lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aR0Bv-MJShwCZBYL@zx2c4.com>
Date: Wed, 19 Nov 2025 00:31:11 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Eric Biggers <ebiggers@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
	Ard Biesheuvel <ardb@...nel.org>, Kees Cook <kees@...nel.org>,
	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH libcrypto 1/2] array_size: introduce min_array_size()
 function decoration

On Tue, Nov 18, 2025 at 03:24:35PM -0800, Eric Biggers wrote:
> On Tue, Nov 18, 2025 at 06:02:39PM +0100, Jason A. Donenfeld wrote:
> > diff --git a/include/linux/array_size.h b/include/linux/array_size.h
> > index 06d7d83196ca..8671aee11479 100644
> > --- a/include/linux/array_size.h
> > +++ b/include/linux/array_size.h
> 
> I think compiler.h would be a better place?

That was my initial idea, but then I saw that array_size.h got split
out, and this seemed be on the topic...

> 
> > @@ -10,4 +10,11 @@
> >   */
> >  #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
> >  
> > +/**
> > + * min_array_size - parameter decoration to hint to the compiler that the
> > + *                  passed array should have at least @n elements
> > + * @n: minimum number of elements, after which the compiler may warn
> > + */
> > +#define min_array_size(n) static n
> 
> "after which" => "below which"

Er, thanks.

> 
> Anyway, I actually have a slight preference for just using 'static n'
> directly, without the unnecessary min_array_size() wrapper.  But if
> other people prefer min_array_size(), that's fine with me too.  At least
> this is what Linus asked for
> (https://lore.kernel.org/linux-crypto/CAHk-=wj6J5L5Y+oHc-i9BrDONpSbtt=iEemcyUm3dYnZ3pXxxg@mail.gmail.com/).

There's also this other approach from 2001 that the C committee I guess
shot down: https://www.open-std.org/jtc1/sc22/wg14/www/docs/dr_205.htm
It is basically:

    #define __at_least static

We could attempt to do the same with `at_least`...

It kind of feels like we're just inventing a language at that point
though.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ