From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
linux-mm@kvack.org, linux-security-module@vger.kernel.org,
Brad Spengler <spender@grsecurity.net>,
Casey Schaufler <casey@schaufler-ca.com>,
Christoph Hellwig <hch@infradead.org>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
PaX Team <pageexec@freemail.hu>,
"Serge E. Hallyn" <serge@hallyn.com>,
Thomas Gleixner <tglx@linutronix.de>,
James Morris <jmorris@namei.org>
Subject: Re: [PATCH v5 06/12] S.A.R.A.: WX protection
Date: Sun, 7 Jul 2019 17:49:35 +0200 [thread overview]
Message-ID: <CAJHCu1+JYWN7mEHprmCc+osP=K4qGA9xB3Jxg53_K4kwo4J6dA@mail.gmail.com> (raw)
In-Reply-To: <20190706192852.GO17978@ZenIV.linux.org.uk>
Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Sat, Jul 06, 2019 at 12:54:47PM +0200, Salvatore Mesoraca wrote:
>
> > +#define sara_warn_or_return(err, msg) do { \
> > + if ((sara_wxp_flags & SARA_WXP_VERBOSE)) \
> > + pr_wxp(msg); \
> > + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN)) \
> > + return -err; \
> > +} while (0)
> > +
> > +#define sara_warn_or_goto(label, msg) do { \
> > + if ((sara_wxp_flags & SARA_WXP_VERBOSE)) \
> > + pr_wxp(msg); \
> > + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN)) \
> > + goto label; \
> > +} while (0)
>
> No. This kind of "style" has no place in the kernel.
>
> Don't hide control flow. It's nasty enough to reviewers,
> but it's pure hell on anyone who strays into your code while
> chasing a bug or doing general code audit. In effect, you
> are creating your oh-so-private C dialect and assuming that
> everyone who ever looks at your code will start with learning
> that *AND* incorporating it into their mental C parser.
> I'm sorry, but you are not that important.
>
> If it looks like a function call, a casual reader will assume
> that this is exactly what it is. And when one is scanning
> through a function (e.g. to tell if handling of some kind
> of refcounts is correct, with twentieth grep through the
> tree having brought something in your code into the view),
> the last thing one wants is to switch between the area-specific
> C dialects. Simply because looking at yours is sandwiched
> between digging through some crap in drivers/target/ and that
> weird thing in kernel/tracing/, hopefully staying limited
> to 20 seconds of glancing through several functions in your
> code.
>
> Don't Do That. Really.
I understand your concerns.
The first version of SARA didn't use these macros,
they were added because I was asked[1] to do so.
I have absolutely no problems in reverting this change.
I just want to make sure that there is agreement on this matter.
Maybe Kees can clarify his stance.
Thank you for your suggestions.
[1] https://lkml.kernel.org/r/CAGXu5jJuQx2qOt_aDqDQDcqGOZ5kmr5rQ9Zjv=MRRCJ65ERfGw@mail.gmail.com
next prev parent reply other threads:[~2019-07-07 15:49 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-06 10:54 [PATCH v5 00/12] S.A.R.A. a new stacked LSM Salvatore Mesoraca
2019-07-06 10:54 ` [PATCH v5 01/12] S.A.R.A.: add documentation Salvatore Mesoraca
2019-07-06 17:14 ` Randy Dunlap
2019-07-06 17:32 ` Salvatore Mesoraca
2019-07-13 0:14 ` James Morris
2019-07-06 10:54 ` [PATCH v5 02/12] S.A.R.A.: create framework Salvatore Mesoraca
2019-07-06 15:29 ` Randy Dunlap
2019-07-06 10:54 ` [PATCH v5 03/12] S.A.R.A.: cred blob management Salvatore Mesoraca
2019-07-12 23:35 ` James Morris
2019-07-06 10:54 ` [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching Salvatore Mesoraca
2019-07-06 18:32 ` Jann Horn
2019-07-07 16:01 ` Salvatore Mesoraca
2019-07-08 17:37 ` Jann Horn
2019-10-06 16:49 ` Salvatore Mesoraca
2019-10-07 12:40 ` Jann Horn
2019-07-06 10:54 ` [PATCH v5 05/12] LSM: creation of "check_vmflags" LSM hook Salvatore Mesoraca
2019-07-06 10:54 ` [PATCH v5 06/12] S.A.R.A.: WX protection Salvatore Mesoraca
2019-07-06 15:38 ` Randy Dunlap
2019-07-06 19:28 ` Al Viro
2019-07-07 15:49 ` Salvatore Mesoraca [this message]
2019-07-09 4:51 ` Kees Cook
2019-07-08 12:42 ` David Laight
2019-07-06 10:54 ` [PATCH v5 07/12] LSM: creation of "pagefault_handler" LSM hook Salvatore Mesoraca
2019-07-06 10:54 ` [PATCH v5 08/12] S.A.R.A.: trampoline emulation Salvatore Mesoraca
2019-07-06 15:31 ` Randy Dunlap
2019-07-06 10:54 ` [PATCH v5 09/12] S.A.R.A.: WX protection procattr interface Salvatore Mesoraca
2019-07-06 10:54 ` [PATCH v5 10/12] S.A.R.A.: XATTRs support Salvatore Mesoraca
2019-07-06 10:54 ` [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation Salvatore Mesoraca
2019-07-06 18:20 ` Jann Horn
2019-07-07 16:15 ` Salvatore Mesoraca
2019-07-06 10:54 ` [PATCH v5 12/12] MAINTAINERS: take maintainership for S.A.R.A Salvatore Mesoraca
2019-07-06 14:33 ` [PATCH v5 00/12] S.A.R.A. a new stacked LSM Jordan Glover
2019-07-06 15:02 ` Salvatore Mesoraca
2019-07-07 1:16 ` James Morris
2019-07-07 15:40 ` Salvatore Mesoraca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJHCu1+JYWN7mEHprmCc+osP=K4qGA9xB3Jxg53_K4kwo4J6dA@mail.gmail.com' \
--to=s.mesoraca16@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=hch@infradead.org \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=serge@hallyn.com \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).