From: Johannes Berg
> Sent: 05 May 2022 21:13
> On Thu, 2022-05-05 at 13:08 -0700, Keith Packard wrote:
>
>
> > I bet you've already considered the simpler form:
> >
> > struct something *instance = mem_to_flex_dup(byte_array, count,
> > GFP_KERNEL);
> > if (IS_ERR(instance))
> >
Kees Cook writes:
> I don't think I can do a declaration and an expression statement at the
> same time with different scopes, but that would be kind of cool. We did
> just move to c11 to gain the in-loop iterator declarations...
Yeah, you'd end up creating a statement-level macro, and I think t
On Thu, May 05, 2022 at 03:16:19PM +0200, Johannes Berg wrote:
> On Wed, 2022-05-04 at 08:38 -0700, Kees Cook wrote:
> >
> > It seemed like requiring a structure be rearranged to take advantage of
> > the "automatic layout introspection" wasn't very friendly. On the other
> > hand, looking at the
On Thu, May 05, 2022 at 08:16:11AM -0700, Keith Packard wrote:
> Johannes Berg writes:
>
> > Yeah, dunno, I guess I'm slightly more on the side of not requiring it,
> > since we don't do the same for kmalloc() etc. and probably really
> > wouldn't want to add kmalloc_s() that does it ;-)
>
> I s
On Thu, 2022-05-05 at 13:08 -0700, Keith Packard wrote:
> I bet you've already considered the simpler form:
>
> struct something *instance = mem_to_flex_dup(byte_array, count,
> GFP_KERNEL);
> if (IS_ERR(instance))
> return PTR_ERR(instance);
>
Sadly, this doesn't
Johannes Berg writes:
> Yeah, dunno, I guess I'm slightly more on the side of not requiring it,
> since we don't do the same for kmalloc() etc. and probably really
> wouldn't want to add kmalloc_s() that does it ;-)
I suspect the number of bugs this catches will be small, but they'll be
in place
On Wed, 2022-05-04 at 08:38 -0700, Kees Cook wrote:
>
> It seemed like requiring a structure be rearranged to take advantage of
> the "automatic layout introspection" wasn't very friendly. On the other
> hand, looking at the examples, most of them are already neighboring
> members. Hmmm.
A lot of
From: Kees Cook
> Sent: 04 May 2022 16:38
...
> > > struct something *instance = NULL;
> > > int rc;
> > >
> > > rc = mem_to_flex_dup(&instance, byte_array, count, GFP_KERNEL);
> > > if (rc)
> > > return rc;
> >
> > This seems rather awkward, having to set it to NULL, then c
On Wed, May 04, 2022 at 09:25:56AM +0200, Johannes Berg wrote:
> On Tue, 2022-05-03 at 18:44 -0700, Kees Cook wrote:
> >
> > For example, using the most complicated helper, mem_to_flex_dup():
> >
> > /* Flexible array struct with members identified. */
> > struct something {
> > i
On Tue, 2022-05-03 at 18:44 -0700, Kees Cook wrote:
>
> For example, using the most complicated helper, mem_to_flex_dup():
>
> /* Flexible array struct with members identified. */
> struct something {
> int mode;
> DECLARE_FLEX_ARRAY_ELEMENTS_COUNT(int, how_many);
>
The compiler is not able to automatically perform bounds checking
on structures that end in flexible arrays: __builtin_object_size()
is compile-time only. Any possible run-time checks are currently
short-circuited because there isn't an obvious common way to figure out
the bounds of such a structur
11 matches
Mail list logo
