Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 Mar 2018 15:48:10 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Josh Poimboeuf <jpoimboe@...hat.com>, 
	Rasmus Villemoes <linux@...musvillemoes.dk>, "Gustavo A. R. Silva" <gustavo@...eddedor.com>, 
	"Tobin C. Harding" <me@...in.cc>, Steven Rostedt <rostedt@...dmis.org>, Jonathan Corbet <corbet@....net>, 
	Chris Mason <clm@...com>, Josef Bacik <jbacik@...com>, David Sterba <dsterba@...e.com>, 
	"David S. Miller" <davem@...emloft.net>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, 
	Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Ingo Molnar <mingo@...nel.org>, 
	Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, 
	Masahiro Yamada <yamada.masahiro@...ionext.com>, Borislav Petkov <bp@...e.de>, 
	Randy Dunlap <rdunlap@...radead.org>, Ian Abbott <abbotti@....co.uk>, 
	Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>, Petr Mladek <pmladek@...e.com>, 
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, 
	Pantelis Antoniou <pantelis.antoniou@...sulko.com>, linux-btrfs <linux-btrfs@...r.kernel.org>, 
	Network Development <netdev@...r.kernel.org>, 
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, 
	Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH] kernel.h: Skip single-eval logic on literals in min()/max()

On Thu, Mar 8, 2018 at 1:40 PM, Kees Cook <keescook@...omium.org> wrote:
> +#define __min(t1, t2, x, y)                                            \
> +       __builtin_choose_expr(__builtin_constant_p(x) &&                \
> +                             __builtin_constant_p(y) &&                \
> +                             __builtin_types_compatible_p(t1, t2),     \
> +                             (t1)(x) < (t2)(y) ? (t1)(x) : (t2)(y),    \

I understand why you use __builtin_types_compatible_p(), but please don't.

It will mean that trivial constants like "5" and "sizeof(x)" won't
simplify, because they have different types.

The ?: will give the right combined type anyway, and if you want the
type comparison warning, just add a comma-expression with something
like like

   (t1 *)1 == (t2 *)1

to get the type compatibility warning.

Yeah, yeah, maybe none of the VLA cases triggered that, but it seems
silly to not just get that obvious constant case right.

Hmm?

              Linus

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ