subject:"Re\: \[PATCH 04\/19\] mm\: assert that we preserve header vs region alignment"

Re: [PATCH 04/19] mm: assert that we preserve header vs region alignment

2022-03-24 Thread Daniel Kiper

On Wed, Mar 23, 2022 at 04:47:51PM +1100, Daniel Axtens wrote:
> > s/struct grub_mm_region/grub_mm_region_t/
> > s/struct grub_mm_header/grub_mm_header_t/
>
> The problem is that grub_mm_{region,header}_t is a pointer type, not a
> struct type. So sizeof (grub_mm_region_t) == sizeof(void *). You also
> can't do sizeof (*grub_mm_region_t), because you can't dereference a
> type. If there's a better way to express this I am open to it, but for
> now I will stick with the struct type...

OK.

> >> + sizeof(struct grub_mm_header)) == 0);
> >
> > I think this check is insufficient. The GRUB_MM_ALIGN should be checked
> > somehow too. E.g. if sizeof(struct grub_mm_region) == 16,
> > sizeof(struct grub_mm_header) == 8 and GRUB_MM_ALIGN == 32 then assert
> > above will pass but the GRUB will blow up later. Of course numbers are not
> > real but I chose them to show the problem. Hmmm... If we could choose
> > grub_mm_region_t and grub_mm_header_t sizes properly then probably we
> > could drop GRUB_MM_ALIGN...
> >
>
> I have added that sizeof(struct header) == GRUB_MM_ALIGN. GRUB_MM_ALIGN
> is supposed to align you to a cell, and a header is supposed to be 1
> cell.

Cool!

> We probably _could_ do away with the constant but I think that requires
> a bit more close thought.

Yeah, I think additional GRUB_MM_ALIGN check is enough right now.
It does not make sense to spent more time on this and block the
other series any longer.

Thanks,

Daniel

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH 04/19] mm: assert that we preserve header vs region alignment

2022-03-22 Thread Daniel Axtens


> s/struct grub_mm_region/grub_mm_region_t/
> s/struct grub_mm_header/grub_mm_header_t/

The problem is that grub_mm_{region,header}_t is a pointer type, not a
struct type. So sizeof (grub_mm_region_t) == sizeof(void *). You also
can't do sizeof (*grub_mm_region_t), because you can't dereference a
type. If there's a better way to express this I am open to it, but for
now I will stick with the struct type...

>
>> +   sizeof(struct grub_mm_header)) == 0);
>
> I think this check is insufficient. The GRUB_MM_ALIGN should be checked
> somehow too. E.g. if sizeof(struct grub_mm_region) == 16,
> sizeof(struct grub_mm_header) == 8 and GRUB_MM_ALIGN == 32 then assert
> above will pass but the GRUB will blow up later. Of course numbers are not
> real but I chose them to show the problem. Hmmm... If we could choose
> grub_mm_region_t and grub_mm_header_t sizes properly then probably we
> could drop GRUB_MM_ALIGN...
>

I have added that sizeof(struct header) == GRUB_MM_ALIGN. GRUB_MM_ALIGN
is supposed to align you to a cell, and a header is supposed to be 1
cell.

We probably _could_ do away with the constant but I think that requires
a bit more close thought.

Kind regards,
Daniel

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH 04/19] mm: assert that we preserve header vs region alignment

2021-10-20 Thread Daniel Kiper

On Tue, Oct 12, 2021 at 06:29:53PM +1100, Daniel Axtens wrote:
> grub_mm_region_init() does:
>
>   h = (grub_mm_header_t) (r + 1);
>
> where h is a grub_mm_header_t and r is a grub_mm_region_t.
>
> Cells are supposed to be GRUB_MM_ALIGN aligned, but while grub_mm_dump
> ensures this vs the region header, grub_mm_region_init() does not.
>
> It's better to be explicit than implicit here: rather than changing
> grub_mm_region_init() to ALIGN_UP(), require that the struct is
> explictly a multiple of the header size.
>
> Signed-off-by: Daniel Axtens 
> ---
>  include/grub/mm_private.h | 8 
>  1 file changed, 8 insertions(+)
>
> diff --git a/include/grub/mm_private.h b/include/grub/mm_private.h
> index e80a059dd4e4..533b47173e18 100644
> --- a/include/grub/mm_private.h
> +++ b/include/grub/mm_private.h
> @@ -20,6 +20,7 @@
>  #define GRUB_MM_PRIVATE_H1
>
>  #include 
> +#include 
>
>  /* Magic words.  */
>  #define GRUB_MM_FREE_MAGIC   0x2d3c2808
> @@ -82,4 +83,11 @@ typedef struct grub_mm_region
>  extern grub_mm_region_t EXPORT_VAR (grub_mm_base);
>  #endif
>
> +static inline void grub_mm_size_sanity_check(void) {

static inline void
grub_mm_size_sanity_check (void)
{

> +  /* Ensure we preserve alignment when doing h = (grub_mm_header_t) (r + 1) 
> */
> +  COMPILE_TIME_ASSERT((sizeof(struct grub_mm_region) %

Missing spaces before "(" above and below...

s/struct grub_mm_region/grub_mm_region_t/
s/struct grub_mm_header/grub_mm_header_t/

> +sizeof(struct grub_mm_header)) == 0);

I think this check is insufficient. The GRUB_MM_ALIGN should be checked
somehow too. E.g. if sizeof(struct grub_mm_region) == 16,
sizeof(struct grub_mm_header) == 8 and GRUB_MM_ALIGN == 32 then assert
above will pass but the GRUB will blow up later. Of course numbers are not
real but I chose them to show the problem. Hmmm... If we could choose
grub_mm_region_t and grub_mm_header_t sizes properly then probably we
could drop GRUB_MM_ALIGN...

Daniel

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH 04/19] mm: assert that we preserve header vs region alignment

Re: [PATCH 04/19] mm: assert that we preserve header vs region alignment

Re: [PATCH 04/19] mm: assert that we preserve header vs region alignment

3 matches

Site Navigation

Mail list logo

Footer information