diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-10-19 10:26:48 -0600 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-11-19 00:56:15 +0100 |
| commit | 3bc753c06dd02a3517c9b498e3846ebfc94ac3ee (patch) | |
| tree | bc56dfe86a9f735c0bc099513988a56d0a0ffbff /fs/ecryptfs | |
| parent | daf4218bf8dd9750d1ad93846aee98bf2e08eeee (diff) | |
| download | linux-3bc753c06dd02a3517c9b498e3846ebfc94ac3ee.tar.bz2 | |
kbuild: treat char as always unsigned
Recently, some compile-time checking I added to the clamp_t family of
functions triggered a build error when a poorly written driver was
compiled on ARM, because the driver assumed that the naked `char` type
is signed, but ARM treats it as unsigned, and the C standard says it's
architecture-dependent.
I doubt this particular driver is the only instance in which
unsuspecting authors make assumptions about `char` with no `signed` or
`unsigned` specifier. We were lucky enough this time that that driver
used `clamp_t(char, negative_value, positive_value)`, so the new
checking code found it, and I've sent a patch to fix it, but there are
likely other places lurking that won't be so easily unearthed.
So let's just eliminate this particular variety of heisensign bugs
entirely. Set `-funsigned-char` globally, so that gcc makes the type
unsigned on all architectures.
This will break things in some places and fix things in others, so this
will likely cause a bit of churn while reconciling the type misuse.
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/lkml/202210190108.ESC3pc3D-lkp@intel.com/
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'fs/ecryptfs')
0 files changed, 0 insertions, 0 deletions