| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Sep 2020 14:18:20 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Arvind Sankar <nivedita@...m.mit.edu>
Cc: Matthew Wilcox <willy@...radead.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Dennis Zhou <dennis@...nel.org>, Tejun Heo <tj@...nel.org>,
Christoph Lameter <cl@...ux.com>,
Linux-MM <linux-mm@...ck.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Kees Cook <keescook@...omium.org>
Subject: Re: [GIT PULL] percpu fix for v5.9-rc6
On Fri, Sep 18, 2020 at 2:00 PM Arvind Sankar <nivedita@...m.mit.edu> wrote:
>
> You could just assert that offsetof(typeof(s),flex) == sizeof(s), no?
No, because the whole point is that I want that "sizeof(s)" to *WARN*.
It's a nonsensical thing to do. That 's' has no statically known size.
The C standard is being very confused here, in that it tries to claim
that the flexible arrays are somehow fundamentally different from a
zero-sized one. But then it acts as if they are exactly the same wrt
sizeof() and structure copies.
It should warn, exactly because right now it causes potential bugs
like the one that started this thread.
You can't have both "zero-sized arrays are bad and shouldn't be used"
and "flexible arrays are good, and work exactly like zero-sized
arrays".
Either zero-sized arrays are bad or they aren't. And if they are bad,
then flexible arrays shouldn't work *exactly* like them apart from
some UBSAN warnings.
See my point?
Linus
Powered by blists - more mailing lists