From: Paul Moore <paul@paul-moore.com>
To: "Christian Göttsche" <cgoettsche@seltendoof.de>, selinux@vger.kernel.org
Cc: "Christian Göttsche" <cgzones@googlemail.com>,
"Stephen Smalley" <stephen.smalley.work@gmail.com>,
"Ondrej Mosnacek" <omosnace@redhat.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Bill Wendling" <morbo@google.com>,
"Justin Stitt" <justinstitt@google.com>,
"Thiébaud Weksteen" <tweek@google.com>,
"Bram Bonné" <brambonne@google.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev
Subject: Re: [PATCH RFC v2 5/22] selinux: avoid nontransitive comparison
Date: Tue, 07 Jan 2025 21:59:59 -0500 [thread overview]
Message-ID: <01df64ed8f6eb9e6f2780b5b0aa3be5c@paul-moore.com> (raw)
In-Reply-To: <20241216164055.96267-5-cgoettsche@seltendoof.de>
On Dec 16, 2024 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@seltendoof.de> wrote:
>
> Avoid using nontransitive comparison to prevent unexpected sorting
> results due to (well-defined) overflows.
> See https://www.qualys.com/2024/01/30/qsort.txt for a related issue in
> glibc's qsort(3).
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> security/selinux/ss/policydb.c | 18 ++++++++++--------
> 1 file changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index 3ba5506a3fff..eb944582d7a6 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -37,6 +37,8 @@
> #include "mls.h"
> #include "services.h"
>
> +#define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b)))
I'll admit that it took me a while to figure out why you decided to
name this macro "spaceship_cmp", and then I had a little laugh when
I realized why it was called the "spaceship" operator :)
Anyway, while the spaceship operator is likely familiar to people who
have a Perl background, the kernel is still mostly a C project so I
don't think we can expect a base understanding of Perl, especially
these days as Perl isn't as popular as in the past. Can we rename
this to something else that makes more sense in the context of C?
--
paul-moore.com
next prev parent reply other threads:[~2025-01-08 3:00 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-16 16:39 [RFC PATCH v2 01/22] selinux: supply missing field initializers Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 02/22] selinux: avoid using types indicating user space interaction Christian Göttsche
2025-01-08 2:59 ` [PATCH RFC v2 2/22] " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 03/22] selinux: align and constify functions Christian Göttsche
2025-01-08 2:59 ` [PATCH RFC v2 3/22] " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 04/22] selinux: rework match_ipv6_addrmask() Christian Göttsche
2025-01-08 2:59 ` [PATCH RFC v2 4/22] " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 05/22] selinux: avoid nontransitive comparison Christian Göttsche
2025-01-08 2:59 ` Paul Moore [this message]
2025-01-08 13:17 ` [PATCH RFC v2 5/22] " Christian Göttsche
2025-01-08 15:06 ` Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 06/22] selinux: rename comparison functions for clarity Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC v2 6/22] " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 07/22] selinux: use known type instead of void pointer Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC v2 7/22] " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 08/22] selinux: avoid unnecessary indirection in struct level_datum Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC v2 8/22] " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 09/22] selinux: make use of str_read() Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC v2 9/22] " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 10/22] selinux: use u16 for security classes Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 11/22] selinux: more strict policy parsing Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC " Paul Moore
2025-01-08 15:49 ` Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 12/22] selinux: check length fields in policies Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 13/22] selinux: validate constraints Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 14/22] selinux: pre-validate conditional expressions Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 15/22] selinux: introduce ebitmap_highest_set_bit() Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC " Paul Moore
2024-12-16 16:40 ` [RFC PATCH v2 16/22] selinux: check type attr map overflows Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 17/22] selinux: reorder policydb_index() Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 18/22] selinux: beef up isvalid checks Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 19/22] selinux: validate symbols Christian Göttsche
2025-01-08 3:00 ` [PATCH RFC " Paul Moore
2025-01-08 17:02 ` Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 20/22] selinux: more strict bounds check Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 21/22] selinux: check for simple types Christian Göttsche
2024-12-16 16:40 ` [RFC PATCH v2 22/22] selinux: restrict policy strings Christian Göttsche
2025-01-03 20:12 ` Stephen Smalley
2025-01-05 23:26 ` Joe Nall
2025-01-07 14:04 ` Christian Göttsche
2025-01-07 16:09 ` Daniel Burgener
2025-01-07 16:32 ` James Carter
2024-12-16 16:40 ` [RFC PATCH v2 00/22] selinux: harden against malformed policies Christian Göttsche
2025-01-08 2:59 ` [PATCH RFC v2 1/22] selinux: supply missing field initializers Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01df64ed8f6eb9e6f2780b5b0aa3be5c@paul-moore.com \
--to=paul@paul-moore.com \
--cc=brambonne@google.com \
--cc=cgoettsche@seltendoof.de \
--cc=cgzones@googlemail.com \
--cc=justinstitt@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=masahiroy@kernel.org \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=tweek@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox