lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ca7be9f4-3f33-48ba-b61a-0a40ea1f17a6@embeddedor.com>
Date: Thu, 31 Oct 2024 17:31:34 -0600
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Jan Kara <jack@...e.cz>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Theodore Ts'o <tytso@....edu>, Jan Kara <jack@...e.com>,
 linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] jbd2: Avoid dozens of
 -Wflex-array-member-not-at-end warnings



On 31/10/24 15:32, Jan Kara wrote:
> On Thu 31-10-24 09:54:36, Gustavo A. R. Silva wrote:
>> On 31/10/24 06:33, Jan Kara wrote:
>>> On Fri 25-10-24 13:32:58, Gustavo A. R. Silva wrote:
>>>> -Wflex-array-member-not-at-end was introduced in GCC-14, and we
>>>> are getting ready to enable it, globally.
>>>>
>>>> Use the `DEFINE_RAW_FLEX()` helper for an on-stack definition of
>>>> a flexible structure (`struct shash_desc`) where the size of the
>>>> flexible-array member (`__ctx`) is known at compile-time, and
>>>> refactor the rest of the code, accordingly.
>>>>
>>>> So, with this, fix 77 of the following warnings:
>>>>
>>>> include/linux/jbd2.h:1800:35: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
>>>>
>>>> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
>>>> ---
>>>>    include/linux/jbd2.h | 13 +++++--------
>>>>    1 file changed, 5 insertions(+), 8 deletions(-)
>>>>
>>>> diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
>>>> index 8aef9bb6ad57..ce4560e62d3b 100644
>>>> --- a/include/linux/jbd2.h
>>>> +++ b/include/linux/jbd2.h
>>>> @@ -1796,22 +1796,19 @@ static inline unsigned long jbd2_log_space_left(journal_t *journal)
>>>>    static inline u32 jbd2_chksum(journal_t *journal, u32 crc,
>>>>    			      const void *address, unsigned int length)
>>>>    {
>>>> -	struct {
>>>> -		struct shash_desc shash;
>>>> -		char ctx[JBD_MAX_CHECKSUM_SIZE];
>>>> -	} desc;
>>>> +	DEFINE_RAW_FLEX(struct shash_desc, desc, __ctx, 1);
>>>
>>> Am I missing some magic here or the 1 above should be
>>> JBD_MAX_CHECKSUM_SIZE?
>>
>> This seems to be 32-bit code, and the element type of the flex-array
>> member `__ctx` is `void *`. Therefore, we have:
> 
> Why do you think the code is 32-bit? It is used regardless of the
> architecture...

Right, sorry, I got a bit confused...

> 
>> `sizeof(ctx) == 4` when `char ctx[JBD_MAX_CHECKSUM_SIZE];`
>>
>> To maintain the same size, we tell `DEFINE_RAW_FLEX()` to allocate `1`
>> element for the flex array, as in 32-bit `sizeof(void *) == 4`.
> 
> So I agree we end up allocating enough space on stack but it is pretty
> subtle and if JBD_MAX_CHECKSUM_SIZE definition changes, we have a problem.
> I think we need something like (JBD_MAX_CHECKSUM_SIZE + sizeof(*desc->__ctx)
> - 1) / sizeof(*desc->__ctx))?

I see. Well, in that case it'd be something more like:

-       struct {
-               struct shash_desc shash;
-               char ctx[JBD_MAX_CHECKSUM_SIZE];
-       } desc;
+       DEFINE_RAW_FLEX(struct shash_desc, desc, __ctx,
+                       (JBD_MAX_CHECKSUM_SIZE +
+                        sizeof(*((struct shash_desc *)0)->__ctx)) /
+                        sizeof(*((struct shash_desc *)0)->__ctx));

Notice that `desc` is created inside `DEFINE_RAW_FLEX()`

Thanks
--
Gustavo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ