Re: [PATCH v2] net: Protect INET_ADDR_COOKIE on 32-bit architectures
From: Stephen Kitt
Date: Sat May 09 2020 - 15:13:07 EST
On Sat, 9 May 2020 10:59:14 -0700, Jakub Kicinski <kuba@xxxxxxxxxx> wrote:
> On Sat, 9 May 2020 10:13:22 +0200 Stephen Kitt wrote:
> > On Fri, 8 May 2020 20:50:25 -0700, Jakub Kicinski <kuba@xxxxxxxxxx>
> > wrote:
> > > On Fri, 8 May 2020 14:04:57 +0200 Stephen Kitt wrote:
> > > > Commit c7228317441f ("net: Use a more standard macro for
> > > > INET_ADDR_COOKIE") added a __deprecated marker to the cookie name on
> > > > 32-bit architectures, with the intent that the compiler would flag
> > > > uses of the name. However since commit 771c035372a0 ("deprecate the
> > > > '__deprecated' attribute warnings entirely and for good"),
> > > > __deprecated doesn't do anything and should be avoided.
> > > >
> > > > This patch changes INET_ADDR_COOKIE to declare a dummy struct so that
> > > > any subsequent use of the cookie's name will in all likelihood break
> > > > the build. It also removes the __deprecated marker.
> > >
> > > I think the macro is supposed to cause a warning when the variable
> > > itself is accessed. And I don't think that happens with your patch
> > > applied.
> >
> > Yes, the warning is what was lost when __deprecated lost its meaning. I
> > was trying to preserve that, or rather extend it so that the build would
> > break if the cookie was used on 32-bit architectures, and my patch
> > ensures it does if the cookie is used in a comparison or assignment,
> > but ...
> > > + kfree(&acookie);
> >
> > I hadnât thought of taking a pointer to it.
> >
> > If we want to preserve the use of the macro with a semi-colon, which is
> > what Joeâs patch introduced (along with the deprecation warning), we
> > still need some sort of declaration which canât be used. Perhaps
> >
> > #define INET_ADDR_COOKIE(__name, __saddr, __daddr) \
> > struct __name {} __attribute__((unused))
> >
> > would be better â it declares the cookie as a struct, not a variable, so
> > then the build fails if the cookie is used as anything other than a
> > struct. If anyone does try to use it as a struct, the build will fail on
> > 64-bit architectures...
> >
> > CC net/ipv4/inet_hashtables.o
> > net/ipv4/inet_hashtables.c: In function â__inet_lookup_establishedâ:
> > net/ipv4/inet_hashtables.c:362:9: error: âacookieâ undeclared (first use
> > in this function) kfree(&acookie);
> > ^~~~~~~
> > net/ipv4/inet_hashtables.c:362:9: note: each undeclared identifier is
> > reported only once for each function it appears in make[2]: ***
> > [scripts/Makefile.build:267: net/ipv4/inet_hashtables.o] Error 1 make[1]:
> > *** [scripts/Makefile.build:488: net/ipv4] Error 2 make: ***
> > Makefile:1722: net] Error 2
>
> Hm. That does seem better. Although thinking about it - we will not get
> a warning when someone declares a variable with the same name..
Good point!
> What if we went back to your original proposal of an empty struct but
> added in an extern in front? That way we should get linker error on
> pointer references.
That silently fails to fail if any other link object provides a definition
for the symbol, even if the type doesnât match...
I thought of
register struct {} __name __attribute__((unused))
but that really feels like tacking on more stuff to handle cases as we think
of them, which makes me wonder what cases Iâm not thinking of.
Regards,
Stephen
Attachment:
pgp8kEc45Z3Z7.pgp
Description: OpenPGP digital signature