| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Oct 2022 11:38:04 -0700
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: YingChi Long <me@...lyc.cn>
Cc: bp@...en8.de, chang.seok.bae@...el.com,
dave.hansen@...ux.intel.com, hpa@...or.com,
linux-kernel@...r.kernel.org, mingo@...hat.com,
pbonzini@...hat.com, tglx@...utronix.de, x86@...nel.org,
peterz@...radead.org, david.laight@...lab.com
Subject: Re: [PATCH v2] x86/fpu: use _Alignof to avoid UB in TYPE_ALIGN
On Wed, Oct 5, 2022 at 11:30 AM Nick Desaulniers
<ndesaulniers@...gle.com> wrote:
>
> On Wed, Oct 5, 2022 at 12:29 AM YingChi Long <me@...lyc.cn> wrote:
> >
> > Kindly ping :)
>
> Hi YingChi,
> Sorry for the delay in review.
>
> I think https://godbolt.org/z/sPs1GEhbT has convinced me that
> TYPE_ALIGN is analogous to _Alignof and not __alignof__; so your patch
> is correct to use _Alignof rather than __alignof__. I think that test
> case demonstrates this clearer than the other links in the commit
> message. Please consider replacing the existing godbolt links with
> that one if you agree.
>
> Please reword the paragraphs in the commit message from:
> ```
> In PATCH v1 "TYPE_ALIGN" was substituted with "__alignof__" which is a
> GCC extension, which returns the *preferred alignment*, that is
> different from C11 "_Alignof" returning *ABI alignment*. For example, on
> i386 __alignof__(long long) evaluates to 8 but _Alignof(long long)
> evaluates to 4. See godbolt links below.
>
> In this patch, I'd like to use "__alignof__" to "_Alignof" to preserve
> the behavior here.
> ```
> to:
> ```
> ISO C11 _Alignof is subtly different from the GNU C extension
> __alignof__. _Alignof expressions evaluate to a multiple of the object
> size, while __alignof__ expressions evaluate to the alignment dictated
> by the target machine's ABI. In the case of long long on i386,
> _Alignof (long long) is 8 while __alignof__ (long long) is 4.
Oops, and I had that backwards.
In the case of long long on i386, _Alignof (long long) is 4 while
__alignof__ (long long) is 8.
So I guess my commentary on "multiple of the object size" is
wrong...hmm...this wording can probably be improved further still...
>
> The macro TYPE_ALIGN we're replacing has behavior that matches
> _Alignof rather than __alignof__.
> ```
> In particular, I think it's best to avoid language like "returns" in
> favor of "evaluates to" since these are expressions, not function
> calls. I think it's also good to avoid the term "preferred alignment"
> since that isn't meaningful; it looks like it was pulled from one of
> the GCC bug reports rather than the GCC docs or latest ISO C standard
> (https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3054.pdf). I'm not
> sure that the links to the GCC bug tracker add anything meaningful
> here; I think those can get dropped, too. It's also perhaps confusing
> to refer to earlier versions of the patch. One thing you can do is
> include comments like that "below the fold" in a commit message as a
> meta comment to reviewers. See
> https://lore.kernel.org/llvm/20220512205545.992288-1-twd2.me@gmail.com/
> as an example of commentary "below the fold" on differences between
> patch versions. Text in that area is discarded by git when a patch is
> applied.
>
> With those changes to the commit message in a v3, I'd be happy to sign
> off on the change. Thanks for your work on this!
> --
> Thanks,
> ~Nick Desaulniers
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists