lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHmME9oLbcX_FSY8ZodKBPOvYXQsqsjTwioD-6Y=46BZehGbPA@mail.gmail.com>
Date:   Fri, 23 Sep 2022 17:11:43 +0200
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc:     linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] minmax: clamp more efficiently by avoiding extra comparison

Hi Andy,

On Fri, Sep 23, 2022 at 5:11 PM Andy Shevchenko
<andriy.shevchenko@...ux.intel.com> wrote:
>
> On Fri, Sep 23, 2022 at 12:40:47PM +0200, Jason A. Donenfeld wrote:
> > On Fri, Sep 23, 2022 at 12:36 PM Andy Shevchenko
> > <andriy.shevchenko@...ux.intel.com> wrote:
> > >
> > > On Fri, Sep 23, 2022 at 12:06:21PM +0200, Jason A. Donenfeld wrote:
> > > > Currently the clamp algorithm does:
> > > >
> > > >       if (val > hi)
> > > >               val = hi;
> > > >       if (val < lo)
> > > >               val = lo;
> > > >
> > > > But since hi > lo by definition, this can be made more efficient with:
> > >
> > > It's strongly speaking, but we have to proof that, right?
> > > So, while I haven't checked the code, this change should also
> > > include (does it?) the corresponding compile-time checks (for
> > > constant arguments) in similar way how it's done for GENMASK().
> > >
> > > Otherwise I have no objections.
> >
> > I think most cases are with compile time constants, but some cases are
> > with variables. What should we do in that case? Checking variables at
> > runtime incurs the same cost as the old code. I guess we could do this
> > fast thing for constants and the slower old thing for non-constants?
> > Or not do either, keep this commit as is, and just accept that if you
> > pass bogus bounds to clamp, you're going to end up with something
> > weird, which is already the case now so not a big deal?
>
> I'm talking only for the cases where we _can_ check. For variables it's
> probably tricky to do at compile time if possible at all.

Okay, sure, I'll add a check in the case where we can check.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ