From: Kees Cook <keescook@chromium.org>
To: "Williams, Dan J" <dan.j.williams@intel.com>
Cc: "linux@rasmusvillemoes.dk" <linux@rasmusvillemoes.dk>,
"keithpac@amazon.com" <keithpac@amazon.com>,
"clang-built-linux@googlegroups.com"
<clang-built-linux@googlegroups.com>,
"linux-kbuild@vger.kernel.org" <linux-kbuild@vger.kernel.org>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"linux-cxl@vger.kernel.org" <linux-cxl@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>,
"gustavoars@kernel.org" <gustavoars@kernel.org>,
"linux-staging@lists.linux.dev" <linux-staging@lists.linux.dev>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>
Subject: Re: [PATCH 04/64] stddef: Introduce struct_group() helper macro
Date: Fri, 30 Jul 2021 19:59:04 -0700 [thread overview]
Message-ID: <202107301952.B484563@keescook> (raw)
In-Reply-To: <1d9a2e6df2a9a35b2cdd50a9a68cac5991e7e5f0.camel@intel.com>
On Fri, Jul 30, 2021 at 10:19:20PM +0000, Williams, Dan J wrote:
> On Wed, 2021-07-28 at 14:59 -0700, Kees Cook wrote:
> > On Wed, Jul 28, 2021 at 12:54:18PM +0200, Rasmus Villemoes wrote:
> > > On 27/07/2021 22.57, Kees Cook wrote:
> > >
> > > > In order to have a regular programmatic way to describe a struct
> > > > region that can be used for references and sizing, can be examined for
> > > > bounds checking, avoids forcing the use of intermediate identifiers,
> > > > and avoids polluting the global namespace, introduce the struct_group()
> > > > macro. This macro wraps the member declarations to create an anonymous
> > > > union of an anonymous struct (no intermediate name) and a named struct
> > > > (for references and sizing):
> > > >
> > > > struct foo {
> > > > int one;
> > > > struct_group(thing,
> > > > int two,
> > > > int three,
> > > > );
> > > > int four;
> > > > };
> > >
> > > That example won't compile, the commas after two and three should be
> > > semicolons.
> >
> > Oops, yes, thanks. This is why I shouldn't write code that doesn't first
> > go through a compiler. ;)
> >
> > > And your implementation relies on MEMBERS not containing any comma
> > > tokens, but as
> > >
> > > int a, b, c, d;
> > >
> > > is a valid way to declare multiple members, consider making MEMBERS
> > > variadic
> > >
> > > #define struct_group(NAME, MEMBERS...)
> > >
> > > to have it slurp up every subsequent argument and make that work.
> >
> > Ah! Perfect, thank you. I totally forgot I could do it that way.
>
> This is great Kees. It just so happens it would clean-up what we are
> already doing in drivers/cxl/cxl.h for anonymous + named register block
> pointers. However in the cxl case it also needs the named structure to
> be typed. Any appetite for a typed version of this?
Oh cool! Yeah, totally I can expand it. Thanks for the suggestion!
>
> Here is a rough idea of the cleanup it would induce in drivers/cxl/:
>
> diff --git a/drivers/cxl/cxl.h b/drivers/cxl/cxl.h
> index 53927f9fa77e..a2308c995654 100644
> --- a/drivers/cxl/cxl.h
> +++ b/drivers/cxl/cxl.h
> @@ -75,52 +75,19 @@ static inline int cxl_hdm_decoder_count(u32 cap_hdr)
> #define CXLDEV_MBOX_BG_CMD_STATUS_OFFSET 0x18
> #define CXLDEV_MBOX_PAYLOAD_OFFSET 0x20
>
> -#define CXL_COMPONENT_REGS() \
> - void __iomem *hdm_decoder
> -
> -#define CXL_DEVICE_REGS() \
> - void __iomem *status; \
> - void __iomem *mbox; \
> - void __iomem *memdev
> -
> -/* See note for 'struct cxl_regs' for the rationale of this organization */
> /*
> - * CXL_COMPONENT_REGS - Common set of CXL Component register block base pointers
> * @hdm_decoder: CXL 2.0 8.2.5.12 CXL HDM Decoder Capability Structure
> - */
> -struct cxl_component_regs {
> - CXL_COMPONENT_REGS();
> -};
> -
> -/* See note for 'struct cxl_regs' for the rationale of this organization */
> -/*
> - * CXL_DEVICE_REGS - Common set of CXL Device register block base pointers
> * @status: CXL 2.0 8.2.8.3 Device Status Registers
> * @mbox: CXL 2.0 8.2.8.4 Mailbox Registers
> * @memdev: CXL 2.0 8.2.8.5 Memory Device Registers
> */
> -struct cxl_device_regs {
> - CXL_DEVICE_REGS();
> -};
> -
> -/*
> - * Note, the anonymous union organization allows for per
> - * register-block-type helper routines, without requiring block-type
> - * agnostic code to include the prefix.
> - */
> struct cxl_regs {
> - union {
> - struct {
> - CXL_COMPONENT_REGS();
> - };
> - struct cxl_component_regs component;
> - };
> - union {
> - struct {
> - CXL_DEVICE_REGS();
> - };
> - struct cxl_device_regs device_regs;
> - };
> + struct_group_typed(cxl_component_regs, component,
> + void __iomem *hdm_decoder;
> + );
> + struct_group_typed(cxl_device_regs, device_regs,
> + void __iomem *status, *mbox, *memdev;
> + );
> };
>
> struct cxl_reg_map {
> diff --git a/include/linux/stddef.h b/include/linux/stddef.h
> index cf7f866944f9..84b7de24ffb5 100644
> --- a/include/linux/stddef.h
> +++ b/include/linux/stddef.h
> @@ -49,12 +49,18 @@ enum {
> * @ATTRS: Any struct attributes (normally empty)
> * @MEMBERS: The member declarations for the mirrored structs
> */
> -#define struct_group_attr(NAME, ATTRS, MEMBERS) \
> +#define struct_group_attr(NAME, ATTRS, MEMBERS...) \
> union { \
> struct { MEMBERS } ATTRS; \
> struct { MEMBERS } ATTRS NAME; \
> }
>
> +#define struct_group_attr_typed(TYPE, NAME, ATTRS, MEMBERS...) \
> + union { \
> + struct { MEMBERS } ATTRS; \
> + struct TYPE { MEMBERS } ATTRS NAME; \
> + }
> +
> /**
> * struct_group(NAME, MEMBERS)
> *
> @@ -67,7 +73,10 @@ enum {
> * @NAME: The name of the mirrored sub-struct
> * @MEMBERS: The member declarations for the mirrored structs
> */
> -#define struct_group(NAME, MEMBERS) \
> +#define struct_group(NAME, MEMBERS...) \
> struct_group_attr(NAME, /* no attrs */, MEMBERS)
>
> +#define struct_group_typed(TYPE, NAME, MEMBERS...) \
> + struct_group_attr_typed(TYPE, NAME, /* no attrs */, MEMBERS)
> +
> #endif
Awesome! My instinct is to expose the resulting API as:
__struct_group(type, name, attrs, members...)
struct_group(name, members...)
struct_group_attr(name, attrs, members...)
struct_group_typed(type, name, members...)
--
Kees Cook
next prev parent reply other threads:[~2021-07-31 2:59 UTC|newest]
Thread overview: 158+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 20:57 [PATCH 00/64] Introduce strict memcpy() bounds checking Kees Cook
2021-07-27 20:57 ` [PATCH 01/64] media: omap3isp: Extract struct group for memcpy() region Kees Cook
2021-07-28 0:55 ` Gustavo A. R. Silva
2021-07-28 1:50 ` Kees Cook
2021-07-28 8:59 ` David Sterba
2021-07-28 9:14 ` Dan Carpenter
2021-07-28 21:37 ` Bart Van Assche
2021-07-28 21:37 ` David Sterba
2021-07-29 5:56 ` Greg Kroah-Hartman
2021-07-29 8:20 ` Dan Carpenter
2021-07-30 6:00 ` Kees Cook
2021-07-30 8:38 ` David Sterba
2021-07-30 9:00 ` Dan Carpenter
2021-07-30 16:44 ` Kees Cook
2021-07-30 17:08 ` Nick Desaulniers
2021-07-30 19:18 ` Kees Cook
2021-07-27 20:57 ` [PATCH 02/64] mac80211: Use flex-array for radiotap header bitmap Kees Cook
2021-07-28 7:35 ` Dan Carpenter
2021-07-28 9:23 ` David Sterba
2021-07-28 21:54 ` Kees Cook
2021-07-29 10:45 ` David Sterba
2021-07-30 6:06 ` Kees Cook
2021-07-28 21:20 ` Kees Cook
2021-07-28 23:14 ` Kees Cook
2021-07-28 23:33 ` Kees Cook
2021-07-29 8:25 ` Dan Carpenter
2021-07-27 20:57 ` [PATCH 03/64] rpmsg: glink: Replace strncpy() with strscpy_pad() Kees Cook
2021-07-28 2:07 ` Gustavo A. R. Silva
2021-07-27 20:57 ` [PATCH 04/64] stddef: Introduce struct_group() helper macro Kees Cook
2021-07-28 2:32 ` Gustavo A. R. Silva
2021-07-28 10:54 ` Rasmus Villemoes
2021-07-28 21:59 ` Kees Cook
2021-07-30 22:19 ` Williams, Dan J
2021-07-31 2:59 ` Kees Cook [this message]
[not found] ` <CAKwiHFheDv2pwsm6Fa+-KnOFyvk7bfZQjb2BQ-CSwH61gxgVYg@mail.gmail.com>
2021-07-31 15:10 ` Kees Cook
2021-07-27 20:57 ` [PATCH 05/64] skbuff: Switch structure bounds to struct_group() Kees Cook
2021-07-28 3:50 ` Gustavo A. R. Silva
2021-07-27 20:57 ` [PATCH 06/64] bnxt_en: Use struct_group_attr() for memcpy() region Kees Cook
2021-07-28 1:03 ` Michael Chan
2021-07-28 4:45 ` Gustavo A. R. Silva
2021-07-27 20:57 ` [PATCH 07/64] staging: rtl8192e: Use struct_group() " Kees Cook
2021-07-27 22:30 ` Larry Finger
2021-07-28 5:45 ` Greg Kroah-Hartman
2021-07-27 20:57 ` [PATCH 08/64] staging: rtl8192u: " Kees Cook
2021-07-28 5:45 ` Greg Kroah-Hartman
2021-07-27 20:58 ` [PATCH 09/64] staging: rtl8723bs: Avoid field-overflowing memcpy() Kees Cook
2021-07-28 5:46 ` Greg Kroah-Hartman
2021-07-27 20:58 ` [PATCH 10/64] lib80211: Use struct_group() for memcpy() region Kees Cook
2021-07-28 5:52 ` Greg Kroah-Hartman
2021-08-13 8:04 ` Johannes Berg
2021-08-13 15:49 ` Kees Cook
2021-08-13 19:44 ` Johannes Berg
2021-07-27 20:58 ` [PATCH 11/64] net/mlx5e: Avoid field-overflowing memcpy() Kees Cook
2021-07-27 20:58 ` [PATCH 12/64] mwl8k: Use struct_group() for memcpy() region Kees Cook
2021-07-27 20:58 ` [PATCH 13/64] libertas: " Kees Cook
2021-07-27 20:58 ` [PATCH 14/64] libertas_tf: " Kees Cook
2021-07-27 20:58 ` [PATCH 15/64] ipw2x00: " Kees Cook
2021-07-28 18:55 ` Stanislav Yakovlev
2021-07-27 20:58 ` [PATCH 16/64] thermal: intel: int340x_thermal: " Kees Cook
2021-07-27 20:58 ` [PATCH 17/64] iommu/amd: " Kees Cook
2021-07-27 20:58 ` [PATCH 18/64] cxgb3: " Kees Cook
2021-07-27 20:58 ` [PATCH 19/64] ip: Use struct_group() for memcpy() regions Kees Cook
2021-07-28 5:55 ` Greg Kroah-Hartman
2021-07-28 6:14 ` Gustavo A. R. Silva
2021-07-28 6:19 ` Greg Kroah-Hartman
2021-07-28 6:31 ` Gustavo A. R. Silva
2021-07-28 6:37 ` Gustavo A. R. Silva
2021-07-28 6:41 ` Greg Kroah-Hartman
2021-07-28 21:01 ` Kees Cook
2021-07-29 1:59 ` Bart Van Assche
2021-07-27 20:58 ` [PATCH 20/64] intersil: Use struct_group() for memcpy() region Kees Cook
2021-07-27 20:58 ` [PATCH 21/64] cxgb4: " Kees Cook
2021-07-27 20:58 ` [PATCH 22/64] bnx2x: " Kees Cook
2021-07-27 20:58 ` [PATCH 23/64] drm/amd/pm: " Kees Cook
2021-07-30 2:07 ` Alex Deucher
2021-07-27 20:58 ` [PATCH 24/64] staging: wlan-ng: " Kees Cook
2021-07-28 5:45 ` Greg Kroah-Hartman
2021-07-27 20:58 ` [PATCH 25/64] drm/mga/mga_ioc32: " Kees Cook
2021-07-28 5:56 ` Greg Kroah-Hartman
2021-07-29 12:11 ` Daniel Vetter
2021-07-31 4:20 ` Kees Cook
2021-07-27 20:58 ` [PATCH 26/64] net/mlx5e: " Kees Cook
2021-07-27 20:58 ` [PATCH 27/64] HID: cp2112: " Kees Cook
2021-07-27 20:58 ` [PATCH 28/64] compiler_types.h: Remove __compiletime_object_size() Kees Cook
2021-07-27 20:58 ` [PATCH 29/64] lib/string: Move helper functions out of string.c Kees Cook
2021-07-27 20:58 ` [PATCH 30/64] fortify: Move remaining fortify helpers into fortify-string.h Kees Cook
2021-07-27 20:58 ` [PATCH 31/64] fortify: Explicitly disable Clang support Kees Cook
2021-07-27 21:18 ` Nathan Chancellor
2021-07-27 21:47 ` Kees Cook
2021-07-27 20:58 ` [PATCH 32/64] fortify: Add compile-time FORTIFY_SOURCE tests Kees Cook
2021-07-27 20:58 ` [PATCH 33/64] lib: Introduce CONFIG_TEST_MEMCPY Kees Cook
2021-07-27 23:31 ` Bart Van Assche
2021-07-27 23:33 ` Randy Dunlap
2021-07-28 1:30 ` Kees Cook
2021-07-27 20:58 ` [PATCH 34/64] fortify: Detect struct member overflows in memcpy() at compile-time Kees Cook
2021-07-27 22:43 ` Nick Desaulniers
2021-07-28 1:47 ` Kees Cook
2021-07-28 11:19 ` Rasmus Villemoes
2021-07-30 2:39 ` Kees Cook
2021-07-27 20:58 ` [PATCH 35/64] fortify: Detect struct member overflows in memmove() " Kees Cook
2021-07-27 20:58 ` [PATCH 36/64] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp Kees Cook
2021-07-28 1:39 ` Martin K. Petersen
2021-07-28 18:57 ` Kees Cook
2021-07-29 3:35 ` Martin K. Petersen
2021-07-30 19:11 ` Tyrel Datwyler
2021-07-30 18:16 ` Tyrel Datwyler
2021-07-27 20:58 ` [PATCH 37/64] string.h: Introduce memset_after() for wiping trailing members/padding Kees Cook
2021-07-27 20:58 ` [PATCH 38/64] xfrm: Use memset_after() to clear padding Kees Cook
2021-07-27 20:58 ` [PATCH 39/64] mac80211: Use memset_after() to clear tx status Kees Cook
2021-07-31 15:55 ` Kees Cook
2021-08-13 7:40 ` Johannes Berg
2021-08-13 16:08 ` Kees Cook
2021-08-13 18:19 ` Johannes Berg
2021-08-13 7:41 ` Johannes Berg
2021-07-27 20:58 ` [PATCH 40/64] net: 802: Use memset_after() to clear struct fields Kees Cook
2021-07-27 20:58 ` [PATCH 41/64] net: dccp: Use memset_after() for TP zeroing Kees Cook
2021-07-27 20:58 ` [PATCH 42/64] net: qede: Use memset_after() for counters Kees Cook
2021-07-31 16:07 ` Kees Cook
2021-07-27 20:58 ` [PATCH 43/64] ath11k: Use memset_after() for clearing queue descriptors Kees Cook
2021-07-27 20:58 ` [PATCH 44/64] iw_cxgb4: Use memset_after() for cpl_t5_pass_accept_rpl Kees Cook
2021-07-27 20:58 ` [PATCH 45/64] intel_th: msu: Use memset_after() for clearing hw header Kees Cook
2021-07-27 20:58 ` [PATCH 46/64] IB/mthca: Use memset_after() for clearing mpt_entry Kees Cook
2021-07-27 20:58 ` [PATCH 47/64] btrfs: Use memset_after() to clear end of struct Kees Cook
2021-07-28 9:42 ` David Sterba
2021-07-28 21:56 ` Kees Cook
2021-07-29 10:33 ` David Sterba
2021-07-31 15:25 ` Kees Cook
2021-08-09 11:20 ` David Sterba
2021-07-27 20:58 ` [PATCH 48/64] drbd: Use struct_group() to zero algs Kees Cook
2021-07-28 21:45 ` Bart Van Assche
2021-07-30 2:31 ` Kees Cook
2021-07-30 2:57 ` Bart Van Assche
2021-07-30 9:25 ` Lars Ellenberg
2021-07-30 15:32 ` Nick Desaulniers
2021-07-27 20:58 ` [PATCH 49/64] cm4000_cs: Use struct_group() to zero struct cm4000_dev region Kees Cook
2021-07-28 5:48 ` Greg Kroah-Hartman
2021-07-27 20:58 ` [PATCH 50/64] KVM: x86: Use struct_group() to zero decode cache Kees Cook
2021-07-27 20:58 ` [PATCH 51/64] tracing: Use struct_group() to zero struct trace_iterator Kees Cook
2021-07-27 20:58 ` [PATCH 52/64] dm integrity: Use struct_group() to zero struct journal_sector Kees Cook
2021-07-27 20:58 ` [PATCH 53/64] HID: roccat: Use struct_group() to zero kone_mouse_event Kees Cook
2021-07-27 20:58 ` [PATCH 54/64] ipv6: Use struct_group() to zero rt6_info Kees Cook
2021-07-29 18:58 ` Jakub Kicinski
2021-07-31 15:01 ` Kees Cook
2021-07-27 20:58 ` [PATCH 55/64] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr Kees Cook
2021-07-27 20:58 ` [PATCH 56/64] ethtool: stats: Use struct_group() to clear all stats at once Kees Cook
2021-07-27 20:58 ` [PATCH 57/64] netfilter: conntrack: Use struct_group() to zero struct nf_conn Kees Cook
2021-07-27 20:58 ` [PATCH 58/64] powerpc: Split memset() to avoid multi-field overflow Kees Cook
2021-08-05 11:36 ` Michael Ellerman
2021-07-27 20:58 ` [PATCH 59/64] fortify: Detect struct member overflows in memset() at compile-time Kees Cook
2021-07-27 20:58 ` [PATCH 60/64] fortify: Work around Clang inlining bugs Kees Cook
2021-07-27 20:58 ` [PATCH 61/64] Makefile: Enable -Warray-bounds Kees Cook
2021-07-27 20:58 ` [PATCH 62/64] netlink: Avoid false-positive memcpy() warning Kees Cook
2021-07-28 5:49 ` Greg Kroah-Hartman
2021-07-28 11:24 ` Rasmus Villemoes
2021-07-30 1:39 ` Kees Cook
2021-07-30 1:41 ` Kees Cook
2021-07-27 20:58 ` [PATCH 63/64] iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write Kees Cook
2021-07-27 20:58 ` [PATCH 64/64] fortify: Add run-time WARN for cross-field memcpy() Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202107301952.B484563@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=clang-built-linux@googlegroups.com \
--cc=dan.j.williams@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=keithpac@amazon.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=linux-wireless@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).