lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zkuksm3K+pKugjgF@yury-ThinkPad>
Date: Mon, 20 May 2024 12:29:54 -0700
From: Yury Norov <yury.norov@...il.com>
To: Michal Schmidt <mschmidt@...hat.com>
Cc: Rasmus Villemoes <linux@...musvillemoes.dk>,
	linux-kernel@...r.kernel.org, Alex Elder <elder@...aro.org>,
	Jakub Kicinski <kuba@...nel.org>,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH] bitfield.h: add FIELD_MAX_CONST

+ Alex Elder <elder@...aro.org>, Jakub Kicinski <kuba@...nel.org> and
David S. Miller <davem@...emloft.net>

On Wed, May 15, 2024 at 07:27:31PM +0200, Michal Schmidt wrote:
> FIELD_MAX_CONST is like FIELD_MAX, but it can be used where statement
> expressions are forbidden. For example, using FIELD_MAX in a
> static_assert gives:
>   error: braced-group within expression allowed only inside a function
> 
> It can be used also in array declarations, where using FIELD_MAX would
> trigger a warning :
>   warning: ISO C90 forbids variable length array ‘buf’ [-Wvla]
> (It's a bit surprising, because despite the warning, gcc calculated
> the array size correctly at compile time.)
> 
> A simplified example of what I actually want to use in a driver:
>   #define DATA_SIZE_M GENMASK(3, 0)
>   #define MAX_DATA_SIZE FIELD_MAX_CONST(DATA_SIZE_M)
>   static void f(void) {
>   	char buf[MAX_DATA_SIZE];
>   	/* ... */
>   }
> 
> In the implementation, reuse the existing compile-time checks from
> FIELD_PREP_CONST.
> 
> Signed-off-by: Michal Schmidt <mschmidt@...hat.com>

Hi Michal,

So... FIELD_MAX() already requires the _mask to be a const value.
Now you add a FIELD_MAX_CONST(), which makes it more confusing.

It looks like your new _CONST() macro would work anywhere where the
existing FIELD_MAX() works. At least for me, if I apply your patch
and do:

        #define FIELD_MAX FIELD_MAX_CONST

The implementation of the 'const' version looks the same as the
'variable' one, except for that sanity checking business.

I think the right path to go would be making the __BF_FIELD_CHECK()
a structure initializers friendly by using the BUILD_BUG_ON_ZERO(),
just like you did with the __BF_FIELD_CHECK_CONST(), so that the
FIELD_MAX() would work in all cases.

Thanks,
Yury

> ---
>  include/linux/bitfield.h | 34 +++++++++++++++++++++++++++-------
>  1 file changed, 27 insertions(+), 7 deletions(-)
> 
> diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h
> index 63928f173223..50bbab317319 100644
> --- a/include/linux/bitfield.h
> +++ b/include/linux/bitfield.h
> @@ -76,6 +76,16 @@
>  					      (1ULL << __bf_shf(_mask))); \
>  	})
>  
> +#define __BF_FIELD_CHECK_CONST(_mask, _val)				\
> +	(								\
> +		/* mask must be non-zero */				\
> +		BUILD_BUG_ON_ZERO((_mask) == 0) +			\
> +		/* check if value fits */				\
> +		BUILD_BUG_ON_ZERO(~((_mask) >> __bf_shf(_mask)) & (_val)) + \
> +		/* check if mask is contiguous */			\
> +		__BF_CHECK_POW2((_mask) + (1ULL << __bf_shf(_mask)))	\
> +	)
> +
>  /**
>   * FIELD_MAX() - produce the maximum value representable by a field
>   * @_mask: shifted mask defining the field's length and position
> @@ -89,6 +99,22 @@
>  		(typeof(_mask))((_mask) >> __bf_shf(_mask));		\
>  	})
>  
> +/**
> + * FIELD_MAX_CONST() - produce the maximum value representable by a field
> + * @_mask: shifted mask defining the field's length and position
> + *
> + * FIELD_MAX_CONST() returns the maximum value that can be held in
> + * the field specified by @_mask.
> + *
> + * Unlike FIELD_MAX(), it can be used where statement expressions can't.
> + * Error checking is less comfortable for this version.
> + */
> +#define FIELD_MAX_CONST(_mask)						\
> +	(								\
> +		__BF_FIELD_CHECK_CONST(_mask, 0ULL) +			\
> +		(typeof(_mask))((_mask) >> __bf_shf(_mask))		\
> +	)
> +
>  /**
>   * FIELD_FIT() - check if value fits in the field
>   * @_mask: shifted mask defining the field's length and position
> @@ -132,13 +158,7 @@
>   */
>  #define FIELD_PREP_CONST(_mask, _val)					\
>  	(								\
> -		/* mask must be non-zero */				\
> -		BUILD_BUG_ON_ZERO((_mask) == 0) +			\
> -		/* check if value fits */				\
> -		BUILD_BUG_ON_ZERO(~((_mask) >> __bf_shf(_mask)) & (_val)) + \
> -		/* check if mask is contiguous */			\
> -		__BF_CHECK_POW2((_mask) + (1ULL << __bf_shf(_mask))) +	\
> -		/* and create the value */				\
> +		__BF_FIELD_CHECK_CONST(_mask, _val) +			\
>  		(((typeof(_mask))(_val) << __bf_shf(_mask)) & (_mask))	\
>  	)
>  
> -- 
> 2.44.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ