On Wed, Feb 28, 2024 at 02:41:48PM -0800, Jakub Kicinski wrote:
> On Wed, 28 Feb 2024 13:46:10 -0800 Kees Cook wrote:
> > I really don't like hiding these trailing allocations from the compiler.
> > Why can't something like this be done (totally untested):
> >
> >
> > diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> > index 118c40258d07..dae6df4fb177 100644
> > --- a/include/linux/netdevice.h
> > +++ b/include/linux/netdevice.h
> > @@ -2475,6 +2475,8 @@ struct net_device {
> > /** @page_pools: page pools created for this netdevice */
> > struct hlist_head page_pools;
> > #endif
> > + u32 priv_size;
> > + u8 priv_data[] __counted_by(priv_size)
> > __aligned(NETDEV_ALIGN);
>
> I like, FWIW, please submit! :)
So, I found several cases where struct net_device is included in the
middle of another structure, which makes my proposal more awkward. But I
also don't understand why it's in the _middle_. Shouldn't it always be
at the beginning (with priv stuff following it?)
Quick search and examined manually: git grep 'struct net_device [a-z0-9_]*;'
struct rtw89_dev
struct ath10k
etc.
Some even have two included (?)
But I still like the idea -- Gustavo has been solving these cases with
having two structs, e.g.:
struct net_device {
...unchanged...
};
struct net_device_alloc {
struct net_device dev;
u32 priv_size;
u8 priv_data[] __counted_by(priv_size)
__aligned(NETDEV_ALIGN);
};
And internals can use struct net_device_alloc...
-Kees
--
Kees Cook
