[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202504301400.3B1EACEB@keescook>
Date: Wed, 30 Apr 2025 14:19:46 -0700
From: Kees Cook <kees@...nel.org>
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc: Dan Williams <dan.j.williams@...el.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Alison Schofield <alison.schofield@...el.com>,
Vishal Verma <vishal.l.verma@...el.com>,
Dave Jiang <dave.jiang@...el.com>, Ira Weiny <ira.weiny@...el.com>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Len Brown <lenb@...nel.org>, nvdimm@...ts.linux.dev,
linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2][next] acpi: nfit: intel: Avoid multiple
-Wflex-array-member-not-at-end warnings
On Wed, Apr 30, 2025 at 02:07:24PM -0600, Gustavo A. R. Silva wrote:
>
>
> On 30/04/25 13:41, Gustavo A. R. Silva wrote:
> >
> >
> > On 27/03/25 08:03, Dan Williams wrote:
> > > Gustavo A. R. Silva wrote:
> > > > -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> > > > getting ready to enable it, globally.
> > > >
> > > > Use the `DEFINE_RAW_FLEX()` helper for on-stack definitions of
> > > > a flexible structure where the size of the flexible-array member
> > > > is known at compile-time, and refactor the rest of the code,
> > > > accordingly.
> > > >
> > > > So, with these changes, fix a dozen of the following warnings:
> > > >
> > > > drivers/acpi/nfit/intel.c:692:35: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
> > > >
> > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> > > > ---
> > > > Changes in v2:
> > > > - Use DEFINE_RAW_FLEX() instead of __struct_group().
> > > >
> > > > v1:
> > > > - Link: https://lore.kernel.org/linux-hardening/Z618ILbAR8YAvTkd@kspp/
> > > >
> > > > drivers/acpi/nfit/intel.c | 388 ++++++++++++++++++--------------------
> > > > 1 file changed, 179 insertions(+), 209 deletions(-)
> > > >
> > > > diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c
> > > > index 3902759abcba..114d5b3bb39b 100644
> > > > --- a/drivers/acpi/nfit/intel.c
> > > > +++ b/drivers/acpi/nfit/intel.c
> > > > @@ -55,21 +55,17 @@ static unsigned long intel_security_flags(struct nvdimm *nvdimm,
> > > > {
> > > > struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
> > > > unsigned long security_flags = 0;
> > > > - struct {
> > > > - struct nd_cmd_pkg pkg;
> > > > - struct nd_intel_get_security_state cmd;
> > > > - } nd_cmd = {
> > > > - .pkg = {
> > > > - .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
> > > > - .nd_family = NVDIMM_FAMILY_INTEL,
> > > > - .nd_size_out =
> > > > - sizeof(struct nd_intel_get_security_state),
> > > > - .nd_fw_size =
> > > > - sizeof(struct nd_intel_get_security_state),
> > > > - },
> > > > - };
> > > > + DEFINE_RAW_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
> > > > + sizeof(struct nd_intel_get_security_state));
> > > > + struct nd_intel_get_security_state *cmd =
> > > > + (struct nd_intel_get_security_state *)nd_cmd->nd_payload;
> > > > int rc;
> > > > + nd_cmd->nd_command = NVDIMM_INTEL_GET_SECURITY_STATE;
> > > > + nd_cmd->nd_family = NVDIMM_FAMILY_INTEL;
> > > > + nd_cmd->nd_size_out = sizeof(struct nd_intel_get_security_state);
> > > > + nd_cmd->nd_fw_size = sizeof(struct nd_intel_get_security_state);
> > >
> > > Can this keep the C99 init-style with something like (untested):
> > >
> > > _DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
> > > sizeof(struct nd_intel_get_security_state), {
> > > .pkg = {
> > > .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
> > > .nd_family = NVDIMM_FAMILY_INTEL,
> > > .nd_size_out =
> > > sizeof(struct nd_intel_get_security_state),
> > > .nd_fw_size =
> > > sizeof(struct nd_intel_get_security_state),
> > > },
> > > });
> > >
> > >
> > > ?
> >
> > The code below works - however, notice that in this case we should
> > go through 'obj', which is an object defined in _DEFINE_FLEX().
> >
> > _DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
> > sizeof(struct nd_intel_get_security_state), = {
> > .obj = {
> > .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
> > .nd_family = NVDIMM_FAMILY_INTEL,
> > .nd_size_out =
> > sizeof(struct nd_intel_get_security_state),
> > .nd_fw_size =
> > sizeof(struct nd_intel_get_security_state),
> > },
> > });
> >
>
> Now, I can modify the helper like this:
>
> diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> index 69533e703be5..170d3cfe7ecc 100644
> --- a/include/linux/overflow.h
> +++ b/include/linux/overflow.h
> @@ -404,7 +404,7 @@ static inline size_t __must_check size_sub(size_t minuend, size_t subtrahend)
> union { \
> u8 bytes[struct_size_t(type, member, count)]; \
> type obj; \
> - } name##_u initializer; \
> + } name##_u = { .obj initializer }; \
> type *name = (type *)&name##_u
Ah yeah, nice. That could work!
I wish we could make it more idiomatic, but even if we pushed the
initializer to the end, we have to repeat the type...
#define _DEFINE_FLEX(type, name, member, count, initializer...) \
_Static_assert(__builtin_constant_p(count), \
"onstack flex array members require compile-time const count"); \
union { \
u8 bytes[struct_size_t(type, member, count)]; \
type obj; \
} name##_u = { }; \
type *name = (type *)&name##_u; \
*name
_DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
sizeof(struct nd_intel_get_security_state))
= (struct nd_cmd_pkg){
.nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
.nd_family = NVDIMM_FAMILY_INTEL,
.nd_size_out =
sizeof(struct nd_intel_get_security_state),
.nd_fw_size =
sizeof(struct nd_intel_get_security_state),
};
So, I think what you have is more readable (or perhaps less surprising),
even if a little "weird". :)
>
> /**
>
> and then we can use the helper as follows:
>
> _DEFINE_FLEX(struct nd_cmd_pkg, nd_cmd, nd_payload,
> sizeof(struct nd_intel_get_security_state), = {
> .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE,
> .nd_family = NVDIMM_FAMILY_INTEL,
> .nd_size_out =
> sizeof(struct nd_intel_get_security_state),
> .nd_fw_size =
> sizeof(struct nd_intel_get_security_state),
> });
>
> OK, I'll go and update the helper.
Sounds good!
-Kees
--
Kees Cook
Powered by blists - more mailing lists