Linux: __builtin_constant_p() does not work in deep inline functions

Created on 28 Mar 2018 · 68Comments · Source: ClangBuiltLinux/linux

The hardened usercopy whitelisting (CONFIG_HARDENED_USERCOPY=y) depends on constant-sized arguments to copy_to_user()/copy_from_user() to be implicitly whitelisted. Without this, there is both a performance hit (for doing dynamic checking when none is needed) and failures (when an implicit whitelist is used with static sizes). For example, on x86, this happens under clang-5.0 but not gcc:

[ 1.628046] ------------[ cut here ]------------
[ 1.628524] Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'task_struct' (offset 1728, size 8)!
[ 1.629772] WARNING: CPU: 3 PID: 1208 at mm/usercopy.c:81 usercopy_warn+0x96/0xa0
[ 1.630514] Modules linked in:
[ 1.630519] CPU: 3 PID: 1208 Comm: sh Not tainted 4.16.0-rc5+ #64
[ 1.630520] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1.630522] RIP: 0010:usercopy_warn+0x96/0xa0
[ 1.630523] RSP: 0018:ffff9c1781a73ce8 EFLAGS: 00010286
[ 1.630526] RAX: 947d865a0fb2e100 RBX: ffffffff96310daf RCX: ffffffff9665cdd0
[ 1.630527] RDX: ffffffff94edcfb7 RSI: ffffffff9665cd78 RDI: ffffffff94edcff8
[ 1.630528] RBP: ffff9c1781a73cf0 R08: 0000000000000000 R09: 0000000000000000
[ 1.630529] R10: 0000000000000002 R11: 0000000000000000 R12: ffff966a6bf6b3c8
[ 1.630530] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000001
[ 1.630532] FS: 00007fc896687700(0000) GS:ffff966a7fd80000(0000) knlGS:0000000000000000
[ 1.630533] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.630534] CR2: 00007ffc730a5d1c CR3: 000000042a81c001 CR4: 00000000001606e0
[ 1.630537] Call Trace:
[ 1.630541] __check_object_size+0xc3/0x1c0
[ 1.646723] do_signal+0x48e/0x5f0
[ 1.647127] prepare_exit_to_usermode+0xeb/0x170
[ 1.647742] syscall_return_slowpath+0x5e/0x2b0
[ 1.648240] ? syscall_trace_enter+0x15d/0x350
[ 1.648730] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1.649305] RIP: 0033:0x7fc89618012a
[ 1.649694] RSP: 002b:00007ffe56f8ec58 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[ 1.650522] RAX: 00000000000004bf RBX: 0000000000000001 RCX: 00007fc89618012a
[ 1.651294] RDX: 0000000000000000 RSI: 00007ffe56f8ec7c RDI: 00000000ffffffff
[ 1.652067] RBP: 0000563ebd2f63e0 R08: 0000000000000000 R09: 00007fc896687700
[ 1.652827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1.653586] R13: 00007ffe56f8ec7c R14: 00007ffe56f90fb3 R15: 0000000000000000
[ 1.654361] Code: 96 4c 0f 44 c0 4c 0f 44 c8 48 c7 c3 af 0d 31 96 48 0f 44 d8 48 c7 c7 31 0d 31 96 31 c0 41 52 41 53 53 e8 4e 2b e5 ff 48 83 c4 18 <0f> 0b 5b 5d c3 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 53 4d
[ 1.656441] ---[ end trace aa26781ca73156e1 ]---

This is from arch/x86/kernel/signal.c do_signal+0x48e/0x5f0:
copy_user_generic at arch/x86/include/asm/uaccess_64.h:37
(inlined by) raw_copy_to_user at arch/x86/include/asm/uaccess_64.h:112
(inlined by) __copy_to_user at include/linux/uaccess.h:105
(inlined by) __setup_rt_frame at arch/x86/kernel/signal.c:493
(inlined by) setup_rt_frame at arch/x86/kernel/signal.c:699
(inlined by) handle_signal at arch/x86/kernel/signal.c:743
(inlined by) do_signal at arch/x86/kernel/signal.c:811

specifically __setup_rt_frame():

    err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));

Last argument is sizeof(*set), which should be true for __builtin_constant_p() in __copy_to_user():

    static __always_inline unsigned long
    __copy_to_user(void __user *to, const void *from, unsigned long n)
    {
            might_fault();
            kasan_check_read(from, n);
            check_object_size(from, n, true);
            return raw_copy_to_user(to, from, n);
    }

    static __always_inline void check_object_size(const void *ptr, unsigned long n,
                                                  bool to_user)
    {
            if (!__builtin_constant_p(n))
                    __check_object_size(ptr, n, to_user);
    }

check_object_size()'s n is __copy_to_user()'s n is __setup_rt_frame()'s sizeof(*set).

[BUG] llvm [FIXED][LLVM] 8 polish

Source

kees

Most helpful comment

The new patches appear to solve the be32_to_cpu() issues. And I can boot an arm64 build under qemu with CONFIG_HARDENED_USERCOPY=y! Excellent! lkdtm tests all pass, too.

kees on 25 Sep 2018

🎉5

All 68 comments

Is needing __builtin_constant_p() to work through inlining a common thing? Or is there just an isolated place or two where it matters?

I ask because, while it's pretty terrible, you can make this work on a case-by-case basis with some clang-specific code:

    static __always_inline unsigned long
    __copy_to_user(void __user *to, const void *from, unsigned long n)
    {
            might_fault();
            kasan_check_read(from, n);
            check_object_size(from, n, true);
            return raw_copy_to_user(to, from, n);
    }

    static __always_inline void check_object_size(const void *ptr, unsigned long n,
                                                  bool to_user)
    {
            if (!__builtin_constant_p(n))
                    __check_object_size(ptr, n, to_user);
    }

    #ifdef __clang__
    #define enable_if_trivially_constant(x) enable_if((x) || !(x), "")
    static __always_inline __attribute__((overloadable, enable_if_trivially_constant(n)))
    unsigned long
    __copy_to_user(void __user *to, const void *from, unsigned long n)
    {
            might_fault();
            kasan_check_read(from, n);
            // Note the lack of __check_object_size.
            return raw_copy_to_user(to, from, n);
    }
    #endif

...I'd like to note, however, that this is forcing the decision of "should I call check_object_size" to be made during overload resolution. So, if anything more than trivial constant folding is required for n to be a constant, this won't work.

gburgessiv on 29 Mar 2018

I'm not sure how widely this assumption is used, but it's fairly central to a number of optimizations in usercopy code (not just the security hardening pieces)...

kees on 5 Apr 2018

https://bugs.llvm.org/show_bug.cgi?id=4898

nickdesaulniers on 12 Apr 2018

https://lists.llvm.org/pipermail/llvm-dev/2018-April/122554.html

nickdesaulniers on 13 Apr 2018

https://reviews.llvm.org/D4276

nickdesaulniers on 14 Apr 2018

@jyknight is there anything we need to communicate to or patch in the upstream kernel?

nickdesaulniers on 23 May 2018

CONFIG_HARDENED_USERCOPY=n is a workaround to have a bootable Linux v4.18-rc7 here on Debian/testing AMD64.

dileks on 31 Jul 2018

Here's another recent case, which miscompiles (for arm64) due to inline vs __builtin_constant_p():

net/core/filter.c:7292: undefined reference to `__compiletime_assert_7292'

net/core/filter.c:7292:
BUILD_BUG_ON(hweight_long(SK_FL_PROTO_MASK) != BITS_PER_BYTE);

include/net/sock.h:

define SK_FL_PROTO_MASK 0x0000ff00

include/linux/bitops.h:
static __always_inline unsigned long hweight_long(unsigned long w)
{
return sizeof(w) == 4 ? hweight32(w) : hweight64(w);
}

include/asm-generic/bitops/const_hweight.h:

define hweight64(w) (__builtin_constant_p(w) ? __const_hweight64(w) : __arch_hweight64(w))

"w" passed into hweight_long() loses its __builtin_constant-ness, and the BUILD_BUG_ON starts always evaluating with a full function call instead of as a constant expression.

kees on 23 Aug 2018

workaround:


-static __always_inline unsigned long hweight_long(unsigned long w)
-{
-       return sizeof(w) == 4 ? hweight32(w) : hweight64(w);
-}
+#define hweight_long(w) (sizeof(w) == 4 ? hweight32(w) : hweight64(w))

kees on 23 Aug 2018

FWIW, the suggested Clang patch does not actually solve this issue for me. :(
(Though in looking, I think it's because the linked patch is only for LLVM, and maybe something is needed for Clang too?)

kees on 23 Aug 2018

@kees Your workaround helped me to fix this in Linux v4.19-rc1...

+ ld -m elf_x86_64 -z max-page-size=0x200000 --emit-relocs --build-id -X -o .tmp_vmlinux1 -T ./arch/x86/kernel/vmlinux.lds --whole-archive built-in.a --no-whole-archive --start-group lib/lib.a arch/x86/lib/lib.a --end-group
ld: net/core/filter.o: in function `sk_reuseport_convert_ctx_access':
/home/sdi/src/linux-kernel/linux/net/core/filter.c:7284: undefined reference to `__compiletime_assert_7284'

dileks on 27 Aug 2018

"w" passed into hweight_long() loses its __builtin_constant-ness, and the BUILD_BUG_ON starts always evaluating with a full function call instead of as a constant expression.

Does marking w const help?

Edit: update: looks like no...

nickdesaulniers on 27 Aug 2018

It seems that even in very basic cases of one level function call, clang and gcc disagree on __builtin_constant_p: https://godbolt.org/z/g_iqwh.

nickdesaulniers on 27 Aug 2018

The workaround of Kees is no more needed with the patch "bpf: fix build error with clang" pending in bpf Git.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=3f6e138d41ddff196f452993528cfe75762ede0f

dileks on 29 Aug 2018

Attaching two patch files if anyone would like to tests them out. (The llvm patch is from https://reviews.llvm.org/D4276)

bcp-clang.patch.txt
bcp-llvm.patch.txt

gwelymernans on 31 Aug 2018

These patches appear to solve at least the net/core/filter.c case! I'll need to double-check the runtime effects with HARDENED_USERCOPY on tuesday. (Note that I used my own forward-port of the LLVM patch based on D4276 -- I haven't compared that to the bcp-llvm.patch.txt above.)

kees on 1 Sep 2018

@gwelymernans Your patches are against LLVM/Clang SVN revision 341155. Can you provide them against release_70 Git branch? So, I would like to test the case CONFIG_HARDENED_USERCOPY=y.

dileks on 3 Sep 2018

New warning, which appears to be doing the wrong thing with "const u32 *", thinking it's a compile-time constant, when it's not:

drivers/pinctrl/pinctrl-rockchip.c:2489:26: warning: multiple unsequenced modifications to 'list' [-Wunsequenced]
                num = be32_to_cpu(*list++);
                                       ^~
./include/linux/byteorder/generic.h:95:21: note: expanded from macro 'be32_to_cpu'
#define be32_to_cpu __be32_to_cpu
                    ^
./include/uapi/linux/byteorder/little_endian.h:40:59: note: expanded from macro '__be32_to_cpu'
#define __be32_to_cpu(x) __swab32((__force __u32)(__be32)(x))
                                                          ^
./include/uapi/linux/swab.h:118:21: note: expanded from macro '__swab32'
        ___constant_swab32(x) :                 \
                           ^
./include/uapi/linux/swab.h:18:12: note: expanded from macro '___constant_swab32'
        (((__u32)(x) & (__u32)0x000000ffUL) << 24) |            \
                  ^
drivers/pinctrl/pinctrl-rockchip.c:2494:52: warning: multiple unsequenced modifications to 'list' [-Wunsequenced]
                grp->pins[j] = bank->pin_base + be32_to_cpu(*list++);
                                                                 ^~

kees on 3 Sep 2018

0001-Backport-bcp-llvm.patch-to-release_70-Git-branch.patch.txt
0001-Backport-bcp-clang.patch-to-release_70-Git-branch.patch.txt

I tried to backport the patches myself and have 8 failures when running ninja check-clang:

******************** TEST 'Clang :: Analysis/builtin-functions.cpp' FAILED ********************
******************** TEST 'Clang :: CXX/dcl.dcl/dcl.spec/dcl.constexpr/p5.cpp' FAILED ********************
******************** TEST 'Clang :: CXX/drs/dr5xx.cpp' FAILED ********************
******************** TEST 'Clang :: Sema/builtins.c' FAILED ********************
******************** TEST 'Clang :: Sema/const-eval.c' FAILED ********************
******************** TEST 'Clang :: Sema/i-c-e.c' FAILED ********************
******************** TEST 'Clang :: SemaCXX/builtin-assume-aligned.cpp' FAILED ********************
******************** TEST 'Clang :: SemaCXX/constexpr-printing.cpp' FAILED ********************

dileks on 3 Sep 2018

@dileks The patches are more on the hack side of things. Do any of the failures look like semantic issues? or are they just that the tests expect different output?

gwelymernans on 4 Sep 2018

@gwelymernans You had a chance to look into my backported patches? Can you verify they are done correctly? Thanks.

dileks on 6 Sep 2018

@dileks They look fine to me (at least they look similar to what I did). I'm not surprised that there are failures in the tests. (They were written with the original assumption in mind.) I also may have missed something important when I was hacking the front-end patch together. (I'm not as familiar with the front-end code as the middle and back end code.)

gwelymernans on 7 Sep 2018

I found this, too: https://reviews.llvm.org/D35190 I wonder if we need this as part this work?

kees on 12 Sep 2018

@kees Could you add the pinctrl-rockship.i file and the command line it used here?

gwelymernans on 12 Sep 2018

I found this, too: https://reviews.llvm.org/D35190 I wonder if we need this as part this work?

Probably not. That patch is more for "when we're evaluating a constexpr function call, __builtin_constant_p(x) should be true if x is also constexpr in the context of that call."

From clang's perspective, if __builtin_constant_p == "can this possibly be folded to a constant with some effort?" the behavior offered in that patch's description is probably a good thing, but I think that patch would be a nop from the kernel's POV. (unless Linux has grown a lot of constexpr-y C++>=11 code? :) )

gburgessiv on 12 Sep 2018

Here are some better patches. PTAL.
clang-bcp.patch.txt
llvm-bcp.patch.txt

gwelymernans on 24 Sep 2018

The new patches appear to solve the be32_to_cpu() issues. And I can boot an arm64 build under qemu with CONFIG_HARDENED_USERCOPY=y! Excellent! lkdtm tests all pass, too.

kees on 25 Sep 2018

🎉5

@gwelymernans Is it possible to have both patches against release_70 Git? Thanks in advance.

dileks on 27 Sep 2018

Just as a reference from WireGuard sources:

commit fd50f778ab7683afe280b84c8242fa6d66843e08
"compat: clang cannot handle __builtin_constant_p"

[1] https://git.zx2c4.com/WireGuard/commit/?h=0.0.20181007&id=fd50f778ab7683afe280b84c8242fa6d66843e08

dileks on 17 Oct 2018

@gwelymernans What's the status of your patches - landed in upstream?

dileks on 26 Oct 2018

Added ConstantExpr class to Clang. This is the first step for the front-end support.

https://reviews.llvm.org/D53475

Here's a follow-up patch to use ConstantExpr:

https://reviews.llvm.org/D53921

After that one is accepted, I'll submit a patch using that for __builtin_constant_p(). That one will require @jyknight's patch.

gwelymernans on 31 Oct 2018

Two outstanding patches:

https://reviews.llvm.org/D4276 (accepted)
https://reviews.llvm.org/D53921 (submitted)

nickdesaulniers on 7 Nov 2018

I have found for 2. the Clang part of the patch...

"Compound literals, enums, et al require const expr"
https://github.com/llvm-mirror/clang/commit/ed611fa5aace7533cbd8ffcf27fdcc5208bfaa2f

But I cannot see the LLVM part.

https://reviews.llvm.org/D53921 says:

    rL346455: Compound literals, enums, et al require const expr
    rC346455: Compound literals, enums, et al require const expr

So, in Debian/experimental I see...

clang-8 (1:8~svn346586-1~exp1)

Is this version sufficient for building with CONFIG_HARDENED_USERCOPY=y?

dileks on 12 Nov 2018

The LLVM part should already be in top-of-tree. @jyknight submitted it last week at r346322.

gwelymernans on 13 Nov 2018

Two final patches awaiting review:

gwelymernans on 13 Nov 2018

👍1

@gwelymernans Are those two final patches mandatory to test with CONFIG_HARDENED_USERCOPY=y?

dileks on 13 Nov 2018

I tested with clang-8 (1:8~svn346586-1~exp1) and CONFIG_HARDENED_USERCOPY=y and I still get the call-trace in QEMU:

[    1.169038] ------------[ cut here ]------------
[    1.169650] Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'task_struct' (offset 1752, size 8)!
[    1.171285] WARNING: CPU: 0 PID: 1 at mm/usercopy.c:83 usercopy_warn+0x95/0xa0
[    1.172207] Modules linked in:
[    1.172610] CPU: 0 PID: 1 Comm: init Not tainted 4.20.0-rc2-3-amd64-cbl #3~buster+dileks1
[    1.173649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1 04/01/2014
[    1.174689] RIP: 0010:usercopy_warn+0x95/0xa0
[    1.175686] Code: c6 04 25 04 58 2e b0 01 48 c7 c3 a7 b0 04 b0 48 0f 44 d8 48 c7 c7 29 b0 04 b0 31 c0 41 52 41 53 53 e8 8f 10 de ff 48 83 c4 18 <0f> 0b 5b 5d c3 66 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 41 57
[    1.179381] RSP: 0018:ffffb885000d3da8 EFLAGS: 00010282
[    1.180060] RAX: d2742322cd5bc600 RBX: ffffffffb004b0a7 RCX: d2742322cd5bc600
[    1.180969] RDX: fffffffffffffead RSI: 0000000000000082 RDI: 0000000000000246
[    1.181893] RBP: ffffb885000d3db0 R08: ffff0a1000000600 R09: 0000004000000000
[    1.182804] R10: 0000000000000153 R11: 0000000000000000 R12: ffff9c859d1fe560
[    1.183720] R13: 00000000fffffff2 R14: 0000000000000008 R15: 0000000000000001
[    1.184632] FS:  00007fa0b80d1580(0000) GS:ffff9c859d600000(0000) knlGS:0000000000000000
[    1.185665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.186408] CR2: 000055d2328f15ea CR3: 000000001f844000 CR4: 00000000000006f0
[    1.187322] Call Trace:
[    1.187667]  __check_object_size+0xcb/0x1e0
[    1.188214]  do_signal+0x49d/0x5f0
[    1.188668]  prepare_exit_to_usermode+0xd2/0x160
[    1.189273]  syscall_return_slowpath+0x45/0x180
[    1.189864]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    1.190532] RIP: 0033:0x7fa0b7fd81c7
[    1.191006] Code: c7 1c 0f 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 00 48 8d 05 21 78 0f 00 8b 00 85 c0 75 1b 45 31 d2 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 59 f3 c3 0f 1f 80 00 00 00 00 41 54 55 41 89
[    1.193722] RSP: 002b:00007fff5f0ebd38 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[    1.194686] RAX: 000000000000004a RBX: 0000560f1753b260 RCX: 00007fa0b7fd81c7
[    1.195508] RDX: 0000000000000000 RSI: 00007fff5f0ebd4c RDI: 00000000ffffffff
[    1.196169] RBP: 0000560f1753b260 R08: 00007fa0b80d1580 R09: fefeff7168636a6c
[    1.196827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000560f1753c6b0
[    1.197497] R13: 00007fff5f0ebd4c R14: 00000000ffffffff R15: 0000560f1753c325
[    1.198235] ---[ end trace 0bc81d8fc8f3e5e6 ]---

dileks on 14 Nov 2018

@dileks I'm not familiar with CONFIG_HARDENED_USERCOPY. @kees would know more. If there's a crash, it might be a missed optimization opportunity.

As for the patches, https://reviews.llvm.org/D54355 is the one to use. I reverted the other to limit the size of the changes going in. (It may go in later.)

gwelymernans on 14 Nov 2018

@gwelymernans I get the patch via https://reviews.llvm.org/D54355?download=true (Download RAW Diff)?

dileks on 14 Nov 2018

That should work.

gwelymernans on 14 Nov 2018

That looks good:

$ cd $LLVM_BUILD_DIR

$ TESTS="Analysis/builtin-functions.cpp Sema/builtins.c SemaCXX/compound-literal.cpp"

$ for t in $TESTS ; do LC_ALL=C ./bin/llvm-lit -v ./tools/clang/test/$t ; done
llvm-lit: /home/sdi/src/llvm-toolchain/llvm/utils/lit/lit/llvm/config.py:333: note: using clang: /home/sdi/src/llvm-toolchain/build/bin/clang
-- Testing: 1 tests, 1 threads --
PASS: Clang :: Analysis/builtin-functions.cpp (1 of 1)
Testing Time: 0.10s
  Expected Passes    : 1
llvm-lit: /home/sdi/src/llvm-toolchain/llvm/utils/lit/lit/llvm/config.py:333: note: using clang: /home/sdi/src/llvm-toolchain/build/bin/clang
-- Testing: 1 tests, 1 threads --
PASS: Clang :: Sema/builtins.c (1 of 1)
Testing Time: 0.14s
  Expected Passes    : 1
llvm-lit: /home/sdi/src/llvm-toolchain/llvm/utils/lit/lit/llvm/config.py:333: note: using clang: /home/sdi/src/llvm-toolchain/build/bin/clang
-- Testing: 1 tests, 1 threads --
PASS: Clang :: SemaCXX/compound-literal.cpp (1 of 1)
Testing Time: 0.21s
  Expected Passes    : 1

dileks on 14 Nov 2018

@gwelymernans
I have unexpected 307 test failures with that selfmade llvm-toolchain-8...

llvm: git 6a5c77e70a3a
clang: git a152c7a4b7ba
compiler-rt: git 0a3b159a0c11

...when doing...

NINJA="ninja"

cd $LLVM_BUILD_DIR
$NINJA check-clang

...
  Expected Passes    : 12834
  Expected Failures  : 18
  Unsupported Tests  : 294
  Unexpected Failures: 307
FAILED: tools/clang/test/CMakeFiles/check-clang

Building Linux v4.20-rc2 is throwing the 1st errors here and I tried unsuccessfully with:

--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -5,6 +5,7 @@ ccflags-y += -Iarch/x86/kvm
 CFLAGS_x86.o := -I.
 CFLAGS_svm.o := -I.
 CFLAGS_vmx.o := -I.
+CFLAGS_vmx.o += $(call cc-disable-warning, unneeded-internal-declaration)

Do you have me the SVN revision or even better your Git hashsum of llvm-svn/llvm-git and clang-svn/clang-git from your testings?

dileks on 15 Nov 2018

I get no failures. I'm using top-of-tree. I don't have SHA1s or other such things. What's on the review site is all you should need.

gwelymernans on 15 Nov 2018

I have built in an identical build-environment a llvm-toolchain-7.0.1rc2 and all tests passed when doing a ninja check-clang. The generated clang-7 builds fine. Will do further CSI-ing what happens when trying to build from LLVM * Git mirrors.

dileks on 15 Nov 2018

@gwelymernans
The test failures occur when I apply the patch from D54355 on top - without D54355 everything is OK with my selfmade llvm-toolchain-8.

********************
Testing Time: 233.30s
********************
Failing Tests (307):
    Clang :: ASTMerge/class-template-partial-spec/test.cpp
    Clang :: ASTMerge/class-template/test.cpp
    Clang :: ASTMerge/class2/test.cpp
    Clang :: ASTMerge/exprs-cpp/test.cpp
    Clang :: ASTMerge/namespace/test.cpp
    Clang :: ASTMerge/var-cpp/test.cpp
    Clang :: Analysis/cfg.cpp
    Clang :: Analysis/misc-ps-cxx0x.cpp
    Clang :: Analysis/new.cpp
    Clang :: Analysis/out-of-bounds-new.cpp
    Clang :: CXX/basic/basic.link/p6.cpp
    Clang :: CXX/basic/basic.link/p7.cpp
    Clang :: CXX/basic/basic.link/p8.cpp
    Clang :: CXX/class/class.mem/p2.cpp
    Clang :: CXX/class/class.static/class.static.data/p3.cpp
    Clang :: CXX/class/class.union/p2-0x.cpp
    Clang :: CXX/class/p6-0x.cpp
    Clang :: CXX/conv/conv.fctptr/p1.cpp
    Clang :: CXX/conv/conv.prom/p5.cpp
    Clang :: CXX/dcl.dcl/dcl.attr/dcl.align/p5.cpp
    Clang :: CXX/dcl.dcl/dcl.attr/dcl.align/p6.cpp
    Clang :: CXX/dcl.dcl/dcl.attr/dcl.align/p7.cpp
    Clang :: CXX/dcl.dcl/dcl.attr/dcl.attr.unused/p3.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.constexpr/p3.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.constexpr/p4.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.constexpr/p5.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.type/dcl.spec.auto/p2-1z.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.type/dcl.spec.auto/p3-1y.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.type/dcl.spec.auto/p3.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.type/dcl.type.simple/p4-cxx0x.cpp
    Clang :: CXX/dcl.dcl/dcl.spec/dcl.type/dcl.type.simple/p5-cxx0x.cpp
    Clang :: CXX/dcl.dcl/p4-0x.cpp
    Clang :: CXX/dcl.decl/dcl.decomp/p2.cpp
    Clang :: CXX/dcl.decl/dcl.decomp/p3.cpp
    Clang :: CXX/dcl.decl/dcl.decomp/p4.cpp
    Clang :: CXX/dcl.decl/dcl.fct.def/dcl.fct.def.default/p2.cpp
    Clang :: CXX/dcl.decl/dcl.fct.def/dcl.fct.def.general/p8.cpp
    Clang :: CXX/dcl.decl/dcl.init/dcl.init.aggr/p7.cpp
    Clang :: CXX/dcl.decl/dcl.init/p5.cpp
    Clang :: CXX/dcl.decl/dcl.meaning/dcl.array/p3.cpp
    Clang :: CXX/dcl.decl/dcl.meaning/dcl.fct/p6-0x.cpp
    Clang :: CXX/dcl.decl/dcl.meaning/p1-0x.cpp
    Clang :: CXX/drs/dr0xx.cpp
    Clang :: CXX/drs/dr13xx.cpp
    Clang :: CXX/drs/dr14xx.cpp
    Clang :: CXX/drs/dr16xx.cpp
    Clang :: CXX/drs/dr18xx.cpp
    Clang :: CXX/drs/dr19xx.cpp
    Clang :: CXX/drs/dr1xx.cpp
    Clang :: CXX/drs/dr20xx.cpp
    Clang :: CXX/drs/dr21xx.cpp
    Clang :: CXX/drs/dr3xx.cpp
    Clang :: CXX/drs/dr6xx.cpp
    Clang :: CXX/except/except.spec/p14.cpp
    Clang :: CXX/except/except.spec/p15.cpp
    Clang :: CXX/expr/expr.ass/p9-cxx11.cpp
    Clang :: CXX/expr/expr.const/p2-0x.cpp
    Clang :: CXX/expr/expr.const/p3-0x.cpp
    Clang :: CXX/expr/expr.const/p5-0x.cpp
    Clang :: CXX/expr/expr.prim/expr.prim.general/p3-0x.cpp
    Clang :: CXX/expr/expr.prim/expr.prim.lambda/p11-1y.cpp
    Clang :: CXX/expr/expr.prim/expr.prim.lambda/p14.cpp
    Clang :: CXX/expr/expr.prim/expr.prim.lambda/p18.cpp
    Clang :: CXX/expr/expr.prim/expr.prim.lambda/p3.cpp
    Clang :: CXX/expr/expr.prim/expr.prim.lambda/p5.cpp
    Clang :: CXX/expr/expr.unary/expr.new/p17-crash.cpp
    Clang :: CXX/expr/expr.unary/expr.new/p17.cpp
    Clang :: CXX/expr/expr.unary/expr.unary.noexcept/sema.cpp
    Clang :: CXX/lex/lex.literal/lex.ext/p3.cpp
    Clang :: CXX/lex/lex.literal/lex.ext/p4.cpp
    Clang :: CXX/lex/lex.literal/lex.ext/p8.cpp
    Clang :: CXX/lex/lex.literal/lex.string/p4.cpp
    Clang :: CXX/lex/lex.pptoken/p3-0x.cpp
    Clang :: CXX/over/over.match/over.match.funcs/over.match.class.deduct/p2.cpp
    Clang :: CXX/over/over.match/over.match.funcs/over.match.class.deduct/p3.cpp
    Clang :: CXX/over/over.oper/over.literal/p7.cpp
    Clang :: CXX/special/class.copy/implicit-move.cpp
    Clang :: CXX/special/class.copy/p12-0x.cpp
    Clang :: CXX/special/class.copy/p13-0x.cpp
    Clang :: CXX/special/class.copy/p15-0x.cpp
    Clang :: CXX/special/class.copy/p25-0x.cpp
    Clang :: CXX/special/class.ctor/p5-0x.cpp
    Clang :: CXX/special/class.inhctor/p2.cpp
    Clang :: CXX/special/class.inhctor/p8.cpp
    Clang :: CXX/special/class.init/class.inhctor.init/p1.cpp
    Clang :: CXX/temp/temp.decls/temp.variadic/fixed-expansion.cpp
    Clang :: CXX/temp/temp.decls/temp.variadic/multi-level-substitution.cpp
    Clang :: CXX/temp/temp.decls/temp.variadic/p4.cpp
    Clang :: CXX/temp/temp.fct.spec/temp.deduct/temp.deduct.conv/p4.cpp
    Clang :: CXX/temp/temp.fct.spec/temp.deduct/temp.deduct.type/p8-0x.cpp
    Clang :: CodeGen/renderscript.c
    Clang :: CodeGenCUDA/kernel-args-alignment.cu
    Clang :: CodeGenCXX/alloc-size.cpp
    Clang :: CodeGenCXX/arm.cpp
    Clang :: CodeGenCXX/const-init-cxx11.cpp
    Clang :: CodeGenCXX/cxx11-initializer-array-new.cpp
    Clang :: CodeGenCXX/dllimport-memptr-global.cpp
    Clang :: CodeGenCXX/mangle-ms-templates-memptrs.cpp
    Clang :: CodeGenCXX/microsoft-abi-member-pointers.cpp
    Clang :: CodeGenCXX/multi-dim-operator-new.cpp
    Clang :: CodeGenCXX/new-array-init.cpp
    Clang :: CodeGenCXX/new.cpp
    Clang :: CodeGenCXX/static-assert.cpp
    Clang :: CodeGenCXX/tail-padding.cpp
    Clang :: Coverage/ast-printing.cpp
    Clang :: FixIt/fixit.cpp
    Clang :: Frontend/mips-long-double.c
    Clang :: Frontend/x86_64-nacl-types.cpp
    Clang :: Headers/arm64-apple-ios-types.cpp
    Clang :: Headers/c11.c
    Clang :: Headers/cxx11.cpp
    Clang :: Headers/float.c
    Clang :: Headers/float16.c
    Clang :: Headers/limits.cpp
    Clang :: Headers/stdint-typeof-MINMAX.cpp
    Clang :: Headers/tgmath.c
    Clang :: Headers/thumbv7-apple-ios-types.cpp
    Clang :: Headers/x86_64-apple-macosx-types.cpp
    Clang :: Import/enum/test.cpp
    Clang :: Import/template-specialization/test.cpp
    Clang :: Index/Core/index-source.cpp
    Clang :: Index/load-staticassert.cpp
    Clang :: Layout/watchos-standard-layout.cpp
    Clang :: Lexer/char-literal-encoding-error.c
    Clang :: Lexer/coroutines.cpp
    Clang :: Lexer/cxx1y_binary_literal.cpp
    Clang :: Lexer/cxx1y_digit_separators.cpp
    Clang :: Lexer/cxx1z-trigraphs.cpp
    Clang :: Lexer/cxx2a-spaceship.cpp
    Clang :: Lexer/keywords_test.cpp
    Clang :: Lexer/modules-ts.cpp
    Clang :: Misc/ast-dump-decl.cpp
    Clang :: Modules/const-var-init-update.cpp
    Clang :: Modules/cxx-decls.cpp
    Clang :: Modules/cxx-templates.cpp
    Clang :: Modules/cxx17-exception-spec.cpp
    Clang :: Modules/exception-spec.cpp
    Clang :: Modules/explicit-build-relpath.cpp
    Clang :: Modules/explicit-build.cpp
    Clang :: Modules/hidden-definition.cpp
    Clang :: Modules/include_next.c
    Clang :: Modules/merge-decl-context.cpp
    Clang :: Modules/odr_hash.cpp
    Clang :: Modules/overloadable-attrs.cpp
    Clang :: Modules/preprocess-build.cpp
    Clang :: Modules/static_assert.cpp
    Clang :: Modules/templates.mm
    Clang :: PCH/cxx-static_assert.cpp
    Clang :: PCH/cxx0x-default-delete.cpp
    Clang :: PCH/cxx11-constexpr.cpp
    Clang :: PCH/cxx11-exception-spec.cpp
    Clang :: PCH/cxx1y-default-initializer.cpp
    Clang :: PCH/cxx1y-variable-templates.cpp
    Clang :: PCH/cxx1z-decomposition.cpp
    Clang :: PCH/cxx1z-init-statement.cpp
    Clang :: PCH/cxx2a-bitfield-init.cpp
    Clang :: PCH/cxx2a-compare.cpp
    Clang :: PCH/cxx_exprs.cpp
    Clang :: PCH/pragma-ms_struct.cpp
    Clang :: PCH/pragma-pointers_to_members.cpp
    Clang :: Parser/MicrosoftExtensions.c
    Clang :: Parser/MicrosoftExtensions.cpp
    Clang :: Parser/builtin_types_compatible.c
    Clang :: Parser/cxx0x-attributes.cpp
    Clang :: Parser/cxx0x-decl.cpp
    Clang :: Parser/cxx11-user-defined-literals.cpp
    Clang :: Parser/cxx1z-fold-expressions.cpp
    Clang :: Parser/cxx2a-bitfield-init.cpp
    Clang :: Preprocessor/c17.c
    Clang :: Preprocessor/feature_tests.c
    Clang :: Preprocessor/macro_arg_directive.c
    Clang :: Sema/align-x86-abi7.c
    Clang :: Sema/align-x86.c
    Clang :: Sema/alignas.c
    Clang :: Sema/atomic-ops.c
    Clang :: Sema/auto-type.c
    Clang :: Sema/gnu-flags.c
    Clang :: Sema/static-assert.c
    Clang :: SemaCXX/MicrosoftExtensions.cpp
    Clang :: SemaCXX/abstract.cpp
    Clang :: SemaCXX/alias-template.cpp
    Clang :: SemaCXX/align-x86-abi7.cpp
    Clang :: SemaCXX/align-x86.cpp
    Clang :: SemaCXX/alignment-of-derived-class.cpp
    Clang :: SemaCXX/alignof-sizeof-reference.cpp
    Clang :: SemaCXX/alignof.cpp
    Clang :: SemaCXX/amdgpu-sizeof-alignof.cpp
    Clang :: SemaCXX/anonymous-union-cxx11.cpp
    Clang :: SemaCXX/attr-aligned.cpp
    Clang :: SemaCXX/attr-cxx0x.cpp
    Clang :: SemaCXX/attr-gnu.cpp
    Clang :: SemaCXX/attr-target-mv.cpp
    Clang :: SemaCXX/builtin-object-size-cxx14.cpp
    Clang :: SemaCXX/builtins-overflow.cpp
    Clang :: SemaCXX/builtins.cpp
    Clang :: SemaCXX/char8_t.cpp
    Clang :: SemaCXX/class-layout.cpp
    Clang :: SemaCXX/compare-cxx2a.cpp
    Clang :: SemaCXX/complex-folding.cpp
    Clang :: SemaCXX/constant-expression-cxx11.cpp
    Clang :: SemaCXX/constant-expression-cxx1y.cpp
    Clang :: SemaCXX/constant-expression-cxx1z.cpp
    Clang :: SemaCXX/constant-expression-cxx2a.cpp
    Clang :: SemaCXX/constexpr-backtrace-limit.cpp
    Clang :: SemaCXX/constexpr-default-arg.cpp
    Clang :: SemaCXX/constexpr-duffs-device.cpp
    Clang :: SemaCXX/constexpr-nqueens.cpp
    Clang :: SemaCXX/constexpr-printing.cpp
    Clang :: SemaCXX/constexpr-steps.cpp
    Clang :: SemaCXX/constexpr-string.cpp
    Clang :: SemaCXX/constexpr-turing.cpp
    Clang :: SemaCXX/constexpr-value-init.cpp
    Clang :: SemaCXX/coroutines.cpp
    Clang :: SemaCXX/cxx0x-defaulted-functions.cpp
    Clang :: SemaCXX/cxx0x-initializer-aggregates.cpp
    Clang :: SemaCXX/cxx0x-initializer-constructor.cpp
    Clang :: SemaCXX/cxx0x-initializer-references.cpp
    Clang :: SemaCXX/cxx0x-initializer-scalars.cpp
    Clang :: SemaCXX/cxx0x-initializer-stdinitializerlist.cpp
    Clang :: SemaCXX/cxx11-crashes.cpp
    Clang :: SemaCXX/cxx11-default-member-initializers.cpp
    Clang :: SemaCXX/cxx11-gnu-attrs.cpp
    Clang :: SemaCXX/cxx11-user-defined-literals.cpp
    Clang :: SemaCXX/cxx14-compat.cpp
    Clang :: SemaCXX/cxx1y-generic-lambdas-capturing.cpp
    Clang :: SemaCXX/cxx1y-initializer-aggregates.cpp
    Clang :: SemaCXX/cxx1y-sized-deallocation.cpp
    Clang :: SemaCXX/cxx1y-variable-templates_in_class.cpp
    Clang :: SemaCXX/cxx1y-variable-templates_top_level.cpp
    Clang :: SemaCXX/cxx1z-class-template-argument-deduction.cpp
    Clang :: SemaCXX/cxx1z-constexpr-lambdas.cpp
    Clang :: SemaCXX/cxx1z-decomposition.cpp
    Clang :: SemaCXX/cxx1z-init-statement.cpp
    Clang :: SemaCXX/cxx1z-lambda-star-this.cpp
    Clang :: SemaCXX/cxx1z-noexcept-function-type.cpp
    Clang :: SemaCXX/cxx2a-three-way-comparison.cpp
    Clang :: SemaCXX/cxx98-compat.cpp
    Clang :: SemaCXX/decltype-this.cpp
    Clang :: SemaCXX/decomposed-condition.cpp
    Clang :: SemaCXX/delete-and-function-templates.cpp
    Clang :: SemaCXX/discrim-union.cpp
    Clang :: SemaCXX/enable_if.cpp
    Clang :: SemaCXX/enum-scoped.cpp
    Clang :: SemaCXX/enum-unscoped-nonexistent.cpp
    Clang :: SemaCXX/exception-spec.cpp
    Clang :: SemaCXX/for-range-examples.cpp
    Clang :: SemaCXX/funcdname.cpp
    Clang :: SemaCXX/generic-selection.cpp
    Clang :: SemaCXX/has_unique_object_reps_member_ptr.cpp
    Clang :: SemaCXX/implicit-exception-spec.cpp
    Clang :: SemaCXX/lambda-expressions.cpp
    Clang :: SemaCXX/libstdcxx_pair_swap_hack.cpp
    Clang :: SemaCXX/literal-type.cpp
    Clang :: SemaCXX/make_integer_seq.cpp
    Clang :: SemaCXX/member-init.cpp
    Clang :: SemaCXX/member-pointer-ms.cpp
    Clang :: SemaCXX/modules-ts.cppm
    Clang :: SemaCXX/ms-interface.cpp
    Clang :: SemaCXX/ms_struct.cpp
    Clang :: SemaCXX/new-delete.cpp
    Clang :: SemaCXX/nullptr.cpp
    Clang :: SemaCXX/openmp_default_simd_align.cpp
    Clang :: SemaCXX/predefined-expr.cpp
    Clang :: SemaCXX/static-assert.cpp
    Clang :: SemaCXX/subst-restrict.cpp
    Clang :: SemaCXX/trivial-constructor.cpp
    Clang :: SemaCXX/trivial-destructor.cpp
    Clang :: SemaCXX/type-traits.cpp
    Clang :: SemaCXX/type_pack_element.cpp
    Clang :: SemaCXX/underlying_type.cpp
    Clang :: SemaCXX/using-decl-templates.cpp
    Clang :: SemaCXX/vtordisp-mode.cpp
    Clang :: SemaCXX/warn-self-assign-builtin.cpp
    Clang :: SemaCXX/warn-self-assign-field-builtin.cpp
    Clang :: SemaCXX/warn-self-assign-field-overloaded.cpp
    Clang :: SemaCXX/warn-self-assign-overloaded.cpp
    Clang :: SemaCXX/windows-arm-valist.cpp
    Clang :: SemaObjC/diagnose_if.m
    Clang :: SemaObjCXX/is-base-of.mm
    Clang :: SemaObjCXX/objc-weak-type-traits.mm
    Clang :: SemaTemplate/address_space-dependent.cpp
    Clang :: SemaTemplate/alignas.cpp
    Clang :: SemaTemplate/argument-dependent-lookup.cpp
    Clang :: SemaTemplate/attributes.cpp
    Clang :: SemaTemplate/constexpr-instantiate.cpp
    Clang :: SemaTemplate/cxx17-inline-variables.cpp
    Clang :: SemaTemplate/cxx1z-fold-expressions.cpp
    Clang :: SemaTemplate/deduction.cpp
    Clang :: SemaTemplate/default-arguments.cpp
    Clang :: SemaTemplate/instantiate-array.cpp
    Clang :: SemaTemplate/instantiate-exception-spec-cxx11.cpp
    Clang :: SemaTemplate/instantiate-local-class.cpp
    Clang :: SemaTemplate/instantiate-sizeof.cpp
    Clang :: SemaTemplate/instantiate-var-template.cpp
    Clang :: SemaTemplate/ms-delayed-default-template-args.cpp
    Clang :: SemaTemplate/ms-lookup-template-base-classes.cpp
    Clang :: SemaTemplate/pack-deduction.cpp
    Clang :: SemaTemplate/temp-param-subst-linear.cpp
    Clang :: SemaTemplate/temp_arg_nontype_cxx1z.cpp
    Clang :: SemaTemplate/temp_arg_template.cpp
    Clang :: SemaTemplate/temp_arg_type.cpp
    Clang :: Tooling/fixed-database.cpp
    Clang-Unit :: AST/./ASTTests/DeclPrinter.TestStaticAssert1
    Clang-Unit :: AST/./ASTTests/ParameterizedTests/ImportFunctionTemplateSpecializations.MatchNumberOfFunctionTemplateSpecializations/0
    Clang-Unit :: AST/./ASTTests/ParameterizedTests/ImportFunctionTemplateSpecializations.MatchNumberOfFunctionTemplateSpecializations/1
    Clang-Unit :: AST/./ASTTests/ParameterizedTests/ImportFunctionTemplateSpecializations.MatchNumberOfFunctionTemplateSpecializations/2
    Clang-Unit :: AST/./ASTTests/ParameterizedTests/ImportFunctionTemplateSpecializations.MatchNumberOfFunctionTemplateSpecializations/3

  Expected Passes    : 12838
  Expected Failures  : 18
  Unsupported Tests  : 294
  Unexpected Failures: 307
FAILED: tools/clang/test/CMakeFiles/check-clang

dileks on 15 Nov 2018

I don't know what llvm-toolchain-7.0.1rc2 is. It might be a wrong version that doesn't have a necessary change in it. Go back through my patches on reviews.llvm.org and see if they're all in your tree.

gwelymernans on 16 Nov 2018

My llvm-toolchain-7.0.1rc2 was built out of llvm 7.0.1rc2, clang 7.0.1rc2 and compiler-rt 7.0.1rc2.

AFAICS the requirements are:

sdi@iniza:~/src/llvm-toolchain/llvm$ git log --oneline | grep "Add support for llvm.is.constant intrinsic (PR4898)"
3125e3514067 Add support for llvm.is.constant intrinsic (PR4898)

sdi@iniza:~/src/llvm-toolchain/llvm/tools/clang$ git log --oneline | grep "Compound literals, enums, et al require const expr"
ed611fa5aace Compound literals, enums, et al require const expr

and D54355.diff

Am I missing something?

dileks on 16 Nov 2018

You'll need r345695 as well. I don't know what version 7.0.1rc2 is based off of and whether it has that change in it. What are the failures you're seeing?

gwelymernans on 16 Nov 2018

With clang version 7.0.1rc2 I am building my llvm-toolchain (llvm clang compiler-rt) from Git.

I have r345695 as I am building from latest Git.

commit 94f13e37e55a5f155cdbe4dbc7bb2cb3a5b43860
Author: Bill Wendling <[email protected]>
Date:   Wed Oct 31 04:58:34 2018 +0000

    Change "struct" to "class" to avoid warnings


    git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@345695 91177308-0d34-0410-b5e6-96231b3b80d8

What do you mean by "failures"?
If you mean test failures, then please see my previous post with the list of 307 test failures.

dileks on 16 Nov 2018

I cloned svn/trunk and checked out r346455 in llvm, clang and compiler-rt SVN repositories via svn update -r 346455and then applied D54355.diff and still see the 307 test failures.

Without applying the diff the generated llvm-toolchain is fine and no test failures are reported.

SVN r346455 includes:

Compound literals, enums, et al require const expr
Add support for llvm.is.constant intrinsic (PR4898)
Change "struct" to "class" to avoid warnings

I can send you the full log of ninja check-clang via email if you like.

dileks on 16 Nov 2018

I am building with:

CMAKE_OPTS="-G Ninja -DCMAKE_C_COMPILER=clang-7 -DCMAKE_CXX_COMPILER=clang++-7 -DLLVM_PARALLEL_COMPILE_JOBS=2 -DLLVM_PARALLEL_LINK_JOBS=1 -DCMAKE_INSTALL_PREFIX=/opt/llvm-toolchain-8.0.0 -DCMAKE_BUILD_TYPE=RELEASE -DLLVM_ENABLE_ASSERTIONS=ON -DLLVM_TARGETS_TO_BUILD=X86 -DLLVM_ENABLE_OCAMLDOC=OFF"

cd $LLVM_BUILD_DIR

### CONFIGURE
$CMAKE ../llvm $CMAKE_OPTS
### BUILD
$CMAKE --build .
### CHECK-CLANG
$NINJA check-clang

As an example:

******************** TEST 'Clang :: ASTMerge/class-template-partial-spec/test.cpp' FAILED ********************
...
Command Output (stderr):
--
clang: /home/sdi/src/llvm-toolchain/llvm/tools/clang/include/clang/AST/Expr.h:915: static clang::ConstantExpr *clang::ConstantExpr::Create(const clang::ASTContext &, clang::Expr *): Assertion `!isa<ConstantExpr>(E)' failed.

dileks on 16 Nov 2018

Make sure you're using this:

https://reviews.llvm.org/differential/diff/173986/

gwelymernans on 16 Nov 2018

My downloaded D54355.diff and D54355.id173986.diff do not differ.

dileks on 18 Nov 2018

With a selfmade llvm-toolchain 8-svn345695 and applied D54355.id174551.diff I was able to build with CONFIG_HARDENED_USERCOPY=y and boot into QEMU and on bare metal. Thanks @gwelymernans and /o\.

[1] https://reviews.llvm.org/D54355?id=174551

dileks on 19 Nov 2018

Bill's patch now landed in Clang Git:

commit dafd68092ceda14b5b4a24fabef35bec783876a7
"Use is.constant intrinsic for __builtin_constant_p"

[1] https://github.com/llvm-mirror/clang/commit/dafd68092ceda14b5b4a24fabef35bec783876a7

dileks on 20 Nov 2018

Temporarily reverted. Working on a fix now.

gwelymernans on 20 Nov 2018

@gwelymernans I could boot on bare metal with my llvm-toolchain 8-svn347381. But I see "Revert r347364 again, the fix was incomplete.". Next try :-).

dileks on 21 Nov 2018

Next try for me: With Clang-8 SVN r347480 ("A __builtin_constant_p() returns 0 with a function type.") I was able to build and boot into Linux v4.20-rc3+ on bare metal and in QEMU. Thanks @gwelymernans

dileks on 23 Nov 2018

Great! :-) I'm going to close this bug as fixed then.

gwelymernans on 24 Nov 2018

🎉2

Nice work @gwelymernans ! The fix was definitely quite a patch set! 🌥

nickdesaulniers on 25 Nov 2018

Looks like there are 2 small follow-up patches, so clang 8-svn347531 have them.

These are the tests I have seen in all the commits:

cd $LLVM_BUILD_DIR

TESTS="Analysis/builtin-functions.cpp Sema/builtins.c SemaCXX/compound-literal.cpp"
TESTS="$TESTS CodeGenCXX/builtin-constant-p.cpp"
TESTS="$TESTS CodeGen/builtin-constant-p.c"
TESTS="$TESTS SemaCXX/constant-expression-cxx1y.cpp"

for t in $TESTS ; do ./bin/llvm-lit -v ./tools/clang/test/$t ; done

dileks on 26 Nov 2018

Patch and follow-ups again reverted...

https://github.com/llvm-mirror/clang/commit/e44c638ccfb9c020561219a3bfc76ce41a99cf4b

...and re-committed :-)

 Re-commit r347417 "Re-Reinstate 347294 with a fix for the failures."

This was reverted in r347656 due to me thinking it caused a miscompile of
Chromium. Turns out it was the Chromium code that was broken.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@347756 91177308-0d34-0410-b5e6-96231b3b80d8

https://github.com/llvm-mirror/clang/commit/b129ce9436c5e1227d6314d30d3bf65fa548a3f8

dileks on 28 Nov 2018

@gwelymernans Can you enlighten which SVN revision has all patches now (I am asking as I have seen several reverts and re-commits)? Thanks.

dileks on 7 Dec 2018

I think that r348071 should have all of my patches.

gwelymernans on 7 Dec 2018

so great! I can confirm it's working. :) Clang-built arm64 system boots and LKDTM shows the protection correctly kicking in when tested:

# cat /proc/version
Linux version 4.20.0-rc2-00016-g8665569e97dd (kees@beast) (clang version 8.0.0 (https://github.com/llvm-mirror/clang.git 991d0b57999aae9827370e33e538422adcf647f5) (https://github.com/llvm-mirror/llvm.git 11255059aeeab222ad9c00c00649aa158ccc2ec9)) #917 SMP PREEMPT Fri Dec 7 13:11:45 PST 2018
# cat <(echo USERCOPY_HEAP_WHITELIST_TO) > /sys/kernel/debug/provoke-crash/DIRECT
Segfault
# dmesg
[  149.113516] lkdtm: Performing direct entry USERCOPY_HEAP_WHITELIST_TO
[  149.114897] lkdtm: attempting good copy_to_user inside whitelist
[  149.115840] lkdtm: attempting bad copy_to_user outside whitelist
[  149.116009] usercopy: Kernel memory exposure attempt detected from SLUB object 'lkdtm-usercopy' (offset 255, size 64)!
[  149.119944] ------------[ cut here ]------------
[  149.120185] kernel BUG at mm/usercopy.c:102!
...

kees on 7 Dec 2018

@kees Your testcase requires CONFIG_LKDTM set. I had success with CONFIG_LKDTM=m and clang version 8.0.0-svn349540-1~exp1+0~20181218210855.2207~1.gbpe65928 (trunk) from .

dileks on 19 Dec 2018

reviewing old content for our talk this weekend at FOSDEM, looks like @behanw knew of this back in '13! See slide 27: https://events.static.linuxfound.org/images/stories/slides/abs2013_webster.pdf

Edit: Ha! and extern inline!

nickdesaulniers on 1 Feb 2019

It's a pity I am only on Saturday at FOSDEM and can not visit your talk "Compiling the Linux kernel with LLVM tools" :-(.
It's always good to open a ticket like for Linux Kernel Summit talk hints.

[1] https://fosdem.org/2019/schedule/event/llvm_kernel/

dileks on 1 Feb 2019

Was this page helpful?

0 / 5 - 0 ratings

Related issues

-Wunused-function in drivers/soundwire/intel_init.c

nickdesaulniers · 3Comments

-Wsometimes-uninitialized in drivers/net/ethernet/sun/niu.c

nathanchance · 3Comments

need to set -O2 when linking with lld

nickdesaulniers · 4Comments

-Wuninitialized in mm/kasan/common.c

nathanchance · 3Comments

arm32 vDSO forces ld.bfd

nathanchance · 4Comments