lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhTS-vnHrDaR+Fed1wuKxxfqYJFz8SP9SQjmfrh+K0V3AA@mail.gmail.com>
Date: Tue, 30 Sep 2025 12:06:05 -0400
From: Paul Moore <paul@...l-moore.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: selinux@...r.kernel.org, linux-security-module@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] selinux/selinux-pr-20250926

On Tue, Sep 30, 2025 at 11:48 AM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Fri, 26 Sept 2025 at 20:07, Paul Moore <paul@...l-moore.com> wrote:
> >
> > - Remove our use of get_zeroed_page() in sel_read_bool()
> >
> >   Update sel_read_bool() to use a four byte stack buffer instead of a
> >   memory page fetched via get_zeroed_page(), and fix a memory in the
> >   process.
> >
> >   Needless to say we should have done this a long time ago, but it was
> >   in a very old chunk of code that "just worked" and I don't think
> >   anyone had taken a real look at it in many years.
>
> Lol.
>
> ... and when I looked at this, I went "scnprintf for a 4-byte buffer?"
>
> It uses
>
>         len = scnprintf(buffer, sizeof(buffer), "%d %d", ..
>
> and I went "printing two numbers and just four bytes" before I noticed
> that they are just booleans and so 'len' always is just 3.
>
> It literally could have done
>
>         char buffer[] = { '0' + !a, ' ', '0' + !!b, 0 };
>
> instead, and I guess a compiler could do that transformation in a perfect world.
>
> But this isn't exactly performance-crticial, so nobody cares.

Yeah, exactly.  IMO that scnprintf() is easier to look at than the
build-a-buffer alternative, and if that scnprintf() call ends up in
anyone's performance measurements I'm going to have a lot of questions
about what they are doing with their system.

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ