From: Kees Cook <keescook@chromium.org>
To: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH][next] uapi: net/ipv4: Use __DECLARE_FLEX_ARRAY() helper
Date: Wed, 31 Aug 2022 11:17:31 -0700 [thread overview]
Message-ID: <202208311116.62D0CD477@keescook> (raw)
In-Reply-To: <Yw5H3E3a6mmpuTeT@work>
On Tue, Aug 30, 2022 at 12:24:44PM -0500, Gustavo A. R. Silva wrote:
> We now have a cleaner way to keep compatibility with user-space
> (a.k.a. not breaking it) when we need to keep in place a one-element
> array (for its use in user-space) together with a flexible-array
> member (for its use in kernel-space) without making it hard to read
> at the source level. This is through the use of the new
> __DECLARE_FLEX_ARRAY() helper macro.
>
> The size and memory layout of the structure is preserved after the
> changes. See below.
>
> Before changes:
>
> $ pahole -C ip_msfilter net/ipv4/igmp.o
> struct ip_msfilter {
> union {
> struct {
> __be32 imsf_multiaddr_aux; /* 0 4 */
> __be32 imsf_interface_aux; /* 4 4 */
> __u32 imsf_fmode_aux; /* 8 4 */
> __u32 imsf_numsrc_aux; /* 12 4 */
> __be32 imsf_slist[1]; /* 16 4 */
> }; /* 0 20 */
> struct {
> __be32 imsf_multiaddr; /* 0 4 */
> __be32 imsf_interface; /* 4 4 */
> __u32 imsf_fmode; /* 8 4 */
> __u32 imsf_numsrc; /* 12 4 */
> __be32 imsf_slist_flex[0]; /* 16 0 */
> }; /* 0 16 */
> }; /* 0 20 */
>
> /* size: 20, cachelines: 1, members: 1 */
> /* last cacheline: 20 bytes */
> };
>
> After changes:
>
> $ pahole -C ip_msfilter net/ipv4/igmp.o
> struct ip_msfilter {
> struct {
> __be32 imsf_multiaddr; /* 0 4 */
> __be32 imsf_interface; /* 4 4 */
> __u32 imsf_fmode; /* 8 4 */
> __u32 imsf_numsrc; /* 12 4 */
> union {
> __be32 imsf_slist[1]; /* 16 4 */
> struct {
> struct {
> } __empty_imsf_slist_flex; /* 16 0 */
> __be32 imsf_slist_flex[0]; /* 16 0 */
> }; /* 16 0 */
> }; /* 16 4 */
> }; /* 0 20 */
>
> /* size: 20, cachelines: 1, members: 1 */
> /* last cacheline: 20 bytes */
> };
>
> In the past, we had to duplicate the whole original structure within
> a union, and update the names of all the members. Now, we just need to
> declare the flexible-array member to be used in kernel-space through
> the __DECLARE_FLEX_ARRAY() helper together with the one-element array,
> within a union. This makes the source code more clean and easier to read.
>
> Link: https://github.com/KSPP/linux/issues/193
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> include/uapi/linux/in.h | 20 +++++++-------------
> 1 file changed, 7 insertions(+), 13 deletions(-)
>
> diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h
> index 14168225cecd..fa4dc8f8f081 100644
> --- a/include/uapi/linux/in.h
> +++ b/include/uapi/linux/in.h
> @@ -188,20 +188,14 @@ struct ip_mreq_source {
> };
>
> struct ip_msfilter {
> - union {
> - struct {
> - __be32 imsf_multiaddr_aux;
> - __be32 imsf_interface_aux;
> - __u32 imsf_fmode_aux;
> - __u32 imsf_numsrc_aux;
> + struct {
I don't think this internal anonymous struct is needed any more?
> + __be32 imsf_multiaddr;
> + __be32 imsf_interface;
> + __u32 imsf_fmode;
> + __u32 imsf_numsrc;
> + union {
> __be32 imsf_slist[1];
> - };
> - struct {
> - __be32 imsf_multiaddr;
> - __be32 imsf_interface;
> - __u32 imsf_fmode;
> - __u32 imsf_numsrc;
> - __be32 imsf_slist_flex[];
> + __DECLARE_FLEX_ARRAY(__be32, imsf_slist_flex);
> };
> };
> };
I.e. can't this now just be:
struct ip_msfilter {
__be32 imsf_multiaddr;
__be32 imsf_interface;
__u32 imsf_fmode;
__u32 imsf_numsrc;
union {
__be32 imsf_slist[1];
__DECLARE_FLEX_ARRAY(__be32, imsf_slist_flex);
};
};
> --
> 2.34.1
>
--
Kees Cook
next prev parent reply other threads:[~2022-08-31 18:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-30 17:24 [PATCH][next] uapi: net/ipv4: Use __DECLARE_FLEX_ARRAY() helper Gustavo A. R. Silva
2022-08-31 18:17 ` Kees Cook [this message]
2022-08-31 19:01 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202208311116.62D0CD477@keescook \
--to=keescook@chromium.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gustavoars@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).