Received: by 10.213.65.68 with SMTP id h4csp496510imn; Sat, 17 Mar 2018 11:54:46 -0700 (PDT) X-Google-Smtp-Source: AG47ELuVXW/YW//WN/KVwCnECF9Y8XOti9yoWCRIe6Nbg8PHWqo7seGOkuf6wLMdJQSS8vfjnvZD X-Received: by 2002:a17:902:82c2:: with SMTP id u2-v6mr6397315plz.401.1521312886316; Sat, 17 Mar 2018 11:54:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521312886; cv=none; d=google.com; s=arc-20160816; b=0HREgdTGL3pMG0E4FzALE2S1rAdViN73WZxmz3RoeaQ5SSGMRFvfkqSnDx9RhArjjw /8nQoLAgTx1TT4nnilD2y1rpWKaFe/58y19yOltbt1jZ+rgNZWpqF1/hUOQMKNFMfnos 2L4N2tPYaI50clZUP6bdTaM7lZrumkj1801YjvGv644dFDKwNfLPp/mooW3cPWaqd3qw nOPt28Sm2yKTfpu5u4afVUYmkV5nkMqhj4nIFeo1xzs1EFREPd4giS3V3vmax6oRlkN5 UsWG+AhtW06wmcNHGgh9v3Hd1s0miMvf0H2z0pgqXQwZtIWQv3+I3ByryzfOzetTOqi/ gkYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:dkim-signature:arc-authentication-results; bh=+VUZe5SRHX0nX0XLfC1IVdj9HVpNUAxJVe8p0zHzO+4=; b=MvCdFuCI2go/sH2ayIlsNWWJNxeXEMj1GTalT6CxF9HYQTIwLK1BXH32sqGfYKWobs z4G3zcM4TS8EUR7wyt/lVZTPFURg0wLbYwhYxZgSvdiZOJ9zQlUj39xZWo7qef9KQX6H 4e1cCNy0PON+kEWdIy06yUiuVtoksVkXtBQyZRohDrqIpE1mrWE2A29CK1nsu3wtq8mo OLMO9QZKegVRZSpYvoi4IhaHXIuF+9iQUhorKoRk4OdE7jeKQ88D7g6OUhAylEX7FCpA NwnduXIJgmWUoo2lU+Oa2snilPQ5jsxezR7Z0ITp3vxCKoP/SF+0OtbTVwb9Pcajrd/1 NtvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=iVrNjtI5; dkim=fail header.i=@linux-foundation.org header.s=google header.b=AZAWb12O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x190si7049767pgx.159.2018.03.17.11.54.32; Sat, 17 Mar 2018 11:54:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=iVrNjtI5; dkim=fail header.i=@linux-foundation.org header.s=google header.b=AZAWb12O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753942AbeCQSwN (ORCPT + 99 others); Sat, 17 Mar 2018 14:52:13 -0400 Received: from mail-it0-f54.google.com ([209.85.214.54]:40660 "EHLO mail-it0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753288AbeCQSwK (ORCPT ); Sat, 17 Mar 2018 14:52:10 -0400 Received: by mail-it0-f54.google.com with SMTP id y20-v6so5766409itc.5; Sat, 17 Mar 2018 11:52:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=+VUZe5SRHX0nX0XLfC1IVdj9HVpNUAxJVe8p0zHzO+4=; b=iVrNjtI5wFYSY0BpdpwJocAow3qu630Jeza99ZaXLqOlHjg5y5ifg+xUK8BFl2pkm2 j2jveEJSyxOAV9AzWMWAimOsFExMgZi8XvvRTRyIFVaEGzwn5MDiEG+4WKRZb/TUBAuk eNn9PKpRAEZ9i7fZgt1G+qAD+UeHCBptSdh3L7GWE22u9JuGVsZvfT5+5a2Run3g49gR 7MJqOMQs0jnkhSr/q922Jm7qdRrQOqPDnV0WZIzAlsCmLqeohT/Bv2UDh3bGpFs0leMJ 3/I3l7VRw4ISAOfWqJqyBHfzEzBzZQG+3G1fb18JDTHcQBGqBi5pwG0rDb2IOtQJ51/E 9rEw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=+VUZe5SRHX0nX0XLfC1IVdj9HVpNUAxJVe8p0zHzO+4=; b=AZAWb12O8AHRivV6x9J4TFDVVCN84ZHo9XiiwVfkM7nlsVZhv+H3FbXIuWlE6WN3U0 WH8ynJInYf/DnUnxWHi8U6L9t/y2oETdAYLtaRmsyWqBGMe0Gtmo+xMxLomIGzsspeTA b/hM38s0JhU54Yjpo1xM4rMJEcsvOnwTjbqA0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=+VUZe5SRHX0nX0XLfC1IVdj9HVpNUAxJVe8p0zHzO+4=; b=N53vrzwsfwbijaJO6WHCq7c7vxE0Fdvz5A+8dVoUpvJu8QefxF8wLBrOh48U2AcRme waB7f5aOyQsdu/3mf10kjsJOn2LA6gA0ld4oaF4jGqN3FLIK4Z28yU3wuBk06bzuZ/TP 34WEYPcICQgP6chajuEs4RaUj8Du7wELmGvDxY4+rxv/tQFLIQ2CcqbsyOEFfePEWsAY vfc+/7LrppTuE+07zmX9VEXPgX4nqQGdzw9+s+JQb87YClPpHo1dKCFHCOOIEQQ/lDt7 c+4GyftRjV1EnMD1NoFAqZpiOVNXrhQ5qVEI2CbIdMYeNRB24ULzyq6RylOogJjq+yux hYIg== X-Gm-Message-State: AElRT7HQrOWVgE4HrK/AiqPUqEubbrdLPI47mUbkn+VO7fSFFgPtNlvw Qtn2HcLNc2MOESDPGuRkqAWaE6JLWMEEHFlCtYk= X-Received: by 2002:a24:5989:: with SMTP id p131-v6mr6580089itb.113.1521312729748; Sat, 17 Mar 2018 11:52:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.95.15 with HTTP; Sat, 17 Mar 2018 11:52:09 -0700 (PDT) In-Reply-To: References: <1521174359-46392-1-git-send-email-keescook@chromium.org> <20180316175502.GE30522@ZenIV.linux.org.uk> From: Linus Torvalds Date: Sat, 17 Mar 2018 11:52:09 -0700 X-Google-Sender-Auth: dn6k--1NHbCqY0P87KYODVgZrmk Message-ID: Subject: Re: [PATCH v5 0/2] Remove false-positive VLAs when using max() To: Kees Cook Cc: Al Viro , Florian Weimer , Andrew Morton , Josh Poimboeuf , Rasmus Villemoes , Randy Dunlap , Miguel Ojeda , Ingo Molnar , David Laight , Ian Abbott , linux-input , linux-btrfs , Network Development , Linux Kernel Mailing List , Kernel Hardening Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 17, 2018 at 12:27 AM, Kees Cook wrote: > > Unfortunately my 4.4 test fails quickly: > > ./include/linux/jiffies.h: In function =E2=80=98jiffies_delta_to_clock_t= =E2=80=99: > ./include/linux/jiffies.h:444: error: first argument to > =E2=80=98__builtin_choose_expr=E2=80=99 not a constant Ok, so it really looks like that same "__builtin_constant_p() doesn't return a constant". Which is really odd, but there you have it. I wonder if you can use that "sizeof()" to force evaluation of it, because sizeof() really does end up being magical when it comes to "integer constant expression". So instead of this: #define __no_side_effects(a,b) \ (__builtin_constant_p(a)&&__builtin_constant_p(b)) that just assumes that __builtin_constant_p() itself always counts as a constant expression, what happens if you do #define __is_constant(a) \ (sizeof(char[__builtin_constant_p(a)])) #define __no_side_effects(a,b) \ (__is_constant(a) && __is_constant(b)) I realize that the above looks completely insane: the whole point is to *not* have VLA's, and we know that __builtin_constant_p() isn't always evaliated as a constant. But hear me out: if the issue is that there's some evaluation ordering between the two builtins, and the problem is that the __builtin_choose_expr() part of the expression is expanded *before* the __builtin_constant_p() has been expanded, then just hiding it inside that bat-shit-crazy sizeof() will force that to be evaluated first (because a sizeof() is defined to be a integer constant expression. So the above is completely insane, bit there is actually a chance that using that completely crazy "x -> sizeof(char[x])" conversion actually helps, because it really does have a (very odd) evaluation-time change. sizeof() has to be evaluated as part of the constant expression evaluation, in ways that "__builtin_constant_p()" isn't specified to be done. But it is also definitely me grasping at straws. If that doesn't work for 4.4, there's nothing else I can possibly see. Linus