Re: [PATCH] objtool: Make objtool check actually fatal upon fatal errors

[Dimitri John Ledkov]

On Tue, 12 Dec 2023 at 20:30, Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
>
> On Tue, Dec 12, 2023 at 06:53:38PM +0000, Dimitri John Ledkov wrote:
> > Currently function calls within check() are sensitive to fatal errors
> > (negative return codes) and abort execution prematurely. However, in
> > all such cases the check() function still returns 0, and thus
> > resulting in a successful kernel build.
> >
> > The only correct code paths were the ones that escpae the control flow
> > with `return ret`.
> >
> > Make the check() function return `ret` status code, and make all
> > negative return codes goto that instruction. This makes fatal errors
> > (not warnings) from various function calls actually fail the
> > build. E.g. if create_retpoline_sites_sections() fails to create elf
> > section pair retpoline_sites the tool now exits with an error code.
> >
> > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx>
>
> We had problems trying this before, but we can try again.  Maybe we'll
> have better luck now :-)

Well there are two classes of things - positive warnings count &
negative fatal errors

And yes I do want to add a toggle for making warnings errors.

>
> >       if (opts.orc && nr_insns) {
> >               ret = orc_create(file);
> >               if (ret < 0)
> >                       goto out;
> >               warnings += ret;
> >       }
> >
> >       free_insns(file);
> >
> >       if (opts.verbose)
> >               disas_warned_funcs(file);
> >
> >       if (opts.stats) {
> >               printf("nr_insns_visited: %ld\n", nr_insns_visited);
> >               printf("nr_cfi: %ld\n", nr_cfi);
> >               printf("nr_cfi_reused: %ld\n", nr_cfi_reused);
> >               printf("nr_cfi_cache: %ld\n", nr_cfi_cache);
> >       }
> >
> >  out:
> >       /*
> >        *  For now, don't fail the kernel build on fatal warnings.  These
> >        *  errors are still fairly common due to the growing matrix of
> >        *  supported toolchains and their recent pace of change.
> >        */
> > -     return 0;
> > +     return ret;
>
> Here it should check for ret < 0, since orc_create() or some other
> function might have returned non-fatal warnings (ret > 0).

Yes that's true... I had it in, and then removed, but I didn't double
check if each of the possible last ret assignments are guaranteed to
not be above 0.

>
> Also the comment is no longer relevant.
>

Well, I'm hoping to add --error option next, and yeah, make warnings
fatal. Or for example at least make the retpoline, sls, rethumb ones
to be fatal - because i found myself in a very surprising situation
where retpoline enabled build of kernel, had non-retpoline paths
remaining and not otherwise silenced as safe.

Maybe I should finish that second patch and make it available as a
config option.

At least right now, with Ubuntu Noble (development series) and
v6.7-rc4 everything is squeaky clean to enable CONFIG_OBJTOOL_WERROR=y
and make all warnings, fatal.

Also i think having it as a config option will result in various
automation tools able to flip it on, and submit bug reports when
something somewhere regresses.
-- 
Dimitri

Sent from Ubuntu Pro
https://ubuntu.com/pro