lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202504301400.3B1EACEB@keescook>
Date: Wed, 30 Apr 2025 14:19:46 -0700
From: Kees Cook <kees@...nel.org>
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc: Dan Williams <dan.j.williams@...el.com>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	Alison Schofield <alison.schofield@...el.com>,
	Vishal Verma <vishal.l.verma@...el.com>,
	Dave Jiang <dave.jiang@...el.com>, Ira Weiny <ira.weiny@...el.com>,
	"Rafael J. Wysocki" <rafael@...nel.org>,
	Len Brown <lenb@...nel.org>, nvdimm@...ts.linux.dev,
	linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2][next] acpi: nfit: intel: Avoid multiple
 -Wflex-array-member-not-at-end warnings

On Wed, Apr 30, 2025 at 02:07:24PM -0600, Gustavo A. R. Silva wrote:
> 
> 
> On 30/04/25 13:41, Gustavo A. R. Silva wrote:
> > 
> > 
> > On 27/03/25 08:03, Dan Williams wrote:
> > > Gustavo A. R. Silva wrote:
> > > > -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> > > > getting ready to enable it, globally.
> > > > 
> > > > Use the `DEFINE_RAW_FLEX()` helper for on-stack definitions of
> > > > a flexible structure where the size of the flexible-array member
> > > > is known at compile-time, and refactor the rest of the code,
> > > > accordingly.
> > > > 
> > > > So, with these changes, fix a dozen of the following warnings:
> > > > 
> > > > drivers/acpi/nfit/intel.c:692:35: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
> > > > 
> > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> > > > ---
> > > > Changes in v2:
> > > >   - Use DEFINE_RAW_FLEX() instead of __struct_group().
> > > > 
> > > > v1:
> > > >   - Link: https://lore.kernel.org/linux-hardening/Z618ILbAR8YAvTkd@kspp/
> > > > 
> > > >   drivers/acpi/nfit/intel.c | 388 ++++++++++++++++++--------------------
> > > >   1 file changed, 179 insertions(+), 209 deletions(-)
> > > > 
> > > > diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c
> > > > index 3902759abcba..114d5b3bb39b 100644
> > > > --- a/drivers/acpi/nfit/intel.c
> > > > +++ b/drivers/acpi/nfit/intel.c
> > > > @@ -55,21 +55,17 @@ static unsigned long intel_security_flags(struct nvdimm *nvdimm,
> > > >   {
> > > >       struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
> > > >       unsigned long security_flags = 0;
> > > > -    struct {
> > > > -        struct nd_cmd_pkg pkg;
> > > > -        struct nd_intel_get_security_state cmd;
> > > > -    } nd_cmd = {
> > > > -        .pkg = {
> > > > -            .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
> > > > -            .nd_family = NVDIMM_FAMILY_INTEL,
> > > > -            .nd_size_out =
> > > > -                sizeof(struct nd_intel_get_security_state),
> > > > -            .nd_fw_size =
> > > > -                sizeof(struct nd_intel_get_security_state),
> > > > -        },
> > > > -    };
> > > > +    DEFINE_RAW_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
> > > > +            sizeof(struct nd_intel_get_security_state));
> > > > +    struct nd_intel_get_security_state *cmd =
> > > > +            (struct nd_intel_get_security_state *)nd_cmd->nd_payload;
> > > >       int rc;
> > > > +    nd_cmd->nd_command = NVDIMM_INTEL_GET_SECURITY_STATE;
> > > > +    nd_cmd->nd_family = NVDIMM_FAMILY_INTEL;
> > > > +    nd_cmd->nd_size_out = sizeof(struct nd_intel_get_security_state);
> > > > +    nd_cmd->nd_fw_size = sizeof(struct nd_intel_get_security_state);
> > > 
> > > Can this keep the C99 init-style with something like (untested):
> > > 
> > > _DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
> > >               sizeof(struct nd_intel_get_security_state), {
> > >         .pkg = {
> > >                 .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
> > >                 .nd_family = NVDIMM_FAMILY_INTEL,
> > >                 .nd_size_out =
> > >                         sizeof(struct nd_intel_get_security_state),
> > >                 .nd_fw_size =
> > >                         sizeof(struct nd_intel_get_security_state),
> > >         },
> > >     });
> > > 
> > > 
> > > ?
> > 
> > The code below works - however, notice that in this case we should
> > go through 'obj', which is an object defined in _DEFINE_FLEX().
> > 
> >          _DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
> >                          sizeof(struct nd_intel_get_security_state), = {
> >                  .obj = {
> >                          .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
> >                          .nd_family = NVDIMM_FAMILY_INTEL,
> >                          .nd_size_out =
> >                                  sizeof(struct nd_intel_get_security_state),
> >                          .nd_fw_size =
> >                                  sizeof(struct nd_intel_get_security_state),
> >                  },
> >          });
> > 
> 
> Now, I can modify the helper like this:
> 
> diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> index 69533e703be5..170d3cfe7ecc 100644
> --- a/include/linux/overflow.h
> +++ b/include/linux/overflow.h
> @@ -404,7 +404,7 @@ static inline size_t __must_check size_sub(size_t minuend, size_t subtrahend)
>         union {                                                                 \
>                 u8 bytes[struct_size_t(type, member, count)];                   \
>                 type obj;                                                       \
> -       } name##_u initializer;                                                 \
> +       } name##_u = { .obj initializer };                                      \
>         type *name = (type *)&name##_u

Ah yeah, nice. That could work!


I wish we could make it more idiomatic, but even if we pushed the
initializer to the end, we have to repeat the type...

#define _DEFINE_FLEX(type, name, member, count, initializer...)                 \
        _Static_assert(__builtin_constant_p(count),                             \
                       "onstack flex array members require compile-time const count"); \
        union {                                                                 \
                u8 bytes[struct_size_t(type, member, count)];                   \
                type obj;                                                       \
        } name##_u = { };                                                       \
        type *name = (type *)&name##_u;						\
	*name


	_DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
		     sizeof(struct nd_intel_get_security_state))
	= (struct nd_cmd_pkg){
		.nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
		.nd_family = NVDIMM_FAMILY_INTEL,
		.nd_size_out =
			sizeof(struct nd_intel_get_security_state),
		.nd_fw_size =
			sizeof(struct nd_intel_get_security_state),
	};

So, I think what you have is more readable (or perhaps less surprising),
even if a little "weird". :)

> 
>  /**
> 
> and then we can use the helper as follows:
> 
>         _DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
>                         sizeof(struct nd_intel_get_security_state), = {
>                         .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
>                         .nd_family = NVDIMM_FAMILY_INTEL,
>                         .nd_size_out =
>                                 sizeof(struct nd_intel_get_security_state),
>                         .nd_fw_size =
>                                 sizeof(struct nd_intel_get_security_state),
>         });
> 
> OK, I'll go and update the helper.

Sounds good!

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ