lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YoYo/XBmqn6KGz5k@hovoldconsulting.com>
Date:   Thu, 19 May 2022 13:24:45 +0200
From:   Johan Hovold <johan@...nel.org>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     Zhang Jianhua <chris.zjh@...wei.com>, tytso@....edu,
        linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next v2] fs-verity: Use struct_size() helper in
 enable_verity()

On Wed, May 18, 2022 at 08:17:59PM -0700, Eric Biggers wrote:
> On Wed, May 18, 2022 at 08:06:04PM -0700, Eric Biggers wrote:
> > On Thu, May 19, 2022 at 10:24:50AM +0800, Zhang Jianhua wrote:
> > > Also, address the following sparse warning:
> > > fs/verity/enable.c:205:28: warning: using sizeof on a flexible structure
> > 
> > How can I reproduce this warning?  I am using the latest version of sparse, and
> > I don't see any of these warnings you're reporting.
> > 
> > $ sparse --version
> > v0.6.4
> > $ make C=2 fs/verity/
> >   CHECK   scripts/mod/empty.c
> >   CALL    scripts/checksyscalls.sh
> >   CALL    scripts/atomic/check-atomics.sh
> >   DESCEND objtool
> >   CHECK   fs/verity/enable.c
> >   CHECK   fs/verity/hash_algs.c
> >   CHECK   fs/verity/init.c
> >   CHECK   fs/verity/measure.c
> >   CHECK   fs/verity/open.c
> >   CHECK   fs/verity/read_metadata.c
> >   CHECK   fs/verity/verify.c
> >   CHECK   fs/verity/signature.c
> > 
> 
> 'make C=2 CHECK="sparse -Wflexible-array-sizeof"' does the trick.  However, it
> produces a *lot* of warnings all over the place.
> 
> Unless there is an effort to actually address all of these so that this warning
> can be enabled by default, I don't see the poinnt in addressing these just for
> the warnings sake.  The change to fsverity_ioctl_measure() is definitely just
> for the warning's sake, so I don't really want to do that one.  The change to
> enable_verity() is a bit less useless, so I could still take that one.

Importantly, struct_size() still relies on sizeof() so this has zero
effect on those sparse warnings.

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ