lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 28 Oct 2022 09:36:19 -0700
From:   Kees Cook <>
To:     Christian König <>
Cc:     Paulo Miguel Almeida <>,
        Alex Deucher <>,
        "Pan, Xinhui" <>,
        David Airlie <>,
        Daniel Vetter <>,
        Hans de Goede <>,
        Grigory Vasilyev <>,
        Claudio Suarez <>,
        Slark Xiao <>,
        Rongguang Wei <>,,,,
Subject: Re: [PATCH] [next] drm/amdgpu: Replace one-element array with
 flexible-array member

On Fri, Oct 28, 2022 at 09:18:39AM +0200, Christian König wrote:
> Am 28.10.22 um 07:10 schrieb Paulo Miguel Almeida:
> > One-element arrays are deprecated, and we are replacing them with
> > flexible array members instead. So, replace one-element array with
> > flexible-array member in struct _ATOM_FAKE_EDID_PATCH_RECORD and
> > refactor the rest of the code accordingly.
> > 
> > This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
> > routines on memcpy() and help us make progress towards globally
> > enabling -fstrict-flex-arrays=3 [1].
> > 
> > Link:
> > Link:
> > Link: [1]
> I'm not sure if that's a good idea. We had multiple attempts to refactor
> this now and it always caused a regression.
> Additional to that the header in question came from our BIOS team and isn't
> following Linux styles in general.
> Alex what do you think?

Fake flexible arrays (i.e. 1-element arrays) are deprecated in Linux[1]
(and, frankly, deprecated in C since 1999 and even well before then given
the 0-sized extension that was added in GCC), so we can't continue to
bring them into kernel sources. Their use breaks both compile-time and
run-time bounds checking efforts, etc.

All that said, converting away from them can be tricky, and I think such
conversions need to explicitly show how they were checked for binary

Paulo, can you please check for deltas and report your findings in the
commit log? Note that add struct_size() use in the same patch may result
in binary differences, so for more complex cases, you may want to split
the 1-element conversion from the struct_size() conversions.



Kees Cook

Powered by blists - more mailing lists