lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wg7+dfpEvDnTnB-eR9QRZ2VySbxOEHbYqL3Ai5wwkon5Q@mail.gmail.com>
Date: Tue, 16 Apr 2024 17:29:02 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: "Matthew Wilcox (Oracle)" <willy@...radead.org>, Ingo Molnar <mingo@...hat.com>, 
	Peter Zijlstra <peterz@...radead.org>, Juri Lelli <juri.lelli@...hat.com>, 
	Vincent Guittot <vincent.guittot@...aro.org>, Dietmar Eggemann <dietmar.eggemann@....com>, 
	Steven Rostedt <rostedt@...dmis.org>, Ben Segall <bsegall@...gle.com>, Mel Gorman <mgorman@...e.de>, 
	Daniel Bristot de Oliveira <bristot@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 00/19] Enable -Wshadow=local for kernel/sched

On Tue, 16 Apr 2024 at 14:15, Kees Cook <keescook@...omium.org> wrote:
>
> I was looking at -Wshadow=local again, and remembered this series. It
> sounded like things were close, but a tweak was needed. What would be
> next to get this working?

So what is the solution to

    #define MAX(a,b) ({ \
        typeof(a) __a = (a); \
        typeof(b) __b = (b); \
        __a > __b ? __a : __b; \
    })

    int test(int a, int b, int c)
    {
        return MAX(a, MAX(b,c));
    }

where -Wshadow=all causes insane warnings that are bogus garbage?

Honestly, Willy's patch-series is a hack to avoid this kind of very
natural nested macro pattern.

But it's a horrible hack, and it does it by making the code actively worse.

Here's the deal: if we can't handle somethng like the above without
warning, -Wshadow isn't getting enabled.

Because we don't write worse code because of bad warnings.

IOW, what is the sane way to just say "this variable can shadow the
use site, and it's fine"?

Without that kind of out, I don't think -Wshadow=local is workable.

              Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ