| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aSiXmp4mh7M3RaRv@horms.kernel.org>
Date: Thu, 27 Nov 2025 18:25:30 +0000
From: Simon Horman <horms@...nel.org>
To: Ankit Khushwaha <ankitkhushwaha.linux@...il.com>
Cc: Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Shuah Khan <shuah@...nel.org>, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH net-next] selftests/net/ipsec: Fix variable size type not
at the end of struct
On Wed, Nov 26, 2025 at 11:17:11AM +0530, Ankit Khushwaha wrote:
> The "struct alg" object contains a union of 3 xfrm structures:
>
> union {
> struct xfrm_algo;
> struct xfrm_algo_aead;
> struct xfrm_algo_auth;
> }
>
> All of them end with a flexible array member used to store key material,
> but the flexible array appears at *different offsets* in each struct.
> bcz of this, union itself is of variable-sized & Placing it above
> char buf[...] triggers:
>
> ipsec.c:835:5: warning: field 'u' with variable sized type 'union
> (unnamed union at ipsec.c:831:3)' not at the end of a struct or class
> is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
> 835 | } u;
> | ^
FWIIW, I was able to reproduce this using the
-Wflex-array-member-not-at-end (n.b. different option name to above)
option with the GCC 15.2.0 toolchain here [1].
[1] https://mirrors.edge.kernel.org/pub/tools/crosstool/
>
> one fix is to use "TRAILING_OVERLAP()" which works with one flexible
> array member only.
>
> But In "struct alg" flexible array member exists in all union members,
> but not at the same offset, so TRAILING_OVERLAP cannot be applied.
>
> so the fix is to explicitly overlay the key buffer at the correct offset
> for the largest union member (xfrm_algo_auth). This ensures that the
> flexible-array region and the fixed buffer line up.
>
> No functional change.
I verified this does not change the layout of the union (now structure),
by copying it outside the function and giving it a name.
And then analysing the binary using pahole.
So I agree this should not have any run-time effect.
But I've CCed Gustavo and linux-hardening, as their experience
seems relevant here.
>
> Signed-off-by: Ankit Khushwaha <ankitkhushwaha.linux@...il.com>
Reviewed-by: Simon Horman <horms@...nel.org>
> ---
> tools/testing/selftests/net/ipsec.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
> index 0ccf484b1d9d..f4afef51b930 100644
> --- a/tools/testing/selftests/net/ipsec.c
> +++ b/tools/testing/selftests/net/ipsec.c
> @@ -43,6 +43,10 @@
>
> #define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
>
> +#ifndef offsetof
> +#define offsetof(TYPE, MEMBER) __builtin_offsetof(TYPE, MEMBER)
> +#endif
> +
> #define IPV4_STR_SZ 16 /* xxx.xxx.xxx.xxx is longest + \0 */
> #define MAX_PAYLOAD 2048
> #define XFRM_ALGO_KEY_BUF_SIZE 512
> @@ -827,13 +831,16 @@ static int xfrm_fill_key(char *name, char *buf,
> static int xfrm_state_pack_algo(struct nlmsghdr *nh, size_t req_sz,
> struct xfrm_desc *desc)
> {
> - struct {
> + union {
> union {
> struct xfrm_algo alg;
> struct xfrm_algo_aead aead;
> struct xfrm_algo_auth auth;
> } u;
> - char buf[XFRM_ALGO_KEY_BUF_SIZE];
> + struct {
> + unsigned char __offset_to_FAM[offsetof(struct xfrm_algo_auth, alg_key)];
> + char buf[XFRM_ALGO_KEY_BUF_SIZE];
> + };
> } alg = {};
> size_t alen, elen, clen, aelen;
> unsigned short type;
Powered by blists - more mailing lists