lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <48A9472F.908@panasas.com>
Date:	Mon, 18 Aug 2008 12:55:59 +0300
From:	Boaz Harrosh <bharrosh@...asas.com>
To:	Ingo Molnar <mingo@...e.hu>
CC:	Rusty Russell <rusty@...tcorp.com.au>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Alexey Dobriyan <adobriyan@...il.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Sam Ravnborg <sam@...nborg.org>
Subject: Re: [PATCH] debug: fix BUILD_BUG_ON() for non-constant expressions

Ingo Molnar wrote:
> * Rusty Russell <rusty@...tcorp.com.au> wrote:
> 
>> On Monday 18 August 2008 03:33:19 Ingo Molnar wrote:
>>> * Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>>>> Gag me now.
>>>>
>>>> Why not just do
>>>>
>>>>  #define __BBO(c)                sizeof(const char[1 - 2*!!(c)])
>>>>  #define __BBONC(c)              __BBO(!__builtin_constant_p(c))
>>>>  #define BUILD_BUG_ON_ZERO(c)    (__BBO(c) - __BBONC(c))
>>>>  #define BUILD_BUG_ON(c)         (void)BUILD_BUG_ON_ZERO(c)
>>>>
>>>> and be done with it?
>>> yeah, i first tried a few variants of that (compile-time warnings are
>>> much better than link time warnings), but none worked when i tested
>>> various failure modes.
>> Hey, I thought I was the "undisputed ruler of Ugly-land".
>>
>> How about this instead:
>>
>> #define BUILD_BUG_ON(condition)						\
>> do {									\
>> 	static struct { char arr[1 - 2*!!(condition)]; } x __maybe_unused;	\
>> } while(0)
> 
> hm, have you tried it and do we get a severe enough link error about 
> that? If the macro gets ignored by the compiler that's really a hard 
> error - such things are essential safeguards of kernel sanity:
> 
> 	/*
> 	 * Build-time sanity checks on the kernel image and module
> 	 * area mappings. (these are purely build-time and produce no code)
> 	 */
> 	BUILD_BUG_ON(MODULES_VADDR < KERNEL_IMAGE_START);
> 	BUILD_BUG_ON(MODULES_VADDR-KERNEL_IMAGE_START < KERNEL_IMAGE_SIZE);
> 	BUILD_BUG_ON(MODULES_LEN + KERNEL_IMAGE_SIZE > 2*PUD_SIZE);
> 	BUILD_BUG_ON((KERNEL_IMAGE_START & ~PMD_MASK) != 0);
> 	BUILD_BUG_ON((MODULES_VADDR & ~PMD_MASK) != 0);
> 	BUILD_BUG_ON(!(MODULES_VADDR > __START_KERNEL));
> 	BUILD_BUG_ON(!(((MODULES_END - 1) & PGDIR_MASK) ==
> 				(__START_KERNEL & PGDIR_MASK)));
> 	BUILD_BUG_ON(__fix_to_virt(__end_of_fixed_addresses) <= MODULES_END);
> 
> ( and propagating them into runtime failures not only increases bloat,
>   it also makes failures harder to debug. These checks 'run' _early_. )
> 
> Link time warnings are easy enough to miss.
> 
> So unless there's a better way of doing it all at compile time (i'd 
> really prefer that!) i'd prefer the link time error about botched 
> BUILD_BUG_ON() conditions - as my commits introduce.
> 
> 	Ingo
> --

#define BUILD_BUG_ON(condition)						\
do {
	enum { bad = !!(condition)}; 									\
	static struct { char arr[1 - 2*bad]; } x __maybe_unused;	\
} while(0)

the enum definition will not let in anything not compile-time constant.
But then I fail on: (include/linux/virtio_config.h:99)

	if (__builtin_constant_p(fbit))
		BUILD_BUG_ON(fbit >= 32);

is that code broken?

Boaz
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ