Re: Implementing hooks

From: Andrew Morgan (morganat_private)
Date: Thu Apr 19 2001 - 16:44:18 PDT

  • Next message: Greg KH: "Re: Implementing hooks" 

    Greg KH wrote:
> Remember, with macros, you loose type information which is a very
> valuable thing.

What do you mean by this remark? Please could you elaborate?

Here is a program with some bogus argument types. The first involves a
macro to do the same thing as the second.

#include <stdio.h>
#define my_stuff(x...) (void) printf(x)

int main(int argc, char **argv)
{
  my_stuff("hello from %s\n", *argv[0]);
  (void) printf("hello again from %s\n", *argv[0]);
  exit(0);
}

Specifically, 'gcc -Wformat' has no problem pointing out the type
problem in both cases.

Cheers

Andrew

PS. I hesitate to send the following, as its too close to flame bait for
my liking, but your assertions appear to be quite freely made, and I'd
hate a lack of reply on my part to make you think I'm simply agreeing
with you. [When I agree, I'll generally say so.]

(Re: Inodes hooks example):
> >   SECURITY_HOOK_RETURN_ERROR(retval,basic_ops,ioperm,(),"ioperm
> > privilege required");

> 
> More efficient from a code typing viewpoint, or a memory usage
> viewpoint, or a clarity to the programmer viewpoint?

There is only one that counts: from the point of view of a programmer
that's never seen the code before.
99% of code's life is as legacy - destined to be maintained by someone
other than the original implementer - who looks to the code as some sort
of documentation.

> But since you brought it up...
> Remember that what I implemented allows static tools like the CHECKER to
> pass across the module interface to validate rules.  If you make a
> generic macro, that expands to a var_args like call, then you lost the
> type enforcement, and any static detection tools will never be able to
> help you out.

I fail to believe that any reasonable C-checker can't work equally well
on gcc -E output.

> Just my reasoning why I like a simple function call, besides it being the
> same type of interface used everywhere else in the kernel source :)

I have a hard time with this one too. Are you putting this forward as a
reason to make the code more easily camouflaged? [A macro can resolve to
a simple function call too.]

Best wishes

Andrew

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

    This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 16:46:39 PDT