| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jun 2021 18:32:53 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Kumar Kartikeya Dwivedi <memxor@...il.com>
Cc: netdev@...r.kernel.org,
Toke Høiland-Jørgensen <toke@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Jesper Dangaard Brouer <brouer@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Martin KaFai Lau <kafai@...com>, bpf@...r.kernel.org
Subject: Re: [PATCH net-next v4 2/5] bitops: add non-atomic bitops for
pointers
On Mon, Jun 28, 2021 at 05:17:43PM +0530, Kumar Kartikeya Dwivedi wrote:
> cpumap needs to set, clear, and test the lowest bit in skb pointer in
> various places. To make these checks less noisy, add pointer friendly
> bitop macros that also do some typechecking to sanitize the argument.
>
> These wrap the non-atomic bitops __set_bit, __clear_bit, and test_bit
> but for pointer arguments. Pointer's address has to be passed in and it
> is treated as an unsigned long *, since width and representation of
> pointer and unsigned long match on targets Linux supports. They are
> prefixed with double underscore to indicate lack of atomicity.
>
> Reviewed-by: Toke Høiland-Jørgensen <toke@...hat.com>
> Signed-off-by: Kumar Kartikeya Dwivedi <memxor@...il.com>
> ---
> include/linux/bitops.h | 19 +++++++++++++++++++
> include/linux/typecheck.h | 10 ++++++++++
> 2 files changed, 29 insertions(+)
>
> diff --git a/include/linux/bitops.h b/include/linux/bitops.h
> index 26bf15e6cd35..a9e336b9fa4d 100644
> --- a/include/linux/bitops.h
> +++ b/include/linux/bitops.h
> @@ -4,6 +4,7 @@
>
> #include <asm/types.h>
> #include <linux/bits.h>
> +#include <linux/typecheck.h>
>
> #include <uapi/linux/kernel.h>
>
> @@ -253,6 +254,24 @@ static __always_inline void __assign_bit(long nr, volatile unsigned long *addr,
> __clear_bit(nr, addr);
> }
>
> +#define __ptr_set_bit(nr, addr) \
> + ({ \
> + typecheck_pointer(*(addr)); \
> + __set_bit(nr, (unsigned long *)(addr)); \
> + })
> +
> +#define __ptr_clear_bit(nr, addr) \
> + ({ \
> + typecheck_pointer(*(addr)); \
> + __clear_bit(nr, (unsigned long *)(addr)); \
> + })
> +
> +#define __ptr_test_bit(nr, addr) \
> + ({ \
> + typecheck_pointer(*(addr)); \
> + test_bit(nr, (unsigned long *)(addr)); \
> + })
The use case is to use lower bits of pointers to store extra data, right?
The kernel is full of such tricks, so it's nice to formalize
the accessors, but the new macros need a comment and example
in this file.
> +
> #ifdef __KERNEL__
>
> #ifndef set_mask_bits
> diff --git a/include/linux/typecheck.h b/include/linux/typecheck.h
> index 20d310331eb5..33c78f27147a 100644
> --- a/include/linux/typecheck.h
> +++ b/include/linux/typecheck.h
> @@ -22,4 +22,14 @@
> (void)__tmp; \
> })
>
> +/*
> + * Check at compile that something is a pointer type.
'at compile time'.
> + * Always evaluates to 1 so you may use it easily in comparisons.
I would drop this sentence.
The copy-paste from typecheck() macro is making it too verbose. imo.
Kinda obvious what it does.
> + */
> +#define typecheck_pointer(x) \
> +({ typeof(x) __dummy; \
> + (void)sizeof(*__dummy); \
> + 1; \
> +})
> +
> #endif /* TYPECHECK_H_INCLUDED */
> --
> 2.31.1
>
Powered by blists - more mailing lists