lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 12 Mar 2019 23:18:53 +0300
From:   Alexey Dobriyan <adobriyan@...il.com>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Drop -Wdeclaration-after-statement

On Tue, Mar 12, 2019 at 12:50:17PM -0700, Andrew Morton wrote:
> On Tue, 12 Mar 2019 20:24:47 +0300 Alexey Dobriyan <adobriyan@...il.com> wrote:
> 
> > On Mon, Mar 11, 2019 at 05:38:45PM -0700, Andrew Morton wrote:
> > > On Sun, 10 Mar 2019 16:35:35 +0300 Alexey Dobriyan <adobriyan@...il.com> wrote:
> > > 
> > > > Newly added static_assert() is formally a declaration, which will give
> > > > a warning if used in the middle of the function.
> > > > 
> > > > ...
> > > >
> > > > --- a/Makefile
> > > > +++ b/Makefile
> > > > @@ -792,9 +792,6 @@ endif
> > > >  # arch Makefile may override CC so keep this after arch Makefile is included
> > > >  NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
> > > >  
> > > > -# warn about C99 declaration after statement
> > > > -KBUILD_CFLAGS += -Wdeclaration-after-statement
> > > > -
> > > >  # Variable Length Arrays (VLAs) should not be used anywhere in the kernel
> > > >  KBUILD_CFLAGS += $(call cc-option,-Wvla)
> > > 
> > > I do wish your changelogs were more elaborate :(
> > 
> > > So the proposal is to disable -Wdeclaration-after-statement in all
> > > cases for all time because static_assert() doesn't work correctly?
> > 
> > Yes. I converted 2 cases in /proc to static_assert() and you can't write
> > 
> > 	{
> > 		[code]
> > 		static_assert()
> > 	}
> > 
> > without a warning because static_assert() is declaration.
> > So people would move BUILD_BUG_ON() to where it doesn't belong.
> 
> Sure.
> 
> > > Surely there's something we can do to squish the static_assert() issue
> > > while retaining -Wdeclaration-after-statement?
> > 
> > It is not good in my opinion to stick to -Wdeclaration-after-statement.
> 
> Why?

It is useful to have declarations mixed with code.
It reduces effective scope of a variable:

	int a;
	[a misused]
		...
	[a used correctly]

vs

	[a misused -- compile error]
		...
	int a;
	[a used correctly]

It is possible to partially workaround that but at the cost of a
indentation level. I'll post the following patch soon:

-       NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
-       NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
-       NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
-       NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
+       {
+               const struct cred *cred = current_cred();
+               struct user_namespace *user_ns = cred->user_ns;
+
+               NEW_AUX_ENT(AT_UID,  from_kuid_munged(user_ns, cred->uid));
+               NEW_AUX_ENT(AT_EUID, from_kuid_munged(user_ns, cred->euid));
+               NEW_AUX_ENT(AT_GID,  from_kgid_munged(user_ns, cred->gid));
+               NEW_AUX_ENT(AT_EGID, from_kgid_munged(user_ns, cred->egid));
+       }

Often it is simply not possible to shift big function one level
deeper.

Another related thing, C99 has this very cool feature of per-for-loop
declarations:

	for (int i = 0; ...)

Once kernel will switch to C99 or C11 it _will_ be used to the point of
requiring it on the coding style level. The superstition of declaring
everything in the beginning of a function will fall, so might as well
start earlier.

Powered by blists - more mailing lists