On 2018-03-16 00:46, Linus Torvalds wrote:
> On Thu, Mar 15, 2018 at 4:41 PM, Kees Cook wrote:
>>
>> I much prefer explicit typing, but both you and Rasmus mentioned
>> wanting the int/sizeof_t mixing.
>
> Well, the explicit typing allows that mixing, in that you can just
> have "const_max_t(5,si
On Fri, Mar 16, 2018 at 12:49 AM, Kees Cook wrote:
> On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds
> wrote:
>> What I'm *not* so much ok with is "const_max(5,sizeof(x))" erroring
>> out, or silently causing insane behavior due to hidden subtle type
>> casts..
>
> Yup! I like it as an explicit a
On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds
wrote:
> What I'm *not* so much ok with is "const_max(5,sizeof(x))" erroring
> out, or silently causing insane behavior due to hidden subtle type
> casts..
Yup! I like it as an explicit argument. Thanks!
-Kees
--
Kees Cook
Pixel Security
On Thu, Mar 15, 2018 at 4:41 PM, Kees Cook wrote:
>
> I much prefer explicit typing, but both you and Rasmus mentioned
> wanting the int/sizeof_t mixing.
Well, the explicit typing allows that mixing, in that you can just
have "const_max_t(5,sizeof(x))"
So I'm ok with that.
What I'm *not* so muc
On Thu, Mar 15, 2018 at 4:46 PM, Linus Torvalds
wrote:
>
> Well, the explicit typing allows that mixing, in that you can just
> have "const_max_t(5,sizeof(x))"
I obviously meant "const_max_t(size_t,5,sizeof(x))". Heh.
Linus
On Thu, Mar 15, 2018 at 4:34 PM, Linus Torvalds
wrote:
> On Thu, Mar 15, 2018 at 3:46 PM, Kees Cook wrote:
>>
>> So, AIUI, I can either get strict type checking, in which case, this
>> is rejected (which I assume there is still a desire to have):
>>
>> int foo[const_max(6, sizeof(whatever))];
>
>
On Thu, Mar 15, 2018 at 3:46 PM, Kees Cook wrote:
>
> So, AIUI, I can either get strict type checking, in which case, this
> is rejected (which I assume there is still a desire to have):
>
> int foo[const_max(6, sizeof(whatever))];
Ehh, yes, that looks fairly sane, and erroring out would be annoy
On Thu, Mar 15, 2018 at 4:17 PM, Miguel Ojeda
wrote:
>> The full one, using your naming convention:
>>
>> #define const_max(x, y) \
>> ({ \
>> if (!__builtin_constant_p(x))
On Fri, Mar 16, 2018 at 12:08 AM, Miguel Ojeda
wrote:
> On Thu, Mar 15, 2018 at 11:58 PM, Miguel Ojeda
> wrote:
>> On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote:
>>>
>>> By using this eye-bleed:
>>>
>>> size_t __error_not_const_arg(void) \
>>> __compiletime_error("const_max() used with non-c
On Thu, Mar 15, 2018 at 11:58 PM, Miguel Ojeda
wrote:
> On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote:
>>
>> By using this eye-bleed:
>>
>> size_t __error_not_const_arg(void) \
>> __compiletime_error("const_max() used with non-compile-time constant arg");
>> size_t __error_not_positive_arg(vo
On Thu, Mar 15, 2018 at 11:46 PM, Kees Cook wrote:
> On Thu, Mar 15, 2018 at 3:23 PM, Linus Torvalds
> wrote:
>> On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote:
>>>
>>> size_t __error_not_const_arg(void) \
>>> __compiletime_error("const_max() used with non-compile-time constant arg");
>>> #def
On Thu, Mar 15, 2018 at 3:23 PM, Linus Torvalds
wrote:
> On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote:
>>
>> size_t __error_not_const_arg(void) \
>> __compiletime_error("const_max() used with non-compile-time constant arg");
>> #define const_max(x, y) \
On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook wrote:
>
> size_t __error_not_const_arg(void) \
> __compiletime_error("const_max() used with non-compile-time constant arg");
> #define const_max(x, y) \
> __builtin_choose_expr(__builtin_constant_p(x) &&
On Thu, Mar 15, 2018 at 2:42 PM, Linus Torvalds
wrote:
> On Thu, Mar 15, 2018 at 12:47 PM, Kees Cook wrote:
>>
>> To gain the ability to compare differing types, the arguments are
>> explicitly cast to size_t.
>
> Ugh, I really hate this.
>
> It silently does insane things if you do
>
>const_
On Thu, Mar 15, 2018 at 12:47 PM, Kees Cook wrote:
>
> To gain the ability to compare differing types, the arguments are
> explicitly cast to size_t.
Ugh, I really hate this.
It silently does insane things if you do
const_max(-1,6)
and there is nothing in the name that implies that you can'
In the effort to remove all VLAs from the kernel[1], it is desirable to
build with -Wvla. However, this warning is overly pessimistic, in that
it is only happy with stack array sizes that are declared as constant
expressions, and not constant values. One case of this is the evaluation
of the max()
16 matches
Mail list logo