Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-16 Thread Rasmus Villemoes
On 2018-03-16 00:46, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 4:41 PM, Kees Cook wrote: >> >> I much prefer explicit typing, but both you and Rasmus mentioned >> wanting the int/sizeof_t mixing. > > Well, the explicit typing allows that mixing, in that you can just

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Miguel Ojeda
On Fri, Mar 16, 2018 at 12:49 AM, Kees Cook wrote: > On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds > wrote: >> What I'm *not* so much ok with is "const_max(5,sizeof(x))" erroring >> out, or silently causing insane behavior due to hidden

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Kees Cook
On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds wrote: > What I'm *not* so much ok with is "const_max(5,sizeof(x))" erroring > out, or silently causing insane behavior due to hidden subtle type > casts.. Yup! I like it as an explicit argument. Thanks! -Kees --

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Linus Torvalds
On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds wrote: > > Well, the explicit typing allows that mixing, in that you can just > have "const_max_t(5,sizeof(x))" I obviously meant "const_max_t(size_t,5,sizeof(x))". Heh. Linus -- To unsubscribe from

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Linus Torvalds
On Thu, Mar 15, 2018 at 4:41 PM, Kees Cook wrote: > > I much prefer explicit typing, but both you and Rasmus mentioned > wanting the int/sizeof_t mixing. Well, the explicit typing allows that mixing, in that you can just have "const_max_t(5,sizeof(x))" So I'm ok with

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Kees Cook
On Thu, Mar 15, 2018 at 4:34 PM, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 3:46 PM, Kees Cook wrote: >> >> So, AIUI, I can either get strict type checking, in which case, this >> is rejected (which I assume there is still a desire to

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Linus Torvalds
On Thu, Mar 15, 2018 at 3:46 PM, Kees Cook wrote: > > So, AIUI, I can either get strict type checking, in which case, this > is rejected (which I assume there is still a desire to have): > > int foo[const_max(6, sizeof(whatever))]; Ehh, yes, that looks fairly sane, and

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Kees Cook
On Thu, Mar 15, 2018 at 4:17 PM, Miguel Ojeda wrote: >> The full one, using your naming convention: >> >> #define const_max(x, y) \ >> ({ \ >> if

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Miguel Ojeda
On Fri, Mar 16, 2018 at 12:08 AM, Miguel Ojeda wrote: > On Thu, Mar 15, 2018 at 11:58 PM, Miguel Ojeda > wrote: >> On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote: >>> >>> By using this eye-bleed: >>> >>>

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Miguel Ojeda
On Thu, Mar 15, 2018 at 11:58 PM, Miguel Ojeda wrote: > On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote: >> >> By using this eye-bleed: >> >> size_t __error_not_const_arg(void) \ >> __compiletime_error("const_max() used with

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Miguel Ojeda
On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote: > On Thu, Mar 15, 2018 at 3:23 PM, Linus Torvalds > wrote: >> On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote: >>> >>> size_t __error_not_const_arg(void) \ >>>

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Kees Cook
On Thu, Mar 15, 2018 at 3:23 PM, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote: >> >> size_t __error_not_const_arg(void) \ >> __compiletime_error("const_max() used with non-compile-time constant arg"); >> #define

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Linus Torvalds
On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote: > > size_t __error_not_const_arg(void) \ > __compiletime_error("const_max() used with non-compile-time constant arg"); > #define const_max(x, y) \ >

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Kees Cook
On Thu, Mar 15, 2018 at 2:42 PM, Linus Torvalds wrote: > On Thu, Mar 15, 2018 at 12:47 PM, Kees Cook wrote: >> >> To gain the ability to compare differing types, the arguments are >> explicitly cast to size_t. > > Ugh, I really hate this. > >

Re: [PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Linus Torvalds
On Thu, Mar 15, 2018 at 12:47 PM, Kees Cook wrote: > > To gain the ability to compare differing types, the arguments are > explicitly cast to size_t. Ugh, I really hate this. It silently does insane things if you do const_max(-1,6) and there is nothing in the name

[PATCH v4 1/2] kernel.h: Introduce const_max() for VLA removal

2018-03-15 Thread Kees Cook
In the effort to remove all VLAs from the kernel[1], it is desirable to build with -Wvla. However, this warning is overly pessimistic, in that it is only happy with stack array sizes that are declared as constant expressions, and not constant values. One case of this is the evaluation of the max()