[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202309222034.F2B777F55@keescook>
Date: Fri, 22 Sep 2023 20:49:21 -0700
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Alexey Dobriyan <adobriyan@...il.com>,
linux-hardening@...r.kernel.org
Subject: Re: [GIT PULL] hardening fixes for v6.6-rc3
On Fri, Sep 22, 2023 at 04:55:45PM -0700, Linus Torvalds wrote:
> On Fri, 22 Sept 2023 at 09:59, Kees Cook <keescook@...omium.org> wrote:
> >
> > - Fix UAPI stddef.h to avoid C++-ism (Alexey Dobriyan)
>
> Ugh. Did we really have to make two different versions of that define?
>
> Ok, so C++ did something stupid wrt an empty struct. Fine.
>
> But I think we could have still shared the same definition by just
> using the same 'zero-sized array' trick, regardless of any 'empty
> struct has a size in C++'.
>
> IOW, wouldn't this just work universally, without any "two completely
> different versions" hack?
>
> #define __DECLARE_FLEX_ARRAY(TYPE, NAME) \
> struct { \
> char __empty_ ## NAME[0]; \
> TYPE NAME[]; \
> }
>
> I didn't test. I'm just hating on that '#ifdef __cplusplus'.
Yeah, I had same thought[1], but in the end I left it the way Alexey
suggested for one decent reason, and one weak reason:
1) As discovered[2] while porting this helper to ACPICA, using a flexible
array in a struct like this does not fly with MSVC, so for MSVC
ingesting UAPI, having the separate struct is likely more robust.
2) __cplusplus is relatively common in UAPI headers already:
$ git grep __cplusplus -- include/uapi | wc -l
58
-Kees
[1] https://lore.kernel.org/all/202309151208.C99747375@keescook/
[2] https://github.com/acpica/acpica/pull/837
--
Kees Cook
Powered by blists - more mailing lists