lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b79c69e27b4ccd9556c89a88bf6c69ed441193ea.camel@HansenPartnership.com>
Date: Thu, 04 Sep 2025 08:39:47 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: John Garry <john.g.garry@...cle.com>, "Gustavo A. R. Silva"
 <gustavoars@...nel.org>, Jack Wang <jinpu.wang@...ud.ionos.com>, "Martin K.
 Petersen" <martin.petersen@...cle.com>
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] scsi: pm80xx: Avoid
 -Wflex-array-member-not-at-end warning

On Thu, 2025-09-04 at 07:52 +0100, John Garry wrote:
> On 03/09/2025 19:44, Gustavo A. R. Silva wrote:
> > diff --git a/drivers/scsi/pm8001/pm8001_hwi.h
> > b/drivers/scsi/pm8001/pm8001_hwi.h
> > index fc2127dcb58d..7dc7870a8f86 100644
> > --- a/drivers/scsi/pm8001/pm8001_hwi.h
> > +++ b/drivers/scsi/pm8001/pm8001_hwi.h
> > @@ -339,8 +339,10 @@ struct ssp_completion_resp {
> >   	__le32	status;
> >   	__le32	param;
> >   	__le32	ssptag_rescv_rescpad;
> > -	struct ssp_response_iu  ssp_resp_iu;
> >   	__le32	residual_count;
> > +
> > +	/* Must be last --ends in a flexible-array member. */
> > +	struct ssp_response_iu  ssp_resp_iu;
> 
> this is a HW structure, right? I did not think that it is ok to
> simply re-order them...

Agreed, this is a standards defined information unit corresponding to
an on the wire data structure.  The patch is clearly wrong.

That being said, the three things the flexible member can contain are
no data, response data or sense data.  None of them has a residual
count at the beginning and, indeed, this field is never referred to in
the driver, so it looks like it can simply be deleted to fix the
warning.

That being said, this pattern of adding fields after flexible members
to represent data that's common to all content types of the union is
not unknown in SCSI so if you want to enable this warning, what are we
supposed to do when we encounter a genuine use case?

Regards,

James


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ