diff mbox series

[1/2] stddef: Allow attributes to be used when creating flex arrays

Message ID 20240210011643.1706285-1-keescook@chromium.org
State New
Headers
Series stddef: Allow attributes to be used when creating flex arrays |

Commit Message

Kees Cook Feb. 10, 2024, 1:16 a.m. UTC 
  With the coming support for the __counted_by struct member attribute, we
will need a way to add such annotations to the places where
DECLARE_FLEX_ARRAY() is used. Introduce DECLARE_FLEX_ARRAY_ATTR() which
takes a third argument: the attributes to apply to the flexible array.

Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Keith Packard <keithp@keithp.com>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/linux/stddef.h      | 16 ++++++++++++++--
 include/uapi/linux/stddef.h | 25 +++++++++++++++++++------
 2 files changed, 33 insertions(+), 8 deletions(-)

Comments

Gustavo A. R. Silva Feb. 10, 2024, 3:47 a.m. UTC | #1 
On 2/9/24 19:16, Kees Cook wrote:
> With the coming support for the __counted_by struct member attribute, we
> will need a way to add such annotations to the places where
> DECLARE_FLEX_ARRAY() is used. Introduce DECLARE_FLEX_ARRAY_ATTR() which
> takes a third argument: the attributes to apply to the flexible array.
> 
> Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Keith Packard <keithp@keithp.com>
> Cc: Miguel Ojeda <ojeda@kernel.org>
> Cc: Alexey Dobriyan <adobriyan@gmail.com>
> Cc: Dmitry Antipov <dmantipov@yandex.ru>
> Signed-off-by: Kees Cook <keescook@chromium.org>

Nice!

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks
Rasmus Villemoes Feb. 13, 2024, 7:22 a.m. UTC | #2 
On 10/02/2024 02.16, Kees Cook wrote:
> With the coming support for the __counted_by struct member attribute, we
> will need a way to add such annotations to the places where
> DECLARE_FLEX_ARRAY() is used. Introduce DECLARE_FLEX_ARRAY_ATTR() which
> takes a third argument: the attributes to apply to the flexible array.
> 

> - * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union
> - *
> + * __DECLARE_FLEX_ARRAY_ATTR() - Declare a flexible array usable in a union
>   * @TYPE: The type of each flexible array element
>   * @NAME: The name of the flexible array member
> + * @ATTRS: The list of member attributes to apply
>   *
>   * In order to have a flexible array member in a union or alone in a
>   * struct, it needs to be wrapped in an anonymous struct with at least 1
>   * named member, but that member can be empty.
>   */
> -#define __DECLARE_FLEX_ARRAY(TYPE, NAME)	\
> +#define __DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, ATTRS)	\
>  	struct { \
>  		struct { } __empty_ ## NAME; \
> -		TYPE NAME[]; \
> +		TYPE NAME[] ATTRS; \
>  	}

Is it too ugly to not introduce a separate _ATTR macro but instead just do

#define __DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \
  ...
  TYPE NAME[] __VA_ARGS__;

?

Rasmus
Kees Cook Feb. 13, 2024, 11:20 p.m. UTC | #3 
On Tue, Feb 13, 2024 at 08:22:00AM +0100, Rasmus Villemoes wrote:
> On 10/02/2024 02.16, Kees Cook wrote:
> > With the coming support for the __counted_by struct member attribute, we
> > will need a way to add such annotations to the places where
> > DECLARE_FLEX_ARRAY() is used. Introduce DECLARE_FLEX_ARRAY_ATTR() which
> > takes a third argument: the attributes to apply to the flexible array.
> > 
> 
> > - * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union
> > - *
> > + * __DECLARE_FLEX_ARRAY_ATTR() - Declare a flexible array usable in a union
> >   * @TYPE: The type of each flexible array element
> >   * @NAME: The name of the flexible array member
> > + * @ATTRS: The list of member attributes to apply
> >   *
> >   * In order to have a flexible array member in a union or alone in a
> >   * struct, it needs to be wrapped in an anonymous struct with at least 1
> >   * named member, but that member can be empty.
> >   */
> > -#define __DECLARE_FLEX_ARRAY(TYPE, NAME)	\
> > +#define __DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, ATTRS)	\
> >  	struct { \
> >  		struct { } __empty_ ## NAME; \
> > -		TYPE NAME[]; \
> > +		TYPE NAME[] ATTRS; \
> >  	}
> 
> Is it too ugly to not introduce a separate _ATTR macro but instead just do
> 
> #define __DECLARE_FLEX_ARRAY(TYPE, NAME, ...) \
>   ...
>   TYPE NAME[] __VA_ARGS__;
> 
> ?

Oh, yes. That will be much nicer, I think! I will send a v2...
diff mbox series

Patch

diff --git a/include/linux/stddef.h b/include/linux/stddef.h
index 929d67710cc5..eb51f6727ecf 100644
--- a/include/linux/stddef.h
+++ b/include/linux/stddef.h
@@ -81,8 +81,20 @@  enum {
 	__struct_group(TAG, NAME, /* no attrs */, MEMBERS)
 
 /**
- * DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union
+ * DECLARE_FLEX_ARRAY_ATTR() - Declare a flexible array usable in a union
+ * @TYPE: The type of each flexible array element
+ * @NAME: The name of the flexible array member
+ * @ATTRS: The list of member attributes to apply
  *
+ * In order to have a flexible array member in a union or alone in a
+ * struct, it needs to be wrapped in an anonymous struct with at least 1
+ * named member, but that member can be empty.
+ */
+#define DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, ATTRS) \
+	__DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, ATTRS)
+
+/**
+ * DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union
  * @TYPE: The type of each flexible array element
  * @NAME: The name of the flexible array member
  *
@@ -91,6 +103,6 @@  enum {
  * named member, but that member can be empty.
  */
 #define DECLARE_FLEX_ARRAY(TYPE, NAME) \
-	__DECLARE_FLEX_ARRAY(TYPE, NAME)
+	DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, /* no attributes */)
 
 #endif
diff --git a/include/uapi/linux/stddef.h b/include/uapi/linux/stddef.h
index 2ec6f35cda32..5499c08ad011 100644
--- a/include/uapi/linux/stddef.h
+++ b/include/uapi/linux/stddef.h
@@ -31,24 +31,37 @@ 
 
 #ifdef __cplusplus
 /* sizeof(struct{}) is 1 in C++, not 0, can't use C version of the macro. */
-#define __DECLARE_FLEX_ARRAY(T, member)	\
-	T member[0]
+#define __DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, ATTRS)	\
+	TYPE NAME[0] ATTRS
+#define __DECLARE_FLEX_ARRAY(TYPE, NAME)		\
+	__DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, /* no attributes */)
 #else
 /**
- * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union
- *
+ * __DECLARE_FLEX_ARRAY_ATTR() - Declare a flexible array usable in a union
  * @TYPE: The type of each flexible array element
  * @NAME: The name of the flexible array member
+ * @ATTRS: The list of member attributes to apply
  *
  * In order to have a flexible array member in a union or alone in a
  * struct, it needs to be wrapped in an anonymous struct with at least 1
  * named member, but that member can be empty.
  */
-#define __DECLARE_FLEX_ARRAY(TYPE, NAME)	\
+#define __DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, ATTRS)	\
 	struct { \
 		struct { } __empty_ ## NAME; \
-		TYPE NAME[]; \
+		TYPE NAME[] ATTRS; \
 	}
+/**
+ * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union
+ * @TYPE: The type of each flexible array element
+ * @NAME: The name of the flexible array member
+ *
+ * In order to have a flexible array member in a union or alone in a
+ * struct, it needs to be wrapped in an anonymous struct with at least 1
+ * named member, but that member can be empty.
+ */
+#define __DECLARE_FLEX_ARRAY(TYPE, NAME)	\
+	__DECLARE_FLEX_ARRAY_ATTR(TYPE, NAME, /* no attributes */)
 #endif
 
 #ifndef __counted_by