* i915 utils: range_overflows*() @ 2025-05-30 7:44 Jani Nikula 2025-05-30 17:28 ` Kees Cook 0 siblings, 1 reply; 5+ messages in thread From: Jani Nikula @ 2025-05-30 7:44 UTC (permalink / raw) To: Kees Cook; +Cc: Gustavo A. R. Silva, linux-hardening, intel-gfx Hi Kees - drivers/gpu/drm/i915/i915_utils.h has a handful of helper macros for checking range overflows: range_overflows(), range_overflows_t(), range_overflows_end(), and range_overflows_end_t(). Looks like the first one has also been copy-pasted to include/drm/drm_buddy.h. Feels like include/linux/overflow.h would be the right place for (some version of) them. Thoughts? BR, Jani. -- Jani Nikula, Intel ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: i915 utils: range_overflows*() 2025-05-30 7:44 i915 utils: range_overflows*() Jani Nikula @ 2025-05-30 17:28 ` Kees Cook 2025-06-02 13:10 ` Jani Nikula 0 siblings, 1 reply; 5+ messages in thread From: Kees Cook @ 2025-05-30 17:28 UTC (permalink / raw) To: Jani Nikula; +Cc: Gustavo A. R. Silva, linux-hardening, intel-gfx On Fri, May 30, 2025 at 10:44:31AM +0300, Jani Nikula wrote: > > Hi Kees - > > drivers/gpu/drm/i915/i915_utils.h has a handful of helper macros for > checking range overflows: range_overflows(), range_overflows_t(), > range_overflows_end(), and range_overflows_end_t(). > > Looks like the first one has also been copy-pasted to > include/drm/drm_buddy.h. > > Feels like include/linux/overflow.h would be the right place for (some > version of) them. > > Thoughts? Sure, yes! They need some documentation too. :) And probably some renaming. It looks like range_overflows() is not end-inclusive, but range_overflows_end() is? And the _t variants are forcing explicit types (like max_t, but unlike struct_size_t). -- Kees Cook ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: i915 utils: range_overflows*() 2025-05-30 17:28 ` Kees Cook @ 2025-06-02 13:10 ` Jani Nikula 2025-06-02 18:20 ` Kees Cook 0 siblings, 1 reply; 5+ messages in thread From: Jani Nikula @ 2025-06-02 13:10 UTC (permalink / raw) To: Kees Cook; +Cc: Gustavo A. R. Silva, linux-hardening, intel-gfx On Fri, 30 May 2025, Kees Cook <kees@kernel.org> wrote: > On Fri, May 30, 2025 at 10:44:31AM +0300, Jani Nikula wrote: >> >> Hi Kees - >> >> drivers/gpu/drm/i915/i915_utils.h has a handful of helper macros for >> checking range overflows: range_overflows(), range_overflows_t(), >> range_overflows_end(), and range_overflows_end_t(). >> >> Looks like the first one has also been copy-pasted to >> include/drm/drm_buddy.h. >> >> Feels like include/linux/overflow.h would be the right place for (some >> version of) them. >> >> Thoughts? > > Sure, yes! They need some documentation too. :) And probably some > renaming. It looks like range_overflows() is not end-inclusive, but > range_overflows_end() is? And the _t variants are forcing explicit > types (like max_t, but unlike struct_size_t). Ah, naming. As we all know, NP in NP-complete actually stands for "naming problem". It's hard to come up with a good name, but presented with one, it's quick to verify it is indeed good. Ideas for the hard part? BR, Jani. -- Jani Nikula, Intel ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: i915 utils: range_overflows*() 2025-06-02 13:10 ` Jani Nikula @ 2025-06-02 18:20 ` Kees Cook 2025-06-04 8:59 ` [RFC] drm/i915/utils: document range_overflows*() macros Jani Nikula 0 siblings, 1 reply; 5+ messages in thread From: Kees Cook @ 2025-06-02 18:20 UTC (permalink / raw) To: Jani Nikula; +Cc: Gustavo A. R. Silva, linux-hardening, intel-gfx On Mon, Jun 02, 2025 at 04:10:21PM +0300, Jani Nikula wrote: > On Fri, 30 May 2025, Kees Cook <kees@kernel.org> wrote: > > On Fri, May 30, 2025 at 10:44:31AM +0300, Jani Nikula wrote: > >> > >> Hi Kees - > >> > >> drivers/gpu/drm/i915/i915_utils.h has a handful of helper macros for > >> checking range overflows: range_overflows(), range_overflows_t(), > >> range_overflows_end(), and range_overflows_end_t(). > >> > >> Looks like the first one has also been copy-pasted to > >> include/drm/drm_buddy.h. > >> > >> Feels like include/linux/overflow.h would be the right place for (some > >> version of) them. > >> > >> Thoughts? > > > > Sure, yes! They need some documentation too. :) And probably some > > renaming. It looks like range_overflows() is not end-inclusive, but > > range_overflows_end() is? And the _t variants are forcing explicit > > types (like max_t, but unlike struct_size_t). > > Ah, naming. > > As we all know, NP in NP-complete actually stands for "naming > problem". It's hard to come up with a good name, but presented with one, > it's quick to verify it is indeed good. > > Ideas for the hard part? Well, since the users already exist with the current names, how about we skip that for now and just relocate these (with added kern-doc) to overflow.h and go from there? -Kees -- Kees Cook ^ permalink raw reply [flat|nested] 5+ messages in thread
* [RFC] drm/i915/utils: document range_overflows*() macros 2025-06-02 18:20 ` Kees Cook @ 2025-06-04 8:59 ` Jani Nikula 0 siblings, 0 replies; 5+ messages in thread From: Jani Nikula @ 2025-06-04 8:59 UTC (permalink / raw) To: Kees Cook, Jani Nikula; +Cc: Gustavo A. R. Silva, linux-hardening, intel-gfx In preparation for moving the range check macros to include/linux/overflow.h, document them properly. Cc: Kees Cook <kees@kernel.org> Signed-off-by: Jani Nikula <jani.nikula@intel.com> --- I can squash this into actually moving the macros, I just want to solicit feedback for the documentation first. --- drivers/gpu/drm/i915/i915_utils.h | 45 +++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/drivers/gpu/drm/i915/i915_utils.h b/drivers/gpu/drm/i915/i915_utils.h index f7fb40cfdb70..79127f01f887 100644 --- a/drivers/gpu/drm/i915/i915_utils.h +++ b/drivers/gpu/drm/i915/i915_utils.h @@ -67,6 +67,19 @@ bool i915_error_injected(void); drm_err(&(i915)->drm, fmt, ##__VA_ARGS__); \ }) + +/** + * range_overflows() - Check if @start + @size > @max + * @start: start offset + * @size: length of the range + * @max: valid upper limit + * + * Helper for the common @start + @size > @max range or buffer overflow + * check. Return true if the addition exceeds max or overflows. Also return true + * if @start == @max, even if @size == 0. + * + * Returns: %true if the range overflows. + */ #define range_overflows(start, size, max) ({ \ typeof(start) start__ = (start); \ typeof(size) size__ = (size); \ @@ -76,9 +89,30 @@ bool i915_error_injected(void); start__ >= max__ || size__ > max__ - start__; \ }) +/** + * range_overflows_t() - Check if @start + @size > @max + * @type: data type to use + * @start: start offset + * @size: length of the range + * @max: valid upper limit + * + * Same as range_overflows(), but using the specified @type. + * + * Returns: %true if the range overflows. + */ #define range_overflows_t(type, start, size, max) \ range_overflows((type)(start), (type)(size), (type)(max)) +/** + * range_overflows_end() - Check if @start + @size > @max + * @start: start offset + * @size: length of the range + * @max: valid upper limit + * + * Same as range_overflows(), but allow @start == @max when @size == 0. + * + * Returns: %true if the range overflows. + */ #define range_overflows_end(start, size, max) ({ \ typeof(start) start__ = (start); \ typeof(size) size__ = (size); \ @@ -88,6 +122,17 @@ bool i915_error_injected(void); start__ > max__ || size__ > max__ - start__; \ }) +/** + * range_overflows_end_t() - Check if @start + @size > @max + * @type: data type to use + * @start: start offset + * @size: length of the range + * @max: valid upper limit + * + * Same as range_overflows_end(), but using the specified @type. + * + * Returns: %true if the range overflows. + */ #define range_overflows_end_t(type, start, size, max) \ range_overflows_end((type)(start), (type)(size), (type)(max)) -- 2.39.5 ^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-06-04 8:59 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-05-30 7:44 i915 utils: range_overflows*() Jani Nikula 2025-05-30 17:28 ` Kees Cook 2025-06-02 13:10 ` Jani Nikula 2025-06-02 18:20 ` Kees Cook 2025-06-04 8:59 ` [RFC] drm/i915/utils: document range_overflows*() macros Jani Nikula
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox