From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756073AbcHVRxI (ORCPT ); Mon, 22 Aug 2016 13:53:08 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:47129 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752142AbcHVRxG (ORCPT ); Mon, 22 Aug 2016 13:53:06 -0400 X-IBM-Helo: d03dlp01.boulder.ibm.com X-IBM-MailFrom: paulmck@linux.vnet.ibm.com Date: Mon, 22 Aug 2016 10:53:07 -0700 From: "Paul E. McKenney" To: Arnd Bergmann Cc: Kees Cook , Laura Abbott , Steven Rostedt , Daniel Micay , Joe Perches , Stephen Boyd , Syed Rameez Mustafa , Greg Kroah-Hartman , Josh Triplett , Mathieu Desnoyers , Lai Jiangshan , "Aneesh Kumar K.V" , "Kirill A. Shutemov" , Michael Ellerman , Andrew Morton , Dan Williams , Jan Kara , Thomas Gleixner , Josef Bacik , Ingo Molnar , Tejun Heo , Andrey Ryabinin , Nikolay Aleksandrov , Dmitry Vyukov , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH v3 4/5] bug: Provide toggle for BUG on data corruption Reply-To: paulmck@linux.vnet.ibm.com References: <1471470132-29499-1-git-send-email-keescook@chromium.org> <1471470132-29499-5-git-send-email-keescook@chromium.org> <4367840.AWTJIHYqbe@wuerfel> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4367840.AWTJIHYqbe@wuerfel> User-Agent: Mutt/1.5.21 (2010-09-15) X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16082217-0016-0000-0000-0000047ABEA7 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005629; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000183; SDB=6.00748165; UDB=6.00353064; IPR=6.00520831; BA=6.00004672; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012421; XFM=3.00000011; UTC=2016-08-22 17:53:01 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16082217-0017-0000-0000-0000323BC632 Message-Id: <20160822175307.GI3482@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-08-22_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608220182 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 22, 2016 at 03:15:35PM +0200, Arnd Bergmann wrote: > On Wednesday, August 17, 2016 2:42:11 PM CEST Kees Cook wrote: > > + > > +/* > > + * Since detected data corruption should stop operation on the affected > > + * structures, this returns false if the corruption condition is found. > > + */ > > +#define CHECK_DATA_CORRUPTION(condition, fmt, ...) \ > > + do { \ > > + if (unlikely(condition)) { \ > > + if (IS_ENABLED(CONFIG_BUG_ON_DATA_CORRUPTION)) { \ > > + pr_err(fmt, ##__VA_ARGS__); \ > > + BUG(); \ > > + } else \ > > + WARN(1, fmt, ##__VA_ARGS__); \ > > + return false; \ > > + } \ > > + } while (0) > > + > > I think the "return false" inside of the macro makes it easy to misread > what is actually going on. > > How about making it a macro that returns the condition argument? > > #define CHECK_DATA_CORRUPTION(condition, fmt, ...) \ > ({ \ > bool _condition = unlikely(condition); \ > if (_condition) { \ > ... > } \ > _condition; \ > }) That does look better, now that you mention it. Kees, any objections? Thanx, Paul From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com Date: Mon, 22 Aug 2016 10:53:07 -0700 From: "Paul E. McKenney" References: <1471470132-29499-1-git-send-email-keescook@chromium.org> <1471470132-29499-5-git-send-email-keescook@chromium.org> <4367840.AWTJIHYqbe@wuerfel> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4367840.AWTJIHYqbe@wuerfel> Message-Id: <20160822175307.GI3482@linux.vnet.ibm.com> Subject: [kernel-hardening] Re: [PATCH v3 4/5] bug: Provide toggle for BUG on data corruption To: Arnd Bergmann Cc: Kees Cook , Laura Abbott , Steven Rostedt , Daniel Micay , Joe Perches , Stephen Boyd , Syed Rameez Mustafa , Greg Kroah-Hartman , Josh Triplett , Mathieu Desnoyers , Lai Jiangshan , "Aneesh Kumar K.V" , "Kirill A. Shutemov" , Michael Ellerman , Andrew Morton , Dan Williams , Jan Kara , Thomas Gleixner , Josef Bacik , Ingo Molnar , Tejun Heo , Andrey Ryabinin , Nikolay Aleksandrov , Dmitry Vyukov , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com List-ID: On Mon, Aug 22, 2016 at 03:15:35PM +0200, Arnd Bergmann wrote: > On Wednesday, August 17, 2016 2:42:11 PM CEST Kees Cook wrote: > > + > > +/* > > + * Since detected data corruption should stop operation on the affected > > + * structures, this returns false if the corruption condition is found. > > + */ > > +#define CHECK_DATA_CORRUPTION(condition, fmt, ...) \ > > + do { \ > > + if (unlikely(condition)) { \ > > + if (IS_ENABLED(CONFIG_BUG_ON_DATA_CORRUPTION)) { \ > > + pr_err(fmt, ##__VA_ARGS__); \ > > + BUG(); \ > > + } else \ > > + WARN(1, fmt, ##__VA_ARGS__); \ > > + return false; \ > > + } \ > > + } while (0) > > + > > I think the "return false" inside of the macro makes it easy to misread > what is actually going on. > > How about making it a macro that returns the condition argument? > > #define CHECK_DATA_CORRUPTION(condition, fmt, ...) \ > ({ \ > bool _condition = unlikely(condition); \ > if (_condition) { \ > ... > } \ > _condition; \ > }) That does look better, now that you mention it. Kees, any objections? Thanx, Paul