libpldm/src/msgbuf.h

691668feSPatrick Williams/* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */
c63f63a2SAndrew Jeffery#ifndef PLDM_MSGBUF_H
c63f63a2SAndrew Jeffery#define PLDM_MSGBUF_H
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery/*
66c7723aSAndrew Jeffery * Historically, many of the structs exposed in libpldm's public headers are
66c7723aSAndrew Jeffery * defined with __attribute__((packed)). This is unfortunate: it gives the
66c7723aSAndrew Jeffery * impression that a wire-format buffer can be cast to the message type to make
66c7723aSAndrew Jeffery * the message's fields easily accessible. As it turns out, that's not
66c7723aSAndrew Jeffery * that's valid for several reasons:
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 1. Casting the wire-format buffer to a struct of the message type doesn't
66c7723aSAndrew Jeffery *    abstract the endianness of message field values
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 2. Some messages contain packed tagged union fields which cannot be properly
66c7723aSAndrew Jeffery *    described in a C struct.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * The msgbuf APIs exist to assist with (un)packing the wire-format in a way
66c7723aSAndrew Jeffery * that is type-safe, spatially memory-safe, endian-safe, performant, and
66c7723aSAndrew Jeffery * free of undefined-behaviour. Message structs that are added to the public
66c7723aSAndrew Jeffery * library API should no-longer be marked __attribute__((packed)), and the
66c7723aSAndrew Jeffery * implementation of their encode and decode functions must exploit the msgbuf
66c7723aSAndrew Jeffery * API.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * However, we would like to allow implementation of codec functions in terms of
66c7723aSAndrew Jeffery * msgbuf APIs even if they're decoding a message into a (historically) packed
66c7723aSAndrew Jeffery * struct. Some of the complexity that follows is a consequence of the packed/
66c7723aSAndrew Jeffery * unpacked conflict.
66c7723aSAndrew Jeffery */
66c7723aSAndrew Jeffery
c63f63a2SAndrew Jeffery#ifdef __cplusplus
37dd6a3dSAndrew Jeffery/*
37dd6a3dSAndrew Jeffery * Fix up C11's _Static_assert() vs C++'s static_assert().
37dd6a3dSAndrew Jeffery *
37dd6a3dSAndrew Jeffery * Can we please have nice things for once.
37dd6a3dSAndrew Jeffery */
37dd6a3dSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
37dd6a3dSAndrew Jeffery#define _Static_assert(...) static_assert(__VA_ARGS__)
c63f63a2SAndrew Jefferyextern "C" {
c63f63a2SAndrew Jeffery#endif
c63f63a2SAndrew Jeffery
b0c1d20aSAndrew Jeffery#include <libpldm/base.h>
b0c1d20aSAndrew Jeffery#include <libpldm/pldm_types.h>
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#include "compiler.h"
66c7723aSAndrew Jeffery
c63f63a2SAndrew Jeffery#include <assert.h>
c63f63a2SAndrew Jeffery#include <endian.h>
*c8df31c1SAndrew Jeffery#include <errno.h>
c63f63a2SAndrew Jeffery#include <limits.h>
c63f63a2SAndrew Jeffery#include <stdbool.h>
66c7723aSAndrew Jeffery#include <stdint.h>
c63f63a2SAndrew Jeffery#include <string.h>
c63f63a2SAndrew Jeffery#include <sys/types.h>
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery/*
2ff8cf89SAndrew Jeffery * We can't use static_assert() outside of some other C construct. Deal
2ff8cf89SAndrew Jeffery * with high-level global assertions by burying them in an unused struct
2ff8cf89SAndrew Jeffery * declaration, that has a sole member for compliance with the requirement that
2ff8cf89SAndrew Jeffery * types must have a size.
2ff8cf89SAndrew Jeffery*/
2ff8cf89SAndrew Jefferystatic struct {
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		INTMAX_MAX != SIZE_MAX,
2ff8cf89SAndrew Jeffery		"Extraction and insertion value comparisons may be broken");
2ff8cf89SAndrew Jeffery	static_assert(INTMAX_MIN + INTMAX_MAX <= 0,
2ff8cf89SAndrew Jeffery		      "Extraction and insertion arithmetic may be broken");
*c8df31c1SAndrew Jeffery	static_assert(PLDM_SUCCESS == 0, "Error handling is broken");
2ff8cf89SAndrew Jeffery	int compliance;
2ff8cf89SAndrew Jeffery} build_assertions __attribute__((unused));
2ff8cf89SAndrew Jeffery
*c8df31c1SAndrew Jefferyenum pldm_msgbuf_error_mode {
*c8df31c1SAndrew Jeffery	PLDM_MSGBUF_PLDM_CC = 0x5a,
*c8df31c1SAndrew Jeffery	PLDM_MSGBUF_C_ERRNO = 0xa5,
*c8df31c1SAndrew Jeffery};
*c8df31c1SAndrew Jeffery
c63f63a2SAndrew Jefferystruct pldm_msgbuf {
062c8762SThu Nguyen	uint8_t *cursor;
2ff8cf89SAndrew Jeffery	intmax_t remaining;
*c8df31c1SAndrew Jeffery	enum pldm_msgbuf_error_mode mode;
c63f63a2SAndrew Jeffery};
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery__attribute__((always_inline)) static inline int
*c8df31c1SAndrew Jefferypldm_msgbuf_status(struct pldm_msgbuf *ctx, unsigned int err)
*c8df31c1SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	int rc;
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(err != 0);
*c8df31c1SAndrew Jeffery	assert(err <= INT_MAX);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (ctx->mode == PLDM_MSGBUF_C_ERRNO) {
*c8df31c1SAndrew Jeffery		if (err > INT_MAX) {
*c8df31c1SAndrew Jeffery			return -EINVAL;
*c8df31c1SAndrew Jeffery		}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery		static_assert(INT_MIN + INT_MAX < 0,
*c8df31c1SAndrew Jeffery			      "Arithmetic assumption failure");
*c8df31c1SAndrew Jeffery		return -((int)err);
*c8df31c1SAndrew Jeffery	}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (err > INT_MAX) {
*c8df31c1SAndrew Jeffery		return PLDM_ERROR;
*c8df31c1SAndrew Jeffery	}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx->mode == PLDM_MSGBUF_PLDM_CC);
*c8df31c1SAndrew Jeffery	switch (err) {
*c8df31c1SAndrew Jeffery	case EINVAL:
*c8df31c1SAndrew Jeffery		rc = PLDM_ERROR_INVALID_DATA;
*c8df31c1SAndrew Jeffery		break;
*c8df31c1SAndrew Jeffery	case EBADMSG:
*c8df31c1SAndrew Jeffery	case EOVERFLOW:
*c8df31c1SAndrew Jeffery		rc = PLDM_ERROR_INVALID_LENGTH;
*c8df31c1SAndrew Jeffery		break;
*c8df31c1SAndrew Jeffery	default:
*c8df31c1SAndrew Jeffery		assert(false);
*c8df31c1SAndrew Jeffery		rc = PLDM_ERROR;
*c8df31c1SAndrew Jeffery		break;
*c8df31c1SAndrew Jeffery	}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(rc > 0);
*c8df31c1SAndrew Jeffery	return rc;
*c8df31c1SAndrew Jeffery}
*c8df31c1SAndrew Jeffery
c63f63a2SAndrew Jeffery/**
c63f63a2SAndrew Jeffery * @brief Initialize pldm buf struct for buf extractor
c63f63a2SAndrew Jeffery *
c63f63a2SAndrew Jeffery * @param[out] ctx - pldm_msgbuf context for extractor
c63f63a2SAndrew Jeffery * @param[in] minsize - The minimum required length of buffer `buf`
c63f63a2SAndrew Jeffery * @param[in] buf - buffer to be extracted
c63f63a2SAndrew Jeffery * @param[in] len - size of buffer
c63f63a2SAndrew Jeffery *
*c8df31c1SAndrew Jeffery * @return 0 on success, otherwise an error code appropriate for the current
*c8df31c1SAndrew Jeffery *         personality.
c63f63a2SAndrew Jeffery */
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
*c8df31c1SAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
*c8df31c1SAndrew Jefferypldm__msgbuf_init(struct pldm_msgbuf *ctx, size_t minsize, const void *buf,
76712f69SAndrew Jeffery		  size_t len)
c63f63a2SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery	assert(ctx->mode == PLDM_MSGBUF_PLDM_CC ||
*c8df31c1SAndrew Jeffery	       ctx->mode == PLDM_MSGBUF_C_ERRNO);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!buf) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	if ((minsize > len)) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery#if INTMAX_MAX < SIZE_MAX
2ff8cf89SAndrew Jeffery	if (len > INTMAX_MAX) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
2ff8cf89SAndrew Jeffery#endif
2ff8cf89SAndrew Jeffery
07febdbbSAndrew Jeffery	if ((uintptr_t)buf + len < len) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	ctx->cursor = (uint8_t *)buf;
2ff8cf89SAndrew Jeffery	ctx->remaining = (intmax_t)len;
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
*c8df31c1SAndrew Jeffery}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery/**
*c8df31c1SAndrew Jeffery * @brief Initialise a msgbuf instance to return errors as PLDM completion codes
*c8df31c1SAndrew Jeffery *
*c8df31c1SAndrew Jeffery * @see pldm__msgbuf_init
*c8df31c1SAndrew Jeffery *
*c8df31c1SAndrew Jeffery * @param[out] ctx - pldm_msgbuf context for extractor
*c8df31c1SAndrew Jeffery * @param[in] minsize - The minimum required length of buffer `buf`
*c8df31c1SAndrew Jeffery * @param[in] buf - buffer to be extracted
*c8df31c1SAndrew Jeffery * @param[in] len - size of buffer
*c8df31c1SAndrew Jeffery *
*c8df31c1SAndrew Jeffery * @return PLDM_SUCCESS if the provided buffer region is sensible,
*c8df31c1SAndrew Jeffery *         otherwise PLDM_ERROR_INVALID_DATA if pointer parameters are invalid,
*c8df31c1SAndrew Jeffery *         or PLDM_ERROR_INVALID_LENGTH if length constraints are violated.
*c8df31c1SAndrew Jeffery */
*c8df31c1SAndrew Jeffery__attribute__((always_inline)) static inline int
*c8df31c1SAndrew Jefferypldm_msgbuf_init_cc(struct pldm_msgbuf *ctx, size_t minsize, const void *buf,
*c8df31c1SAndrew Jeffery		    size_t len)
*c8df31c1SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	if (!ctx) {
*c8df31c1SAndrew Jeffery		return PLDM_ERROR_INVALID_DATA;
*c8df31c1SAndrew Jeffery	}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	ctx->mode = PLDM_MSGBUF_PLDM_CC;
*c8df31c1SAndrew Jeffery	return pldm__msgbuf_init(ctx, minsize, buf, len);
*c8df31c1SAndrew Jeffery}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery/**
*c8df31c1SAndrew Jeffery * @brief Initialise a msgbuf instance to return errors as negative errno values
*c8df31c1SAndrew Jeffery *
*c8df31c1SAndrew Jeffery * @see pldm__msgbuf_init
*c8df31c1SAndrew Jeffery *
*c8df31c1SAndrew Jeffery * @param[out] ctx - pldm_msgbuf context for extractor
*c8df31c1SAndrew Jeffery * @param[in] minsize - The minimum required length of buffer `buf`
*c8df31c1SAndrew Jeffery * @param[in] buf - buffer to be extracted
*c8df31c1SAndrew Jeffery * @param[in] len - size of buffer
*c8df31c1SAndrew Jeffery *
*c8df31c1SAndrew Jeffery * @return 0 if the provided buffer region is sensible, otherwise -EINVAL if
*c8df31c1SAndrew Jeffery *         pointer parameters are invalid, or -EOVERFLOW if length constraints
*c8df31c1SAndrew Jeffery *         are violated.
*c8df31c1SAndrew Jeffery */
*c8df31c1SAndrew Jeffery__attribute__((always_inline)) static inline int
*c8df31c1SAndrew Jefferypldm_msgbuf_init_errno(struct pldm_msgbuf *ctx, size_t minsize, const void *buf,
*c8df31c1SAndrew Jeffery		       size_t len)
*c8df31c1SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	if (!ctx) {
*c8df31c1SAndrew Jeffery		return -EINVAL;
*c8df31c1SAndrew Jeffery	}
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	ctx->mode = PLDM_MSGBUF_C_ERRNO;
*c8df31c1SAndrew Jeffery	return pldm__msgbuf_init(ctx, minsize, buf, len);
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery/**
c63f63a2SAndrew Jeffery * @brief Validate buffer overflow state
c63f63a2SAndrew Jeffery *
c63f63a2SAndrew Jeffery * @param[in] ctx - pldm_msgbuf context for extractor
c63f63a2SAndrew Jeffery *
c63f63a2SAndrew Jeffery * @return PLDM_SUCCESS if there are zero or more bytes of data that remain
c63f63a2SAndrew Jeffery * unread from the buffer. Otherwise, PLDM_ERROR_INVALID_LENGTH indicates that a
c63f63a2SAndrew Jeffery * prior accesses would have occurred beyond the bounds of the buffer, and
c63f63a2SAndrew Jeffery * PLDM_ERROR_INVALID_DATA indicates that the provided context was not a valid
c63f63a2SAndrew Jeffery * pointer.
c63f63a2SAndrew Jeffery */
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_validate(struct pldm_msgbuf *ctx)
c63f63a2SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery/**
db7b8324SAndrew Jeffery * @brief Test whether a message buffer has been exactly consumed
db7b8324SAndrew Jeffery *
db7b8324SAndrew Jeffery * @param[in] ctx - pldm_msgbuf context for extractor
db7b8324SAndrew Jeffery *
db7b8324SAndrew Jeffery * @return PLDM_SUCCESS iff there are zero bytes of data that remain unread from
db7b8324SAndrew Jeffery * the buffer and no overflow has occurred. Otherwise, PLDM_ERROR_INVALID_LENGTH
db7b8324SAndrew Jeffery * indicates that an incorrect sequence of accesses have occurred, and
db7b8324SAndrew Jeffery * PLDM_ERROR_INVALID_DATA indicates that the provided context was not a valid
db7b8324SAndrew Jeffery * pointer.
db7b8324SAndrew Jeffery */
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_consumed(struct pldm_msgbuf *ctx)
db7b8324SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery	if (ctx->remaining != 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EBADMSG);
db7b8324SAndrew Jeffery	}
db7b8324SAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
db7b8324SAndrew Jeffery}
db7b8324SAndrew Jeffery
db7b8324SAndrew Jeffery/**
c63f63a2SAndrew Jeffery * @brief Destroy the pldm buf
c63f63a2SAndrew Jeffery *
c63f63a2SAndrew Jeffery * @param[in] ctx - pldm_msgbuf context for extractor
c63f63a2SAndrew Jeffery *
c63f63a2SAndrew Jeffery * @return PLDM_SUCCESS if all buffer accesses were in-bounds,
c63f63a2SAndrew Jeffery * PLDM_ERROR_INVALID_DATA if the ctx parameter is invalid, or
c63f63a2SAndrew Jeffery * PLDM_ERROR_INVALID_LENGTH if prior accesses would have occurred beyond the
c63f63a2SAndrew Jeffery * bounds of the buffer.
c63f63a2SAndrew Jeffery */
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_destroy(struct pldm_msgbuf *ctx)
c63f63a2SAndrew Jeffery{
c63f63a2SAndrew Jeffery	int valid;
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx);
c63f63a2SAndrew Jeffery	valid = pldm_msgbuf_validate(ctx);
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	ctx->cursor = NULL;
c63f63a2SAndrew Jeffery	ctx->remaining = 0;
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	return valid;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery/**
db7b8324SAndrew Jeffery * @brief Destroy the pldm_msgbuf instance, and check that the underlying buffer
db7b8324SAndrew Jeffery * has been completely consumed without overflow
db7b8324SAndrew Jeffery *
db7b8324SAndrew Jeffery * @param[in] ctx - pldm_msgbuf context
db7b8324SAndrew Jeffery *
db7b8324SAndrew Jeffery * @return PLDM_SUCCESS if all buffer access were in-bounds and completely
db7b8324SAndrew Jeffery * consume the underlying buffer. Otherwise, PLDM_ERROR_INVALID_DATA if the ctx
db7b8324SAndrew Jeffery * parameter is invalid, or PLDM_ERROR_INVALID_LENGTH if prior accesses would
db7b8324SAndrew Jeffery * have occurred byond the bounds of the buffer
db7b8324SAndrew Jeffery */
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_destroy_consumed(struct pldm_msgbuf *ctx)
db7b8324SAndrew Jeffery{
db7b8324SAndrew Jeffery	int consumed;
db7b8324SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx);
db7b8324SAndrew Jeffery	consumed = pldm_msgbuf_consumed(ctx);
db7b8324SAndrew Jeffery
db7b8324SAndrew Jeffery	ctx->cursor = NULL;
db7b8324SAndrew Jeffery	ctx->remaining = 0;
db7b8324SAndrew Jeffery
db7b8324SAndrew Jeffery	return consumed;
db7b8324SAndrew Jeffery}
db7b8324SAndrew Jeffery
66c7723aSAndrew Jeffery/*
66c7723aSAndrew Jeffery * Exploit the pre-processor to perform type checking by macro substitution.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * A C type is defined by its alignment as well as its object
66c7723aSAndrew Jeffery * size, and compilers have a hammer to enforce it in the form of
66c7723aSAndrew Jeffery * `-Waddress-of-packed-member`. Due to the unpacked/packed struct conflict in
66c7723aSAndrew Jeffery * the libpldm public API this presents a problem: Naively attempting to use the
66c7723aSAndrew Jeffery * msgbuf APIs on a member of a packed struct would yield an error.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * The msgbuf APIs are implemented such that data is moved through unaligned
66c7723aSAndrew Jeffery * pointers in a safe way, but to mitigate `-Waddress-of-packed-member` we must
66c7723aSAndrew Jeffery * make the object pointers take a trip through `void *` at its API boundary.
66c7723aSAndrew Jeffery * That presents a bit too much of an opportunity to non-surgically remove your
66c7723aSAndrew Jeffery * own foot, so here we set about doing something to mitigate that as well.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * pldm_msgbuf_extract_typecheck() exists to enforce pointer type correctness
66c7723aSAndrew Jeffery * only for the purpose of object sizes, disregarding alignment. We have a few
66c7723aSAndrew Jeffery * constraints that cause some headaches:
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 1. We have to perform the type-check before a call through a C function,
66c7723aSAndrew Jeffery *    as the function must take the object pointer argument as `void *`.
66c7723aSAndrew Jeffery *    Essentially, this constrains us to doing something with macros.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 2. While libpldm is a C library, its test suite is written in C++ to take
66c7723aSAndrew Jeffery *    advantage of gtest.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 3. Ideally we'd do something with C's `static_assert()`, however
66c7723aSAndrew Jeffery *    `static_assert()` is defined as void, and as we're constrained to macros,
66c7723aSAndrew Jeffery *    using `static_assert()` would require a statement-expression
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 4. Currently the project is built with `-std=c17`. CPP statement-expressions
66c7723aSAndrew Jeffery *    are a GNU extension. We prefer to avoid switching to `-std=gnu17` just for
66c7723aSAndrew Jeffery *    the purpose of enabling statement-expressions in this one instance.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 5. We can achieve a conditional build error using `pldm_require_obj_type()`,
66c7723aSAndrew Jeffery *    however it's implemented in terms of `_Generic()`, which is not available
66c7723aSAndrew Jeffery *    in C++.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * Combined this means we need separate solutions for C and C++.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * For C, as we don't have statement-expressions, we need to exploit some other
66c7723aSAndrew Jeffery * language feature to inject a `pldm_require_obj_type()` prior to the msgbuf
66c7723aSAndrew Jeffery * API function call. We also have to take care of the fact that the call-sites
66c7723aSAndrew Jeffery * may be in the context of a variable assignment for error-handling purposes.
66c7723aSAndrew Jeffery * The key observation is that we can use the comma operator as a sequence point
66c7723aSAndrew Jeffery * to order the type check before the API call, discarding the "result" value of
66c7723aSAndrew Jeffery * the type check and yielding the return value of the API call.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * C++ could be less of a headache than the C as we can leverage template
66c7723aSAndrew Jeffery * functions. An advantage of template functions is that while their definition
66c7723aSAndrew Jeffery * is driven by instantion, the definition does not appear at the source
66c7723aSAndrew Jeffery * location of the instantation, which gives it a great leg-up over the problems
66c7723aSAndrew Jeffery * we have in the C path. However, the use of the msgbuf APIs in the test suite
66c7723aSAndrew Jeffery * still makes things somewhat tricky, as the call-sites in the test suite are
66c7723aSAndrew Jeffery * wrapped up in EXPECT_*() gtest macros. Ideally we'd implement functions that
66c7723aSAndrew Jeffery * takes both the object type and the required type as template arguments, and
66c7723aSAndrew Jeffery * then define the object pointer parameter as `void *` for a call through to
66c7723aSAndrew Jeffery * the appropriate msgbuf API. However, because the msgbuf API call-sites are
66c7723aSAndrew Jeffery * encapsulated in gtest macros, use of commas in the template specification
66c7723aSAndrew Jeffery * causes pre-processor confusion. In this way we're constrained to only one
66c7723aSAndrew Jeffery * template argument per function.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * Implement the C++ path using template functions that take the destination
66c7723aSAndrew Jeffery * object type as a template argument, while the name of the function symbols
66c7723aSAndrew Jeffery * are derived from the required type. The manual implementations of these
66c7723aSAndrew Jeffery * appear at the end of the header. The type safety is actually enforced
66c7723aSAndrew Jeffery * by `static_assert()` this time, as we can use statements as we're not
66c7723aSAndrew Jeffery * constrained to an expression in the templated function body.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * The invocations of pldm_msgbuf_extract_typecheck() typically result in
66c7723aSAndrew Jeffery * double-evaluation of some arguments. We're not yet bothered by this for two
66c7723aSAndrew Jeffery * reasons:
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 1. The nature of the current call-sites are such that there are no
66c7723aSAndrew Jeffery *    argument expressions that result in undesirable side-effects
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * 2. It's an API internal to the libpldm implementation, and we can fix things
66c7723aSAndrew Jeffery *    whenever something crops up the violates the observation in 1.
66c7723aSAndrew Jeffery */
66c7723aSAndrew Jeffery#ifdef __cplusplus
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_typecheck(ty, fn, dst, ...)                        \
66c7723aSAndrew Jeffery	pldm_msgbuf_typecheck_##ty<decltype(dst)>(__VA_ARGS__)
66c7723aSAndrew Jeffery#else
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_typecheck(ty, fn, dst, ...)                        \
66c7723aSAndrew Jeffery	(pldm_require_obj_type(dst, ty), fn(__VA_ARGS__))
66c7723aSAndrew Jeffery#endif
66c7723aSAndrew Jeffery
db7b8324SAndrew Jeffery/**
c63f63a2SAndrew Jeffery * @brief pldm_msgbuf extractor for a uint8_t
c63f63a2SAndrew Jeffery *
c63f63a2SAndrew Jeffery * @param[inout] ctx - pldm_msgbuf context for extractor
c63f63a2SAndrew Jeffery * @param[out] dst - destination of extracted value
c63f63a2SAndrew Jeffery *
c63f63a2SAndrew Jeffery * @return PLDM_SUCCESS if buffer accesses were in-bounds,
c63f63a2SAndrew Jeffery * PLDM_ERROR_INVALID_LENGTH otherwise.
c63f63a2SAndrew Jeffery * PLDM_ERROR_INVALID_DATA if input a invalid ctx
c63f63a2SAndrew Jeffery */
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_uint8(ctx, dst)                                    \
66c7723aSAndrew Jeffery	pldm_msgbuf_extract_typecheck(uint8_t, pldm__msgbuf_extract_uint8,     \
66c7723aSAndrew Jeffery				      dst, ctx, dst)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
66c7723aSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_extract_uint8(struct pldm_msgbuf *ctx, void *dst)
c63f63a2SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	if (ctx->remaining == INTMAX_MIN) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
66c7723aSAndrew Jeffery	ctx->remaining -= sizeof(uint8_t);
c63f63a2SAndrew Jeffery	assert(ctx->remaining >= 0);
c63f63a2SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery	memcpy(dst, ctx->cursor, sizeof(uint8_t));
66c7723aSAndrew Jeffery
c63f63a2SAndrew Jeffery	ctx->cursor++;
*c8df31c1SAndrew Jeffery	return 0;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_int8(ctx, dst)                                     \
66c7723aSAndrew Jeffery	pldm_msgbuf_extract_typecheck(int8_t, pldm__msgbuf_extract_int8, dst,  \
66c7723aSAndrew Jeffery				      ctx, dst)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
66c7723aSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_extract_int8(struct pldm_msgbuf *ctx, void *dst)
c63f63a2SAndrew Jeffery{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	if (ctx->remaining == INTMAX_MIN) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
66c7723aSAndrew Jeffery	ctx->remaining -= sizeof(int8_t);
c63f63a2SAndrew Jeffery	assert(ctx->remaining >= 0);
c63f63a2SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery	memcpy(dst, ctx->cursor, sizeof(int8_t));
c63f63a2SAndrew Jeffery	ctx->cursor++;
*c8df31c1SAndrew Jeffery	return 0;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_uint16(ctx, dst)                                   \
66c7723aSAndrew Jeffery	pldm_msgbuf_extract_typecheck(uint16_t, pldm__msgbuf_extract_uint16,   \
66c7723aSAndrew Jeffery				      dst, ctx, dst)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
66c7723aSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_extract_uint16(struct pldm_msgbuf *ctx, void *dst)
c63f63a2SAndrew Jeffery{
c63f63a2SAndrew Jeffery	uint16_t ldst;
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	// Check for underflow while tracking the magnitude of the buffer overflow
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(ldst) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(ldst)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
2ff8cf89SAndrew Jeffery
c63f63a2SAndrew Jeffery	// Check for buffer overflow. If we overflow, account for the request as
c63f63a2SAndrew Jeffery	// negative values in ctx->remaining. This way we can debug how far
c63f63a2SAndrew Jeffery	// we've overflowed.
c63f63a2SAndrew Jeffery	ctx->remaining -= sizeof(ldst);
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	// Prevent the access if it would overflow. First, assert so we blow up
c63f63a2SAndrew Jeffery	// the test suite right at the point of failure. However, cater to
c63f63a2SAndrew Jeffery	// -DNDEBUG by explicitly testing that the access is valid.
c63f63a2SAndrew Jeffery	assert(ctx->remaining >= 0);
c63f63a2SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	// Use memcpy() to have the compiler deal with any alignment
c63f63a2SAndrew Jeffery	// issues on the target architecture
c63f63a2SAndrew Jeffery	memcpy(&ldst, ctx->cursor, sizeof(ldst));
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	// Only assign the target value once it's correctly decoded
66c7723aSAndrew Jeffery	ldst = le16toh(ldst);
66c7723aSAndrew Jeffery
66c7723aSAndrew Jeffery	// Allow storing to unaligned
66c7723aSAndrew Jeffery	memcpy(dst, &ldst, sizeof(ldst));
66c7723aSAndrew Jeffery
c63f63a2SAndrew Jeffery	ctx->cursor += sizeof(ldst);
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_int16(ctx, dst)                                    \
66c7723aSAndrew Jeffery	pldm_msgbuf_extract_typecheck(int16_t, pldm__msgbuf_extract_int16,     \
66c7723aSAndrew Jeffery				      dst, ctx, dst)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
66c7723aSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_extract_int16(struct pldm_msgbuf *ctx, void *dst)
c63f63a2SAndrew Jeffery{
c63f63a2SAndrew Jeffery	int16_t ldst;
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(ldst) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(ldst)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
c63f63a2SAndrew Jeffery	ctx->remaining -= sizeof(ldst);
c63f63a2SAndrew Jeffery	assert(ctx->remaining >= 0);
c63f63a2SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	memcpy(&ldst, ctx->cursor, sizeof(ldst));
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery	ldst = le16toh(ldst);
66c7723aSAndrew Jeffery	memcpy(dst, &ldst, sizeof(ldst));
c63f63a2SAndrew Jeffery	ctx->cursor += sizeof(ldst);
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_uint32(ctx, dst)                                   \
66c7723aSAndrew Jeffery	pldm_msgbuf_extract_typecheck(uint32_t, pldm__msgbuf_extract_uint32,   \
66c7723aSAndrew Jeffery				      dst, ctx, dst)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
66c7723aSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_extract_uint32(struct pldm_msgbuf *ctx, void *dst)
c63f63a2SAndrew Jeffery{
c63f63a2SAndrew Jeffery	uint32_t ldst;
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(ldst) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(ldst)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
c63f63a2SAndrew Jeffery	ctx->remaining -= sizeof(ldst);
c63f63a2SAndrew Jeffery	assert(ctx->remaining >= 0);
c63f63a2SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	memcpy(&ldst, ctx->cursor, sizeof(ldst));
66c7723aSAndrew Jeffery	ldst = le32toh(ldst);
66c7723aSAndrew Jeffery	memcpy(dst, &ldst, sizeof(ldst));
c63f63a2SAndrew Jeffery	ctx->cursor += sizeof(ldst);
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_int32(ctx, dst)                                    \
66c7723aSAndrew Jeffery	pldm_msgbuf_extract_typecheck(int32_t, pldm__msgbuf_extract_int32,     \
66c7723aSAndrew Jeffery				      dst, ctx, dst)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
66c7723aSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_extract_int32(struct pldm_msgbuf *ctx, void *dst)
c63f63a2SAndrew Jeffery{
c63f63a2SAndrew Jeffery	int32_t ldst;
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(ldst) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(ldst)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
c63f63a2SAndrew Jeffery	ctx->remaining -= sizeof(ldst);
c63f63a2SAndrew Jeffery	assert(ctx->remaining >= 0);
c63f63a2SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	memcpy(&ldst, ctx->cursor, sizeof(ldst));
66c7723aSAndrew Jeffery	ldst = le32toh(ldst);
66c7723aSAndrew Jeffery	memcpy(dst, &ldst, sizeof(ldst));
c63f63a2SAndrew Jeffery	ctx->cursor += sizeof(ldst);
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	return PLDM_SUCCESS;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_real32(ctx, dst)                                   \
66c7723aSAndrew Jeffery	pldm_msgbuf_extract_typecheck(real32_t, pldm__msgbuf_extract_real32,   \
66c7723aSAndrew Jeffery				      dst, ctx, dst)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
66c7723aSAndrew Jeffery// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_extract_real32(struct pldm_msgbuf *ctx, void *dst)
c63f63a2SAndrew Jeffery{
c63f63a2SAndrew Jeffery	uint32_t ldst;
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	static_assert(sizeof(real32_t) == sizeof(ldst),
66c7723aSAndrew Jeffery		      "Mismatched type sizes for dst and ldst");
66c7723aSAndrew Jeffery
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(ldst) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(ldst)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
c63f63a2SAndrew Jeffery	ctx->remaining -= sizeof(ldst);
c63f63a2SAndrew Jeffery	assert(ctx->remaining >= 0);
c63f63a2SAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
c63f63a2SAndrew Jeffery	}
c63f63a2SAndrew Jeffery
c63f63a2SAndrew Jeffery	memcpy(&ldst, ctx->cursor, sizeof(ldst));
c63f63a2SAndrew Jeffery	ldst = le32toh(ldst);
66c7723aSAndrew Jeffery	memcpy(dst, &ldst, sizeof(ldst));
66c7723aSAndrew Jeffery	ctx->cursor += sizeof(ldst);
c63f63a2SAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery/**
66c7723aSAndrew Jeffery * Extract the field at the msgbuf cursor into the lvalue named by dst.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * @param ctx The msgbuf context object
66c7723aSAndrew Jeffery * @param dst The lvalue into which the field at the msgbuf cursor should be
66c7723aSAndrew Jeffery *            extracted
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * @return PLDM_SUCCESS on success, otherwise another value on error
66c7723aSAndrew Jeffery */
c63f63a2SAndrew Jeffery#define pldm_msgbuf_extract(ctx, dst)                                          \
66c7723aSAndrew Jeffery	_Generic((dst),                                                        \
66c7723aSAndrew Jeffery		uint8_t: pldm__msgbuf_extract_uint8,                           \
66c7723aSAndrew Jeffery		int8_t: pldm__msgbuf_extract_int8,                             \
66c7723aSAndrew Jeffery		uint16_t: pldm__msgbuf_extract_uint16,                         \
66c7723aSAndrew Jeffery		int16_t: pldm__msgbuf_extract_int16,                           \
66c7723aSAndrew Jeffery		uint32_t: pldm__msgbuf_extract_uint32,                         \
66c7723aSAndrew Jeffery		int32_t: pldm__msgbuf_extract_int32,                           \
66c7723aSAndrew Jeffery		real32_t: pldm__msgbuf_extract_real32)(ctx, (void *)&(dst))
66c7723aSAndrew Jeffery
66c7723aSAndrew Jeffery/**
66c7723aSAndrew Jeffery * Extract the field at the msgbuf cursor into the object pointed-to by dst.
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * @param ctx The msgbuf context object
66c7723aSAndrew Jeffery * @param dst The pointer to the object into which the field at the msgbuf
66c7723aSAndrew Jeffery *            cursor should be extracted
66c7723aSAndrew Jeffery *
66c7723aSAndrew Jeffery * @return PLDM_SUCCESS on success, otherwise another value on error
66c7723aSAndrew Jeffery */
66c7723aSAndrew Jeffery#define pldm_msgbuf_extract_p(ctx, dst)                                        \
66c7723aSAndrew Jeffery	_Generic((dst),                                                        \
66c7723aSAndrew Jeffery		uint8_t *: pldm__msgbuf_extract_uint8,                         \
66c7723aSAndrew Jeffery		int8_t *: pldm__msgbuf_extract_int8,                           \
66c7723aSAndrew Jeffery		uint16_t *: pldm__msgbuf_extract_uint16,                       \
66c7723aSAndrew Jeffery		int16_t *: pldm__msgbuf_extract_int16,                         \
66c7723aSAndrew Jeffery		uint32_t *: pldm__msgbuf_extract_uint32,                       \
66c7723aSAndrew Jeffery		int32_t *: pldm__msgbuf_extract_int32,                         \
66c7723aSAndrew Jeffery		real32_t *: pldm__msgbuf_extract_real32)(ctx, dst)
c63f63a2SAndrew Jeffery
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_extract_array_uint8(struct pldm_msgbuf *ctx, uint8_t *dst,
76712f69SAndrew Jeffery				size_t count)
369b121aSAndrew Jeffery{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !dst) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
369b121aSAndrew Jeffery	}
369b121aSAndrew Jeffery
369b121aSAndrew Jeffery	if (!count) {
*c8df31c1SAndrew Jeffery		return 0;
369b121aSAndrew Jeffery	}
369b121aSAndrew Jeffery
2ff8cf89SAndrew Jeffery#if INTMAX_MAX < SIZE_MAX
2ff8cf89SAndrew Jeffery	if (count > INTMAX_MAX) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
369b121aSAndrew Jeffery	}
2ff8cf89SAndrew Jeffery#endif
369b121aSAndrew Jeffery
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)count) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
2ff8cf89SAndrew Jeffery	ctx->remaining -= (intmax_t)count;
369b121aSAndrew Jeffery	assert(ctx->remaining >= 0);
369b121aSAndrew Jeffery	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
369b121aSAndrew Jeffery	}
369b121aSAndrew Jeffery
a065eccbSAndrew Jeffery	memcpy(dst, ctx->cursor, count);
a065eccbSAndrew Jeffery	ctx->cursor += count;
369b121aSAndrew Jeffery
*c8df31c1SAndrew Jeffery	return 0;
369b121aSAndrew Jeffery}
369b121aSAndrew Jeffery
369b121aSAndrew Jeffery#define pldm_msgbuf_extract_array(ctx, dst, count)                             \
37dd6a3dSAndrew Jeffery	_Generic((*(dst)), uint8_t: pldm_msgbuf_extract_array_uint8)(ctx, dst, \
37dd6a3dSAndrew Jeffery								     count)
369b121aSAndrew Jeffery
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_insert_uint32(struct pldm_msgbuf *ctx, const uint32_t src)
062c8762SThu Nguyen{
062c8762SThu Nguyen	uint32_t val = htole32(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(src) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(src)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
062c8762SThu Nguyen	ctx->remaining -= sizeof(src);
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	memcpy(ctx->cursor, &val, sizeof(val));
062c8762SThu Nguyen	ctx->cursor += sizeof(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_insert_uint16(struct pldm_msgbuf *ctx, const uint16_t src)
062c8762SThu Nguyen{
062c8762SThu Nguyen	uint16_t val = htole16(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(src) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(src)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
062c8762SThu Nguyen	ctx->remaining -= sizeof(src);
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	memcpy(ctx->cursor, &val, sizeof(val));
062c8762SThu Nguyen	ctx->cursor += sizeof(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_insert_uint8(struct pldm_msgbuf *ctx, const uint8_t src)
062c8762SThu Nguyen{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(src) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(src)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
062c8762SThu Nguyen	ctx->remaining -= sizeof(src);
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	memcpy(ctx->cursor, &src, sizeof(src));
062c8762SThu Nguyen	ctx->cursor += sizeof(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_insert_int32(struct pldm_msgbuf *ctx, const int32_t src)
062c8762SThu Nguyen{
062c8762SThu Nguyen	int32_t val = htole32(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(src) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(src)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
062c8762SThu Nguyen	ctx->remaining -= sizeof(src);
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	memcpy(ctx->cursor, &val, sizeof(val));
062c8762SThu Nguyen	ctx->cursor += sizeof(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_insert_int16(struct pldm_msgbuf *ctx, const int16_t src)
062c8762SThu Nguyen{
062c8762SThu Nguyen	int16_t val = htole16(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(src) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(src)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
062c8762SThu Nguyen	ctx->remaining -= sizeof(src);
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	memcpy(ctx->cursor, &val, sizeof(val));
062c8762SThu Nguyen	ctx->cursor += sizeof(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_insert_int8(struct pldm_msgbuf *ctx, const int8_t src)
062c8762SThu Nguyen{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	static_assert(
2ff8cf89SAndrew Jeffery		// NOLINTNEXTLINE(bugprone-sizeof-expression)
2ff8cf89SAndrew Jeffery		sizeof(src) < INTMAX_MAX,
2ff8cf89SAndrew Jeffery		"The following addition may not uphold the runtime assertion");
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)sizeof(src)) {
2ff8cf89SAndrew Jeffery		assert(ctx->remaining < 0);
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
062c8762SThu Nguyen	ctx->remaining -= sizeof(src);
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	memcpy(ctx->cursor, &src, sizeof(src));
062c8762SThu Nguyen	ctx->cursor += sizeof(src);
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
062c8762SThu Nguyen#define pldm_msgbuf_insert(dst, src)                                           \
37dd6a3dSAndrew Jeffery	_Generic((src),                                                        \
37dd6a3dSAndrew Jeffery		uint8_t: pldm_msgbuf_insert_uint8,                             \
37dd6a3dSAndrew Jeffery		int8_t: pldm_msgbuf_insert_int8,                               \
37dd6a3dSAndrew Jeffery		uint16_t: pldm_msgbuf_insert_uint16,                           \
37dd6a3dSAndrew Jeffery		int16_t: pldm_msgbuf_insert_int16,                             \
37dd6a3dSAndrew Jeffery		uint32_t: pldm_msgbuf_insert_uint32,                           \
37dd6a3dSAndrew Jeffery		int32_t: pldm_msgbuf_insert_int32)(dst, src)
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_insert_array_uint8(struct pldm_msgbuf *ctx, const uint8_t *src,
062c8762SThu Nguyen			       size_t count)
062c8762SThu Nguyen{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !src) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	if (!count) {
*c8df31c1SAndrew Jeffery		return 0;
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery#if INTMAX_MAX < SIZE_MAX
2ff8cf89SAndrew Jeffery	if (count > INTMAX_MAX) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
2ff8cf89SAndrew Jeffery#endif
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)count) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
2ff8cf89SAndrew Jeffery	ctx->remaining -= (intmax_t)count;
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
a065eccbSAndrew Jeffery	memcpy(ctx->cursor, src, count);
a065eccbSAndrew Jeffery	ctx->cursor += count;
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
062c8762SThu Nguyen#define pldm_msgbuf_insert_array(dst, src, count)                              \
37dd6a3dSAndrew Jeffery	_Generic((*(src)), uint8_t: pldm_msgbuf_insert_array_uint8)(dst, src,  \
37dd6a3dSAndrew Jeffery								    count)
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_span_required(struct pldm_msgbuf *ctx, size_t required,
76712f69SAndrew Jeffery			  void **cursor)
062c8762SThu Nguyen{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !cursor || *cursor) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery#if INTMAX_MAX < SIZE_MAX
2ff8cf89SAndrew Jeffery	if (required > INTMAX_MAX) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
2ff8cf89SAndrew Jeffery#endif
062c8762SThu Nguyen
2ff8cf89SAndrew Jeffery	if (ctx->remaining < INTMAX_MIN + (intmax_t)required) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
2ff8cf89SAndrew Jeffery	}
2ff8cf89SAndrew Jeffery	ctx->remaining -= (intmax_t)required;
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	*cursor = ctx->cursor;
062c8762SThu Nguyen	ctx->cursor += required;
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
062c8762SThu Nguyen
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
76712f69SAndrew Jefferypldm_msgbuf_span_remaining(struct pldm_msgbuf *ctx, void **cursor, size_t *len)
062c8762SThu Nguyen{
*c8df31c1SAndrew Jeffery	assert(ctx);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!ctx->cursor || !cursor || *cursor || !len) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EINVAL);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	assert(ctx->remaining >= 0);
062c8762SThu Nguyen	if (ctx->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(ctx, EOVERFLOW);
062c8762SThu Nguyen	}
062c8762SThu Nguyen
062c8762SThu Nguyen	*cursor = ctx->cursor;
062c8762SThu Nguyen	ctx->cursor += ctx->remaining;
062c8762SThu Nguyen	*len = ctx->remaining;
062c8762SThu Nguyen	ctx->remaining = 0;
062c8762SThu Nguyen
*c8df31c1SAndrew Jeffery	return 0;
062c8762SThu Nguyen}
909bf7c2SVarsha Kaverappa
909bf7c2SVarsha Kaverappa/**
909bf7c2SVarsha Kaverappa * @brief pldm_msgbuf copy data between two msg buffers
909bf7c2SVarsha Kaverappa *
909bf7c2SVarsha Kaverappa * @param[inout] src - pldm_msgbuf for source from where value should be copied
909bf7c2SVarsha Kaverappa * @param[inout] dst - destination of copy from source
909bf7c2SVarsha Kaverappa * @param[in] size - size of data to be copied
909bf7c2SVarsha Kaverappa * @param[in] description - description of data copied
909bf7c2SVarsha Kaverappa *
909bf7c2SVarsha Kaverappa * @return PLDM_SUCCESS if buffer accesses were in-bounds,
909bf7c2SVarsha Kaverappa * PLDM_ERROR_INVALID_LENGTH otherwise.
909bf7c2SVarsha Kaverappa * PLDM_ERROR_INVALID_DATA if input is invalid
909bf7c2SVarsha Kaverappa */
909bf7c2SVarsha Kaverappa#define pldm_msgbuf_copy(dst, src, type, name)                                 \
909bf7c2SVarsha Kaverappa	pldm__msgbuf_copy(dst, src, sizeof(type), #name)
76712f69SAndrew Jeffery__attribute__((always_inline)) static inline int
909bf7c2SVarsha Kaverappa// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
76712f69SAndrew Jefferypldm__msgbuf_copy(struct pldm_msgbuf *dst, struct pldm_msgbuf *src, size_t size,
909bf7c2SVarsha Kaverappa		  const char *description)
909bf7c2SVarsha Kaverappa{
*c8df31c1SAndrew Jeffery	assert(src);
*c8df31c1SAndrew Jeffery	assert(dst);
*c8df31c1SAndrew Jeffery	assert(src->mode == dst->mode);
*c8df31c1SAndrew Jeffery
*c8df31c1SAndrew Jeffery	if (!src->cursor || !dst->cursor || !description) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(dst, EINVAL);
909bf7c2SVarsha Kaverappa	}
909bf7c2SVarsha Kaverappa
909bf7c2SVarsha Kaverappa#if INTMAX_MAX < SIZE_MAX
909bf7c2SVarsha Kaverappa	if (size > INTMAX_MAX) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(dst, EOVERFLOW);
909bf7c2SVarsha Kaverappa	}
909bf7c2SVarsha Kaverappa#endif
909bf7c2SVarsha Kaverappa
909bf7c2SVarsha Kaverappa	if (src->remaining < INTMAX_MIN + (intmax_t)size) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(dst, EOVERFLOW);
909bf7c2SVarsha Kaverappa	}
909bf7c2SVarsha Kaverappa
909bf7c2SVarsha Kaverappa	if (dst->remaining < INTMAX_MIN + (intmax_t)size) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(dst, EOVERFLOW);
909bf7c2SVarsha Kaverappa	}
909bf7c2SVarsha Kaverappa
909bf7c2SVarsha Kaverappa	src->remaining -= (intmax_t)size;
909bf7c2SVarsha Kaverappa	assert(src->remaining >= 0);
909bf7c2SVarsha Kaverappa	if (src->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(dst, EOVERFLOW);
909bf7c2SVarsha Kaverappa	}
909bf7c2SVarsha Kaverappa
909bf7c2SVarsha Kaverappa	dst->remaining -= (intmax_t)size;
909bf7c2SVarsha Kaverappa	assert(dst->remaining >= 0);
909bf7c2SVarsha Kaverappa	if (dst->remaining < 0) {
*c8df31c1SAndrew Jeffery		return pldm_msgbuf_status(dst, EOVERFLOW);
909bf7c2SVarsha Kaverappa	}
909bf7c2SVarsha Kaverappa
909bf7c2SVarsha Kaverappa	memcpy(dst->cursor, src->cursor, size);
909bf7c2SVarsha Kaverappa	src->cursor += size;
909bf7c2SVarsha Kaverappa	dst->cursor += size;
909bf7c2SVarsha Kaverappa
*c8df31c1SAndrew Jeffery	return 0;
909bf7c2SVarsha Kaverappa}
*c8df31c1SAndrew Jeffery
c63f63a2SAndrew Jeffery#ifdef __cplusplus
c63f63a2SAndrew Jeffery}
c63f63a2SAndrew Jeffery#endif
c63f63a2SAndrew Jeffery
66c7723aSAndrew Jeffery#ifdef __cplusplus
66c7723aSAndrew Jeffery#include <type_traits>
66c7723aSAndrew Jeffery
66c7723aSAndrew Jefferytemplate <typename T>
66c7723aSAndrew Jefferystatic inline int pldm_msgbuf_typecheck_uint8_t(struct pldm_msgbuf *ctx,
66c7723aSAndrew Jeffery						void *buf)
66c7723aSAndrew Jeffery{
66c7723aSAndrew Jeffery	static_assert(std::is_same<uint8_t *, T>::value);
66c7723aSAndrew Jeffery	return pldm__msgbuf_extract_uint8(ctx, buf);
66c7723aSAndrew Jeffery}
66c7723aSAndrew Jeffery
66c7723aSAndrew Jefferytemplate <typename T>
66c7723aSAndrew Jefferystatic inline int pldm_msgbuf_typecheck_int8_t(struct pldm_msgbuf *ctx,
66c7723aSAndrew Jeffery					       void *buf)
66c7723aSAndrew Jeffery{
66c7723aSAndrew Jeffery	static_assert(std::is_same<int8_t *, T>::value);
66c7723aSAndrew Jeffery	return pldm__msgbuf_extract_int8(ctx, buf);
66c7723aSAndrew Jeffery}
66c7723aSAndrew Jeffery
66c7723aSAndrew Jefferytemplate <typename T>
66c7723aSAndrew Jefferystatic inline int pldm_msgbuf_typecheck_uint16_t(struct pldm_msgbuf *ctx,
66c7723aSAndrew Jeffery						 void *buf)
66c7723aSAndrew Jeffery{
66c7723aSAndrew Jeffery	static_assert(std::is_same<uint16_t *, T>::value);
66c7723aSAndrew Jeffery	return pldm__msgbuf_extract_uint16(ctx, buf);
66c7723aSAndrew Jeffery}
66c7723aSAndrew Jeffery
66c7723aSAndrew Jefferytemplate <typename T>
66c7723aSAndrew Jefferystatic inline int pldm_msgbuf_typecheck_int16_t(struct pldm_msgbuf *ctx,
66c7723aSAndrew Jeffery						void *buf)
66c7723aSAndrew Jeffery{
66c7723aSAndrew Jeffery	static_assert(std::is_same<int16_t *, T>::value);
66c7723aSAndrew Jeffery	return pldm__msgbuf_extract_int16(ctx, buf);
66c7723aSAndrew Jeffery}
66c7723aSAndrew Jeffery
66c7723aSAndrew Jefferytemplate <typename T>
66c7723aSAndrew Jefferystatic inline int pldm_msgbuf_typecheck_uint32_t(struct pldm_msgbuf *ctx,
66c7723aSAndrew Jeffery						 void *buf)
66c7723aSAndrew Jeffery{
66c7723aSAndrew Jeffery	static_assert(std::is_same<uint32_t *, T>::value);
66c7723aSAndrew Jeffery	return pldm__msgbuf_extract_uint32(ctx, buf);
66c7723aSAndrew Jeffery}
66c7723aSAndrew Jeffery
66c7723aSAndrew Jefferytemplate <typename T>
66c7723aSAndrew Jefferystatic inline int pldm_msgbuf_typecheck_int32_t(struct pldm_msgbuf *ctx,
66c7723aSAndrew Jeffery						void *buf)
66c7723aSAndrew Jeffery{
66c7723aSAndrew Jeffery	static_assert(std::is_same<int32_t *, T>::value);
66c7723aSAndrew Jeffery	return pldm__msgbuf_extract_int32(ctx, buf);
66c7723aSAndrew Jeffery}
66c7723aSAndrew Jeffery
66c7723aSAndrew Jefferytemplate <typename T>
66c7723aSAndrew Jefferystatic inline int pldm_msgbuf_typecheck_real32_t(struct pldm_msgbuf *ctx,
66c7723aSAndrew Jeffery						 void *buf)
66c7723aSAndrew Jeffery{
66c7723aSAndrew Jeffery	static_assert(std::is_same<real32_t *, T>::value);
66c7723aSAndrew Jeffery	return pldm__msgbuf_extract_real32(ctx, buf);
66c7723aSAndrew Jeffery}
66c7723aSAndrew Jeffery#endif
66c7723aSAndrew Jeffery
c63f63a2SAndrew Jeffery#endif /* BUF_H */