| Message ID | 20240318130354.2713265-1-aleksander.lobakin@intel.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | compiler_types: add Endianness-dependent __counted_by_{le,be} | expand |
On Mon, Mar 18, 2024 at 02:03:51PM +0100, Alexander Lobakin wrote: > Some structures contain flexible arrays at the end and the counter for > them, but the counter has explicit Endianness and thus __counted_by() > can't be used directly. > > To increase test coverage for potential problems without breaking > anything, introduce __counted_by_{le,be} defined depending on platform's > Endianness to either __counted_by() when applicable or noop otherwise. > The first user will be virtchnl2.h from idpf just as example with 9 flex > structures having Little Endian counters. Yeah, okay, that makes good sense. It'll give us as much coverage as we can get until the compilers gain "expression" support for the 'counted_by' attribute. Acked-by: Kees Cook <keescook@chromium.org>
On Mon, Mar 18, 2024 at 02:03:51PM +0100, Alexander Lobakin wrote: > include/linux/compiler_types.h | 11 ++++++++++ > drivers/net/ethernet/intel/idpf/virtchnl2.h | 24 ++++++++++----------- > 2 files changed, 23 insertions(+), 12 deletions(-) Oh, I see the Subject says "kspp-next" -- normally I'd expect things touch net to go through netdev. I'm fine with this going through either tree. Perhaps better through netdev since that subsystem has the most users and may gain more using the new macros? -Kees
From: Kees Cook <keescook@chromium.org> Date: Mon, 18 Mar 2024 10:49:25 -0700 > On Mon, Mar 18, 2024 at 02:03:51PM +0100, Alexander Lobakin wrote: >> include/linux/compiler_types.h | 11 ++++++++++ >> drivers/net/ethernet/intel/idpf/virtchnl2.h | 24 ++++++++++----------- >> 2 files changed, 23 insertions(+), 12 deletions(-) > > Oh, I see the Subject says "kspp-next" -- normally I'd expect things > touch net to go through netdev. I'm fine with this going through either > tree. Perhaps better through netdev since that subsystem has the most > users and may gain more using the new macros? Yeah sure. I send it with "kspp-next", so that it would be clear it's a security feature :> Thanks for the ack. Re expressions -- Przemek suggested it would be nice to have something like __le32 counter; struct a flex[] __counted_by(le32_to_cpu(counter)); but we don't know whether something like this is possible to implement in the compiler. > > -Kees Thanks, Olek
Some structures contain flexible arrays at the end and the counter for them, but the counter has explicit Endianness and thus __counted_by() can't be used directly. To increase test coverage for potential problems without breaking anything, introduce __counted_by_{le,be} defined depending on platform's Endianness to either __counted_by() when applicable or noop otherwise. The first user will be virtchnl2.h from idpf just as example with 9 flex structures having Little Endian counters. Maybe it would be a good idea to introduce such attributes on compiler level if possible, but for now let's stop on what we have. Alexander Lobakin (3): compiler_types: add Endianness-dependent __counted_by_{le,be} idpf: make virtchnl2.h self-contained idpf: sprinkle __counted_by{,_le}() in the virtchnl2 header include/linux/compiler_types.h | 11 ++++++++++ drivers/net/ethernet/intel/idpf/virtchnl2.h | 24 ++++++++++----------- 2 files changed, 23 insertions(+), 12 deletions(-)