Received: by 10.223.185.116 with SMTP id b49csp790688wrg;
        Fri, 16 Feb 2018 07:15:48 -0800 (PST)
X-Google-Smtp-Source: AH8x225RQCzRnW/3Qu+weWx+S0csCdccVzm9V5vERfPDpVW4wFYTBbPrEgcJJIPVWKYlHGyk1ud/
X-Received: by 10.99.123.79 with SMTP id k15mr5494771pgn.173.1518794148693;
        Fri, 16 Feb 2018 07:15:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518794148; cv=none;
        d=google.com; s=arc-20160816;
        b=odfrjnpuD4PXBKo9xSfcRkkCiUExdW7WZKNqFVxWlSWZCZCIJJXrlXy0R5oKlUmQO+
         LIS5Z+OtxsqL3z1Cj9Ox8X+GpcZkzQ0Iob8wGi3M3DeoXGntVfcyHd0MRXfVGlVthamP
         vfWxaH+8NuadcDjlbW2RqMkCLCOEjLkRwtXliYJwKF6cfAU87k5Vk3onw0dkoUJYwqOi
         xAuQbUQ0OmyZG0DKnomsAH7R+mTz1h2QkokgGDqAYUXlLDpfhgJbx7gCVFztYMH2bRoT
         ufzyTNuagfc6Wkqpsz8avxkAEwLXdb7RKE24jpF3Sjg7pUULIgbA82tYw7L41obpTkox
         OWwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=pMS038pvPkl3VgY7Io+JyDX0Y2mlUhyZrOJqyd9Sn3g=;
        b=WCTky6gwS/xCidRv2bhqfrAHFqxXuskwdSjAWtH0cVSqlHiT9/yZKlBL4Dghf2f72W
         3CV6TzWvIVQg9icrjlpl/xNthXUrhwF+SrqLwHZ2bUBFQamO1E+X21Mv4+VEdB5d/F+X
         AHGRrIh6sxgjoujTy1uJVPXr81vo3h5ajo5WPU4OWG2UEaqJkvqEqXRNvPUaIuK/Jo/k
         Ora2sAiJKwkOKxdN91RLf6VdN52nP4CkQU3ZGMPyVpVnjdRrUNxCIlY3T7O9Sf1JVct2
         E6VHKD3b7EwKXfYYnoNMx2WU9+6zkUnmgQy4NsjpK3+OQ4/b75VFMttTtRZ53em6Vl1P
         Zm9A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=AWqeSqav;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v66si3365pgv.667.2018.02.16.07.15.34;
        Fri, 16 Feb 2018 07:15:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=AWqeSqav;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1167229AbeBOVAB (ORCPT <rfc822;jaysonjohndmello@gmail.com>
        + 99 others); Thu, 15 Feb 2018 16:00:01 -0500
Received: from mail-it0-f46.google.com ([209.85.214.46]:36494 "EHLO
        mail-it0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1162995AbeBOU77 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Feb 2018 15:59:59 -0500
Received: by mail-it0-f46.google.com with SMTP id 18so2263189itj.1;
        Thu, 15 Feb 2018 12:59:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=pMS038pvPkl3VgY7Io+JyDX0Y2mlUhyZrOJqyd9Sn3g=;
        b=AWqeSqavm2tZnQB13EyX/OApMeF3XPT5Qlyi1QBZsKuNA+XJ9RgTh7NDjY6FxHBn0p
         Kovuij6Ab7AbUVCIIIEWv1seF0C6WDsBOOGN4jkB4jow/bLAJ7nDj6yU8JZACilZrydc
         OTqvOzhTpwHsDrIBJxxItog7/Wx6RTX4nS1HR8f2M95P3GyRsLE4hIdkHIgEOViGcyjj
         QBhpeZvC/Lbk5HfQWe/9f0ozyZC4tQ+B1fm0500nKcm3enmAmOw979l5etR/rEF7Q2fJ
         KzHiTxWV1sCsWb3fKT3jNjyGucWqD2F0MXv4z6jtUGJKwRJSosmLff2zeN0sANDW9kBW
         mCxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=pMS038pvPkl3VgY7Io+JyDX0Y2mlUhyZrOJqyd9Sn3g=;
        b=EuTNjHIYUu0oc0Uf/Xu0mM6W8hV8gW38sJmLQvzFmTiOlcNNjGrWCjBkv7qp2AsdaW
         0CAUfXujz1vnR9BqFMOSYjCN4WO5Wb0pVWGhsq9NICsRWRMiGvAipOQ2A4J4kyqoENt8
         Cu7vBhADgy0t0Qtki6l9qXfE81fuNAQlCDLm60BI2K+MCdRUlluBxvHJY7y1un3FL9L2
         xScwb5jUoi0igNVzlhnSTT2ODZOXCWRaVM5lX5J/rhNXrjTKTSN3odAYvoQJ6UwjIWYb
         81s5BaYErFPtuVJhEO/Hdal9mtPhBZm6tcgcJxeFS7v3/e3FqEq6clqcuCl+ru6LsiCb
         TWzA==
X-Gm-Message-State: APf1xPCeDVljeDEL5kmqK3tGFYaOddIHBske5f31u7l023lJnpgYGqhz
        6JyMZpJ5mX9iNQ3FyodLDhT23R1ZecEnJueR0K1F+XbD
X-Received: by 10.36.176.1 with SMTP id d1mr5464764itf.100.1518728398376; Thu,
 15 Feb 2018 12:59:58 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.135.221 with HTTP; Thu, 15 Feb 2018 12:59:57 -0800 (PST)
In-Reply-To: <20180215195209.15299-1-linux@rasmusvillemoes.dk>
References: <CAPcyv4i-bULZp1WTUgUVtdEY5i_fTGkFWKBsVLDu6dsuxUwoug@mail.gmail.com>
 <20180215195209.15299-1-linux@rasmusvillemoes.dk>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu, 15 Feb 2018 12:59:57 -0800
X-Google-Sender-Auth: l90_Co4jDxAK2gmmVo91keouAJM
Message-ID: <CA+55aFzYyWLiWb_O3KFZiJAZPzoopaa2cuj8ByWDi4ERjg0ZHw@mail.gmail.com>
Subject: Re: [PATCH] linux/nospec.h: allow index argument to have
 const-qualified type
To:     Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Will Deacon <will.deacon@arm.com>,
        Ingo Molnar <mingo@kernel.org>,
        stable <stable@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 15, 2018 at 11:52 AM, Rasmus Villemoes
<linux@rasmusvillemoes.dk> wrote:
>
> This way, we can allow index to have const-qualified type, which will in
> some cases avoid the need for introducing a local copy of index of
> non-const qualified type.

Ack.

That said, looking at this header file, I find a couple of of other issues..

 (a) we should just remove the array_index_mask_nospec_check() thing.

 (b) once fixed, there's no reason for that extra "_s" variable in
array_index_nospec()

That (a) thing causes horrible code generation, and is pointless and wrong.

The "wrong" part is because it wants about "index" being larger than
LONG_MAX, and that's really stupid and wrong, because by *definition*
we don't trust index and it came from user space. The whole point was
that array_index_nospec() would limit those things!

Yes, it's true that the compiler may optimize that warning away if the
type of 'index' is such that it cannot happen, but that doesn't make
the warning any more valid.

It is only the sign of *size* that can matter and be an issue.
HOWEVER, even then it's wrong, because if "size" is of a signed type,
the check in WARN_ONCE is pure garbage.

To make matters worse, that warning means that
array_index_mask_nospec_check() currently uses it's arguments twice.
It so happens that the only current use of that macro is ok with that,
because it's being extra careful, but it's *WRONG*. Macros that look
like functions should not use arguments twice.

So (a) is just wrong right now. It's better to just remove it.

A valid warning *might* be

    WARN_ONCE((long)(size) < 0, "array_index_mask only works for sizes
that fit in a positive long");

but honestly, it's just not worth the code generation pain.

             Linus