Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On 2018-03-16 00:46, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 4:41 PM, Kees Cook wrote: >> >> I much prefer explicit typing, but both you and Rasmus mentioned >> wanting the int/sizeof_t mixing. > > Well, the explicit typing allows that mixing, in that you can just

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Fri, Mar 16, 2018 at 12:49 AM, Kees Cook wrote: > On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds > wrote: >> What I'm *not* so much ok with is "const_max(5,sizeof(x))" erroring >> out, or silently causing insane behavior due to hidden

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds wrote: > What I'm *not* so much ok with is "const_max(5,sizeof(x))" erroring > out, or silently causing insane behavior due to hidden subtle type > casts.. Yup! I like it as an explicit argument. Thanks! -Kees --

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds wrote: > > Well, the explicit typing allows that mixing, in that you can just > have "const_max_t(5,sizeof(x))" I obviously meant "const_max_t(size_t,5,sizeof(x))". Heh. Linus -- To unsubscribe from

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 4:41 PM, Kees Cook wrote: > > I much prefer explicit typing, but both you and Rasmus mentioned > wanting the int/sizeof_t mixing. Well, the explicit typing allows that mixing, in that you can just have "const_max_t(5,sizeof(x))" So I'm ok with

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 4:34 PM, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 3:46 PM, Kees Cook wrote: >> >> So, AIUI, I can either get strict type checking, in which case, this >> is rejected (which I assume there is still a desire to

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 3:46 PM, Kees Cook wrote: > > So, AIUI, I can either get strict type checking, in which case, this > is rejected (which I assume there is still a desire to have): > > int foo[const_max(6, sizeof(whatever))]; Ehh, yes, that looks fairly sane, and

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 4:17 PM, Miguel Ojeda wrote: >> The full one, using your naming convention: >> >> #define const_max(x, y) \ >> ({ \ >> if

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Fri, Mar 16, 2018 at 12:08 AM, Miguel Ojeda wrote: > On Thu, Mar 15, 2018 at 11:58 PM, Miguel Ojeda > wrote: >> On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote: >>> >>> By using this eye-bleed: >>> >>>

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 11:58 PM, Miguel Ojeda wrote: > On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote: >> >> By using this eye-bleed: >> >> size_t __error_not_const_arg(void) \ >> __compiletime_error("const_max() used with

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote: > On Thu, Mar 15, 2018 at 3:23 PM, Linus Torvalds > wrote: >> On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote: >>> >>> size_t __error_not_const_arg(void) \ >>>

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 3:23 PM, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote: >> >> size_t __error_not_const_arg(void) \ >> __compiletime_error("const_max() used with non-compile-time constant arg"); >> #define

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote: > > size_t __error_not_const_arg(void) \ > __compiletime_error("const_max() used with non-compile-time constant arg"); > #define const_max(x, y) \ >

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 2:42 PM, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 12:47 PM, Kees Cook wrote: >> >> To gain the ability to compare differing types, the arguments are >> explicitly cast to size_t. > > Ugh, I really hate this. > >

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

On Thu, Mar 15, 2018 at 12:47 PM, Kees Cook wrote: > > To gain the ability to compare differing types, the arguments are > explicitly cast to size_t. Ugh, I really hate this. It silently does insane things if you do const_max(-1,6) and there is nothing in the name