>>>>> >>>>>> I think printf might fault because of its own stack usage (which can >>>>>> easily exceed half a page in some cases). >>>>> >>>>> Then return only the value of the same-page check and print it in the >>>>> parent. >>>> >>>> Sorry, what do you mean? >>> >>> If you don't want to print it in allocate_and_test, print it in main. >> >> Do you mean to print it in check_stack_top? > > Yes, the caller of allocate_and_test. But compute the check in > allocate_and_test, so you don't need to return a handle to the memory > that goes out of scope. But we need that uintptr_t value to print the diagnostic anyway. I do not see what we gain if we move the check of the value into allocate_and_test. If printing the value is fine according to the C semantics, using it in computations should be defined, too. Thanks, Florian
On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: > But we need that uintptr_t value to print the diagnostic anyway. I do > not see what we gain if we move the check of the value into > allocate_and_test. If printing the value is fine according to the C > semantics, using it in computations should be defined, too. Then I guess it was a dumb suggestion. Sorry. Andreas.
* Andreas Schwab: > On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: > >> But we need that uintptr_t value to print the diagnostic anyway. I do >> not see what we gain if we move the check of the value into >> allocate_and_test. If printing the value is fine according to the C >> semantics, using it in computations should be defined, too. > > Then I guess it was a dumb suggestion. Sorry. No problem, I will use the second patch with Carlos' comment update. Thanks, Florian
On 7/30/19 4:12 AM, Andreas Schwab wrote: > On Jul 30 2019, Florian Weimer <fweimer@redhat.com> wrote: > >> But we need that uintptr_t value to print the diagnostic anyway. I do >> not see what we gain if we move the check of the value into >> allocate_and_test. If printing the value is fine according to the C >> semantics, using it in computations should be defined, too. > > Then I guess it was a dumb suggestion. Sorry. I don't think it's a dumb suggestion. It is a pragmatic suggestion, and that's good. There is the set of things you are allowed to do, and when that set of operations comes close, semantically speaking, to things which users are not allowed to do, the compiler is may issue warnings and those warnings may not be entirely accurate and that could be on purpose. So while it is fine in theory to return the value of the address and use it in computations, the compiler may warn again on this kind of behaviour because it's trying to catch uses of that address as a pointer and it may give false positives. Both Andreas and my suggestion are intended to avoid this future possibility. Having said that, the only thing I care about *today* is that gcc 10 can be used to build glibc without error. So I want Florian's patch, which is tested, to go in right now (with an additional comment).
diff --git a/nptl/tst-pthread-getattr.c b/nptl/tst-pthread-getattr.c index a954778767..9ece3eec6a 100644 --- a/nptl/tst-pthread-getattr.c +++ b/nptl/tst-pthread-getattr.c @@ -41,17 +41,31 @@ static size_t pagesize; -/* Check if the page in which TARGET lies is accessible. This will segfault - if it fails. */ +/* Two test. First check if the page in which TARGET lies is accessible. + This will segfault if the probing write fails. Then test if we actually + probed the page we were expecting based on stackaddr and the current + pagemask. */ static volatile char * -allocate_and_test (char *target) +allocate_and_test (char *target, char *stackaddr, uintptr_t pagemask) { volatile char *mem = (char *) &mem; /* FIXME: mem >= target for _STACK_GROWSUP. */ mem = alloca ((size_t) (mem - target)); + /* Probe. */ *mem = 42; - return mem; + + /* Before we celebrate, make sure we actually did test the same page. */ + if (((uintptr_t) stackaddr & pagemask) != ((uintptr_t) mem & pagemask)) + { + printf ("We successfully wrote into the wrong page.\n" + "Expected %#" PRIxPTR ", but got %#" PRIxPTR "\n", + (uintptr_t) stackaddr & pagemask, (uintptr_t) mem & pagemask); + + return 1; + } + + return 0; } static int @@ -130,21 +144,8 @@ check_stack_top (void) stack and test access there. It is however sufficient to simply check if the top page is accessible, so we target our access halfway up the top page. Thanks Chris Metcalf for this idea. */ - mem = allocate_and_test (stackaddr + pagesize / 2); - - /* Before we celebrate, make sure we actually did test the same page. */ - if (((uintptr_t) stackaddr & pagemask) != ((uintptr_t) mem & pagemask)) - { - printf ("We successfully wrote into the wrong page.\n" - "Expected %#" PRIxPTR ", but got %#" PRIxPTR "\n", - (uintptr_t) stackaddr & pagemask, (uintptr_t) mem & pagemask); - - return 1; - } - - puts ("Stack top tests done"); - - return 0; + return allocate_and_test (stackaddr + pagesize / 2, + stackaddr, pagemask); } /* TODO: Similar check for thread stacks once the thread stack sizes are