lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250502012449.GA1744689@ax162>
Date: Thu, 1 May 2025 18:24:49 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	Masahiro Yamada <masahiroy@...nel.org>,
	Nicolas Schier <nicolas.schier@...ux.dev>,
	Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>, linux-kbuild@...r.kernel.org,
	linux-kernel@...r.kernel.org, llvm@...ts.linux.dev,
	patches@...ts.linux.dev, stable@...r.kernel.org,
	Linux Kernel Functional Testing <lkft@...aro.org>,
	Marcus Seyfarth <m.seyfarth@...il.com>,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH 2/2] include/linux/typecheck.h: Zero initialize dummy
 variables

On Thu, May 01, 2025 at 04:28:25PM -0700, Linus Torvalds wrote:
> On Thu, 1 May 2025 at 16:00, Nathan Chancellor <nathan@...nel.org> wrote:
> >
> > +({     type __dummy = {}; \
> > +       typeof(x) __dummy2 = {}; \
> 
> I'm actually surprised that this doesn't cause warnings in itself.
> 
> The types in question are not necessarily compound types, and can be
> simple types like 'int'.
> 
> The fact that you can write
> 
>        int x = {};
> 
> without the compiler screaming bloody murder about that insanity blows
> my mind, but it does seem to be valid C (*).

I thought the same thing but I tend to trust people who are smarter than
I am :)

> How long has that been valid? Because this is certainly new to the
> kernel, and sparse does complain about this initializer.

As you noted, brace initialization for scalars appears to always be
valid (at least in my testing) but as Al points out, empty braces for
scalars is only supported in GCC 13+ and Clang 17+ (I think [1] was the
clang commit), so that is not going to fly...

> So honestly, this will just cause endless sparse warnings instead. I
> think disabling this warning for now is likely the right thing to do.

but '= {0}' appears to work: https://godbolt.org/z/x7eae5vex

If using that instead upsets sparse still, then I can just abandon this
change and update the other patch to disable -Wdefault-const-init-unsafe
altogether (rather than just the field variant) but it seems like you
were not entirely opposed to this even in spite of sparse not supporting
it. If that does work, I will send a v2 tomorrow.

[1]: https://github.com/llvm/llvm-project/commit/5d8aaad4452f60ba8902e921d9bed606713a8f26

Cheers,
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ