| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Dec 2016 00:37:33 +0000
From: Nicholas Mc Guire <der.herr@...r.at>
To: Joe Perches <joe@...ches.com>
Cc: Jani Nikula <jani.nikula@...ux.intel.com>,
Nicholas Mc Guire <hofrat@...dl.org>,
Thomas Gleixner <tglx@...utronix.de>,
Jonathan Corbet <corbet@....net>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org,
Dan Carpenter <dan.carpenter@...cle.com>,
Julia Lawall <julia.lawall@...6.fr>
Subject: Re: [PATCH] doc: add note on usleep_range range
On Tue, Dec 13, 2016 at 04:27:32PM -0800, Joe Perches wrote:
> a, On Tue, 2016-12-13 at 09:19 +0000, Nicholas Mc Guire wrote:
> > On Tue, Dec 13, 2016 at 11:10:50AM +0200, Jani Nikula wrote:
> > > On Tue, 13 Dec 2016, Nicholas Mc Guire <hofrat@...dl.org> wrote:
> > > > useleep_range() with a delta of 0 makes no sense and only prevents the
> > > > timer subsystem from optimizing interrupts. As any user of usleep_range()
> > > > is in non-atomic context the timer jitter is in the range of 10s of
> > > > microseconds anyway.
> > > >
> > > > This adds a note making it clear that a range of 0 is a bad idea.
> > >
> > > So I don't really have anything to do with the timer subsystem, I'm just
> > > their "consumer", so take this with a grain of salt.
> > >
> > > Documentation is good, but I don't think this will be enough.
> > >
> > > I think the only thing that will work is to detect and complain about
> > > things like this automatically. Some ideas:
> > >
> > > * WARN_ON(min == max) or WARN_ON_ONCE(min == max) in usleep_range()
> > > might be drastic, but it would get the job done eventually.
> > >
> > > * If you want to avoid the runtime overhead (and complaints about the
> > > backtraces), you could wrap usleep_range() in a macro that does
> > > BUILD_BUG_ON(min == max) if the parameters are build time constants
> > > (they usually are). But you'd have to fix all the problem cases first.
> > >
> > > * You could try (to persuade Julia or Dan) to come up with a
> > > cocci/smatch check for usleep_range() calls where min == max, so we
> > > could get bug reports for this. This probably works on expressions, so
> > > this would catch also cases where the parameters aren't built timea,
> > > constants.
>
> You could also add a macro for usleep_range like
>
> #define usleep_range(a, b) \
> ({ \
> if (__builtin_constant_p(a) && __builtin_constant_p(b)) { \
> if (a == b) \
> __compiletime_warning("Better to use usleep_range with different values"); \
> else if (a > b) \
> __compiletime_error("usleep_range uses smaller value first"); \
> } \
> usleep_range(a, b); \
> })
>
thanks for that "template"
> and add parentheses around the actual function
> definition for usleep_range in kernel/time/timer.c
> so the macro works and these messages get emitted
> at compile-time.
>
while compiletime warnings are a way to go I think that an
external tool is more effective than anoying eveyone during
build - ideally this type of issue is filtered out in the
subsystem trees or -next latest so getting it into a
coccinelle spatch and into one of the CI seems the most
resonable way to go. And as a side-effect tools external
to the build process allow analysis into the history of the
kernel development (like statistics on API usage and bug
history).
thx!
hofrat
Powered by blists - more mailing lists