On Thu, Jul 31, 2025 at 01:37:34PM +0100, Simon Horman wrote:
> While I appreciate the desire for improved performance and nicer code
> generation. I think the idea of writing 64 bits of data to the
> address of a 32 bit member of a structure goes against the direction
> of hardening work by Kees and others.
Agreed: it's better to avoid obscuring these details from the compiler
so it can have an "actual" view of the object sizes involved.
> Indeed, it seems to me this is the kind of thing that struct_group()
> aims to avoid.
>
> In this case struct group() doesn't seem like the best option,
> because it would provide a 64-bit buffer that we can memcpy into.
> But it seems altogether better to simply assign u64 value to a u64 member.
Agreed: with struct_group you get a sized pointer, and while you can
provide a struct tag to make it an assignable object, it doesn't make
too much sense here.
> So I'm wondering if an approach along the following lines is appropriate
> (Very lightly compile tested only!).
>
> And yes, there is room for improvement of the wording of the comment
> I included below.
>
> diff --git a/include/net/libeth/xdp.h b/include/net/libeth/xdp.h
> index f4880b50e804..a7d3d8e44aa6 100644
> --- a/include/net/libeth/xdp.h
> +++ b/include/net/libeth/xdp.h
> @@ -1283,11 +1283,7 @@ static inline void libeth_xdp_prepare_buff(struct
> libeth_xdp_buff *xdp,
> const struct page *page = __netmem_to_page(fqe->netmem);
>
> #ifdef __LIBETH_WORD_ACCESS
> - static_assert(offsetofend(typeof(xdp->base), flags) -
> - offsetof(typeof(xdp->base), frame_sz) ==
> - sizeof(u64));
> -
> - *(u64 *)&xdp->base.frame_sz = fqe->truesize;
> + xdp->base.frame_sz_le_qword = fqe->truesize;
> #else
> xdp_init_buff(&xdp->base, fqe->truesize, xdp->base.rxq);
> #endif
> diff --git a/include/net/xdp.h b/include/net/xdp.h
> index b40f1f96cb11..b5eedeb82c9b 100644
> --- a/include/net/xdp.h
> +++ b/include/net/xdp.h
> @@ -85,8 +85,19 @@ struct xdp_buff {
> void *data_hard_start;
> struct xdp_rxq_info *rxq;
> struct xdp_txq_info *txq;
> - u32 frame_sz; /* frame size to deduce data_hard_end/reserved tailroom*/
> - u32 flags; /* supported values defined in xdp_buff_flags */
> + union {
> + /* Allow setting frame_sz and flags as a single u64 on
> + * little endian systems. This may may give optimal
> + * performance. */
> + u64 frame_sz_le_qword;
> + struct {
> + /* Frame size to deduce data_hard_end/reserved
> + * tailroom. */
> + u32 frame_sz;
> + /* Supported values defined in xdp_buff_flags. */
> + u32 flags;
> + };
> + };
> };
Yeah, this looks like a nice way to express this, and is way more
descriptive than "(u64 *)&xdp->base.frame_sz" :)
--
Kees Cook
