Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On 06/04/2019 11.32, Borislav Petkov wrote: > On Fri, Apr 05, 2019 at 09:25:27AM -0700, Matthew Wilcox wrote: >> I don't think that's a good idea; we should only document functions we >> want other people to use. > > Yap. Exactly, not kernel-doc'ing was a deliberate choice. >> I could also go for renaming this to __size_ab_plus_c. > > Let's just leave it short as it is now - the comment should be good > enough. > > Btw, is anyone picking this up or should I? I'm fine with you picking it up. Here's a real changelog, feel free to edit. overflow.h: add comment documenting __ab_c_size() __ab_c_size() is a somewhat opaque name. Document its purpose, and while at it, rename the parameters to actually match the abc naming. Rasmus
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 09:25:27AM -0700, Matthew Wilcox wrote: > I don't think that's a good idea; we should only document functions we > want other people to use. Yap. > I could also go for renaming this to __size_ab_plus_c. Let's just leave it short as it is now - the comment should be good enough. Btw, is anyone picking this up or should I? Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 09:13:24AM -0700, Kees Cook wrote: > On Fri, Apr 5, 2019 at 1:24 AM Borislav Petkov wrote: > > > > On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote: > > > On 05/04/2019 09.52, Borislav Petkov wrote: > > > > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote: > > > > > > >> It computes a*b+c with overflow checking at each step. calc_size > > > >> is way too generic and doesn't say anything at all about how the > > > >> calc(ulation) is done. > > > > > > > > Ok, whatever. > > > > > > > > Then it would need at least a comment above it to state what it does. I > > > > don't want to go and parse the macros each time. > > > > > > It's an internal helper, and struct_size is fully kernel-doc'ed. But > > > yeah, a comment wouldn't hurt, and let's rename the parameters so they > > > match the abc naming. > > > > > > diff --git a/include/linux/overflow.h b/include/linux/overflow.h > > > index 40b48e2133cb..6534a727cadb 100644 > > > --- a/include/linux/overflow.h > > > +++ b/include/linux/overflow.h > > > @@ -278,11 +278,15 @@ static inline __must_check size_t > > > array3_size(size_t a, size_t b, size_t c) > > > return bytes; > > > } > > > > > > -static inline __must_check size_t __ab_c_size(size_t n, size_t size, > > > size_t c) > > > +/* > > > + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for > > > + * struct_size() below. > > > + */ > > May as well make this kern-doc too? I don't think that's a good idea; we should only document functions we want other people to use. > > > +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t > > > c) I could also go for renaming this to __size_ab_plus_c. For a bit of history ... the origins of this was a system which had alloc_ab (a * b) alloc_abc (a * b * c) alloc_ab_c (a * b + c) alloc_ab_cd (a * b + c * d) In the process of getting it upstreamed, it changed from kmalloc_ab_c to kmalloc(struct_size(...)) and we never bothered to change the name of __ab_c_size().
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 5, 2019 at 1:24 AM Borislav Petkov wrote:
>
> On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote:
> > On 05/04/2019 09.52, Borislav Petkov wrote:
> > > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:
> >
> > >> It computes a*b+c with overflow checking at each step. calc_size
> > >> is way too generic and doesn't say anything at all about how the
> > >> calc(ulation) is done.
> > >
> > > Ok, whatever.
> > >
> > > Then it would need at least a comment above it to state what it does. I
> > > don't want to go and parse the macros each time.
> >
> > It's an internal helper, and struct_size is fully kernel-doc'ed. But
> > yeah, a comment wouldn't hurt, and let's rename the parameters so they
> > match the abc naming.
> >
> > diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> > index 40b48e2133cb..6534a727cadb 100644
> > --- a/include/linux/overflow.h
> > +++ b/include/linux/overflow.h
> > @@ -278,11 +278,15 @@ static inline __must_check size_t
> > array3_size(size_t a, size_t b, size_t c)
> > return bytes;
> > }
> >
> > -static inline __must_check size_t __ab_c_size(size_t n, size_t size,
> > size_t c)
> > +/*
> > + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
> > + * struct_size() below.
> > + */
May as well make this kern-doc too?
> > +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
> > {
> > size_t bytes;
> >
> > - if (check_mul_overflow(n, size, ))
> > + if (check_mul_overflow(a, b, ))
> > return SIZE_MAX;
> > if (check_add_overflow(bytes, c, ))
> > return SIZE_MAX;
> >
> >
>
> Reported-by: Borislav Petkov
> Acked-by: Borislav Petkov
Acked-by: Kees Cook
--
Kees Cook
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 10:09:31AM +0200, Rasmus Villemoes wrote:
> On 05/04/2019 09.52, Borislav Petkov wrote:
> > On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:
>
> >> It computes a*b+c with overflow checking at each step. calc_size
> >> is way too generic and doesn't say anything at all about how the
> >> calc(ulation) is done.
> >
> > Ok, whatever.
> >
> > Then it would need at least a comment above it to state what it does. I
> > don't want to go and parse the macros each time.
>
> It's an internal helper, and struct_size is fully kernel-doc'ed. But
> yeah, a comment wouldn't hurt, and let's rename the parameters so they
> match the abc naming.
>
> diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> index 40b48e2133cb..6534a727cadb 100644
> --- a/include/linux/overflow.h
> +++ b/include/linux/overflow.h
> @@ -278,11 +278,15 @@ static inline __must_check size_t
> array3_size(size_t a, size_t b, size_t c)
> return bytes;
> }
>
> -static inline __must_check size_t __ab_c_size(size_t n, size_t size,
> size_t c)
> +/*
> + * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
> + * struct_size() below.
> + */
> +static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
> {
> size_t bytes;
>
> - if (check_mul_overflow(n, size, ))
> + if (check_mul_overflow(a, b, ))
> return SIZE_MAX;
> if (check_add_overflow(bytes, c, ))
> return SIZE_MAX;
>
>
Reported-by: Borislav Petkov
Acked-by: Borislav Petkov
Thx.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On 05/04/2019 09.52, Borislav Petkov wrote:
> On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote:
>> It computes a*b+c with overflow checking at each step. calc_size
>> is way too generic and doesn't say anything at all about how the
>> calc(ulation) is done.
>
> Ok, whatever.
>
> Then it would need at least a comment above it to state what it does. I
> don't want to go and parse the macros each time.
It's an internal helper, and struct_size is fully kernel-doc'ed. But
yeah, a comment wouldn't hurt, and let's rename the parameters so they
match the abc naming.
diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index 40b48e2133cb..6534a727cadb 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -278,11 +278,15 @@ static inline __must_check size_t
array3_size(size_t a, size_t b, size_t c)
return bytes;
}
-static inline __must_check size_t __ab_c_size(size_t n, size_t size,
size_t c)
+/*
+ * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for
+ * struct_size() below.
+ */
+static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c)
{
size_t bytes;
- if (check_mul_overflow(n, size, ))
+ if (check_mul_overflow(a, b, ))
return SIZE_MAX;
if (check_add_overflow(bytes, c, ))
return SIZE_MAX;
Rasmus
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On Fri, Apr 05, 2019 at 08:26:45AM +0200, Rasmus Villemoes wrote: > I like the current color. Color? > It computes a*b+c with overflow checking at each step. calc_size > is way too generic and doesn't say anything at all about how the > calc(ulation) is done. Ok, whatever. Then it would need at least a comment above it to state what it does. I don't want to go and parse the macros each time. Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
Re: [PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
On 05/04/2019 06.57, Borislav Petkov wrote: > From: Borislav Petkov > > ... to make its name readable to humans so that it can denote what that > helper does. I like the current color. It computes a*b+c with overflow checking at each step. calc_size is way too generic and doesn't say anything at all about how the calc(ulation) is done. Rasmus
[PATCH] overflow.h: Rename __ab_c_size() to __calc_size()
From: Borislav Petkov
... to make its name readable to humans so that it can denote what that
helper does.
No functional changes.
Signed-off-by: Borislav Petkov
Cc: Kees Cook
Cc: Matthew Wilcox
---
include/linux/overflow.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index 40b48e2133cb..a9cb77d54df0 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -278,7 +278,7 @@ static inline __must_check size_t array3_size(size_t a,
size_t b, size_t c)
return bytes;
}
-static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c)
+static inline __must_check size_t __calc_size(size_t n, size_t size, size_t c)
{
size_t bytes;
@@ -302,7 +302,7 @@ static inline __must_check size_t __ab_c_size(size_t n,
size_t size, size_t c)
* Return: number of bytes needed or SIZE_MAX on overflow.
*/
#define struct_size(p, member, n) \
- __ab_c_size(n, \
+ __calc_size(n, \
sizeof(*(p)->member) + __must_be_array((p)->member),\
sizeof(*(p)))
--
2.21.0
