lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKwvOdkhBTjjtEm9dc9irp8hpWoEDEAMj_Zp4ntKspgDkjrATg@mail.gmail.com>
Date:   Tue, 1 Dec 2020 11:56:22 -0800
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Marco Elver <elver@...gle.com>
Cc:     Christoph Hellwig <hch@...radead.org>,
        LKML <linux-kernel@...r.kernel.org>,
        kasan-dev <kasan-dev@...glegroups.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Joe Perches <joe@...ches.com>,
        George Burgess <gbiv@...gle.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>
Subject: Re: [PATCH] genksyms: Ignore module scoped _Static_assert()

On Tue, Dec 1, 2020 at 9:04 AM Marco Elver <elver@...gle.com> wrote:
>
> On Tue, Dec 01, 2020 at 04:14PM +0000, Christoph Hellwig wrote:
> > Why not use the kernels own BUILD_BUG_ON instead of this idiom?
>
> BUILD_BUG_ON() was conceived before there was builtin compiler-support
> in the form of _Static_assert() (static_assert()), which has several
> advantages (compile-time performance, optional message) but most
> importantly, that it can be used at module/global scope (which
> BUILD_BUG_ON() cannot).
>
> From include/linux/build_bug:
>
>         /**
>          * static_assert - check integer constant expression at build time
>          *
>          [...]
>          *
>          * Contrary to BUILD_BUG_ON(), static_assert() can be used at global
>          * scope, but requires the expression to be an integer constant
>          * expression (i.e., it is not enough that __builtin_constant_p() is
>          * true for expr).
>          [...]
>
> .. and there are plenty of global/module scoped users of it already.

And to proactively address the inevitable: why do we have both?  We
looked into wholesale replacing BUILD_BUG_ON's implementation with
_Static_assert, but found that they differ slightly in the handling of
integer constant expressions; BUILD_BUG_ON was reliant on some
compiler optimizations in expressions making use of
__builtin_constant_p that cannot be evaluated when the compiler
performs the _Static_assert check.  So the current implementation is
more flexible for expressions that use __builtin_constant_p than
_Static_assert is.  If we needed a rule of thumb, I'd recommend "use
_Static_assert unless you're passing an expression that relies on
__builtin_constant_p evaluation, at which point BUILD_BUG_ON must be
used."
-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ