From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AEE64C5475B for ; Wed, 6 Mar 2024 23:52:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 564FA81CAF; Wed, 6 Mar 2024 23:52:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7X1vDixksd7A; Wed, 6 Mar 2024 23:52:17 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.34; helo=ash.osuosl.org; envelope-from=intel-wired-lan-bounces@osuosl.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org B1A0F820CF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=osuosl.org; s=default; t=1709769137; bh=ZEAVZcoYSQFZcvaftM2f/g9GOC1c60DgaQV+1wgZreQ=; h=Date:From:To:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Cc:From; b=mngHdlKmR7rOjDccaSHoB/HIYtgHzr5w75/HZcqkDilga45OXN4X5tsA8jxb3ukWP F1rsDophfr0r6rlI1h802YEAWnjU8Sjvzh00USees/xnBuqDE+BAqI2irlJ7A7Hoim 8ufUFGWr5cVBYsgbeTo4TPKh47pKrgj1Hjo9I4wM7C9oJOGJdab24yQck7H8PBUZvk RRN/0lIYaqNH87C0Om2xcmaMwo847EoryzcxjNLAhxtXKharm8S14Dnbof5s+yCiws LTjNJVwZLZge7XFHHmrslhvGSVg6WeZL/x5KZf3HjpykC5hBiJ2wMKgsF0pYDElxeV 3dZq0kjFIbQrw== Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp1.osuosl.org (Postfix) with ESMTP id B1A0F820CF; Wed, 6 Mar 2024 23:52:17 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 513DF1BF5E9 for ; Wed, 6 Mar 2024 23:52:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 49BEE820CF for ; Wed, 6 Mar 2024 23:52:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MtG3Z6xDjCPF for ; Wed, 6 Mar 2024 23:52:15 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::32e; helo=mail-ot1-x32e.google.com; envelope-from=keescook@chromium.org; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 5786C81CAF DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 5786C81CAF Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) by smtp1.osuosl.org (Postfix) with ESMTPS id 5786C81CAF for ; Wed, 6 Mar 2024 23:52:15 +0000 (UTC) Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-6e125818649so191879a34.1 for ; Wed, 06 Mar 2024 15:52:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709769134; x=1710373934; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZEAVZcoYSQFZcvaftM2f/g9GOC1c60DgaQV+1wgZreQ=; b=YgxEPQjqHenO8H1oAIj0G7iNs8AiiKOypfZQNaf0WKMeeMALEnIQDZ4AmzgSzWgaiI EehCZkNlenqQiauKVZBsy0l/K3efoJ4Cvw2W34Do34kcwH6+cN/K2/QByGgzHOkzmRog sBt9MtjKd09rgdp4HvX3+3AIYXz4cE7fAofE+5ytWD4qGWbDWdlw7HbeHlA2uryguPwh A1b7df5JjtbuuwXE+nTHgMdNsw8vR2+h7Nfx0yYHVGq6cI108p9j6lL5UNrogg48YvcJ pgKk41OSykv0ULYVoMbUIS/N/CgBIr6SKhP/WmIsbQGOPFvwq4ovpwWKdz6dZTfIn4Eo z/fQ== X-Forwarded-Encrypted: i=1; AJvYcCVWw4r//qpDXp9ASU4wNZCAJIAfp5Uq6gyI0mlXfdaSUOj0e7Pk0vFQjyXRHYzLVP3rOE9rDGoUJDedK6M5Jzab4/lD+H3+/r+a4yUkdy4Vmw== X-Gm-Message-State: AOJu0YykmguWlJm9L3WVg640EwNa+YN3FxJ4vU3pgPbq5WDPux9xY4Ut kWCSW+BByodgPaCh42PUphkSx1Wm2jY6FDRoB9ttlvzinpPENIh41ujlsSh1dA== X-Google-Smtp-Source: AGHT+IGzQi4Hj1eR1TravKHp4tPRAiBWafpLp3PdehA3PNgOnJ+Bn3bpQz0p2gslmzv3nDrpdQZRtA== X-Received: by 2002:a9d:6b13:0:b0:6e4:fa90:3c79 with SMTP id g19-20020a9d6b13000000b006e4fa903c79mr5596220otp.22.1709769134215; Wed, 06 Mar 2024 15:52:14 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id c11-20020a63da0b000000b005bd980cca56sm11450066pgh.29.2024.03.06.15.52.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 15:52:13 -0800 (PST) Date: Wed, 6 Mar 2024 15:52:13 -0800 From: Kees Cook To: Przemek Kitszel Message-ID: <202403061551.00DAFE8B39@keescook> References: <20240306010746.work.678-kees@kernel.org> <9c2990f0-7407-49c6-9e3a-b92de82ea437@embeddedor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1709769134; x=1710373934; darn=lists.osuosl.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=ZEAVZcoYSQFZcvaftM2f/g9GOC1c60DgaQV+1wgZreQ=; b=fEabXBJ8hPMfV2r2Jcd3SXC4O6TeAm5bZT9Vv7wdFSS/soFU4NJC6718hY24JWsahI iJVpbfN8mOZMrvDxae1Vcdl2OO5bjucgNu0Rim+fRHqFiVePzUxa0XdLCYVmNDXqMqYb gDrNGzbe9VanP9FcXeMs/f5+ruDrW4fQ87njw= X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=chromium.org X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=fEabXBJ8 Subject: Re: [Intel-wired-lan] [PATCH] overflow: Change DEFINE_FLEX to take __counted_by member X-BeenThere: intel-wired-lan@osuosl.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Intel Wired Ethernet Linux Kernel Driver Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: intel-wired-lan@lists.osuosl.org, "Gustavo A. R. Silva" , Eric Dumazet , Tony Nguyen , linux-hardening@vger.kernel.org, netdev@vger.kernel.org, Jakub Kicinski , Andrew Morton , Paolo Abeni , "David S. Miller" , linux-kernel@vger.kernel.org Errors-To: intel-wired-lan-bounces@osuosl.org Sender: "Intel-wired-lan" On Wed, Mar 06, 2024 at 08:06:29AM +0100, Przemek Kitszel wrote: > On 3/6/24 04:25, Gustavo A. R. Silva wrote: > > > > > > On 05/03/24 19:07, Kees Cook wrote: > > > The norm should be flexible array structures with __counted_by > > > annotations, so DEFINE_FLEX() is updated to expect that. Rename > > > the non-annotated version to DEFINE_RAW_FLEX(), and update the few > > > existing users. Additionally add self-tests to validate syntax and > > > size calculations. > > > > > > Signed-off-by: Kees Cook > > > --- > > > > [..] > > Just a note that ice changes are purely mechanical, so this seems ok > to go via linux-hardening tree. And changes per-se are fine too :) Thanks! > > > > > > +/** > > > + * DEFINE_FLEX() - Define an on-stack instance of structure with a > > > trailing > > > + * flexible array member. > > > + * > > > + * @TYPE: structure type name, including "struct" keyword. > > > + * @NAME: Name for a variable to define. > > > + * @COUNTER: Name of the __counted_by member. > > > + * @MEMBER: Name of the array member. > > > + * @COUNT: Number of elements in the array; must be compile-time const. > > > + * > > > + * Define a zeroed, on-stack, instance of @TYPE structure with a > > > trailing > > > + * flexible array member. > > > + * Use __struct_size(@NAME) to get compile-time size of it afterwards. > > > + */ > > > +#define DEFINE_FLEX(TYPE, NAME, COUNTER, MEMBER, COUNT)    \ > > > > Probably, swapping COUNTER and MEMBER is better? > > right now we have usage scenario (from Kunits): > DEFINE_FLEX(struct foo, eight, counter, array, 8); > > > > >     DEFINE_FLEX(TYPE, NAME, MEMBER, COUNTER, COUNT) > > usage would become: > DEFINE_FLEX(struct foo, eight, array, counter, 8); > > which reads a bit better indeed, with the added benefit that we > go from broader to more specific: > whole struct -> array -> array size variable -> given array size > > so +1 from me for the params swap Sounds good. You and Gustavo have convinced me. :) I've sent a v2 now. -- Kees Cook