patches/old/kbuild-treat-char-as-always-unsigned.patch - pub/scm/linux/kernel/git/akpm/25-new - Git at Google

 From: "Jason A. Donenfeld" <Jason@zx2c4.com>
 Subject: kbuild: treat char as always unsigned
 Date: Wed, 19 Oct 2022 14:30:34 -0600

 Recently, some compile-time checking I added to the clamp_t family of
 functions triggered a build error when a poorly written driver was
 compiled on ARM, because the driver assumed that the naked `char` type is
 signed, but ARM treats it as unsigned, and the C standard says it's
 architecture-dependent.

 I doubt this particular driver is the only instance in which unsuspecting
 authors make assumptions about `char` with no `signed` or `unsigned`
 specifier.  We were lucky enough this time that that driver used
 `clamp_t(char, negative_value, positive_value)`, so the new checking code
 found it, and I've sent a patch to fix it, but there are likely other
 places lurking that won't be so easily unearthed.

 So let's just eliminate this particular variety of heisensign bugs
 entirely.  Set `-funsigned-char` globally, so that gcc makes the type
 unsigned on all architectures.

 This will break things in some places and fix things in others, so this
 will likely cause a bit of churn while reconciling the type misuse.

 Link: https://lkml.kernel.org/r/20221019203034.3795710-1-Jason@zx2c4.com
 Link: https://lore.kernel.org/lkml/202210190108.ESC3pc3D-lkp@intel.com/
 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 Cc: Masahiro Yamada <masahiroy@kernel.org>
 Cc: Kees Cook <keescook@chromium.org>
 Cc: Linus Torvalds <torvalds@linux-foundation.org>
 Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---

  Makefile |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 --- a/Makefile~kbuild-treat-char-as-always-unsigned
 +++ a/Makefile
 @@ -562,7 +562,7 @@ KBUILD_AFLAGS   := -D__ASSEMBLY__ -fno-P
  KBUILD_CFLAGS   := -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs \
  		   -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE \
  		   -Werror=implicit-function-declaration -Werror=implicit-int \
 -		   -Werror=return-type -Wno-format-security \
 +		   -Werror=return-type -Wno-format-security -funsigned-char \
  		   -std=gnu11
  KBUILD_CPPFLAGS := -D__KERNEL__
  KBUILD_RUSTFLAGS := $(rust_common_flags) \
 _
	From: "Jason A. Donenfeld" <Jason@zx2c4.com>
	Subject: kbuild: treat char as always unsigned
	Date: Wed, 19 Oct 2022 14:30:34 -0600

	Recently, some compile-time checking I added to the clamp_t family of
	functions triggered a build error when a poorly written driver was
	compiled on ARM, because the driver assumed that the naked `char` type is
	signed, but ARM treats it as unsigned, and the C standard says it's
	architecture-dependent.

	I doubt this particular driver is the only instance in which unsuspecting
	authors make assumptions about `char` with no `signed` or `unsigned`
	specifier. We were lucky enough this time that that driver used
	`clamp_t(char, negative_value, positive_value)`, so the new checking code
	found it, and I've sent a patch to fix it, but there are likely other
	places lurking that won't be so easily unearthed.

	So let's just eliminate this particular variety of heisensign bugs
	entirely. Set `-funsigned-char` globally, so that gcc makes the type
	unsigned on all architectures.

	This will break things in some places and fix things in others, so this
	will likely cause a bit of churn while reconciling the type misuse.

	Link: https://lkml.kernel.org/r/20221019203034.3795710-1-Jason@zx2c4.com
	Link: https://lore.kernel.org/lkml/202210190108.ESC3pc3D-lkp@intel.com/
	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
	Cc: Masahiro Yamada <masahiroy@kernel.org>
	Cc: Kees Cook <keescook@chromium.org>
	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
	Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	---

	Makefile \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	--- a/Makefile~kbuild-treat-char-as-always-unsigned
	+++ a/Makefile
	@@ -562,7 +562,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-P
	KBUILD_CFLAGS := -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs \
	-fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE \
	-Werror=implicit-function-declaration -Werror=implicit-int \
	- -Werror=return-type -Wno-format-security \
	+ -Werror=return-type -Wno-format-security -funsigned-char \
	-std=gnu11
	KBUILD_CPPFLAGS := -D__KERNEL__
	KBUILD_RUSTFLAGS := $(rust_common_flags) \
	_