From: Kees Cook <keescook@chromium.org>
To: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH][next] uapi: net/ipv4: Use __DECLARE_FLEX_ARRAY() helper
Date: Wed, 31 Aug 2022 11:17:31 -0700 [thread overview]
Message-ID: <202208311116.62D0CD477@keescook> (raw)
In-Reply-To: <Yw5H3E3a6mmpuTeT@work>
On Tue, Aug 30, 2022 at 12:24:44PM -0500, Gustavo A. R. Silva wrote:
> We now have a cleaner way to keep compatibility with user-space
> (a.k.a. not breaking it) when we need to keep in place a one-element
> array (for its use in user-space) together with a flexible-array
> member (for its use in kernel-space) without making it hard to read
> at the source level. This is through the use of the new
> __DECLARE_FLEX_ARRAY() helper macro.
>
> The size and memory layout of the structure is preserved after the
> changes. See below.
>
> Before changes:
>
> $ pahole -C ip_msfilter net/ipv4/igmp.o
> struct ip_msfilter {
> union {
> struct {
> __be32 imsf_multiaddr_aux; /* 0 4 */
> __be32 imsf_interface_aux; /* 4 4 */
> __u32 imsf_fmode_aux; /* 8 4 */
> __u32 imsf_numsrc_aux; /* 12 4 */
> __be32 imsf_slist[1]; /* 16 4 */
> }; /* 0 20 */
> struct {
> __be32 imsf_multiaddr; /* 0 4 */
> __be32 imsf_interface; /* 4 4 */
> __u32 imsf_fmode; /* 8 4 */
> __u32 imsf_numsrc; /* 12 4 */
> __be32 imsf_slist_flex[0]; /* 16 0 */
> }; /* 0 16 */
> }; /* 0 20 */
>
> /* size: 20, cachelines: 1, members: 1 */
> /* last cacheline: 20 bytes */
> };
>
> After changes:
>
> $ pahole -C ip_msfilter net/ipv4/igmp.o
> struct ip_msfilter {
> struct {
> __be32 imsf_multiaddr; /* 0 4 */
> __be32 imsf_interface; /* 4 4 */
> __u32 imsf_fmode; /* 8 4 */
> __u32 imsf_numsrc; /* 12 4 */
> union {
> __be32 imsf_slist[1]; /* 16 4 */
> struct {
> struct {
> } __empty_imsf_slist_flex; /* 16 0 */
> __be32 imsf_slist_flex[0]; /* 16 0 */
> }; /* 16 0 */
> }; /* 16 4 */
> }; /* 0 20 */
>
> /* size: 20, cachelines: 1, members: 1 */
> /* last cacheline: 20 bytes */
> };
>
> In the past, we had to duplicate the whole original structure within
> a union, and update the names of all the members. Now, we just need to
> declare the flexible-array member to be used in kernel-space through
> the __DECLARE_FLEX_ARRAY() helper together with the one-element array,
> within a union. This makes the source code more clean and easier to read.
>
> Link: https://github.com/KSPP/linux/issues/193
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> include/uapi/linux/in.h | 20 +++++++-------------
> 1 file changed, 7 insertions(+), 13 deletions(-)
>
> diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h
> index 14168225cecd..fa4dc8f8f081 100644
> --- a/include/uapi/linux/in.h
> +++ b/include/uapi/linux/in.h
> @@ -188,20 +188,14 @@ struct ip_mreq_source {
> };
>
> struct ip_msfilter {
> - union {
> - struct {
> - __be32 imsf_multiaddr_aux;
> - __be32 imsf_interface_aux;
> - __u32 imsf_fmode_aux;
> - __u32 imsf_numsrc_aux;
> + struct {
I don't think this internal anonymous struct is needed any more?
> + __be32 imsf_multiaddr;
> + __be32 imsf_interface;
> + __u32 imsf_fmode;
> + __u32 imsf_numsrc;
> + union {
> __be32 imsf_slist[1];
> - };
> - struct {
> - __be32 imsf_multiaddr;
> - __be32 imsf_interface;
> - __u32 imsf_fmode;
> - __u32 imsf_numsrc;
> - __be32 imsf_slist_flex[];
> + __DECLARE_FLEX_ARRAY(__be32, imsf_slist_flex);
> };
> };
> };
I.e. can't this now just be:
struct ip_msfilter {
__be32 imsf_multiaddr;
__be32 imsf_interface;
__u32 imsf_fmode;
__u32 imsf_numsrc;
union {
__be32 imsf_slist[1];
__DECLARE_FLEX_ARRAY(__be32, imsf_slist_flex);
};
};
> --
> 2.34.1
>
--
Kees Cook
next prev parent reply other threads:[~2022-08-31 18:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-30 17:24 [PATCH][next] uapi: net/ipv4: Use __DECLARE_FLEX_ARRAY() helper Gustavo A. R. Silva
2022-08-31 18:17 ` Kees Cook [this message]
2022-08-31 19:01 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202208311116.62D0CD477@keescook \
--to=keescook@chromium.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gustavoars@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.