* [PATCH v2 0/2] stddef: Allow attributes to be used when creating flex arrays @ 2024-02-13 23:42 Kees Cook 2024-02-13 23:42 ` [PATCH v2 1/2] " Kees Cook 2024-02-13 23:42 ` [PATCH v2 2/2] net/ipv4: Annotate imsf_slist_flex with __counted_by(imsf_numsrc) Kees Cook 0 siblings, 2 replies; 4+ messages in thread From: Kees Cook @ 2024-02-13 23:42 UTC (permalink / raw) To: Jakub Kicinski Cc: Kees Cook, David S. Miller, Rasmus Villemoes, Dan Williams, Keith Packard, Miguel Ojeda, Alexey Dobriyan, Dmitry Antipov, Gustavo A. R. Silva, Eric Dumazet, Paolo Abeni, Nathan Chancellor, kernel test robot, linux-kernel, netdev, linux-hardening v2: - don't add a new helper, just add __VA_ARGS__ (Rasmus) v1: https://lore.kernel.org/all/20240210011452.work.985-kees@kernel.org/ Hi, We're going to have more cases where we need to apply attributes (e.g. __counted_by) to struct members that have been declared with DECLARE_FLEX_ARRAY. Add an optional 3rd argument to allow for this and annotate one such user in linux/in.h. I kept the acks/reviews since it's effectively the same... -Kees Kees Cook (2): stddef: Allow attributes to be used when creating flex arrays net/ipv4: Annotate imsf_slist_flex with __counted_by(imsf_numsrc) include/linux/stddef.h | 6 +++--- include/uapi/linux/in.h | 3 ++- include/uapi/linux/stddef.h | 10 +++++----- 3 files changed, 10 insertions(+), 9 deletions(-) -- 2.34.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/2] stddef: Allow attributes to be used when creating flex arrays 2024-02-13 23:42 [PATCH v2 0/2] stddef: Allow attributes to be used when creating flex arrays Kees Cook @ 2024-02-13 23:42 ` Kees Cook 2024-06-08 16:26 ` Vincent Mailhol 2024-02-13 23:42 ` [PATCH v2 2/2] net/ipv4: Annotate imsf_slist_flex with __counted_by(imsf_numsrc) Kees Cook 1 sibling, 1 reply; 4+ messages in thread From: Kees Cook @ 2024-02-13 23:42 UTC (permalink / raw) To: Jakub Kicinski Cc: Kees Cook, Rasmus Villemoes, Dan Williams, Keith Packard, Miguel Ojeda, Alexey Dobriyan, Dmitry Antipov, Gustavo A . R . Silva, David S. Miller, Eric Dumazet, Paolo Abeni, Nathan Chancellor, kernel test robot, linux-kernel, netdev, linux-hardening With the coming support for the __counted_by struct member attribute, we will need a way to add such annotations to the places where DECLARE_FLEX_ARRAY() is used. Add an optional 3rd argument that can be used for including attributes in the flexible array definition. Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Keith Packard <keithp@keithp.com> Cc: Miguel Ojeda <ojeda@kernel.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Dmitry Antipov <dmantipov@yandex.ru> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> --- include/linux/stddef.h | 6 +++--- include/uapi/linux/stddef.h | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/stddef.h b/include/linux/stddef.h index 929d67710cc5..176bfe8c0bd7 100644 --- a/include/linux/stddef.h +++ b/include/linux/stddef.h @@ -82,15 +82,15 @@ enum { /** * DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union - * * @TYPE: The type of each flexible array element * @NAME: The name of the flexible array member + * @...: The list of member attributes to apply (optional) * * In order to have a flexible array member in a union or alone in a * struct, it needs to be wrapped in an anonymous struct with at least 1 * named member, but that member can be empty. */ -#define DECLARE_FLEX_ARRAY(TYPE, NAME) \ - __DECLARE_FLEX_ARRAY(TYPE, NAME) +#define DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \ + __DECLARE_FLEX_ARRAY(TYPE, NAME, __VA_ARGS__) #endif diff --git a/include/uapi/linux/stddef.h b/include/uapi/linux/stddef.h index 2ec6f35cda32..028aeec3d7f1 100644 --- a/include/uapi/linux/stddef.h +++ b/include/uapi/linux/stddef.h @@ -31,23 +31,23 @@ #ifdef __cplusplus /* sizeof(struct{}) is 1 in C++, not 0, can't use C version of the macro. */ -#define __DECLARE_FLEX_ARRAY(T, member) \ - T member[0] +#define __DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \ + TYPE NAME[0] __VA_ARGS__ #else /** * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union - * * @TYPE: The type of each flexible array element * @NAME: The name of the flexible array member + * @...: The list of member attributes to apply (optional) * * In order to have a flexible array member in a union or alone in a * struct, it needs to be wrapped in an anonymous struct with at least 1 * named member, but that member can be empty. */ -#define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ +#define __DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \ struct { \ struct { } __empty_ ## NAME; \ - TYPE NAME[]; \ + TYPE NAME[] __VA_ARGS__; \ } #endif -- 2.34.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/2] stddef: Allow attributes to be used when creating flex arrays 2024-02-13 23:42 ` [PATCH v2 1/2] " Kees Cook @ 2024-06-08 16:26 ` Vincent Mailhol 0 siblings, 0 replies; 4+ messages in thread From: Vincent Mailhol @ 2024-06-08 16:26 UTC (permalink / raw) To: Kees Cook; +Cc: Jakub Kicinski Rasmus Villemoes Hi, Kees I was looking to apply the __counted_by to the drivers/net/can subtree, and a research on the DECLARE_FLEX_ARRAY brought me to this patch. I could not find it in any tree (tried Linus's tree and linux-next), so I am not sure what is the status here (sorry if it was upstreamed and if I just missed it). While at it, and with several months of delays, here is my feedback. On Tue, 13 Feb 2024 at 15:42:10, Kees Cook <keescook@chromium.org> wrote: > With the coming support for the __counted_by struct member attribute, > we will need a way to add such annotations to the places where > DECLARE_FLEX_ARRAY() is used. Add an optional 3rd argument that can be > used for including attributes in the flexible array definition. > > Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> > Cc: Dan Williams <dan.j.williams@intel.com> > Cc: Keith Packard <keithp@keithp.com> > Cc: Miguel Ojeda <ojeda@kernel.org> > Cc: Alexey Dobriyan <adobriyan@gmail.com> > Cc: Dmitry Antipov <dmantipov@yandex.ru> > Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > include/linux/stddef.h | 6 +++--- > include/uapi/linux/stddef.h | 10 +++++----- > 2 files changed, 8 insertions(+), 8 deletions(-) > > diff --git a/include/linux/stddef.h b/include/linux/stddef.h > index 929d67710cc5..176bfe8c0bd7 100644 > --- a/include/linux/stddef.h > +++ b/include/linux/stddef.h > @@ -82,15 +82,15 @@ enum { > > /** > * DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union > - * Nitpick: this line removal is not related to the patch and the other documentation blocks in include/linux/stddef.h also have this empty line. For consistency, better to keep. > * @TYPE: The type of each flexible array element > * @NAME: The name of the flexible array member > + * @...: The list of member attributes to apply (optional) > * > * In order to have a flexible array member in a union or alone in a > * struct, it needs to be wrapped in an anonymous struct with at least 1 > * named member, but that member can be empty. > */ > -#define DECLARE_FLEX_ARRAY(TYPE, NAME) \ > - __DECLARE_FLEX_ARRAY(TYPE, NAME) > +#define DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \ > + __DECLARE_FLEX_ARRAY(TYPE, NAME, __VA_ARGS__) > > #endif > diff --git a/include/uapi/linux/stddef.h b/include/uapi/linux/stddef.h > index 2ec6f35cda32..028aeec3d7f1 100644 > --- a/include/uapi/linux/stddef.h > +++ b/include/uapi/linux/stddef.h > @@ -31,23 +31,23 @@ > > #ifdef __cplusplus > /* sizeof(struct{}) is 1 in C++, not 0, can't use C version of the macro. */ > -#define __DECLARE_FLEX_ARRAY(T, member) \ > - T member[0] > +#define __DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \ > + TYPE NAME[0] __VA_ARGS__ > #else > /** > * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union > - * Same as above: no need to remove. > * @TYPE: The type of each flexible array element > * @NAME: The name of the flexible array member > + * @...: The list of member attributes to apply (optional) > * > * In order to have a flexible array member in a union or alone in a > * struct, it needs to be wrapped in an anonymous struct with at least 1 > * named member, but that member can be empty. > */ > -#define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ > +#define __DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \ > struct { \ > struct { } __empty_ ## NAME; \ > - TYPE NAME[]; \ > + TYPE NAME[] __VA_ARGS__; \ > } > #endif How does this work? If I take this example: struct foo { size_t union_size; union { struct bar; DECLARE_FLEX_ARRAY(u8, raw, __counted_by(union_size)); }; }; it will expand to: struct foo { size_t union_size; union { struct bar; struct { struct { } __empty_raw; u8 raw[] __counted_by(union_size); }; }; }; right? Looking at clang documentation: The count field member must be within the same non-anonymous, enclosing struct as the flexible array member. Ref: https://clang.llvm.org/docs/AttributeReference.html#counted-by Here, the union_size and the flexible array member are in different structures (struct foo and anonymous structure). It seems to me that the prerequisites are not met. Am I missing something? Yours sincerely, Vincent Mailhol ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 2/2] net/ipv4: Annotate imsf_slist_flex with __counted_by(imsf_numsrc) 2024-02-13 23:42 [PATCH v2 0/2] stddef: Allow attributes to be used when creating flex arrays Kees Cook 2024-02-13 23:42 ` [PATCH v2 1/2] " Kees Cook @ 2024-02-13 23:42 ` Kees Cook 1 sibling, 0 replies; 4+ messages in thread From: Kees Cook @ 2024-02-13 23:42 UTC (permalink / raw) To: Jakub Kicinski Cc: Kees Cook, David S. Miller, Eric Dumazet, Paolo Abeni, netdev, linux-hardening, Gustavo A. R. Silva, Rasmus Villemoes, Dan Williams, Keith Packard, Miguel Ojeda, Alexey Dobriyan, Dmitry Antipov, Nathan Chancellor, kernel test robot, linux-kernel The size of the imsf_slist_flex member is determined by imsf_numsrc, so annotate it as such. Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Paolo Abeni <pabeni@redhat.com> Cc: netdev@vger.kernel.org Cc: linux-hardening@vger.kernel.org Acked-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: "Gustavo A. R. Silva" <gustavoars@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> --- include/uapi/linux/in.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h index e682ab628dfa..2f0c4d40bc7b 100644 --- a/include/uapi/linux/in.h +++ b/include/uapi/linux/in.h @@ -199,7 +199,8 @@ struct ip_msfilter { __u32 imsf_numsrc; union { __be32 imsf_slist[1]; - __DECLARE_FLEX_ARRAY(__be32, imsf_slist_flex); + __DECLARE_FLEX_ARRAY(__be32, imsf_slist_flex, + __counted_by(imsf_numsrc)); }; }; -- 2.34.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-08 16:32 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-02-13 23:42 [PATCH v2 0/2] stddef: Allow attributes to be used when creating flex arrays Kees Cook 2024-02-13 23:42 ` [PATCH v2 1/2] " Kees Cook 2024-06-08 16:26 ` Vincent Mailhol 2024-02-13 23:42 ` [PATCH v2 2/2] net/ipv4: Annotate imsf_slist_flex with __counted_by(imsf_numsrc) Kees Cook
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).