[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202312140839.18D3593E9F@keescook>
Date: Thu, 14 Dec 2023 08:55:19 -0800
From: Kees Cook <keescook@...omium.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Xin Long <lucien.xin@...il.com>, network dev <netdev@...r.kernel.org>,
linux-sctp@...r.kernel.org, davem@...emloft.net,
Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH net-next 0/6] sctp: fix a plenty of flexible-array-nested
warnings
On Wed, Apr 19, 2023 at 06:18:24PM -0700, Jakub Kicinski wrote:
> On Wed, 19 Apr 2023 11:16:27 -0400 Xin Long wrote:
> > Paolo noticed a compile warning in SCTP,
> >
> > ../net/sctp/stream_sched_fc.c: note: in included file (through ../include/net/sctp/sctp.h):
> > ../include/net/sctp/structs.h:335:41: warning: array of flexible structures
> >
> > But not only this, there are actually quite a lot of such warnings in
> > some SCTP structs. This patchset fixes most of warnings by deleting
> > these nested flexible array members.
> >
> > After this patchset, there are still some warnings left:
> >
> > # make C=2 CF="-Wflexible-array-nested" M=./net/sctp/
> > ./include/net/sctp/structs.h:1145:41: warning: nested flexible array
> > ./include/uapi/linux/sctp.h:641:34: warning: nested flexible array
> > ./include/uapi/linux/sctp.h:643:34: warning: nested flexible array
> > ./include/uapi/linux/sctp.h:644:33: warning: nested flexible array
> > ./include/uapi/linux/sctp.h:650:40: warning: nested flexible array
> > ./include/uapi/linux/sctp.h:653:39: warning: nested flexible array
> >
> > the 1st is caused by __data[] in struct ip_options, not in SCTP;
> > the others are in uapi, and we should not touch them.
> >
> > Note that instead of completely deleting it, we just leave it as a
> > comment in the struct, signalling to the reader that we do expect
> > such variable parameters over there, as Marcelo suggested.
>
> Hi Kees, is there no workaround for nested flexible arrays within
> the kernel? Any recommendations?
>
> https://lore.kernel.org/all/cover.1681917361.git.lucien.xin@gmail.com/
*thread necromancy*
Hi, I apologize for missing this thread back in April!
There's no need for a work-around: this situation isn't a problem.
Composite structures that end with a flexible array are perfectly valid
(the compiler can unambiguously reason about sizes). So none of these
patches are needed (and actually reduce the compiler's ability to reason
about object sizes). We shouldn't run sparse with -Wflexible-array-nested
as this isn't an actual problem.
The only problem that can happen like this is when a flex array
ends up in the _middle_ of a composite structure, in which
case yes, this needs to be fixed. This check is supported by
GCC 14+ with -Wflex-array-member-not-at-end. For example, see:
https://lore.kernel.org/all/1da736106d8e0806aeafa6e471a13ced490eae22.1698117815.git.gustavoars@kernel.org/
-Kees
--
Kees Cook
Powered by blists - more mailing lists