lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <29ca9f764f07426093b570515dc8e025@AcuMS.aculab.com>
Date:   Sat, 2 Oct 2021 16:09:17 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Kees Cook' <keescook@...omium.org>,
        Alexei Starovoitov <ast@...nel.org>
CC:     Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
        "Gustavo A . R . Silva" <gustavoars@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>
Subject: RE: [PATCH bpf-next v2 2/2] bpf: Replace callers of BPF_CAST_CALL
 with proper function typedef

From: Kees Cook
> Sent: 29 September 2021 00:10
...
> In order to keep ahead of cases in the kernel where Control Flow
> Integrity (CFI) may trip over function call casts, enabling
> -Wcast-function-type is helpful. To that end, BPF_CAST_CALL causes
> various warnings and is one of the last places in the kernel
> triggering this warning.
...
> -static int bpf_for_each_array_elem(struct bpf_map *map, void *callback_fn,
> +static int bpf_for_each_array_elem(struct bpf_map *map, bpf_callback_t callback_fn,
>  				   void *callback_ctx, u64 flags)
>  {
>  	u32 i, key, num_elems = 0;
> @@ -668,9 +668,8 @@ static int bpf_for_each_array_elem(struct bpf_map *map, void *callback_fn,
>  			val = array->value + array->elem_size * i;
>  		num_elems++;
>  		key = i;
> -		ret = BPF_CAST_CALL(callback_fn)((u64)(long)map,
> -					(u64)(long)&key, (u64)(long)val,
> -					(u64)(long)callback_ctx, 0);
> +		ret = callback_fn((u64)(long)map, (u64)(long)&key,
> +				  (u64)(long)val, (u64)(long)callback_ctx, 0);
>  		/* return value: 0 - continue, 1 - stop and return */
>  		if (ret)
>  			break;

This is still entirely horrid and potentially error prone.
While a callback function seems a nice idea the code is
almost always better and much easier to read if some
kind of iterator function is used so that the calling
code is just a simple loop.
This is true even if you need a #define for the loop end.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ