lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAF=yD-+6cWTiDgpsu=hUV+OvzDFRaT2ZUmtQo9qTrCB9i-+7ng@mail.gmail.com>
Date: Tue, 22 Aug 2023 10:34:23 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: David Laight <David.Laight@...lab.com>
Cc: Mahmoud Maatuq <mahmoudmatook.mm@...il.com>, 
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, 
	"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>, "kuba@...nel.org" <kuba@...nel.org>, 
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>, "davem@...emloft.net" <davem@...emloft.net>, 
	"pabeni@...hat.com" <pabeni@...hat.com>, "edumazet@...gle.com" <edumazet@...gle.com>, 
	"shuah@...nel.org" <shuah@...nel.org>, 
	"linux-kernel-mentees@...ts.linuxfoundation.org" <linux-kernel-mentees@...ts.linuxfoundation.org>
Subject: Re: [PATCH 1/2] selftests: Provide local define of min() and max()

On Mon, Aug 21, 2023 at 9:05 AM David Laight <David.Laight@...lab.com> wrote:
>
> From: Willem de Bruijn
> > Sent: Sunday, August 20, 2023 4:15 PM
> >
> > Mahmoud Maatuq wrote:
> > > to avoid manual calculation of min and max values
> > > and fix coccinelle warnings such WARNING opportunity for min()/max()
> > > adding one common definition that could be used in multiple files
> > > under selftests.
> > > there are also some defines for min/max scattered locally inside sources
> > > under selftests.
> > > this also prepares for cleaning up those redundant defines and include
> > > kselftest.h instead.
> > >
> > > Signed-off-by: Mahmoud Maatuq <mahmoudmatook.mm@...il.com>
> > > ---
> > >  tools/testing/selftests/kselftest.h | 7 +++++++
> > >  1 file changed, 7 insertions(+)
> > >
> > > diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h
> > > index 829be379545a..e8eb7e9afbc6 100644
> > > --- a/tools/testing/selftests/kselftest.h
> > > +++ b/tools/testing/selftests/kselftest.h
> > > @@ -55,6 +55,13 @@
> > >  #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
> > >  #endif
> > >
> > > +#ifndef min
> > > +# define min(x, y) ((x) < (y) ? (x) : (y))
> > > +#endif
> > > +#ifndef max
> > > +# define max(x, y) ((x) < (y) ? (y) : (x))
> > > +#endif
> > > +
> >
> > Should this more closely follow include/linux/minmax.h, which is a lot
> > more strict?
> >
> > I'm fine with this simpler, more relaxed, version for testing, but
> > calling it out for people to speak up.
> >
> > Only the first two of these comments in minmax.h apply to this
> > userspace code.
> >
> > /*
> >  * min()/max()/clamp() macros must accomplish three things:
> >  *
> >  * - avoid multiple evaluations of the arguments (so side-effects like
> >  *   "x++" happen only once) when non-constant.
> >  * - perform strict type-checking (to generate warnings instead of
> >  *   nasty runtime surprises). See the "unnecessary" pointer comparison
> >  *   in __typecheck().
> >  * - retain result as a constant expressions when called with only
> >  *   constant expressions (to avoid tripping VLA warnings in stack
> >  *   allocation usage).
> >  */
> >
> > Note that a more strict version that includes __typecheck would
> > warn on the type difference between total_len and cfg_mss. Fine
> > with changing the type of cfg_mss in the follow-on patch to address
> > that.
>
> That typecheck() is horrid.
> It may well have caused more bugs due to incorrect casts that
> it actually detected.
>
> I'd suggest the version that just avoids multiple evaluations.
> Or just error signed v unsigned comparisons.
> See  https://lore.kernel.org/all/b4ce9dad748e489f9314a2dc95615033@AcuMS.aculab.com/
> for an example patch set.

Interesting, thanks. That is also simpler.

Also, the existing patch is no worse than the open coded code today,
so even without code to avoid multiple evaluations, I guess it's okay
to merge.

The coccinelle warnings are arguably false positives, using checks for
kernel code, but being run against userspace code that has no access
to those helpers. But fine to silence them.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ