lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <xa1to9r33m7b.fsf@mina86.com>
Date:   Fri, 25 Aug 2017 13:45:28 +0200
From:   Michal Nazarewicz <mina86@...a86.com>
To:     Joe Stringer <joe@....org>, linux-kernel@...r.kernel.org
Cc:     Ian Abbott <abbotti@....co.uk>, Arnd Bergmann <arnd@...db.de>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH net-next] compiler: Document behavior compiling with -O0

On Thu, Aug 24 2017, Joe Stringer wrote:
> Recent changes[0] to make use of __compiletime_assert() from container_of()
> increased the scope of this macro, resulting in a wider set of
> situations where developers cannot compile their code using "-O0". I
> noticed this when making use of the macro in my own development, and
> spent more time than I'd like to admit tracking the problem down. This
> patch documents the behavior in lieu of a compile-time assertion
> implementation that does not rely on optimizations.
>
> Example compilation failure:
>
> ./include/linux/compiler.h:547:38: error: call to ‘__compiletime_assert_94’ declared with attribute error: pointer type mismatch in container_of()
>   _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>                                       ^
> ./include/linux/compiler.h:530:4: note: in definition of macro ‘__compiletime_assert’
>     prefix ## suffix();    \
>     ^~~~~~
> ./include/linux/compiler.h:547:2: note: in expansion of macro ‘_compiletime_assert’
>   _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
>   ^~~~~~~~~~~~~~~~~~~
> ./include/linux/build_bug.h:46:37: note: in expansion of macro ‘compiletime_assert’
>  #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
>                                      ^~~~~~~~~~~~~~~~~~
> ./include/linux/kernel.h:860:2: note: in expansion of macro ‘BUILD_BUG_ON_MSG’
>   BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
>   ^~~~~~~~~~~~~~~~
>
> [0] http://lkml.kernel.org/r/20170525120316.24473-7-abbotti@mev.co.uk
>
> Signed-off-by: Joe Stringer <joe@....org>
> ---
>  include/linux/compiler.h | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index eca8ad75e28b..bb640167fdac 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -517,6 +517,11 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
>  # define __compiletime_error_fallback(condition) do { } while (0)
>  #endif
>  
> +/*
> + * __compiletime_assert() relies on compiler optimizations to remove the check
> + * against '__cond' if 'condition' is false. As a result, compiling with -O0
> + * will cause compilation errors here regardless of the value of 'condition'.
> + */
>  #define __compiletime_assert(condition, msg, prefix, suffix)		\
>  	do {								\
>  		bool __cond = !(condition);				\

Could __builtin_choose_expr help here?  Something like:

#define __compiletime_assert(condition, msg, prefix, suffix)		\
	do {								\
		bool __cond = !(condition);				\
		extern int prefix ## suffix(void) __compiletime_error(msg); \
		__builting_choose_expr(cond, prefix ## suffix(), 0);	\
		__compiletime_error_fallback(__cond);			\
	} while (0)

Or better still, _Static_assert?

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ