lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <201910291527.ED0E642@keescook>
Date:   Tue, 29 Oct 2019 15:30:18 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Joe Perches <joe@...ches.com>
Cc:     linux-kernel@...r.kernel.org,
        Pankaj Bharadiya <pankaj.laxminarayan.bharadiya@...el.com>,
        Alexey Dobriyan <adobriyan@...il.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "David S. Miller" <davem@...emloft.net>,
        Randy Dunlap <rdunlap@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        netdev@...r.kernel.org, linux-arch@...r.kernel.org,
        linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 3/4] treewide: Use sizeof_member() macro

On Thu, Oct 10, 2019 at 04:50:27PM -0700, Joe Perches wrote:
> On Thu, 2019-10-10 at 16:23 -0700, Kees Cook wrote:
> > From: Pankaj Bharadiya <pankaj.laxminarayan.bharadiya@...el.com>
> > 
> > Replace all the occurrences of FIELD_SIZEOF() and sizeof_field() with
> > sizeof_member() except at places where these are defined. Later patches
> > will remove the unused definitions.
> > 
> > This patch is generated using following script:
> > 
> > EXCLUDE_FILES="include/linux/stddef.h|include/linux/kernel.h"
> > 
> > git grep -l -e "\bFIELD_SIZEOF\b" -e "\bsizeof_field\b" | while read file;
> > do
> > 
> > 	if [[ "$file" =~ $EXCLUDE_FILES ]]; then
> > 		continue
> > 	fi
> > 	sed -i  -e 's/\bFIELD_SIZEOF\b/sizeof_member/g' \
> > 		-e 's/\bsizeof_field\b/sizeof_member/g' \
> > 		$file;
> > done
> 
> While the sed works, a cocci script would perhaps
> be better as multi line argument realignment would
> also occur.
> 
> $ cat sizeof_member.cocci
> @@
> @@
> 
> -	FIELD_SIZEOF
> +	sizeof_member
> 
> @@
> @@
> 
> -	sizeof_field
> +	sizeof_member
> $
> 
> For instance, this sed produces:
> 
> diff --git a/crypto/adiantum.c b/crypto/adiantum.c
> @@ -435,10 +435,10 @@ static int adiantum_init_tfm(struct crypto_skcipher *tfm)
>  
>  	BUILD_BUG_ON(offsetofend(struct adiantum_request_ctx, u) !=
>  		     sizeof(struct adiantum_request_ctx));
> -	subreq_size = max(FIELD_SIZEOF(struct adiantum_request_ctx,
> +	subreq_size = max(sizeof_member(struct adiantum_request_ctx,
>  				       u.hash_desc) +
>  			  crypto_shash_descsize(hash),
> -			  FIELD_SIZEOF(struct adiantum_request_ctx,
> +			  sizeof_member(struct adiantum_request_ctx,
>  				       u.streamcipher_req) +
>  			  crypto_skcipher_reqsize(streamcipher));
>  
> 
> where the cocci script produces:
> 
> --- crypto/adiantum.c
> +++ /tmp/cocci-output-22881-d8186c-adiantum.c
> @@ -435,11 +435,11 @@ static int adiantum_init_tfm(struct cryp
>  
>  	BUILD_BUG_ON(offsetofend(struct adiantum_request_ctx, u) !=
>  		     sizeof(struct adiantum_request_ctx));
> -	subreq_size = max(FIELD_SIZEOF(struct adiantum_request_ctx,
> -				       u.hash_desc) +
> +	subreq_size = max(sizeof_member(struct adiantum_request_ctx,
> +					u.hash_desc) +
>  			  crypto_shash_descsize(hash),
> -			  FIELD_SIZEOF(struct adiantum_request_ctx,
> -				       u.streamcipher_req) +
> +			  sizeof_member(struct adiantum_request_ctx,
> +					u.streamcipher_req) +
>  			  crypto_skcipher_reqsize(streamcipher));
>  
>  	crypto_skcipher_set_reqsize(tfm,

I played with this a bit, and it seems Coccinelle can get this very very
wrong:

diff -u -p a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
--- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
@@ -87,13 +87,13 @@ static const struct rhashtable_params rh
 	 * value is not constant during the lifetime
 	 * of the key object.
 	 */
-	.key_len = FIELD_SIZEOF(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) -
-		   FIELD_SIZEOF(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
+	.key_len = sizeof_member(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) -
+	sizeof_member(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
 	.key_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) +
-		      FIELD_SIZEOF(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
-	.head_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hash),
-	.automatic_shrinking = true,
-	.min_size = 1,
+		      sizeof_member(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
+		      .head_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hash),
+		      .automatic_shrinking = true,
+		      .min_size = 1,
 };
 
 struct mlx5_fpga_ipsec {


So, since the sed is faster and causes fewer problems, I'll keep it
as-is.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ