lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zv_zBvkq4jsvOVdY@smile.fi.intel.com>
Date: Fri, 4 Oct 2024 16:52:06 +0300
From: Andy Shevchenko <andriy.shevchenko@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Przemek Kitszel <przemyslaw.kitszel@...el.com>,
	linux-kernel@...r.kernel.org, amadeuszx.slawinski@...ux.intel.com,
	Tony Nguyen <anthony.l.nguyen@...el.com>,
	nex.sw.ncis.osdt.itp.upstreaming@...el.com, netdev@...r.kernel.org,
	Markus Elfring <Markus.Elfring@....de>, Kees Cook <kees@...nel.org>,
	Dmitry Torokhov <dmitry.torokhov@...il.com>,
	Dan Carpenter <dan.carpenter@...aro.org>
Subject: Re: [PATCH v1] cleanup: adjust scoped_guard() to avoid potential
 warning

On Fri, Oct 04, 2024 at 11:33:08AM +0200, Peter Zijlstra wrote:
> On Thu, Oct 03, 2024 at 08:51:46PM +0300, Andy Shevchenko wrote:
> > > I would really like to understand why you don't like this; care to
> > > elaborate Andy?
> > 
> > To me the idea of
> > 
> > int my_foo(...)
> > {
> > 	NOT_my_foo_macro(...)
> > 		return X;
> > }
> > 
> > is counter intuitive from C programming. Without knowing the magic behind the
> > scenes of NOT_my_foo_macro() I would eager to ask for adding a dead code like
> > 
> > int my_foo(...)
> > {
> > 	NOT_my_foo_macro(...)
> > 		return X;
> > 	return 0;
> > }
> 
> Well, this is kernel coding, we don't really do (std) C anymore, and
> using *anything* without knowing the magic behind it is asking for fail.

True in many cases, mostly for macros themselves, but in the functions
I would prefer to stay away from magic as possible.

> Also, something like:
> 
> int my_foo()
> {
> 	for (;;)
> 		return X;
> }
> 
> or
> 
> int my_foo()
> {
> 	do {
> 		return X;
> 	} while (0);
> }
> 
> is perfectly valid C that no compiler should be complaining about. Yes
> its a wee bit daft, but if you want to write it, that's fine.

Yes, the difference is that it's not hidden from the reader.
The code behind the macro is magic for the reader by default.

> The point being that the compiler can determine there is no path not
> hitting that return.
> 
> Apparently the current for loop is defeating the compiler, I see no
> reason not to change it in such a way that the compiler is able to
> determine wtf happens -- that can only help.
> 
> > What I would agree on is
> > 
> > int my_foo(...)
> > {
> > 	return NOT_my_foo_macro(..., X);
> > }
> 
> That just really won't work with things as they are ofcourse.
> 
> > Or just using guard()().

Okay, thanks for sharing your view on this. Since you are the author
of the original code and seems fine with a change, I can't help myself
from withdrawing my NACK. OTOH, I am not going to give an Ack either.

> That's always an option. You don't *have* to use the -- to you -- weird
> form.

Yes, I am not convinced that using scoped_guard() (or any other macro)
in a described way is okay. Definitely, *I am* not going to do a such
until I understand the real benefit of it.

-- 
With Best Regards,
Andy Shevchenko



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ