[PATCH v5 06/12] S.A.R.A.: WX protection
Salvatore Mesoraca
s.mesoraca16 at gmail.com
Sun Jul 7 15:49:35 UTC 2019
Al Viro <viro at zeniv.linux.org.uk> wrote:
>
> On Sat, Jul 06, 2019 at 12:54:47PM +0200, Salvatore Mesoraca wrote:
>
> > +#define sara_warn_or_return(err, msg) do { \
> > + if ((sara_wxp_flags & SARA_WXP_VERBOSE)) \
> > + pr_wxp(msg); \
> > + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN)) \
> > + return -err; \
> > +} while (0)
> > +
> > +#define sara_warn_or_goto(label, msg) do { \
> > + if ((sara_wxp_flags & SARA_WXP_VERBOSE)) \
> > + pr_wxp(msg); \
> > + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN)) \
> > + goto label; \
> > +} while (0)
>
> No. This kind of "style" has no place in the kernel.
>
> Don't hide control flow. It's nasty enough to reviewers,
> but it's pure hell on anyone who strays into your code while
> chasing a bug or doing general code audit. In effect, you
> are creating your oh-so-private C dialect and assuming that
> everyone who ever looks at your code will start with learning
> that *AND* incorporating it into their mental C parser.
> I'm sorry, but you are not that important.
>
> If it looks like a function call, a casual reader will assume
> that this is exactly what it is. And when one is scanning
> through a function (e.g. to tell if handling of some kind
> of refcounts is correct, with twentieth grep through the
> tree having brought something in your code into the view),
> the last thing one wants is to switch between the area-specific
> C dialects. Simply because looking at yours is sandwiched
> between digging through some crap in drivers/target/ and that
> weird thing in kernel/tracing/, hopefully staying limited
> to 20 seconds of glancing through several functions in your
> code.
>
> Don't Do That. Really.
I understand your concerns.
The first version of SARA didn't use these macros,
they were added because I was asked[1] to do so.
I have absolutely no problems in reverting this change.
I just want to make sure that there is agreement on this matter.
Maybe Kees can clarify his stance.
Thank you for your suggestions.
[1] https://lkml.kernel.org/r/CAGXu5jJuQx2qOt_aDqDQDcqGOZ5kmr5rQ9Zjv=MRRCJ65ERfGw@mail.gmail.com
More information about the Linux-security-module-archive
mailing list