lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Dec 2023 21:38:07 +0000
From: Al Viro <>
Cc: Kees Cook <>, Andy Shevchenko <>,,,
	Nick DeSaulniers <>,
	Andrew Morton <>,
Subject: Re: [PATCH] lib/string: shrink lib/string.i via IWYU

On Tue, Dec 05, 2023 at 08:58:53PM +0000, wrote:
> This diff uses an open source tool include-what-you-use (IWYU) to modify
> the include list changing indirect includes to direct includes.

How does it account for arch- and config-dependent indirect includes?

In particular, on sh this patch breaks, since there word-at-a-time.h does not
contain an include of kernel.h, even though it uses REPEAT_BYTE.  This is
a very simple case (they really ought to include kernel.h, same as all other
instances of word-at-a-time.h), but I would expect arseloads of more subtle
breakage in anything less trivial.

And I'm not at all sure that there's no config-dependent breakage as well -
this had been caught by quick make allmodconfig + make lib/string.o on
a bunch of architectures; the graph of indirects includes (as well as the
set of symbols needed for given header) is very much config-dependent.

> IWYU is implemented using the IWYUScripts github repository which is a tool that is
> currently undergoing development. These changes seek to improve build times.
> This change to lib/string.c resulted in a preprocessed size of
> lib/string.i from 26371 lines to 5232 lines (-80%).

It also breeds includes of asm/*.h, by the look of the output, which is
not a good thing in general ;-/  E.g. #include <asm/uaccess.h> *anywhere*
outside of linux/uaccess.h is a bad idea.

> If there are any problems with the output of the tool please raise an
> issue on the github.

Sorry, no.  Your tool, your workflow, of course, but I don't do github issues.
You are welcome to the contents of this reply, but I'm not using browser-based
UI without very strong reasons; this one isn't.

Powered by blists - more mailing lists