Received: by 10.223.185.116 with SMTP id b49csp284718wrg;
        Thu, 8 Mar 2018 17:36:27 -0800 (PST)
X-Google-Smtp-Source: AG47ELsTraQ/cH861Xzy60aB/j8/1m9yQJQQeplg96OFuaiShpOQACeEYj7eBiph2maHyeUXoJMU
X-Received: by 2002:a17:902:b606:: with SMTP id b6-v6mr25318225pls.93.1520559386952;
        Thu, 08 Mar 2018 17:36:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520559386; cv=none;
        d=google.com; s=arc-20160816;
        b=mNBCS2CoQ9owW1ZxqEhaEvqUqp3RQmThSRQkMFLea0NkylhgJyjFmXB5ilHgAu2Uvw
         +Pe0/eOxK65/AHhzWmqU3jl/2KfPMRbKCbXWozLyRh1bZlLwzk8UnxZcoC7iotYkPtA1
         amJowED1+XB/vYQZ6ksvqotXRlPDPSJIgxQ3MRlraPOu7N50L0gVuR1DOdoT9wV+mLZ7
         j5u435+U98Dc/073NUefoElL1xdEi2EHBnQ8AqKEZYfJuRat/LY2vqCQXs8W57gOGsQm
         Jf+MW/MG37+mX9R0b0ME4YCdO+Yl1s6kS62bREF39HXV8jU4ULPc3f5KPFt7qlb/JnTN
         0Ejg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:dkim-signature:arc-authentication-results;
        bh=jnxroqe8YbZd6eymMv+1TOe9XYYSnCx7JyBb8wypGe8=;
        b=wojWiev+93ifv3CUIeySgnp/eY8jOSOgEAhK22kxCObIR/Gc1lLNSWDkNkyR9bR8+T
         LbEczgvdVh7jVaJhQ0KzF/scVAoff5LCxnit0oKFaMZfJ1GC5nFwGLNCZkV9aJN3Kgbi
         D4FLvJlP3xEDvPgUqAI4skVApCoymD10JcEoyyQVcrfM/Jj4pgqG4yxW8NsDR1iP3E3G
         jiRhRR59rz1Szzwr5DMocHQBmqb9pwf74kumT/N0tETw81v/HR43hkxzCIdHnva+qWvU
         KKskLUTqxBOdYsrVfokYLygolsJ6Prk6OgfdWLeKRobpUMUGnpSIVbAkZVfoJxR5ZXLQ
         O9rA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=a4PphsgH;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Gy86ndj1;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o3si13825577pgn.642.2018.03.08.17.36.11;
        Thu, 08 Mar 2018 17:36:26 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=a4PphsgH;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Gy86ndj1;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751754AbeCIBfT (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Thu, 8 Mar 2018 20:35:19 -0500
Received: from mail-io0-f182.google.com ([209.85.223.182]:37761 "EHLO
        mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751113AbeCIBfQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Mar 2018 20:35:16 -0500
Received: by mail-io0-f182.google.com with SMTP id d71so1848908iog.4;
        Thu, 08 Mar 2018 17:35:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-transfer-encoding;
        bh=jnxroqe8YbZd6eymMv+1TOe9XYYSnCx7JyBb8wypGe8=;
        b=a4PphsgHlV/i3EHgpIlu7wuKmZzMUEGzoxs8xSVK/wdJwFfMEDiNLU8CaQ79V7hzRf
         nBqBhXolob53V4kxmZv589ocH8fWqJRav17QuO1pEcDLoKkqvwMmq9qErjySb8Ej53jP
         HwSjlOAnGngNBYL2Ejz6+n5c57Jz+oduVXzUWOCgVg6MPkwYLTcEtu4n5JwftZbfNjni
         iwL9Lf9zWHbly/hTbZzxUbQZJfiVibPPHvCt5kZ7rIKRiys6ImVWxoXQhZ7khqrXEKYT
         lVjfOV95fXA4e/Syhu6P2qEIEssyKhu72GDn8hGvnWxx+q4GgAgyoz0Y8B1s11lDQDQx
         yzPQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-transfer-encoding;
        bh=jnxroqe8YbZd6eymMv+1TOe9XYYSnCx7JyBb8wypGe8=;
        b=Gy86ndj1dLSWyeqxGWEV5+XjfSqCGFCIKOmmzgvBE6y1vSwTTd5103/qigXJ/pvHd2
         JlemGAHD91voi86kphpDdXM59mLSxkRSKpL6AJWwWhfxfyE0DNrhOf/iw3iGX/fmjjR0
         hCdRisBirniOIU1qGp3yHDHPaBA0ed8M4NN3E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc:content-transfer-encoding;
        bh=jnxroqe8YbZd6eymMv+1TOe9XYYSnCx7JyBb8wypGe8=;
        b=ihgBS9sDAMecKezCXcidXR0+j8btlusYdXjE3dRYge8SVIHMsYTHrTk1V2IO8LhG2D
         pwHWBxW/R90VllFuSUtwAmhkAltFEFZiS2PtM+ri5X5OFGMmwYH+IcddpcjV5FeH1zgX
         siiJkoRLmXqtVmfBw9vRO5BF2tuM0oXj1XKceLF4YKEBeljK4UGX02f/UKHnn2W6GHMn
         LCUBlFu+fSAF0WJN9x1PPvEgwAUgXb4h6jYgQc3I9KvLfekcFxrJcrzcWj9/72ArtN+Z
         sWTT2n2QV00zt5DS5caVMCzPOjcO4VtgvACtJCxv5jeiGsuL0zQQXwLR7FOiUu53dIDb
         cjZA==
X-Gm-Message-State: APf1xPCTR9o9MnOQfnpU/jDhHPG9KV+372jqEoLKuWiV6JCvzvUWz/vH
        BZy2pcWtPnu8Zn6gqP71AZqNPp3YwXeWgmDQRe8=
X-Received: by 10.107.10.155 with SMTP id 27mr35109336iok.259.1520559315572;
 Thu, 08 Mar 2018 17:35:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.135.221 with HTTP; Thu, 8 Mar 2018 17:35:15 -0800 (PST)
In-Reply-To: <CAGXu5j+JiYcsdaC4V9+SmUM2SKW1yRHr18d74G5SM_sSrQm=Nw@mail.gmail.com>
References: <20180308214045.GA6787@beast> <CA+55aFyf-ajRzW2sUwFrrMOAu5UyuOk5L8g9xfkr4VuJeWjV9w@mail.gmail.com>
 <CAGXu5j+JiYcsdaC4V9+SmUM2SKW1yRHr18d74G5SM_sSrQm=Nw@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu, 8 Mar 2018 17:35:15 -0800
X-Google-Sender-Auth: orVkONR2vOT_bSvwvEvybZPQyMw
Message-ID: <CA+55aFxXb8JhpELWcFJnQMYy6sTyndwdNpCLFUznA9ML7-oL_Q@mail.gmail.com>
Subject: Re: [PATCH] kernel.h: Skip single-eval logic on literals in min()/max()
To:     Kees Cook <keescook@chromium.org>
Cc:     Andrew Morton <akpm@linux-foundation.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
        "Tobin C. Harding" <me@tobin.cc>,
        Steven Rostedt <rostedt@goodmis.org>,
        Jonathan Corbet <corbet@lwn.net>, Chris Mason <clm@fb.com>,
        Josef Bacik <jbacik@fb.com>, David Sterba <dsterba@suse.com>,
        "David S. Miller" <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        Ingo Molnar <mingo@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Masahiro Yamada <yamada.masahiro@socionext.com>,
        Borislav Petkov <bp@suse.de>,
        Randy Dunlap <rdunlap@infradead.org>,
        Ian Abbott <abbotti@mev.co.uk>,
        Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
        Petr Mladek <pmladek@suse.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Pantelis Antoniou <pantelis.antoniou@konsulko.com>,
        linux-btrfs <linux-btrfs@vger.kernel.org>,
        Network Development <netdev@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Mar 8, 2018 at 4:45 PM, Kees Cook <keescook@chromium.org> wrote:
>
> Rasmus mentioned this too. What I said there was that I was shy to
> make that change, since we already can't mix that kind of thing with
> the existing min()/max() implementation. The existing min()/max() is
> already extremely strict, so there are no instances of this in the
> tree.

Yes, but I also didn't want to add any new cases in case people add
new min/max() users.

But:

> If I explicitly add one, I see this with or without the patch:
>
> In file included from drivers/misc/lkdtm.h:7:0,
>                  from drivers/misc/lkdtm_core.c:33:
> drivers/misc/lkdtm_core.c: In function =E2=80=98lkdtm_module_exit=E2=80=
=99:
> ./include/linux/kernel.h:809:16: warning: comparison of distinct
> pointer types lacks a cast

Oh, ok, in that case, just drop the __builtin_types_compatible_p()
entirely. It's not adding anything.

I was expecting the non-chosen expression in __builtin_choose_expr()
to not cause type warnings. I'm actually surprised it does. Type games
is why __builtin_choose_expr() tends to exist in the first place.

> So are you saying you _want_ the type enforcement weakened here, or
> that I should just not use __builtin_types_compatible_p()?

I don't want to weaken the type enforcement, and I _thought_ you had
done that __builtin_types_compatible_p() to keep it in place.

But if that's not why you did it, then why was it there at all? If the
type warning shows through even if it's in the other expression, then
just a


#define __min(t1, t2, x, y)                             \
        __builtin_choose_expr(                          \
                __builtin_constant_p(x) &               \
                __builtin_constant_p(y),                \
                (t1)(x) < (t2)(y) ? (t1)(x) : (t2)(y),  \
                __single_eval_min(t1, t2,               \
   ...

would seem to be sufficient?

Because logically, the only thing that matters is that x and y don't
have any side effects and can be evaluated twice, and
"__builtin_constant_p()" is already a much stronger version of that.

Hmm? The __builtin_types_compatible_p() just doesn't seem to matter
for the only thing I thought it was there for.

                  Linus