lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJfuBxwJ5SgEP15nPpYJbwXi4iDJqVRS9FL8hdkHCkDct=Abrw@mail.gmail.com>
Date: Sun, 16 Mar 2025 14:46:35 -0600
From: jim.cromie@...il.com
To: Louis Chauvet <louis.chauvet@...tlin.com>, Jim Cromie <jim.cromie@...il.com>, 
	linux-kernel@...r.kernel.org, jbaron@...mai.com, gregkh@...uxfoundation.org, 
	ukaszb@...omium.org, intel-gfx-trybot@...ts.freedesktop.org, 
	dri-devel@...ts.freedesktop.org, amd-gfx@...ts.freedesktop.org, 
	intel-gvt-dev@...ts.freedesktop.org, intel-gfx@...ts.freedesktop.org, 
	daniel.vetter@...ll.ch, tvrtko.ursulin@...ux.intel.com, jani.nikula@...el.com, 
	ville.syrjala@...ux.intel.com
Subject: Re: [PATCH 17/63] dyndbg: check DYNDBG_CLASSMAP_DEFINE args at compile-time

On Tue, Feb 25, 2025 at 7:17 AM Louis Chauvet <louis.chauvet@...tlin.com> wrote:
>
>
>
> Le 25/01/2025 à 07:45, Jim Cromie a écrit :
> > Add __DYNDBG_CLASSMAP_CHECK to implement these arg-checks at compile:
> >       0 <= _base < 63
> >       class_names is not empty
> >       class_names[0] is a string
> >       (class_names.length + _base) < 63
> >
> > These compile-time checks will prevent several misuses; 4 such
> > examples are added to test_dynamic_debug_submod.ko, and will fail
> > compilation if -DDD_MACRO_ARGCHECK is added to cflags.
> >
> > Signed-off-by: Jim Cromie <jim.cromie@...il.com>
> > ---
> > - split static-asserts to __DYNDBG_CLASSMAP_CHECK
> > - move __DYNDBG_CLASSMAP_CHECK above kdoc for DYNDBG_CLASSMAP_DEFINE
> >    silences kernel-doc warnings
> > ---
> >   include/linux/dynamic_debug.h |  9 +++++++++
> >   lib/test_dynamic_debug.c      | 11 +++++++++++
> >   2 files changed, 20 insertions(+)
> >
> > diff --git a/include/linux/dynamic_debug.h b/include/linux/dynamic_debug.h
> > index dc610a12b91c..2b0c943af330 100644
> > --- a/include/linux/dynamic_debug.h
> > +++ b/include/linux/dynamic_debug.h
> > @@ -99,6 +99,14 @@ struct ddebug_class_map {
> >       enum ddebug_class_map_type map_type;
> >   };
> >
> > +#define __DYNDBG_CLASSMAP_CHECK(_clnames, _base)                     \
> > +     static_assert(((_base) >= 0 && (_base) < _DPRINTK_CLASS_DFLT),  \
> > +                   "_base must be in 0..62");                        \
> > +     static_assert(ARRAY_SIZE(_clnames) > 0,                         \
> > +                   "classnames array size must be > 0");             \
> > +     static_assert((ARRAY_SIZE(_clnames) + (_base)) < _DPRINTK_CLASS_DFLT, \
> > +                   "_base + classnames.length exceeds range")
> > +
> >   /**
> >    * DYNDBG_CLASSMAP_DEFINE - define debug classes used by a module.
> >    * @_var:   name of the classmap, exported for other modules coordinated use.
> > @@ -112,6 +120,7 @@ struct ddebug_class_map {
> >    */
> >   #define DYNDBG_CLASSMAP_DEFINE(_var, _mapty, _base, ...)            \
> >       static const char *_var##_classnames[] = { __VA_ARGS__ };       \
> > +     __DYNDBG_CLASSMAP_CHECK(_var##_classnames, (_base));            \
> >       extern struct ddebug_class_map _var;                            \
> >       struct ddebug_class_map __aligned(8) __used                     \
> >               __section("__dyndbg_classes") _var = {                  \
> > diff --git a/lib/test_dynamic_debug.c b/lib/test_dynamic_debug.c
> > index 1838f62738c4..b1555b0a2bb1 100644
> > --- a/lib/test_dynamic_debug.c
> > +++ b/lib/test_dynamic_debug.c
> > @@ -123,8 +123,19 @@ DYNDBG_CLASSMAP_PARAM(level_num, p);
> >   DYNDBG_CLASSMAP_USE(map_disjoint_bits);
> >   DYNDBG_CLASSMAP_USE(map_level_num);
> >
> > +#if defined(DD_MACRO_ARGCHECK)
> > +/*
> > + * Exersize compile-time arg-checks in DYNDBG_CLASSMAP_DEFINE.
> > + * These will break compilation.
> > + */
> > +DYNDBG_CLASSMAP_DEFINE(fail_base_neg, 0, -1, "NEGATIVE_BASE_ARG");
> > +DYNDBG_CLASSMAP_DEFINE(fail_base_big, 0, 100, "TOOBIG_BASE_ARG");
> > +DYNDBG_CLASSMAP_DEFINE(fail_str_type, 0, 0, 1 /* not a string */);
> > +DYNDBG_CLASSMAP_DEFINE(fail_emptyclass, 0, 0 /* ,empty */);
>
> Hi Jim,
>
> This test is nice, but can we move it in the *_submod.c directly? They
> don't need anything from this file.
>

Hi Louis,

Given my strong preference for continued / justified ifdeffery earlier,
I will interpret this as move these corner-case tests into the
submod-only branch.

Im happy to do it, and I see the commit-msg says that specifically,
but Im not sure what it will improve by moving it.
I could fix the commit msg instead.

these compile-time tests will break the build,
so I dont think theyre much good as a CONFIG_ option for example.

So making the breakage submodule specific isnt
much of a reduction in blast radius, and it only opens the why-submod-only ?

Any views or options ?  (both welcomed)


> Tested-by: Louis Chauvet <louis.chauvet@...tlin.com>

ack!

> Thanks,
> Louis Chauvet
>
> >   #endif
> >
> > +#endif /* TEST_DYNAMIC_DEBUG_SUBMOD */
> > +
> >   /* stand-in for all pr_debug etc */
> >   #define prdbg(SYM) __pr_debug_cls(SYM, #SYM " msg\n")
> >
>
> --
> Louis Chauvet, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ