| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jun 2021 04:46:06 +0530
From: Kumar Kartikeya Dwivedi <memxor@...il.com>
To: Toke Høiland-Jørgensen <toke@...hat.com>
Cc: netdev@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Jesper Dangaard Brouer <brouer@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Martin KaFai Lau <kafai@...com>, bpf@...r.kernel.org
Subject: Re: [PATCH net-next v3 2/5] bitops: add non-atomic bitops for
pointers
On Wed, Jun 23, 2021 at 04:03:06AM IST, Toke Høiland-Jørgensen wrote:
> Kumar Kartikeya Dwivedi <memxor@...il.com> writes:
>
> > On Wed, Jun 23, 2021 at 03:22:51AM IST, Toke Høiland-Jørgensen wrote:
> >> Kumar Kartikeya Dwivedi <memxor@...il.com> writes:
> >>
> >> > cpumap needs to set, clear, and test the lowest bit in skb pointer in
> >> > various places. To make these checks less noisy, add pointer friendly
> >> > bitop macros that also do some typechecking to sanitize the argument.
> >> >
> >> > These wrap the non-atomic bitops __set_bit, __clear_bit, and test_bit
> >> > but for pointer arguments. Pointer's address has to be passed in and it
> >> > is treated as an unsigned long *, since width and representation of
> >> > pointer and unsigned long match on targets Linux supports. They are
> >> > prefixed with double underscore to indicate lack of atomicity.
> >> >
> >> > Signed-off-by: Kumar Kartikeya Dwivedi <memxor@...il.com>
> >> > ---
> >> > include/linux/bitops.h | 19 +++++++++++++++++++
> >> > include/linux/typecheck.h | 10 ++++++++++
> >> > 2 files changed, 29 insertions(+)
> >> >
> >> > diff --git a/include/linux/bitops.h b/include/linux/bitops.h
> >> > index 26bf15e6cd35..a9e336b9fa4d 100644
> >> > --- a/include/linux/bitops.h
> >> > +++ b/include/linux/bitops.h
> >> > @@ -4,6 +4,7 @@
> >> >
> >> > #include <asm/types.h>
> >> > #include <linux/bits.h>
> >> > +#include <linux/typecheck.h>
> >> >
> >> > #include <uapi/linux/kernel.h>
> >> >
> >> > @@ -253,6 +254,24 @@ static __always_inline void __assign_bit(long nr, volatile unsigned long *addr,
> >> > __clear_bit(nr, addr);
> >> > }
> >> >
> >> > +#define __ptr_set_bit(nr, addr) \
> >> > + ({ \
> >> > + typecheck_pointer(*(addr)); \
> >> > + __set_bit(nr, (unsigned long *)(addr)); \
> >> > + })
> >> > +
> >> > +#define __ptr_clear_bit(nr, addr) \
> >> > + ({ \
> >> > + typecheck_pointer(*(addr)); \
> >> > + __clear_bit(nr, (unsigned long *)(addr)); \
> >> > + })
> >> > +
> >> > +#define __ptr_test_bit(nr, addr) \
> >> > + ({ \
> >> > + typecheck_pointer(*(addr)); \
> >> > + test_bit(nr, (unsigned long *)(addr)); \
> >> > + })
> >> > +
> >>
> >> Before these were functions that returned the modified values, now they
> >> are macros that modify in-place. Why the change? :)
> >>
> >
> > Given that we're exporting this to all kernel users now, it felt more
> > appropriate to follow the existing convention/argument order for the
> > functions/ops they are wrapping.
>
> I wasn't talking about the order of the arguments; swapping those is
> fine. But before, you had:
>
> static void *__ptr_set_bit(void *ptr, int bit)
>
> with usage (function return is the modified value):
> ret = ptr_ring_produce(rcpu->queue, __ptr_set_bit(skb, 0));
>
> now you have:
> #define __ptr_set_bit(nr, addr)
>
> with usage (modifies argument in-place):
> __ptr_set_bit(0, &skb);
> ret = ptr_ring_produce(rcpu->queue, skb);
>
> why change from function to macro?
>
Earlier it just took the pointer value and returned one with the bit set. I
changed it to work similar to __set_bit.
So such a function modifying in place doesn't allow seeing through what the type
of *addr is, it would have to take void * which would work with any pointer.
It's just a little more safe (so we can be sure casting to unsigned long * is
ok by inspecting the typeof(*addr) ).
> -Toke
>
--
Kartikeya
Powered by blists - more mailing lists