From patchwork Mon Jul  8 19:18:35 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <kees@kernel.org>
X-Patchwork-Id: 13726981
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7EA05C3271E
	for <linux-mm@archiver.kernel.org>; Mon,  8 Jul 2024 19:18:50 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id DAF6A6B009D; Mon,  8 Jul 2024 15:18:45 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D2CA26B00A2; Mon,  8 Jul 2024 15:18:45 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id ABE0F6B00A0; Mon,  8 Jul 2024 15:18:45 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 793CC6B009D
	for <linux-mm@kvack.org>; Mon,  8 Jul 2024 15:18:45 -0400 (EDT)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 2533F1414EA
	for <linux-mm@kvack.org>; Mon,  8 Jul 2024 19:18:45 +0000 (UTC)
X-FDA: 82317547410.30.FE7D010
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf13.hostedemail.com (Postfix) with ESMTP id 5D65F2001C
	for <linux-mm@kvack.org>; Mon,  8 Jul 2024 19:18:42 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=qBzSORRQ;
	spf=pass (imf13.hostedemail.com: domain of kees@kernel.org designates
 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org;
	dmarc=pass (policy=none) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1720466293;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=5V+aJfV9/dqK8pFaNzdwTIgoS/R65iSPO9x9GA0MCOw=;
	b=KTg8pRjQS8fViBDfX46w0RaptLGgRNOSoH7sp6sdqoe6Uf65wEbruMxypc4dJZ5TvhpWCs
	eFAusLEXadrCVjZrDzlA47nblv/1O8e541GdhkW8SNzCeiLiW5CFbzrTfvZnI+YtJVvHXp
	xKyGaragfk/p20mhuujMGkRuS5WGLKg=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720466293; a=rsa-sha256;
	cv=none;
	b=5AV4WgjVokVZ8gjwUG+fE0SLkKd+Kpmrh1Z5RdnNDijCPX7IsQL1IR7tIjsPt1TBQ37tmM
	paWWXwL0VrTEWrLRrUGLyLhFQAbJwbRHWLox7czbbLoKE1jnxvZukUb4qhc9vYw2p5LLb3
	cjteqG239cFIlPLMjhaUVminLaxlakU=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=qBzSORRQ;
	spf=pass (imf13.hostedemail.com: domain of kees@kernel.org designates
 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org;
	dmarc=pass (policy=none) header.from=kernel.org
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id 7B0AB61087;
	Mon,  8 Jul 2024 19:18:41 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27D04C116B1;
	Mon,  8 Jul 2024 19:18:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1720466321;
	bh=O6uIF+RFb01/GkReF4c6yk0p7sEtVWsPKR+FVmZnPi8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=qBzSORRQiLiff8Gt65xgdcsif3RTxeKz1s8jxuUpFcPqCg4GXqfeY60Bp5Sr6NDt6
	 sKm8ByWTr7nsPxBThcQ0eygZzbQTbpCYfSbOQ3Grh1Q1/B0cSm0bFBgb4YLLpLxNZe
	 7QtTgO0VXe5kn0ThiO9iDjja/Mt4+pBB9FoYcOUN/408klWc7JTeIJuOIfQdJGijVr
	 FUGJlud2dIurrddrGyqjk1TGBu5yxqMJTZzOYpZLVTZRsk0uSbFD9m+4yS9QPJm7JY
	 HbBiA53Tyrm+FS03p4QLenM8NH6KgwCPl/StdCn69LCQuH4t5Q5gwf6Q9ttbnovGPZ
	 o3Ttn6Sviffag==
From: Kees Cook <kees@kernel.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Kees Cook <kees@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Miguel Ojeda <ojeda@kernel.org>,
	Marco Elver <elver@google.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Hao Luo <haoluo@google.com>,
	Przemek Kitszel <przemyslaw.kitszel@intel.com>,
	Jann Horn <jannh@google.com>,
	Tony Luck <tony.luck@intel.com>,
	Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	"Guilherme G. Piccoli" <gpiccoli@igalia.com>,
	Mark Rutland <mark.rutland@arm.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Petr Pavlu <petr.pavlu@suse.com>,
	Alexander Lobakin <aleksander.lobakin@intel.com>,
	Tony Ambardar <tony.ambardar@gmail.com>,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Subject: [RFC][PATCH 1/4] compiler_types: Add integral/pointer type helper
 macros
Date: Mon,  8 Jul 2024 12:18:35 -0700
Message-Id: <20240708191840.335463-1-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240708190924.work.846-kees@kernel.org>
References: <20240708190924.work.846-kees@kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3006; i=kees@kernel.org;
 h=from:subject; bh=O6uIF+RFb01/GkReF4c6yk0p7sEtVWsPKR+FVmZnPi8=;
 b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmjDuOeb7yBgPyjlDL1Ai4m2QU+GxeSGQAOayAT
 TMFTIpLqQ+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZow7jgAKCRCJcvTf3G3A
 JnhED/9Lhq1R3gm7NGEM0GLkbRQxXYQbYhq2A0e8dvTbqL1MASPu1YC5TcrbqV5beglnN39elKy
 8h3QpI2J9XUnMTLYTBEg5lDLW+1z+31YXjNB25ZFCc+Ctpj+wcNCSlYnp9ANujR+cahpM0JckAj
 oOLtGwZ/Mx6+6qGV5Jz/BZPjL9YWUc9zLyp2s257xHqZLXH/84hL1l+i87K67lDi/EQwOTxqNGX
 /6QC/nozNZtNkJYrkMQpcF8AYxDlf/xCAU/ErY3CYau8FFJT+uWUpT/y/QhZhq0J4v1TWqNeySe
 MpPzuTkvCGc6XOLP1cu2vGfY5H5zrDvLX8CnGAQM22FrntYKLQ/XKOgULWZeO1Vb5vY9rULYjGL
 4yYUDqpg2jeiYVUUyUIoLmMGtnIG+v0PqJiG5wTvdo7rTRjvKaoRyPWEvEX5wnFHyM9NldiATIQ
 j+cWxEy7WRl9Z3H6FGQv+UR21Ul3jIk1k8a4CQzxIE+uVMJastG3rPktpN8IpvYVJIfCPkljETR
 ZMhOUoc2JtV/UzFcSMe8G6dUx5ilIAuZmPNPMMYRYNx6XL7XtJGN1VpXifzym299nbhBmaUEHtG
 xuJ4YXvx0N7aHcyiK46IPzlAJRGalHwAm8hIfmUoBUbdZ1Ak6G0uCvYDOYTiBhB5L79fiI2Z6/y
 DSP5VB8ZDjqsgZA=
 =
X-Developer-Key: i=kees@kernel.org; a=openpgp;
 fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
X-Rspamd-Queue-Id: 5D65F2001C
X-Stat-Signature: gnbnp3ysxmwkgzpaaigcewwyhumcgthk
X-Rspamd-Server: rspam09
X-Rspam-User: 
X-HE-Tag: 1720466322-198230
X-HE-Meta: 
 U2FsdGVkX18shgDc1gXGuc4tt4s7jLsgUwYbj4wCS9FoFYyuFUnEZU4/IM0Zx6oNEtKUmbpRvZmcctQrLFkU8F5RoEXVBux88NGYtVaCHoto2f9QWTvzpFQqD948SxluQBD8IlOIYtCFmNzYsQv2oOUBw2DwBS7slH0q4eE9fxNIDGvvBttlrMFfhWuGVJWLrrlyIWlKoH0lJT6h7ePdqcGe4X4wgetizIjVsT+sIXe/xA4W2yC/Uh3n1EBCNyJHI0BxlTgJKh2dA1yolYW27w72yrqt3IVFj777jkb4Ujm1RoAysl73heO9q3BxaEvAlvHhekJTRPgjZNH4FBb4pngvOzLYbjLZQJrw80mG3zrJIse7vrIxk8LIo/aEHxLjB9VWWcG1aX/y7UAI3/AVgQc84EGNRR75/kypixmHOtoDX7Td39JkHUxs45tiOaGzQIQAghK6cKzGgoWz6bQSNNdyGjS2M01T5iPUvCg0kRS8uNJPL+kg//lrxVQE2jqEsLnXUGqdnjN+cS2arer22JUYKyIkRZWtpA9lxvyK8HaQiWHlC1KYbujlg449Qp241834h/Jl4Lj5X1kHkKbyvF0S6SnYI5M2vE3uKiEFOvpRJNTgUYdJHYQ6IgPLALomNfz6HLGkOAU4E4A9PHkApfUrL4tAYgsmW/OwUcorNORfner48BPN69SvMU57voZ5Lejw1xX8Y7iPLvX+TAfjCSd/bT11l2dM8mGg277ALat1wnxp1ZiUOwxad/2sU4ovaUBrxZN9jn1xyTvm2J4Ue8Qv+aKTRvwvwrPeBvcsCP6sXzWjHmj8v4echKOvzGXMlysNDH2087vU8q/rfXHKHg8Ured2wX3kHg7tZSjDYPvzOCIk93jorx1SzuTzG6GWsagIcZq0FjS1kcwqMVvXGlUZmUBKXEWSrR/9oNY+bQ++mw1LnROUI1lZvrwASQ+peeQtACVxR5xVr5Angjb
 TDA7ej4X
 xzMpvtVKMoJHm6uRUo63USW3id/mM4/iTcPi6Zf7ZOAYuV+eyVnsqwpJxKm9FOCxgzzxy9DvLgCaJzAvqomUV9yjzqtAlEL451chFst++goNrOsZ93nJE4yKHHBzXDTw/2MdCdyAcXh/Nu8Eozj+iXC9FQFNre9UYx/YWemgT9DPd8Yqi1vweiC8p7fLuUMGHipNmPDJkip5VsaIH1CAa962WAgAJh5C4RjR8kCYZaGh9PdZB1l2vqopXq6uqDx//nX9NvHhvslqGJ/JVTW6zQRuFi0gs/41FkYWpS9LrnPIaD4C0Kb18QjzvkdigKRDBWUujX1HrHwY4LPi6MO9cEkAcWLc17iP+Wg8mHtK1KamLm3RVYvTu/zGQ1d9M82mZwCu8s5DK5vlUtAIov+xUFVaZ8Q==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000109, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Many compiler builtins (e.g. _Generic, __builtin_choose_expr) perform
integral vs pointer argument type evaluation on outputs before evaluating
the input expression. This means that all outputs must be syntactically
valid for all inputs, even if the output would be otherwise filtering
the types. For example, this will fail to build:

 #define handle_int_or_ptr(x)					\
	_Generic((x),						\
		int: handle_int(x),				\
		int *: handle_ptr(x))
 ...
 handle_int_or_ptr(7);

error: passing argument 1 of 'handle_ptr' makes pointer from integer without a cast [-Wint-conversion]
  108 |     handle_int_or_ptr(x);
      |                       ^
      |                       |
      |                       int

To deal with this, provide helpers that force expressions into the
desired type, where the mismatched cases are syntactically value, but
will never actually happen:

 #define handle_int_or_ptr(x)					\
	_Generic((x),						\
		int: handle_int(__force_integral_expr(x)),	\
		int *: handle_ptr(__force_ptr_expr(x)))

Now handle_int() only ever sees an int, and handle_ptr() only ever sees
a pointer, regardless of the input type.

Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Marco Elver <elver@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Hao Luo <haoluo@google.com>
Cc: Przemek Kitszel <przemyslaw.kitszel@intel.com>
---
 include/linux/compiler_types.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index f14c275950b5..7754f3b6a91f 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -450,6 +450,29 @@ struct ftrace_likely_data {
 /* Are two types/vars the same type (ignoring qualifiers)? */
 #define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
 
+/* Is the variable addressable? */
+#define __is_ptr_or_array(p)			\
+	(__builtin_classify_type(p) == __builtin_classify_type(NULL))
+
+/* Return an array decayed to a pointer. */
+#define __decay(p)				\
+	(&*__builtin_choose_expr(__is_ptr_or_array(p), p, NULL))
+
+/* Report if variable is a pointer type. */
+#define __is_ptr(p)		__same_type(p, __decay(p))
+
+/* Always produce an integral expression, with specific type/vale fallback. */
+#define ___force_integral_expr(x, type, val)	\
+	__builtin_choose_expr(!__is_ptr(x), (x), (type)val)
+#define __force_integral_expr(x)	\
+	___force_integral_expr(x, int, 0)
+
+/* Always produce a pointer expression, with specific type/value fallback. */
+#define ___force_ptr_expr(x, type, value)	\
+	__builtin_choose_expr(__is_ptr(x), (x), &(type){ value })
+#define __force_ptr_expr(x)	\
+	__builtin_choose_expr(__is_ptr(x), (x), NULL)
+
 /*
  * __unqual_scalar_typeof(x) - Declare an unqualified scalar type, leaving
  *			       non-scalar types unchanged.