From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B6A837997E
	for <linux-kernel@vger.kernel.org>; Tue, 31 Mar 2026 08:58:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.50
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774947495; cv=none; b=JfomGj3n2UMkvlmr/ZiRsg4cYgJ0LDKSEdvCSpeuEy8qoGEbfLubLALp8NjTibn3F7vBxjZMaw78xrZPU5P+nDGu6QN+0pRsTlKml/mEeVaOmQjZu4/Vyi4qNZVdiTkdnKTVsGOPspGj0AU//pL+Ba3HYjldaPdNnLQhqdPt/hk=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774947495; c=relaxed/simple;
	bh=d7YZnLvS+h+0HdiguMBa6VMgZIVwCHnjN+73m5Nnd1I=;
	h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type; b=X4euNmOykUPb5IELr8iVdsgIQbruXP1aJP+tVb+SziJnGalWKBMDpKfMWxQ6D8qsJ0Jd8USR7jehKedtnoAslxh18G/IpTq1leRBEg0fb/LCUZAtliL0yqFtP+DfnZmtwoO0R/j6sWyq/uUXz0R3YOkOOxycfGGrtS8ee2t8VP8=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=dOx1ewDn; arc=none smtp.client-ip=209.85.128.50
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dOx1ewDn"
Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-486ff201041so53595155e9.1
        for <linux-kernel@vger.kernel.org>; Tue, 31 Mar 2026 01:58:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1774947493; x=1775552293; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=xUBFmNIoijQTwDFycTPLWNTUdbsDcUl9Qdi01ngFzW8=;
        b=dOx1ewDnLnvyrv2L5daLy9oAlTrhV+xzEsgJzWmqojXpTuQ3xN82/JhbRoKhNi0KxO
         JQW/eI+4a3a15gaOAHL5dHrevzObRo5m0rzk6a4S8tpB8/IQSv3hVQAWHo9DTuINA/Mx
         15YgIYpMucBC0LfqF1FcmWfHyfGQ+l8M9TGoS9hzWUe7OmUzp5T1g4VwMmHQPXpna/Y4
         tyIGqZ+e0YIvJCpZydaKPxsmjfxWvm67vf1ImISvJbz5EbwCkp57L+gy/ubwSg9i4+su
         pg+w2BzS0NU6PigVLJnC6rI+NCMhpp1EYGlUoDau/OHx1zkyRJs3MvHck9wEo91bQBr2
         8/uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774947493; x=1775552293;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=xUBFmNIoijQTwDFycTPLWNTUdbsDcUl9Qdi01ngFzW8=;
        b=ALVrSYD5hbu0u/LiQ07Lfo5IUnPyD5ypi9OekJfrfTVS9f/3kA64zFwCYhGGFE3sym
         9Po6YwL5dP6joJwikusU1yZRBNIOXcOEw2Bu+f2Ax68o5rWPfolCl1Iea/G+FbzQVaU8
         oyMBMwUh55wuzHSZEFJUmS+3Vz37l0Dc4jprAqwzotL4Z2ZubBll+gm+5/vNTls+bzpD
         ayqAUGfnZdoG2FdoIVjI/HaJVDu7lgHrIei2RxZROAw6JY8ISPUYIm724voBKozRTa+b
         tiv1RoZNNn1ijkwAfsKN8Y8o5zSGglntdxsSYwURLp3wo0N98oQONS1IUKH5dpzGd3dV
         t1ew==
X-Forwarded-Encrypted: i=1; AJvYcCXEiEsWjEV4LXIf0rPy43HRiSG6xurUpKoNoSzZC1mPo0MfSd2hbGDgE9p1CwGGM1Uc2mJOixs3/fWbceY=@vger.kernel.org
X-Gm-Message-State: AOJu0YzH/noCC5j8z046yWKqJUZ0Lw0VN8BWo45vIOwaFrq5HB2Lc7PU
	xPzVSpO03Q6PxHhJYxtUxVbE7d6zKVEgMb6TgNr7Kbprrnk77hU26o3E
X-Gm-Gg: ATEYQzwNV7HuXmjXElYYJSftMNldyWHsURXoqydd/xGz7CzGAOLudbkolp1Y5xKya+q
	Ho1WT5AnCVw5sP5oVjXaP+voZj3Vi9G5KZ+7vH5do+i6mfFszNQGGWaElVHjZPav7zaR+pIy9SL
	DxktxFoBzaOWXfGs/JxFgxc84mF+8//4BjqHcYTKJ8X6MzIe7NXcYEJIAs5ST0MRu1afzsvizDf
	iZCwP2A/kB7v7P97OraokC3v9bj23x8mPUz90ZktdYT8olwOFu3h3by1R8GGmyuWMV12bj3uSMt
	cKIGwEY9xuDOadpA4fiH0yXSlrcJLxGCCQ0KSvIoXSvD+PqEO9/H5af/td1F9lSLfiz9BZ/Xh/7
	pNnwn9eJ2dhRe1ECazDMsMD3s5rGAmAAiiy8f68IUuZ27OAybuj5pztY5cgqhO6aCHpxz09W3NY
	gGYLOhQQZ81FFMOBVe1FvvbDHPXcb1UksaaOjVw9zBQ1WxQx/C8m6+09Ic3mA3
X-Received: by 2002:a05:600d:1c:b0:485:3f17:425 with SMTP id 5b1f17b1804b1-48727ec7681mr205715195e9.21.1774947492313;
        Tue, 31 Mar 2026 01:58:12 -0700 (PDT)
Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887a630901sm19437755e9.0.2026.03.31.01.58.11
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 31 Mar 2026 01:58:12 -0700 (PDT)
Date: Tue, 31 Mar 2026 09:58:10 +0100
From: David Laight <david.laight.linux@gmail.com>
To: Kees Cook <kees@kernel.org>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH next 3/3] fortify: Simplify strlen() logic
Message-ID: <20260331095810.30da7b05@pumpkin>
In-Reply-To: <202603302305.19F4EF8@keescook>
References: <20260330132003.3379-1-david.laight.linux@gmail.com>
	<20260330132003.3379-4-david.laight.linux@gmail.com>
	<202603302305.19F4EF8@keescook>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Mon, 30 Mar 2026 23:07:01 -0700
Kees Cook <kees@kernel.org> wrote:

> On Mon, Mar 30, 2026 at 02:20:03PM +0100, david.laight.linux@gmail.com wrote:
> > From: David Laight <david.laight.linux@gmail.com>
> > 
> > The __builtin_choose_expr() doesn't gain you anything, replace with
> > a simple ?: operator.
> > Then __is_constexpr() can then be replaced with __builtin_constant_p().
> > This still works for static initialisers - the expression can contain
> > a function call - provided it isn't actually called.  
> 
> But __is_constexpr() != __builtin_constant_p(). I will go find the
> horrible examples of why this, too, needed so much careful construction.
> 

I know all about that.
Loosely __is_constexpr() requires that the initial compilation pass
sees something that is constant, whereas __builtin_constant_p() can
initially say 'not sure' and then a later compilation pass (eg after
function inlining) can determine that it is true after all.
There are a few places where C requires an 'integer constant expression',
otherwise __builtin_constant_p() is good enough.

__builtin_choose_expr() is also pretty much exactly the same as ?:
except that the types of the two expressions can differ.
In particular both bits of code have to compile without warnings
and have to be valid where it is used.

Note that you can have a function call in a static initialiser but not a
statement expression ({...}). C requires the expression be constant
- so the function can't be called, but it is syntactically valid.
So if you have a ({...}) in the unselected code of a __builtin_choose_expr()
you can't use it for a static initialiser.

Once you've relaxed the __builtin_choose_expr() to ?: you can relax
the test to __builtin_constant_p().
That is then (usually) true for constant values passed into inline functions.
I think I found a few cases where it made a difference.

	David