* [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-07 18:50 ` Gustavo A. R. Silva 0 siblings, 0 replies; 14+ messages in thread From: Gustavo A. R. Silva @ 2020-05-07 18:50 UTC (permalink / raw) To: Paul Moore, Eric Paris; +Cc: linux-audit, linux-kernel The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] sizeof(flexible-array-member) triggers a warning because flexible array members have incomplete type[1]. There are some instances of code in which the sizeof operator is being incorrectly/erroneously applied to zero-length arrays and the result is zero. Such instances may be hiding some bugs. So, this work (flexible-array member conversions) will also help to get completely rid of those sorts of issues. This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- include/linux/audit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index f9ceae57ca8d..2b63aee6e9fa 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -19,7 +19,7 @@ struct audit_sig_info { uid_t uid; pid_t pid; - char ctx[0]; + char ctx[]; }; struct audit_buffer; ^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-07 18:50 ` Gustavo A. R. Silva 0 siblings, 0 replies; 14+ messages in thread From: Gustavo A. R. Silva @ 2020-05-07 18:50 UTC (permalink / raw) To: Paul Moore, Eric Paris; +Cc: linux-audit, linux-kernel The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] sizeof(flexible-array-member) triggers a warning because flexible array members have incomplete type[1]. There are some instances of code in which the sizeof operator is being incorrectly/erroneously applied to zero-length arrays and the result is zero. Such instances may be hiding some bugs. So, this work (flexible-array member conversions) will also help to get completely rid of those sorts of issues. This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- include/linux/audit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index f9ceae57ca8d..2b63aee6e9fa 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -19,7 +19,7 @@ struct audit_sig_info { uid_t uid; pid_t pid; - char ctx[0]; + char ctx[]; }; struct audit_buffer; -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array 2020-05-07 18:50 ` Gustavo A. R. Silva @ 2020-05-07 21:58 ` Richard Guy Briggs -1 siblings, 0 replies; 14+ messages in thread From: Richard Guy Briggs @ 2020-05-07 21:58 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: Paul Moore, Eric Paris, linux-audit, linux-kernel On 2020-05-07 13:50, Gustavo A. R. Silva wrote: > The current codebase makes use of the zero-length array language > extension to the C90 standard, but the preferred mechanism to declare > variable-length types such as these ones is a flexible array member[1][2], > introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning > in case the flexible array does not occur last in the structure, which > will help us prevent some kind of undefined behavior bugs from being > inadvertently introduced[3] to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by > this change: > > "Flexible array members have incomplete type, and so the sizeof operator > may not be applied. As a quirk of the original implementation of > zero-length arrays, sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in > which the sizeof operator is being incorrectly/erroneously applied to > zero-length arrays and the result is zero. Such instances may be hiding > some bugs. So, this work (flexible-array member conversions) will also > help to get completely rid of those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Sounds reasonable to me. There's another in include/uapi/linux/audit.h in struct audit_rule_data buf[0]. This alert also helped me fix another one in a patchset I'm about to post (and will probably cause a merge conflict but we can figure that out). Reviewed-by: Richard Guy Briggs <rgb@redhat.com> > --- > include/linux/audit.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index f9ceae57ca8d..2b63aee6e9fa 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -19,7 +19,7 @@ > struct audit_sig_info { > uid_t uid; > pid_t pid; > - char ctx[0]; > + char ctx[]; > }; > > struct audit_buffer; > > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-07 21:58 ` Richard Guy Briggs 0 siblings, 0 replies; 14+ messages in thread From: Richard Guy Briggs @ 2020-05-07 21:58 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: linux-audit, linux-kernel On 2020-05-07 13:50, Gustavo A. R. Silva wrote: > The current codebase makes use of the zero-length array language > extension to the C90 standard, but the preferred mechanism to declare > variable-length types such as these ones is a flexible array member[1][2], > introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning > in case the flexible array does not occur last in the structure, which > will help us prevent some kind of undefined behavior bugs from being > inadvertently introduced[3] to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by > this change: > > "Flexible array members have incomplete type, and so the sizeof operator > may not be applied. As a quirk of the original implementation of > zero-length arrays, sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in > which the sizeof operator is being incorrectly/erroneously applied to > zero-length arrays and the result is zero. Such instances may be hiding > some bugs. So, this work (flexible-array member conversions) will also > help to get completely rid of those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Sounds reasonable to me. There's another in include/uapi/linux/audit.h in struct audit_rule_data buf[0]. This alert also helped me fix another one in a patchset I'm about to post (and will probably cause a merge conflict but we can figure that out). Reviewed-by: Richard Guy Briggs <rgb@redhat.com> > --- > include/linux/audit.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index f9ceae57ca8d..2b63aee6e9fa 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -19,7 +19,7 @@ > struct audit_sig_info { > uid_t uid; > pid_t pid; > - char ctx[0]; > + char ctx[]; > }; > > struct audit_buffer; > > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array 2020-05-07 21:58 ` Richard Guy Briggs @ 2020-05-07 22:49 ` Gustavo A. R. Silva -1 siblings, 0 replies; 14+ messages in thread From: Gustavo A. R. Silva @ 2020-05-07 22:49 UTC (permalink / raw) To: Richard Guy Briggs; +Cc: Paul Moore, Eric Paris, linux-audit, linux-kernel On Thu, May 07, 2020 at 05:58:13PM -0400, Richard Guy Briggs wrote: > On 2020-05-07 13:50, Gustavo A. R. Silva wrote: > > The current codebase makes use of the zero-length array language > > extension to the C90 standard, but the preferred mechanism to declare > > variable-length types such as these ones is a flexible array member[1][2], > > introduced in C99: > > > > struct foo { > > int stuff; > > struct boo array[]; > > }; > > > > By making use of the mechanism above, we will get a compiler warning > > in case the flexible array does not occur last in the structure, which > > will help us prevent some kind of undefined behavior bugs from being > > inadvertently introduced[3] to the codebase from now on. > > > > Also, notice that, dynamic memory allocations won't be affected by > > this change: > > > > "Flexible array members have incomplete type, and so the sizeof operator > > may not be applied. As a quirk of the original implementation of > > zero-length arrays, sizeof evaluates to zero."[1] > > > > sizeof(flexible-array-member) triggers a warning because flexible array > > members have incomplete type[1]. There are some instances of code in > > which the sizeof operator is being incorrectly/erroneously applied to > > zero-length arrays and the result is zero. Such instances may be hiding > > some bugs. So, this work (flexible-array member conversions) will also > > help to get completely rid of those sorts of issues. > > > > This issue was found with the help of Coccinelle. > > > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > > [2] https://github.com/KSPP/linux/issues/21 > > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > Sounds reasonable to me. There's another in include/uapi/linux/audit.h Hi, I wouldn't advise to make any of these conversions in include/uapi/ [1][2]. > in struct audit_rule_data buf[0]. This alert also helped me fix another > one in a patchset I'm about to post (and will probably cause a merge > conflict but we can figure that out). Awesome. :) > > Reviewed-by: Richard Guy Briggs <rgb@redhat.com> > Thanks -- Gustavo [1] https://lore.kernel.org/lkml/20200424121553.GE26002@ziepe.ca/ [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1e6e9d0f4859ec698d55381ea26f4136eff3afe1 > > --- > > include/linux/audit.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > index f9ceae57ca8d..2b63aee6e9fa 100644 > > --- a/include/linux/audit.h > > +++ b/include/linux/audit.h > > @@ -19,7 +19,7 @@ > > struct audit_sig_info { > > uid_t uid; > > pid_t pid; > > - char ctx[0]; > > + char ctx[]; > > }; > > > > struct audit_buffer; > > > > > > -- > > Linux-audit mailing list > > Linux-audit@redhat.com > > https://www.redhat.com/mailman/listinfo/linux-audit > > - RGB > > -- > Richard Guy Briggs <rgb@redhat.com> > Sr. S/W Engineer, Kernel Security, Base Operating Systems > Remote, Ottawa, Red Hat Canada > IRC: rgb, SunRaycer > Voice: +1.647.777.2635, Internal: (81) 32635 > ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-07 22:49 ` Gustavo A. R. Silva 0 siblings, 0 replies; 14+ messages in thread From: Gustavo A. R. Silva @ 2020-05-07 22:49 UTC (permalink / raw) To: Richard Guy Briggs; +Cc: linux-audit, linux-kernel On Thu, May 07, 2020 at 05:58:13PM -0400, Richard Guy Briggs wrote: > On 2020-05-07 13:50, Gustavo A. R. Silva wrote: > > The current codebase makes use of the zero-length array language > > extension to the C90 standard, but the preferred mechanism to declare > > variable-length types such as these ones is a flexible array member[1][2], > > introduced in C99: > > > > struct foo { > > int stuff; > > struct boo array[]; > > }; > > > > By making use of the mechanism above, we will get a compiler warning > > in case the flexible array does not occur last in the structure, which > > will help us prevent some kind of undefined behavior bugs from being > > inadvertently introduced[3] to the codebase from now on. > > > > Also, notice that, dynamic memory allocations won't be affected by > > this change: > > > > "Flexible array members have incomplete type, and so the sizeof operator > > may not be applied. As a quirk of the original implementation of > > zero-length arrays, sizeof evaluates to zero."[1] > > > > sizeof(flexible-array-member) triggers a warning because flexible array > > members have incomplete type[1]. There are some instances of code in > > which the sizeof operator is being incorrectly/erroneously applied to > > zero-length arrays and the result is zero. Such instances may be hiding > > some bugs. So, this work (flexible-array member conversions) will also > > help to get completely rid of those sorts of issues. > > > > This issue was found with the help of Coccinelle. > > > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > > [2] https://github.com/KSPP/linux/issues/21 > > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > Sounds reasonable to me. There's another in include/uapi/linux/audit.h Hi, I wouldn't advise to make any of these conversions in include/uapi/ [1][2]. > in struct audit_rule_data buf[0]. This alert also helped me fix another > one in a patchset I'm about to post (and will probably cause a merge > conflict but we can figure that out). Awesome. :) > > Reviewed-by: Richard Guy Briggs <rgb@redhat.com> > Thanks -- Gustavo [1] https://lore.kernel.org/lkml/20200424121553.GE26002@ziepe.ca/ [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1e6e9d0f4859ec698d55381ea26f4136eff3afe1 > > --- > > include/linux/audit.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > index f9ceae57ca8d..2b63aee6e9fa 100644 > > --- a/include/linux/audit.h > > +++ b/include/linux/audit.h > > @@ -19,7 +19,7 @@ > > struct audit_sig_info { > > uid_t uid; > > pid_t pid; > > - char ctx[0]; > > + char ctx[]; > > }; > > > > struct audit_buffer; > > > > > > -- > > Linux-audit mailing list > > Linux-audit@redhat.com > > https://www.redhat.com/mailman/listinfo/linux-audit > > - RGB > > -- > Richard Guy Briggs <rgb@redhat.com> > Sr. S/W Engineer, Kernel Security, Base Operating Systems > Remote, Ottawa, Red Hat Canada > IRC: rgb, SunRaycer > Voice: +1.647.777.2635, Internal: (81) 32635 > -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array 2020-05-07 22:49 ` Gustavo A. R. Silva @ 2020-05-08 2:48 ` Paul Moore -1 siblings, 0 replies; 14+ messages in thread From: Paul Moore @ 2020-05-08 2:48 UTC (permalink / raw) To: Gustavo A. R. Silva Cc: Richard Guy Briggs, Eric Paris, linux-audit, linux-kernel On Thu, May 7, 2020 at 6:45 PM Gustavo A. R. Silva <gustavoars@kernel.org> wrote: > I wouldn't advise to make any of these conversions in include/uapi/ ... Yes, let's not make changes like this to anything under include/uapi; the potential reward doesn't outweigh the risks. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-08 2:48 ` Paul Moore 0 siblings, 0 replies; 14+ messages in thread From: Paul Moore @ 2020-05-08 2:48 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: Richard Guy Briggs, linux-audit, linux-kernel On Thu, May 7, 2020 at 6:45 PM Gustavo A. R. Silva <gustavoars@kernel.org> wrote: > I wouldn't advise to make any of these conversions in include/uapi/ ... Yes, let's not make changes like this to anything under include/uapi; the potential reward doesn't outweigh the risks. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array 2020-05-07 22:49 ` Gustavo A. R. Silva @ 2020-05-08 11:17 ` Richard Guy Briggs -1 siblings, 0 replies; 14+ messages in thread From: Richard Guy Briggs @ 2020-05-08 11:17 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: Paul Moore, Eric Paris, linux-audit, linux-kernel On 2020-05-07 17:49, Gustavo A. R. Silva wrote: > On Thu, May 07, 2020 at 05:58:13PM -0400, Richard Guy Briggs wrote: > > On 2020-05-07 13:50, Gustavo A. R. Silva wrote: > > > The current codebase makes use of the zero-length array language > > > extension to the C90 standard, but the preferred mechanism to declare > > > variable-length types such as these ones is a flexible array member[1][2], > > > introduced in C99: > > > > > > struct foo { > > > int stuff; > > > struct boo array[]; > > > }; > > > > > > By making use of the mechanism above, we will get a compiler warning > > > in case the flexible array does not occur last in the structure, which > > > will help us prevent some kind of undefined behavior bugs from being > > > inadvertently introduced[3] to the codebase from now on. > > > > > > Also, notice that, dynamic memory allocations won't be affected by > > > this change: > > > > > > "Flexible array members have incomplete type, and so the sizeof operator > > > may not be applied. As a quirk of the original implementation of > > > zero-length arrays, sizeof evaluates to zero."[1] > > > > > > sizeof(flexible-array-member) triggers a warning because flexible array > > > members have incomplete type[1]. There are some instances of code in > > > which the sizeof operator is being incorrectly/erroneously applied to > > > zero-length arrays and the result is zero. Such instances may be hiding > > > some bugs. So, this work (flexible-array member conversions) will also > > > help to get completely rid of those sorts of issues. > > > > > > This issue was found with the help of Coccinelle. > > > > > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > > > [2] https://github.com/KSPP/linux/issues/21 > > > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > > > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > > > Sounds reasonable to me. There's another in include/uapi/linux/audit.h > > Hi, Hello Gustavo, > I wouldn't advise to make any of these conversions in include/uapi/ > [1][2]. Ah-hah. Thanks for the contra-indicating supporting references. > > in struct audit_rule_data buf[0]. This alert also helped me fix another > > one in a patchset I'm about to post (and will probably cause a merge > > conflict but we can figure that out). > > Awesome. :) > > > Reviewed-by: Richard Guy Briggs <rgb@redhat.com> > > Thanks > -- > Gustavo > > [1] https://lore.kernel.org/lkml/20200424121553.GE26002@ziepe.ca/ > [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1e6e9d0f4859ec698d55381ea26f4136eff3afe1 > > > > --- > > > include/linux/audit.h | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > > index f9ceae57ca8d..2b63aee6e9fa 100644 > > > --- a/include/linux/audit.h > > > +++ b/include/linux/audit.h > > > @@ -19,7 +19,7 @@ > > > struct audit_sig_info { > > > uid_t uid; > > > pid_t pid; > > > - char ctx[0]; > > > + char ctx[]; > > > }; > > > > > > struct audit_buffer; > > > > - RGB - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-08 11:17 ` Richard Guy Briggs 0 siblings, 0 replies; 14+ messages in thread From: Richard Guy Briggs @ 2020-05-08 11:17 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: linux-audit, linux-kernel On 2020-05-07 17:49, Gustavo A. R. Silva wrote: > On Thu, May 07, 2020 at 05:58:13PM -0400, Richard Guy Briggs wrote: > > On 2020-05-07 13:50, Gustavo A. R. Silva wrote: > > > The current codebase makes use of the zero-length array language > > > extension to the C90 standard, but the preferred mechanism to declare > > > variable-length types such as these ones is a flexible array member[1][2], > > > introduced in C99: > > > > > > struct foo { > > > int stuff; > > > struct boo array[]; > > > }; > > > > > > By making use of the mechanism above, we will get a compiler warning > > > in case the flexible array does not occur last in the structure, which > > > will help us prevent some kind of undefined behavior bugs from being > > > inadvertently introduced[3] to the codebase from now on. > > > > > > Also, notice that, dynamic memory allocations won't be affected by > > > this change: > > > > > > "Flexible array members have incomplete type, and so the sizeof operator > > > may not be applied. As a quirk of the original implementation of > > > zero-length arrays, sizeof evaluates to zero."[1] > > > > > > sizeof(flexible-array-member) triggers a warning because flexible array > > > members have incomplete type[1]. There are some instances of code in > > > which the sizeof operator is being incorrectly/erroneously applied to > > > zero-length arrays and the result is zero. Such instances may be hiding > > > some bugs. So, this work (flexible-array member conversions) will also > > > help to get completely rid of those sorts of issues. > > > > > > This issue was found with the help of Coccinelle. > > > > > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > > > [2] https://github.com/KSPP/linux/issues/21 > > > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > > > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > > > Sounds reasonable to me. There's another in include/uapi/linux/audit.h > > Hi, Hello Gustavo, > I wouldn't advise to make any of these conversions in include/uapi/ > [1][2]. Ah-hah. Thanks for the contra-indicating supporting references. > > in struct audit_rule_data buf[0]. This alert also helped me fix another > > one in a patchset I'm about to post (and will probably cause a merge > > conflict but we can figure that out). > > Awesome. :) > > > Reviewed-by: Richard Guy Briggs <rgb@redhat.com> > > Thanks > -- > Gustavo > > [1] https://lore.kernel.org/lkml/20200424121553.GE26002@ziepe.ca/ > [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1e6e9d0f4859ec698d55381ea26f4136eff3afe1 > > > > --- > > > include/linux/audit.h | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > > index f9ceae57ca8d..2b63aee6e9fa 100644 > > > --- a/include/linux/audit.h > > > +++ b/include/linux/audit.h > > > @@ -19,7 +19,7 @@ > > > struct audit_sig_info { > > > uid_t uid; > > > pid_t pid; > > > - char ctx[0]; > > > + char ctx[]; > > > }; > > > > > > struct audit_buffer; > > > > - RGB - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array 2020-05-07 18:50 ` Gustavo A. R. Silva @ 2020-05-08 2:52 ` Paul Moore -1 siblings, 0 replies; 14+ messages in thread From: Paul Moore @ 2020-05-08 2:52 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: Eric Paris, linux-audit, linux-kernel On Thu, May 7, 2020 at 2:46 PM Gustavo A. R. Silva <gustavoars@kernel.org> wrote: > The current codebase makes use of the zero-length array language > extension to the C90 standard, but the preferred mechanism to declare > variable-length types such as these ones is a flexible array member[1][2], > introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning > in case the flexible array does not occur last in the structure, which > will help us prevent some kind of undefined behavior bugs from being > inadvertently introduced[3] to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by > this change: > > "Flexible array members have incomplete type, and so the sizeof operator > may not be applied. As a quirk of the original implementation of > zero-length arrays, sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in > which the sizeof operator is being incorrectly/erroneously applied to > zero-length arrays and the result is zero. Such instances may be hiding > some bugs. So, this work (flexible-array member conversions) will also > help to get completely rid of those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > --- > include/linux/audit.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into audit/next, thanks! > diff --git a/include/linux/audit.h b/include/linux/audit.h > index f9ceae57ca8d..2b63aee6e9fa 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -19,7 +19,7 @@ > struct audit_sig_info { > uid_t uid; > pid_t pid; > - char ctx[0]; > + char ctx[]; > }; > > struct audit_buffer; -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-08 2:52 ` Paul Moore 0 siblings, 0 replies; 14+ messages in thread From: Paul Moore @ 2020-05-08 2:52 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: linux-audit, linux-kernel On Thu, May 7, 2020 at 2:46 PM Gustavo A. R. Silva <gustavoars@kernel.org> wrote: > The current codebase makes use of the zero-length array language > extension to the C90 standard, but the preferred mechanism to declare > variable-length types such as these ones is a flexible array member[1][2], > introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning > in case the flexible array does not occur last in the structure, which > will help us prevent some kind of undefined behavior bugs from being > inadvertently introduced[3] to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by > this change: > > "Flexible array members have incomplete type, and so the sizeof operator > may not be applied. As a quirk of the original implementation of > zero-length arrays, sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in > which the sizeof operator is being incorrectly/erroneously applied to > zero-length arrays and the result is zero. Such instances may be hiding > some bugs. So, this work (flexible-array member conversions) will also > help to get completely rid of those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > --- > include/linux/audit.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into audit/next, thanks! > diff --git a/include/linux/audit.h b/include/linux/audit.h > index f9ceae57ca8d..2b63aee6e9fa 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -19,7 +19,7 @@ > struct audit_sig_info { > uid_t uid; > pid_t pid; > - char ctx[0]; > + char ctx[]; > }; > > struct audit_buffer; -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array 2020-05-08 2:52 ` Paul Moore @ 2020-05-08 23:51 ` Gustavo A. R. Silva -1 siblings, 0 replies; 14+ messages in thread From: Gustavo A. R. Silva @ 2020-05-08 23:51 UTC (permalink / raw) To: Paul Moore; +Cc: Eric Paris, linux-audit, linux-kernel On Thu, May 07, 2020 at 10:52:09PM -0400, Paul Moore wrote: > > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > --- > > include/linux/audit.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Merged into audit/next, thanks! > Thanks, Paul. -- Gustavo ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] audit: Replace zero-length array with flexible-array @ 2020-05-08 23:51 ` Gustavo A. R. Silva 0 siblings, 0 replies; 14+ messages in thread From: Gustavo A. R. Silva @ 2020-05-08 23:51 UTC (permalink / raw) To: Paul Moore; +Cc: linux-audit, linux-kernel On Thu, May 07, 2020 at 10:52:09PM -0400, Paul Moore wrote: > > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > --- > > include/linux/audit.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Merged into audit/next, thanks! > Thanks, Paul. -- Gustavo -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-05-09 1:49 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-05-07 18:50 [PATCH] audit: Replace zero-length array with flexible-array Gustavo A. R. Silva 2020-05-07 18:50 ` Gustavo A. R. Silva 2020-05-07 21:58 ` Richard Guy Briggs 2020-05-07 21:58 ` Richard Guy Briggs 2020-05-07 22:49 ` Gustavo A. R. Silva 2020-05-07 22:49 ` Gustavo A. R. Silva 2020-05-08 2:48 ` Paul Moore 2020-05-08 2:48 ` Paul Moore 2020-05-08 11:17 ` Richard Guy Briggs 2020-05-08 11:17 ` Richard Guy Briggs 2020-05-08 2:52 ` Paul Moore 2020-05-08 2:52 ` Paul Moore 2020-05-08 23:51 ` Gustavo A. R. Silva 2020-05-08 23:51 ` Gustavo A. R. Silva
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.