lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202504081202.7CA5DBE@keescook>
Date: Tue, 8 Apr 2025 12:03:04 -0700
From: Kees Cook <kees@...nel.org>
To: Vincent Mailhol <mailhol.vincent@...adoo.fr>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
	linux-kernel@...r.kernel.org, linux-sparse@...r.kernel.org,
	Masahiro Yamada <masahiroy@...nel.org>,
	Paolo Bonzini <pbonzini@...hat.com>,
	Nick Desaulniers <nick.desaulniers+lkml@...il.com>
Subject: Re: [PATCH v2] build_bug.h: more user friendly error messages in
 BUILD_BUG_ON_ZERO()

On Tue, Apr 08, 2025 at 10:23:53PM +0900, Vincent Mailhol wrote:
> On 08/04/2025 at 01:46, Kees Cook wrote:
> > On Sat, Mar 29, 2025 at 01:48:50AM +0900, Vincent Mailhol wrote:
> >> __BUILD_BUG_ON_ZERO_MSG(), as introduced in [1], makes it possible to
> >> do a static assertions in expressions. The direct benefit is to
> >> provide a meaningful error message instead of the cryptic negative
> >> bitfield size error message currently returned by BUILD_BUG_ON_ZERO():
> >>
> >>   ./include/linux/build_bug.h:16:51: error: negative width in bit-field '<anonymous>'
> >>      16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
> >>         |                                                   ^
> >>
> >> Get rid of BUILD_BUG_ON_ZERO()'s bitfield size hack. Instead rely on
> >> __BUILD_BUG_ON_ZERO_MSG() which in turn relies on C11's
> >> _Static_assert().
> >>
> >> Use some macro magic, similarly to static_assert(), to either use an
> >> optional error message provided by the user or, when omitted, to
> >> produce a default error message by stringifying the tested
> >> expression. With this, for example:
> >>
> >>   BUILD_BUG_ON_ZERO(1 > 0)
> >>
> >> would now throw:
> >>
> >>   ./include/linux/compiler.h:197:62: error: static assertion failed: "1 > 0 is true"
> > 
> > This is so much easier to read! Thanks for this. :)
> > 
> > If no one else snags it, I can take this via the hardening tree for
> > -next once -rc2 is released.
> 
> I discussed about this with Andrew by DM.
> 
> Andrew can pick it up but for the next-next release. That is to say,
> wait for [1] to be merged in v6.16 and then take it to target the v6.17
> merge windows.
> 
> If you can take it in your hardening-next tree and have it merged in
> v6.16, then this is convenient for me.
> 
> Just make sure that you send it to Linus after Yury's bitmap-for-next
> get merged: https://github.com/norov/linux/commits/bitmap-for-next/

Could this land via Yury's tree?

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ