Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On 06/04/2019 11.32, Borislav Petkov wrote: > On Fri, Apr 05, 2019 at 09:25:27AM -0700, Matthew Wilcox wrote: >> I don't think that's a good idea; we should only document functions we >> want other people to use. > > Yap. Exactly, not kernel-doc'ing was a deliberate choice. >> I could also go for renaming this to __size_ab_plus_c. > > Let's just leave it short as it is now - the comment should be good > enough. > > Btw, is anyone picking this up or should I? I'm fine with you picking it up. Here's a real changelog, feel free to edit. overflow.h: add comment documenting __ab_c_size() __ab_c_size() is a somewhat opaque name. Document its purpose, and while at it, rename the parameters to actually match the abc naming. Rasmus
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 09:25:27AM -0700, Matthew Wilcox wrote: > I don't think that's a good idea; we should only document functions we > want other people to use. Yap. > I could also go for renaming this to __size_ab_plus_c. Let's just leave it short as it is now - the comment should be good enough. Btw, is anyone picking this up or should I? Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 09:13:24AM -0700, Kees Cook wrote: > On Fri, Apr 5, 2019 at 1:24 AM Borislav Petkov wrote: > > > > On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote: > > > On 05/04/2019 09.52, Borislav Petkov wrote: > > > > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote: > > > > > > >> It computes a*b+c with overflow checking at each step. calc_size > > > >> is way too generic and doesn't say anything at all about how the > > > >> calc(ulation) is done. > > > > > > > > Ok, whatever. > > > > > > > > Then it would need at least a comment above it to state what it does. I > > > > don't want to go and parse the macros each time. > > > > > > It's an internal helper, and struct_size is fully kernel-doc'ed. But > > > yeah, a comment wouldn't hurt, and let's rename the parameters so they > > > match the abc naming. > > > > > > diff --git a/include/linux/overflow.h b/include/linux/overflow.h > > > index 40b48e2133cb..6534a727cadb 100644 > > > --- a/include/linux/overflow.h > > > +++ b/include/linux/overflow.h > > > @@ -278,11 +278,15 @@ static inline __must_check size_t > > > array3_size(size_t a, size_t b, size_t c) > > > return bytes; > > > } > > > > > > -static inline __must_check size_t __ab_c_size(size_t n, size_t size, > > > size_t c) > > > +/* > > > + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for > > > + * struct_size() below. > > > + */ > > May as well make this kern-doc too? I don't think that's a good idea; we should only document functions we want other people to use. > > > +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t > > > c) I could also go for renaming this to __size_ab_plus_c. For a bit of history ... the origins of this was a system which had alloc_ab (a * b) alloc_abc (a * b * c) alloc_ab_c (a * b + c) alloc_ab_cd (a * b + c * d) In the process of getting it upstreamed, it changed from kmalloc_ab_c to kmalloc(struct_size(...)) and we never bothered to change the name of __ab_c_size().
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 5, 2019 at 1:24 AM Borislav Petkov wrote: > > On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote: > > On 05/04/2019 09.52, Borislav Petkov wrote: > > > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote: > > > > >> It computes a*b+c with overflow checking at each step. calc_size > > >> is way too generic and doesn't say anything at all about how the > > >> calc(ulation) is done. > > > > > > Ok, whatever. > > > > > > Then it would need at least a comment above it to state what it does. I > > > don't want to go and parse the macros each time. > > > > It's an internal helper, and struct_size is fully kernel-doc'ed. But > > yeah, a comment wouldn't hurt, and let's rename the parameters so they > > match the abc naming. > > > > diff --git a/include/linux/overflow.h b/include/linux/overflow.h > > index 40b48e2133cb..6534a727cadb 100644 > > --- a/include/linux/overflow.h > > +++ b/include/linux/overflow.h > > @@ -278,11 +278,15 @@ static inline __must_check size_t > > array3_size(size_t a, size_t b, size_t c) > > return bytes; > > } > > > > -static inline __must_check size_t __ab_c_size(size_t n, size_t size, > > size_t c) > > +/* > > + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for > > + * struct_size() below. > > + */ May as well make this kern-doc too? > > +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c) > > { > > size_t bytes; > > > > - if (check_mul_overflow(n, size, )) > > + if (check_mul_overflow(a, b, )) > > return SIZE_MAX; > > if (check_add_overflow(bytes, c, )) > > return SIZE_MAX; > > > > > > Reported-by: Borislav Petkov > Acked-by: Borislav Petkov Acked-by: Kees Cook -- Kees Cook
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote: > On 05/04/2019 09.52, Borislav Petkov wrote: > > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote: > > >> It computes a*b+c with overflow checking at each step. calc_size > >> is way too generic and doesn't say anything at all about how the > >> calc(ulation) is done. > > > > Ok, whatever. > > > > Then it would need at least a comment above it to state what it does. I > > don't want to go and parse the macros each time. > > It's an internal helper, and struct_size is fully kernel-doc'ed. But > yeah, a comment wouldn't hurt, and let's rename the parameters so they > match the abc naming. > > diff --git a/include/linux/overflow.h b/include/linux/overflow.h > index 40b48e2133cb..6534a727cadb 100644 > --- a/include/linux/overflow.h > +++ b/include/linux/overflow.h > @@ -278,11 +278,15 @@ static inline __must_check size_t > array3_size(size_t a, size_t b, size_t c) > return bytes; > } > > -static inline __must_check size_t __ab_c_size(size_t n, size_t size, > size_t c) > +/* > + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for > + * struct_size() below. > + */ > +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c) > { > size_t bytes; > > - if (check_mul_overflow(n, size, )) > + if (check_mul_overflow(a, b, )) > return SIZE_MAX; > if (check_add_overflow(bytes, c, )) > return SIZE_MAX; > > Reported-by: Borislav Petkov Acked-by: Borislav Petkov Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On 05/04/2019 09.52, Borislav Petkov wrote: > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote: >> It computes a*b+c with overflow checking at each step. calc_size >> is way too generic and doesn't say anything at all about how the >> calc(ulation) is done. > > Ok, whatever. > > Then it would need at least a comment above it to state what it does. I > don't want to go and parse the macros each time. It's an internal helper, and struct_size is fully kernel-doc'ed. But yeah, a comment wouldn't hurt, and let's rename the parameters so they match the abc naming. diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 40b48e2133cb..6534a727cadb 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -278,11 +278,15 @@ static inline __must_check size_t array3_size(size_t a, size_t b, size_t c) return bytes; } -static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c) +/* + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for + * struct_size() below. + */ +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c) { size_t bytes; - if (check_mul_overflow(n, size, )) + if (check_mul_overflow(a, b, )) return SIZE_MAX; if (check_add_overflow(bytes, c, )) return SIZE_MAX; Rasmus
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote: > I like the current color. Color? > It computes a*b+c with overflow checking at each step. calc_size > is way too generic and doesn't say anything at all about how the > calc(ulation) is done. Ok, whatever. Then it would need at least a comment above it to state what it does. I don't want to go and parse the macros each time. Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On 05/04/2019 06.57, Borislav Petkov wrote: > From: Borislav Petkov > > ... to make its name readable to humans so that it can denote what that > helper does. I like the current color. It computes a*b+c with overflow checking at each step. calc_size is way too generic and doesn't say anything at all about how the calc(ulation) is done. Rasmus
[PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
From: Borislav Petkov ... to make its name readable to humans so that it can denote what that helper does. No functional changes. Signed-off-by: Borislav Petkov Cc: Kees Cook Cc: Matthew Wilcox --- include/linux/overflow.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 40b48e2133cb..a9cb77d54df0 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -278,7 +278,7 @@ static inline __must_check size_t array3_size(size_t a, size_t b, size_t c) return bytes; } -static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c) +static inline __must_check size_t __calc_size(size_t n, size_t size, size_t c) { size_t bytes; @@ -302,7 +302,7 @@ static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c) * Return: number of bytes needed or SIZE_MAX on overflow. */ #define struct_size(p, member, n) \ - __ab_c_size(n, \ + __calc_size(n, \ sizeof(*(p)->member) + __must_be_array((p)->member),\ sizeof(*(p))) -- 2.21.0