Re: [PATCH] docs: deprecated.rst: Add note to the use of struct_size() helper

From: Kees Cook <keescook@chromium.org>
To: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
	"Gustavo A. R. Silva" <gustavo@embeddedor.com>
Subject: Re: [PATCH] docs: deprecated.rst: Add note to the use of struct_size() helper
Date: Thu, 4 Jun 2020 10:49:19 -0700	[thread overview]
Message-ID: <202006041047.9B3E8FB951@keescook> (raw)
In-Reply-To: <20200604172138.GA21820@embeddedor>

On Thu, Jun 04, 2020 at 12:21:38PM -0500, Gustavo A. R. Silva wrote:
> Add a note to educate people about the proper use of struct_size() when
> the trailing array in the enclosing structure is a one-element array.
> 
> Zero-length and one-element arrays will soon be removed from the kernel,
> but in the meantime, it's worth letting people know how to correctly
> use struct_size() together with such constructs.
> 
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> 
> Kees,
>  
> This is not substitute for the patch I'll write about flexible-arrays
> and the deprecation of zero-lenght and one-element arrays.

Hm, hm. I think I'd rather just get the 0/1-array docs written, since
that will mean this paragraph isn't needed at all. (Or rather, it can be
modified to say "if you're using struct_size() on a 1-array, stop using
a 1-array, see [link]". If someone is going to switch around their code,
they need to switch to flex at the same time, IMO.

-Kees

> 
> Thanks
> --
> Gustavo
> 
>  Documentation/process/deprecated.rst | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> index 652e2aa02a66c..0b7b37718bf96 100644
> --- a/Documentation/process/deprecated.rst
> +++ b/Documentation/process/deprecated.rst
> @@ -85,6 +85,17 @@ Instead, use the helper::
>  
>  	header = kzalloc(struct_size(header, item, count), GFP_KERNEL);
>  
> +NOTE: You might want to use the following form in case the trailing array
> +is a one-element array, as unlike zero-length arrays and flexible-array
> +members, `one-element arrays occupy at least as much space as a single
> +object of the type <https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html>`_,
> +hence they contribute to the size of the enclosing structure::
> +
> +	header = kzalloc(struct_size(header, item, count - 1), GFP_KERNEL);
> +
> +It's also worth noting that one-element arrays --together with zero-length
> +arrays-- will soon be completely removed from the codebase and deprecated.
> +
>  See array_size(), array3_size(), and struct_size(),
>  for more details as well as the related check_add_overflow() and
>  check_mul_overflow() family of functions.
> -- 
> 2.27.0
> 

-- 
Kees Cook