| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Aug 2008 12:55:59 +0300
From: Boaz Harrosh <bharrosh@...asas.com>
To: Ingo Molnar <mingo@...e.hu>
CC: Rusty Russell <rusty@...tcorp.com.au>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Alexey Dobriyan <adobriyan@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Sam Ravnborg <sam@...nborg.org>
Subject: Re: [PATCH] debug: fix BUILD_BUG_ON() for non-constant expressions
Ingo Molnar wrote:
> * Rusty Russell <rusty@...tcorp.com.au> wrote:
>
>> On Monday 18 August 2008 03:33:19 Ingo Molnar wrote:
>>> * Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>>>> Gag me now.
>>>>
>>>> Why not just do
>>>>
>>>> #define __BBO(c) sizeof(const char[1 - 2*!!(c)])
>>>> #define __BBONC(c) __BBO(!__builtin_constant_p(c))
>>>> #define BUILD_BUG_ON_ZERO(c) (__BBO(c) - __BBONC(c))
>>>> #define BUILD_BUG_ON(c) (void)BUILD_BUG_ON_ZERO(c)
>>>>
>>>> and be done with it?
>>> yeah, i first tried a few variants of that (compile-time warnings are
>>> much better than link time warnings), but none worked when i tested
>>> various failure modes.
>> Hey, I thought I was the "undisputed ruler of Ugly-land".
>>
>> How about this instead:
>>
>> #define BUILD_BUG_ON(condition) \
>> do { \
>> static struct { char arr[1 - 2*!!(condition)]; } x __maybe_unused; \
>> } while(0)
>
> hm, have you tried it and do we get a severe enough link error about
> that? If the macro gets ignored by the compiler that's really a hard
> error - such things are essential safeguards of kernel sanity:
>
> /*
> * Build-time sanity checks on the kernel image and module
> * area mappings. (these are purely build-time and produce no code)
> */
> BUILD_BUG_ON(MODULES_VADDR < KERNEL_IMAGE_START);
> BUILD_BUG_ON(MODULES_VADDR-KERNEL_IMAGE_START < KERNEL_IMAGE_SIZE);
> BUILD_BUG_ON(MODULES_LEN + KERNEL_IMAGE_SIZE > 2*PUD_SIZE);
> BUILD_BUG_ON((KERNEL_IMAGE_START & ~PMD_MASK) != 0);
> BUILD_BUG_ON((MODULES_VADDR & ~PMD_MASK) != 0);
> BUILD_BUG_ON(!(MODULES_VADDR > __START_KERNEL));
> BUILD_BUG_ON(!(((MODULES_END - 1) & PGDIR_MASK) ==
> (__START_KERNEL & PGDIR_MASK)));
> BUILD_BUG_ON(__fix_to_virt(__end_of_fixed_addresses) <= MODULES_END);
>
> ( and propagating them into runtime failures not only increases bloat,
> it also makes failures harder to debug. These checks 'run' _early_. )
>
> Link time warnings are easy enough to miss.
>
> So unless there's a better way of doing it all at compile time (i'd
> really prefer that!) i'd prefer the link time error about botched
> BUILD_BUG_ON() conditions - as my commits introduce.
>
> Ingo
> --
#define BUILD_BUG_ON(condition) \
do {
enum { bad = !!(condition)}; \
static struct { char arr[1 - 2*bad]; } x __maybe_unused; \
} while(0)
the enum definition will not let in anything not compile-time constant.
But then I fail on: (include/linux/virtio_config.h:99)
if (__builtin_constant_p(fbit))
BUILD_BUG_ON(fbit >= 32);
is that code broken?
Boaz
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists