[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202406271009.4E90DF8@keescook>
Date: Thu, 27 Jun 2024 10:14:05 -0700
From: Kees Cook <kees@...nel.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Jiri Slaby <jirislaby@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Bill Wendling <morbo@...gle.com>,
Justin Stitt <justinstitt@...gle.com>, linux-serial@...r.kernel.org,
imx@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org,
linux-hardening@...r.kernel.org, llvm@...ts.linux.dev,
patches@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] tty: mxser: Remove __counted_by from mxser_board.ports[]
On Wed, May 29, 2024 at 02:29:42PM -0700, Nathan Chancellor wrote:
> Work for __counted_by on generic pointers in structures (not just
> flexible array members) has started landing in Clang 19 (current tip of
> tree). During the development of this feature, a restriction was added
> to __counted_by to prevent the flexible array member's element type from
> including a flexible array member itself such as:
>
> struct foo {
> int count;
> char buf[];
> };
>
> struct bar {
> int count;
> struct foo data[] __counted_by(count);
> };
>
> because the size of data cannot be calculated with the standard array
> size formula:
>
> sizeof(struct foo) * count
>
> This restriction was downgraded to a warning but due to CONFIG_WERROR,
> it can still break the build. The application of __counted_by on the
> ports member of 'struct mxser_board' triggers this restriction,
> resulting in:
>
> drivers/tty/mxser.c:291:2: error: 'counted_by' should not be applied to an array with element of unknown size because 'struct mxser_port' is a struct type with a flexible array member. This will be an error in a future compiler version [-Werror,-Wbounds-safety-counted-by-elt-type-unknown-size]
> 291 | struct mxser_port ports[] __counted_by(nports);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~
> 1 error generated.
>
> Remove this use of __counted_by to fix the warning/error. However,
> rather than remove it altogether, leave it commented, as it may be
> possible to support this in future compiler releases.
>
> Cc: stable@...r.kernel.org
> Closes: https://github.com/ClangBuiltLinux/linux/issues/2026
> Fixes: f34907ecca71 ("mxser: Annotate struct mxser_board with __counted_by")
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
Since this fixes a build issue under Clang, can we please land this so
v6.7 and later will build again? Gustavo is still working on the more
complete fix (which was already on his radar, so it won't be lost).
If it's easier/helpful, I can land this via the hardening tree? I was
the one who sent the bad patch originally. :)
Thanks!
-Kees
--
Kees Cook
Powered by blists - more mailing lists