| Message ID | 20160629144242.GE22818@mwanda (mailing list archive) |
|---|---|
| State | Rejected |
| Delegated to: | Herbert Xu |
| Headers | show |
On 06/29/16 07:42, Dan Carpenter wrote: > || and | behave basically the same here but || is intended. It causes a > static checker warning to mix up bitwise and logical operations. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c > index c9d5dcc..4ec895a 100644 > --- a/arch/x86/crypto/sha256-mb/sha256_mb.c > +++ b/arch/x86/crypto/sha256-mb/sha256_mb.c > @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, > * Or if the user's buffer contains less than a whole block, > * append as much as possible to the extra block. > */ > - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { > + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { > /* Compute how many bytes to copy from user buffer into > * extra block > */ > As far as I know the | was an intentional optimization, so you may way to look at the generated code. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jun 29, 2016 at 10:05:53AM -0700, H. Peter Anvin wrote: > On 06/29/16 07:42, Dan Carpenter wrote: > > || and | behave basically the same here but || is intended. It causes a > > static checker warning to mix up bitwise and logical operations. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c > > index c9d5dcc..4ec895a 100644 > > --- a/arch/x86/crypto/sha256-mb/sha256_mb.c > > +++ b/arch/x86/crypto/sha256-mb/sha256_mb.c > > @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, > > * Or if the user's buffer contains less than a whole block, > > * append as much as possible to the extra block. > > */ > > - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { > > + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { > > /* Compute how many bytes to copy from user buffer into > > * extra block > > */ > > > > As far as I know the | was an intentional optimization, so you may way > to look at the generated code. I know how the rules work. I just thought it looked more like a typo than an optimization. It's normally a typo. It's hard to tell the intent. I think I'll modify my static checker to ignore these since the typo is harmless. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, 2016-06-30 at 10:50 +0300, Dan Carpenter wrote: > On Wed, Jun 29, 2016 at 10:05:53AM -0700, H. Peter Anvin wrote: > > On 06/29/16 07:42, Dan Carpenter wrote: > > > > > and | behave basically the same here but || is intended. It causes a > > > static checker warning to mix up bitwise and logical operations. > > > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > > > diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c [] > > > @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, > > > * Or if the user's buffer contains less than a whole block, > > > * append as much as possible to the extra block. > > > */ > > > - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { > > > + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { > > > /* Compute how many bytes to copy from user buffer into > > > * extra block > > > */ > > > > > As far as I know the | was an intentional optimization, so you may way > > to look at the generated code. > I know how the rules work. I just thought it looked more like a typo > than an optimization. It's normally a typo. It's hard to tell the > intent. The compiler could potentially emit the same code when optimizing but at least gcc 5.3 doesn't. It's probably useful to add a comment for the specific intent here rather than change a potentially useful static checker. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Am 30.06.2016 13:16, schrieb Joe Perches: > On Thu, 2016-06-30 at 10:50 +0300, Dan Carpenter wrote: >> On Wed, Jun 29, 2016 at 10:05:53AM -0700, H. Peter Anvin wrote: >>> On 06/29/16 07:42, Dan Carpenter wrote: >>>>>> and | behave basically the same here but || is intended. It causes a >>>> static checker warning to mix up bitwise and logical operations. >>>> >>>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> >>>> >>>> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c > [] >>>> @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, >>>> * Or if the user's buffer contains less than a whole block, >>>> * append as much as possible to the extra block. >>>> */ >>>> - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { >>>> + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { >>>> /* Compute how many bytes to copy from user buffer into >>>> * extra block >>>> */ >>>> >>> As far as I know the | was an intentional optimization, so you may way >>> to look at the generated code. >> I know how the rules work. I just thought it looked more like a typo >> than an optimization. It's normally a typo. It's hard to tell the >> intent. > > The compiler could potentially emit the same code when > optimizing but at least gcc 5.3 doesn't. > > It's probably useful to add a comment for the specific intent > here rather than change a potentially useful static checker. > perhaps we can agree not to play tricks with a compiler. Everything may be true for a certain version of CC but the next compiler is different. just my 2 cents, wh -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
The difference between | and || is that || has ordering constraints. It's from the C standard, and not the compiler version. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 2016-06-29 at 10:05 -0700, H. Peter Anvin wrote: > On 06/29/16 07:42, Dan Carpenter wrote: > > > > > > > > > > > > > and | behave basically the same here but || is intended. It causes a > > static checker warning to mix up bitwise and logical operations. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c > > index c9d5dcc..4ec895a 100644 > > --- a/arch/x86/crypto/sha256-mb/sha256_mb.c > > +++ b/arch/x86/crypto/sha256-mb/sha256_mb.c > > @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, > > * Or if the user's buffer contains less than a whole block, > > * append as much as possible to the extra block. > > */ > > - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { > > + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { > > /* Compute how many bytes to copy from user buffer into > > * extra block > > */ > > > As far as I know the | was an intentional optimization, so you may way > to look at the generated code. > > -hpa > Yes, this is an intentional optimization. Is there any scenario where things may break with the compiler? Tim -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Jun 30, 2016 at 01:42:19PM -0700, Tim Chen wrote: > On Wed, 2016-06-29 at 10:05 -0700, H. Peter Anvin wrote: > > On 06/29/16 07:42, Dan Carpenter wrote: > > > > > > > > > > > > > > > > > and | behave basically the same here but || is intended. It causes a > > > static checker warning to mix up bitwise and logical operations. > > > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > > > diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c > > > index c9d5dcc..4ec895a 100644 > > > --- a/arch/x86/crypto/sha256-mb/sha256_mb.c > > > +++ b/arch/x86/crypto/sha256-mb/sha256_mb.c > > > @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, > > > * Or if the user's buffer contains less than a whole block, > > > * append as much as possible to the extra block. > > > */ > > > - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { > > > + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { > > > /* Compute how many bytes to copy from user buffer into > > > * extra block > > > */ > > > > > As far as I know the | was an intentional optimization, so you may way > > to look at the generated code. > > > > -hpa > > > > Yes, this is an intentional optimization. Is there any scenario where things may > break with the compiler? No. I'm going to remove the warning from the static checker like I said earlier. It should only complain for && vs & typos, || vs | is harmless. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
* Tim Chen <tim.c.chen@linux.intel.com> wrote: > On Wed, 2016-06-29 at 10:05 -0700, H. Peter Anvin wrote: > > On 06/29/16 07:42, Dan Carpenter wrote: > > > > > > > > > > > > > > > > > and | behave basically the same here but || is intended. It causes a > > > static checker warning to mix up bitwise and logical operations. > > > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > > > diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c > > > index c9d5dcc..4ec895a 100644 > > > --- a/arch/x86/crypto/sha256-mb/sha256_mb.c > > > +++ b/arch/x86/crypto/sha256-mb/sha256_mb.c > > > @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, > > > * Or if the user's buffer contains less than a whole block, > > > * append as much as possible to the extra block. > > > */ > > > - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { > > > + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { > > > /* Compute how many bytes to copy from user buffer into > > > * extra block > > > */ > > > > > As far as I know the | was an intentional optimization, so you may way > > to look at the generated code. > > > > -hpa > > > > Yes, this is an intentional optimization. [...] Please don't do intentional optimizations while mixing them with a very ugly coding style: if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { The extra, unnecessary parantheses around ctx->partial_block_buffer_length will make the ordinary reader assume that the person who wrote the code was unsure about basic C syntax details and typoed the '|' as well ... Also, for heaven's (and readability's) sake, pick shorter structure field names. What's wrong with ctx->partial_block_buf_len? Also, even if the '|' was intentional - wouldn't it result in better code to use '||'? Plus: > > > /* Compute how many bytes to copy from user buffer into > > > * extra block > > > */ please use the customary (multi-line) comment style: /* * Comment ..... * ...... goes here. */ specified in Documentation/CodingStyle. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jul 01, 2016 at 09:55:59AM +0200, Ingo Molnar wrote: > > Plus: > > > > > /* Compute how many bytes to copy from user buffer into > > > > * extra block > > > > */ > > please use the customary (multi-line) comment style: This is the customary comment style of the networking stack and the crypto API. So please don't change it. Thanks,
* Herbert Xu <herbert@gondor.apana.org.au> wrote: > On Fri, Jul 01, 2016 at 09:55:59AM +0200, Ingo Molnar wrote: > > > > Plus: > > > > > > > /* Compute how many bytes to copy from user buffer into > > > > > * extra block > > > > > */ > > > > please use the customary (multi-line) comment style: > > This is the customary comment style of the networking stack and > the crypto API. So please don't change it. Guys, do you even read your own code?? That 'standard' is not being enforced consistently at all. Even in this very series there's an example of that weird comment not being followed: +++ b/arch/x86/crypto/sha1-mb/sha1_mb.c @@ -304,7 +304,7 @@ static struct sha1_hash_ctx *sha1_ctx_mgr_submit(struct sha1_ctx_mgr *mgr, /* * Compute how many bytes to copy from user buffer into * extra block See how this comment block uses the standard coding style, while the next patch has this weird coding style: - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { /* Compute how many bytes to copy from user buffer into * extra block */ The networking code's "exceptionalism" regarding the standard comment style is super distracting and in this particular example it resulted in: - inconsistent comment styles next to each other, - the questionable '|' pattern hiding right next to: - pointless parantheses around the (ctx->partial_block_buffer_length), - which field name is also a misnomer. So anyone doing security review of that weird '|' pattern first has to figure out whether the 4 ugly code patterns amount to a security problem or not... One thing that is more harmful that any of the coding styles: the inconsistent coding style used by this code. Btw., as a historic reference, there is nothing sacred about the 'networking comments coding style': I was there (way too many years ago) when that comment style was introduced by Alan Cox's first TCP/IP code drop, and it was little more than just a random inconsistency that people are now treating as gospel... Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c index c9d5dcc..4ec895a 100644 --- a/arch/x86/crypto/sha256-mb/sha256_mb.c +++ b/arch/x86/crypto/sha256-mb/sha256_mb.c @@ -299,7 +299,7 @@ static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr, * Or if the user's buffer contains less than a whole block, * append as much as possible to the extra block. */ - if ((ctx->partial_block_buffer_length) | (len < SHA256_BLOCK_SIZE)) { + if ((ctx->partial_block_buffer_length) || (len < SHA256_BLOCK_SIZE)) { /* Compute how many bytes to copy from user buffer into * extra block */
|| and | behave basically the same here but || is intended. It causes a static checker warning to mix up bitwise and logical operations. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html