[PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Borislav Petkov]

From: Borislav Petkov <bp@suse.de>

... to make its name readable to humans so that it can denote what that
helper does.

No functional changes.

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Matthew Wilcox <willy@infradead.org>
---
 include/linux/overflow.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index 40b48e2133cb..a9cb77d54df0 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -278,7 +278,7 @@ static inline __must_check size_t array3_size(size_t a, size_t b, size_t c)
 	return bytes;
 }
 
-static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c)
+static inline __must_check size_t __calc_size(size_t n, size_t size, size_t c)
 {
 	size_t bytes;
 
@@ -302,7 +302,7 @@ static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c)
  * Return: number of bytes needed or SIZE_MAX on overflow.
  */
 #define struct_size(p, member, n)					\
-	__ab_c_size(n,							\
+	__calc_size(n,							\
 		    sizeof(*(p)->member) + __must_be_array((p)->member),\
 		    sizeof(*(p)))
 
-- 
2.21.0

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Rasmus Villemoes]

On 05/04/2019 06.57, Borislav Petkov wrote:
> From: Borislav Petkov <bp@suse.de>
> 
> ... to make its name readable to humans so that it can denote what that helper does.

I like the current color. It computes a*b+c with overflow checking at each step. calc_size is
way too generic and doesn't say anything at all about how the calc(ulation) is done.

Rasmus

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Borislav Petkov]

On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:
> I like the current color.

Color?

> It computes a*b+c with overflow checking at each step. calc_size
> is way too generic and doesn't say anything at all about how the
> calc(ulation) is done.

Ok, whatever.

Then it would need at least a comment above it to state what it does. I
don't want to go and parse the macros each time.

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Rasmus Villemoes]

On 05/04/2019 09.52, Borislav Petkov wrote:
> On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:

>> It computes a*b+c with overflow checking at each step. calc_size
>> is way too generic and doesn't say anything at all about how the
>> calc(ulation) is done.
> 
> Ok, whatever.
> 
> Then it would need at least a comment above it to state what it does. I
> don't want to go and parse the macros each time.

It's an internal helper, and struct_size is fully kernel-doc'ed. But
yeah, a comment wouldn't hurt, and let's rename the parameters so they
match the abc naming.

diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index 40b48e2133cb..6534a727cadb 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -278,11 +278,15 @@ static inline __must_check size_t
array3_size(size_t a, size_t b, size_t c)
        return bytes;
 }

-static inline __must_check size_t __ab_c_size(size_t n, size_t size,
size_t c)
+/*
+ * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
+ * struct_size() below.
+ */
+static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
 {
        size_t bytes;

-       if (check_mul_overflow(n, size, &bytes))
+       if (check_mul_overflow(a, b, &bytes))
                return SIZE_MAX;
        if (check_add_overflow(bytes, c, &bytes))
                return SIZE_MAX;


Rasmus

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Borislav Petkov]

On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote:
> On 05/04/2019 09.52, Borislav Petkov wrote:
> > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:
> 
> >> It computes a*b+c with overflow checking at each step. calc_size
> >> is way too generic and doesn't say anything at all about how the
> >> calc(ulation) is done.
> > 
> > Ok, whatever.
> > 
> > Then it would need at least a comment above it to state what it does. I
> > don't want to go and parse the macros each time.
> 
> It's an internal helper, and struct_size is fully kernel-doc'ed. But
> yeah, a comment wouldn't hurt, and let's rename the parameters so they
> match the abc naming.
> 
> diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> index 40b48e2133cb..6534a727cadb 100644
> --- a/include/linux/overflow.h
> +++ b/include/linux/overflow.h
> @@ -278,11 +278,15 @@ static inline __must_check size_t
> array3_size(size_t a, size_t b, size_t c)
>         return bytes;
>  }
> 
> -static inline __must_check size_t __ab_c_size(size_t n, size_t size,
> size_t c)
> +/*
> + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
> + * struct_size() below.
> + */
> +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
>  {
>         size_t bytes;
> 
> -       if (check_mul_overflow(n, size, &bytes))
> +       if (check_mul_overflow(a, b, &bytes))
>                 return SIZE_MAX;
>         if (check_add_overflow(bytes, c, &bytes))
>                 return SIZE_MAX;
> 
>

Reported-by: Borislav Petkov <bp@suse.de>
Acked-by: Borislav Petkov <bp@suse.de>

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Kees Cook]

On Fri, Apr 5, 2019 at 1:24 AM Borislav Petkov <bp@alien8.de> wrote:
>
> On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote:
> > On 05/04/2019 09.52, Borislav Petkov wrote:
> > > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:
> >
> > >> It computes a*b+c with overflow checking at each step. calc_size
> > >> is way too generic and doesn't say anything at all about how the
> > >> calc(ulation) is done.
> > >
> > > Ok, whatever.
> > >
> > > Then it would need at least a comment above it to state what it does. I
> > > don't want to go and parse the macros each time.
> >
> > It's an internal helper, and struct_size is fully kernel-doc'ed. But
> > yeah, a comment wouldn't hurt, and let's rename the parameters so they
> > match the abc naming.
> >
> > diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> > index 40b48e2133cb..6534a727cadb 100644
> > --- a/include/linux/overflow.h
> > +++ b/include/linux/overflow.h
> > @@ -278,11 +278,15 @@ static inline __must_check size_t
> > array3_size(size_t a, size_t b, size_t c)
> >         return bytes;
> >  }
> >
> > -static inline __must_check size_t __ab_c_size(size_t n, size_t size,
> > size_t c)
> > +/*
> > + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
> > + * struct_size() below.
> > + */

May as well make this kern-doc too?

> > +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
> >  {
> >         size_t bytes;
> >
> > -       if (check_mul_overflow(n, size, &bytes))
> > +       if (check_mul_overflow(a, b, &bytes))
> >                 return SIZE_MAX;
> >         if (check_add_overflow(bytes, c, &bytes))
> >                 return SIZE_MAX;
> >
> >
>
> Reported-by: Borislav Petkov <bp@suse.de>
> Acked-by: Borislav Petkov <bp@suse.de>

Acked-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Matthew Wilcox]

On Fri, Apr 05, 2019 at 09:13:24AM -0700, Kees Cook wrote:
> On Fri, Apr 5, 2019 at 1:24 AM Borislav Petkov <bp@alien8.de> wrote:
> >
> > On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote:
> > > On 05/04/2019 09.52, Borislav Petkov wrote:
> > > > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:
> > >
> > > >> It computes a*b+c with overflow checking at each step. calc_size
> > > >> is way too generic and doesn't say anything at all about how the
> > > >> calc(ulation) is done.
> > > >
> > > > Ok, whatever.
> > > >
> > > > Then it would need at least a comment above it to state what it does. I
> > > > don't want to go and parse the macros each time.
> > >
> > > It's an internal helper, and struct_size is fully kernel-doc'ed. But
> > > yeah, a comment wouldn't hurt, and let's rename the parameters so they
> > > match the abc naming.
> > >
> > > diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> > > index 40b48e2133cb..6534a727cadb 100644
> > > --- a/include/linux/overflow.h
> > > +++ b/include/linux/overflow.h
> > > @@ -278,11 +278,15 @@ static inline __must_check size_t
> > > array3_size(size_t a, size_t b, size_t c)
> > >         return bytes;
> > >  }
> > >
> > > -static inline __must_check size_t __ab_c_size(size_t n, size_t size,
> > > size_t c)
> > > +/*
> > > + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
> > > + * struct_size() below.
> > > + */
> 
> May as well make this kern-doc too?

I don't think that's a good idea; we should only document functions we
want other people to use.

> > > +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)

I could also go for renaming this to __size_ab_plus_c.

For a bit of history ... the origins of this was a system which had
alloc_ab (a * b)
alloc_abc (a * b * c)
alloc_ab_c (a * b + c)
alloc_ab_cd (a * b + c * d)

In the process of getting it upstreamed, it changed from kmalloc_ab_c to
kmalloc(struct_size(...)) and we never bothered to change the name of
__ab_c_size().

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Borislav Petkov]

On Fri, Apr 05, 2019 at 09:25:27AM -0700, Matthew Wilcox wrote:
> I don't think that's a good idea; we should only document functions we
> want other people to use.

Yap.

> I could also go for renaming this to __size_ab_plus_c.

Let's just leave it short as it is now - the comment should be good
enough.

Btw, is anyone picking this up or should I?

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()

[Rasmus Villemoes]

On 06/04/2019 11.32, Borislav Petkov wrote:
> On Fri, Apr 05, 2019 at 09:25:27AM -0700, Matthew Wilcox wrote:
>> I don't think that's a good idea; we should only document functions we
>> want other people to use.
> 
> Yap.

Exactly, not kernel-doc'ing was a deliberate choice.

>> I could also go for renaming this to __size_ab_plus_c.
> 
> Let's just leave it short as it is now - the comment should be good
> enough.
> 
> Btw, is anyone picking this up or should I?

I'm fine with you picking it up. Here's a real changelog, feel free to edit.

overflow.h: add comment documenting __ab_c_size()

__ab_c_size() is a somewhat opaque name. Document its purpose, and while
at it, rename the parameters to actually match the abc naming.


Rasmus

[tip:core/core] overflow.h: Add comment documenting __ab_c_size()

[tip-bot for Rasmus Villemoes]

Commit-ID:  899cbdfa8d147c873fe4e66c38d2cca3c1ac6286
Gitweb:     https://git.kernel.org/tip/899cbdfa8d147c873fe4e66c38d2cca3c1ac6286
Author:     Rasmus Villemoes <linux@rasmusvillemoes.dk>
AuthorDate: Wed, 10 Apr 2019 22:27:25 +0200
Committer:  Borislav Petkov <bp@suse.de>
CommitDate: Wed, 10 Apr 2019 22:35:47 +0200

overflow.h: Add comment documenting __ab_c_size()

__ab_c_size() is a somewhat opaque name. Document its purpose, and while
at it, rename the parameters to actually match the abc naming.

 [ bp: glued a complete patch from chunks on LKML. ]

Reported-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Matthew Wilcox <willy@infradead.org>
Link: https://lkml.kernel.org/r/20190405045711.30339-1-bp@alien8.de
---
 include/linux/overflow.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index 40b48e2133cb..6534a727cadb 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -278,11 +278,15 @@ static inline __must_check size_t array3_size(size_t a, size_t b, size_t c)
 	return bytes;
 }
 
-static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c)
+/*
+ * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
+ * struct_size() below.
+ */
+static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
 {
 	size_t bytes;
 
-	if (check_mul_overflow(n, size, &bytes))
+	if (check_mul_overflow(a, b, &bytes))
 		return SIZE_MAX;
 	if (check_add_overflow(bytes, c, &bytes))
 		return SIZE_MAX;

[tip:core/core] overflow.h: Add comment documenting __ab_c_size()

[tip-bot for Rasmus Villemoes]

Commit-ID:  e0478542cfd4d993e38d5f92a3f3ecd238805e96
Gitweb:     https://git.kernel.org/tip/e0478542cfd4d993e38d5f92a3f3ecd238805e96
Author:     Rasmus Villemoes <linux@rasmusvillemoes.dk>
AuthorDate: Wed, 10 Apr 2019 22:27:25 +0200
Committer:  Borislav Petkov <bp@suse.de>
CommitDate: Fri, 12 Apr 2019 13:44:24 +0200

overflow.h: Add comment documenting __ab_c_size()

__ab_c_size() is a somewhat opaque name. Document its purpose, and while
at it, rename the parameters to actually match the abc naming.

 [ bp: glued a complete patch from chunks on LKML. ]

Reported-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Matthew Wilcox <willy@infradead.org>
Link: https://lkml.kernel.org/r/20190405045711.30339-1-bp@alien8.de
---
 include/linux/overflow.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index 40b48e2133cb..6534a727cadb 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -278,11 +278,15 @@ static inline __must_check size_t array3_size(size_t a, size_t b, size_t c)
 	return bytes;
 }
 
-static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c)
+/*
+ * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
+ * struct_size() below.
+ */
+static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
 {
 	size_t bytes;
 
-	if (check_mul_overflow(n, size, &bytes))
+	if (check_mul_overflow(a, b, &bytes))
 		return SIZE_MAX;
 	if (check_add_overflow(bytes, c, &bytes))
 		return SIZE_MAX;