lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20241205151316.1480255-2-mailhol.vincent@wanadoo.fr>
Date: Fri,  6 Dec 2024 00:11:46 +0900
From: Vincent Mailhol <mailhol.vincent@...adoo.fr>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
	linux-kernel@...r.kernel.org,
	linux-sparse@...r.kernel.org,
	Masahiro Yamada <masahiroy@...nel.org>,
	Kees Cook <kees@...nel.org>,
	Nick Desaulniers <ndesaulniers@...gle.com>,
	Vincent Mailhol <mailhol.vincent@...adoo.fr>
Subject: [PATCH] build_bug.h: more user friendly error messages in BUILD_BUG_ON_ZERO()

__BUILD_BUG_ON_ZERO_MSG(), as introduced in [1], makes it possible to
do a static assert while still returning a zero value. The direct
benefit is to provide a meaningful error message instead of the
cryptic negative bitfield size error message currently returned by
BUILD_BUG_ON_ZERO():

  ./include/linux/build_bug.h:16:51: error: negative width in bit-field '<anonymous>'
     16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
        |                                                   ^

Get rid of BUILD_BUG_ON_ZERO() bitfield size hack. Instead rely on
__BUILD_BUG_ON_ZERO_MSG() (which in turn relies on C11's
_Static_assert()).

Use some macro magic, similarly to static_assert(), to either use an
error message provided by the user or, when omitted, to produce a
default error message by stringifying the tested expression. With
this, for example:

  BUILD_BUG_ON_ZERO_MSG(1 > 0)

would now throw:

  ./include/linux/compiler.h:245:62: error: static assertion failed: "1 > 0 is true"
    245 | #define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);}))
        |                                                              ^~~~~~~~~~~~~~

Finally, __BUILD_BUG_ON_ZERO_MSG() is already guarded by an:

  #ifdef __CHECKER__

So no need any more for that guard clause for BUILD_BUG_ON_ZERO().
Remove it.

[1] commit d7a516c6eeae ("compiler.h: Fix undefined BUILD_BUG_ON_ZERO()")
Link: https://git.kernel.org/torvalds/c/d7a516c6eeae

Signed-off-by: Vincent Mailhol <mailhol.vincent@...adoo.fr>
---
 include/linux/build_bug.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
index 3aa3640f8c18..f4460a36f10f 100644
--- a/include/linux/build_bug.h
+++ b/include/linux/build_bug.h
@@ -4,17 +4,17 @@
 
 #include <linux/compiler.h>
 
-#ifdef __CHECKER__
-#define BUILD_BUG_ON_ZERO(e) (0)
-#else /* __CHECKER__ */
 /*
  * Force a compilation error if condition is true, but also produce a
  * result (of value 0 and type int), so the expression can be used
  * e.g. in a structure initializer (or where-ever else comma expressions
  * aren't permitted).
+ *
+ * Take a message as an optional second argument. If omitted, default to
+ * the stringification of the tested expression.
  */
-#define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
-#endif /* __CHECKER__ */
+#define BUILD_BUG_ON_ZERO(e, ...) __BUILD_BUG_ON_ZERO(e, ##__VA_ARGS__, #e)
+#define __BUILD_BUG_ON_ZERO(e, msg) __BUILD_BUG_ON_ZERO_MSG(e, msg " is true")
 
 /* Force a compilation error if a constant expression is not a power of 2 */
 #define __BUILD_BUG_ON_NOT_POWER_OF_2(n)	\
-- 
2.45.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ