From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: "Fam Zheng" <fam@euphon.net>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Yuval Shaia" <yuval.shaia.ml@gmail.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Stefano Stabellini" <sstabellini@kernel.org>,
qemu-block@nongnu.org, "David Hildenbrand" <david@redhat.com>,
"Gustavo A . R . Silva" <gustavo@embeddedor.com>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Gonglei (Arei)" <arei.gonglei@huawei.com>,
"Anthony Perard" <anthony.perard@citrix.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Paul Durrant" <paul@xen.org>,
"Eric Auger" <eric.auger@redhat.com>,
qemu-s390x@nongnu.org, qemu-arm@nongnu.org,
xen-devel@lists.xenproject.org, "John Snow" <jsnow@redhat.com>,
"Richard Henderson" <rth@twiddle.net>,
"Kevin Wolf" <kwolf@redhat.com>,
"Xiao Guangrong" <xiaoguangrong.eric@gmail.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Laurent Vivier" <laurent@vivier.eu>,
"Max Reitz" <mreitz@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>
Subject: Re: [PATCH 1/2] misc: Replace zero-length arrays with flexible array member (automatic)
Date: Wed, 4 Mar 2020 15:12:36 +0100 [thread overview]
Message-ID: <f1d4241c-e82e-53db-cc33-898890a0b070@redhat.com> (raw)
In-Reply-To: <38b55649-b1cd-8891-5c13-ec4c6ef3ae5e@redhat.com>
On 3/4/20 2:44 PM, Paolo Bonzini wrote:
> On 04/03/20 14:12, Philippe Mathieu-Daudé wrote:
>>
>> hw/scsi/spapr_vscsi.c:69:29: error: field 'iu' with variable sized type
>> 'union viosrp_iu' not at the end of a struct or class is a GNU extension
>> [-Werror,-Wgnu-variable-sized-type-not-at-end]
>> union viosrp_iu iu;
>> ^
>>
>> Yay we found a bug! Thanks Gustavo :)
>>
>> union srp_iu {
>> struct srp_login_req login_req;
>> struct srp_login_rsp login_rsp;
>> struct srp_login_rej login_rej;
>> struct srp_i_logout i_logout;
>> struct srp_t_logout t_logout;
>> struct srp_tsk_mgmt tsk_mgmt;
>> struct srp_cmd cmd;
>> struct srp_rsp rsp;
>> uint8_t reserved[SRP_MAX_IU_LEN];
>> };
>
> It's variable-sized but it's okay as long as the total size doesn't
> exceed SRP_MAX_IU_LEN. So it's not a bug, but I agree it's a time bomb.
> Moving the field last should work, but it would still be quite
> dangerous code.
Yeah I reached the same conclusion.
I'll send a fix for the dangerous code.
Do you want to drop this series, or only the change in 'struct srp_rsp'
(or in all hw/scsi/srp.h). Actually I guess it makes sense I move the
'hw/scsi/srp.h' changes with the series cleaning dangerous code.
WARNING: multiple messages have this Message-ID (diff)
From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: "Fam Zheng" <fam@euphon.net>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Yuval Shaia" <yuval.shaia.ml@gmail.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Eric Blake" <eblake@redhat.com>,
"Stefano Stabellini" <sstabellini@kernel.org>,
qemu-block@nongnu.org, "David Hildenbrand" <david@redhat.com>,
"Gustavo A . R . Silva" <gustavo@embeddedor.com>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Gonglei (Arei)" <arei.gonglei@huawei.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Anthony Perard" <anthony.perard@citrix.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Paul Durrant" <paul@xen.org>,
"Eric Auger" <eric.auger@redhat.com>,
qemu-s390x@nongnu.org, qemu-arm@nongnu.org,
xen-devel@lists.xenproject.org, "John Snow" <jsnow@redhat.com>,
"Richard Henderson" <rth@twiddle.net>,
"Kevin Wolf" <kwolf@redhat.com>,
"Xiao Guangrong" <xiaoguangrong.eric@gmail.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Laurent Vivier" <laurent@vivier.eu>,
"Max Reitz" <mreitz@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>
Subject: Re: [Xen-devel] [PATCH 1/2] misc: Replace zero-length arrays with flexible array member (automatic)
Date: Wed, 4 Mar 2020 15:12:36 +0100 [thread overview]
Message-ID: <f1d4241c-e82e-53db-cc33-898890a0b070@redhat.com> (raw)
In-Reply-To: <38b55649-b1cd-8891-5c13-ec4c6ef3ae5e@redhat.com>
On 3/4/20 2:44 PM, Paolo Bonzini wrote:
> On 04/03/20 14:12, Philippe Mathieu-Daudé wrote:
>>
>> hw/scsi/spapr_vscsi.c:69:29: error: field 'iu' with variable sized type
>> 'union viosrp_iu' not at the end of a struct or class is a GNU extension
>> [-Werror,-Wgnu-variable-sized-type-not-at-end]
>> union viosrp_iu iu;
>> ^
>>
>> Yay we found a bug! Thanks Gustavo :)
>>
>> union srp_iu {
>> struct srp_login_req login_req;
>> struct srp_login_rsp login_rsp;
>> struct srp_login_rej login_rej;
>> struct srp_i_logout i_logout;
>> struct srp_t_logout t_logout;
>> struct srp_tsk_mgmt tsk_mgmt;
>> struct srp_cmd cmd;
>> struct srp_rsp rsp;
>> uint8_t reserved[SRP_MAX_IU_LEN];
>> };
>
> It's variable-sized but it's okay as long as the total size doesn't
> exceed SRP_MAX_IU_LEN. So it's not a bug, but I agree it's a time bomb.
> Moving the field last should work, but it would still be quite
> dangerous code.
Yeah I reached the same conclusion.
I'll send a fix for the dangerous code.
Do you want to drop this series, or only the change in 'struct srp_rsp'
(or in all hw/scsi/srp.h). Actually I guess it makes sense I move the
'hw/scsi/srp.h' changes with the series cleaning dangerous code.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2020-03-04 14:13 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-04 0:51 [PATCH 0/2] misc: Replace zero-length arrays with flexible array member Philippe Mathieu-Daudé
2020-03-04 0:51 ` [Xen-devel] " Philippe Mathieu-Daudé
2020-03-04 0:51 ` [PATCH 1/2] misc: Replace zero-length arrays with flexible array member (automatic) Philippe Mathieu-Daudé
2020-03-04 0:51 ` [Xen-devel] " Philippe Mathieu-Daudé
2020-03-04 8:19 ` David Hildenbrand
2020-03-04 8:19 ` [Xen-devel] " David Hildenbrand
2020-03-04 13:12 ` Philippe Mathieu-Daudé
2020-03-04 13:12 ` [Xen-devel] " Philippe Mathieu-Daudé
2020-03-04 13:44 ` Paolo Bonzini
2020-03-04 13:44 ` [Xen-devel] " Paolo Bonzini
2020-03-04 14:12 ` Philippe Mathieu-Daudé [this message]
2020-03-04 14:12 ` Philippe Mathieu-Daudé
2020-03-04 14:19 ` Paolo Bonzini
2020-03-04 14:19 ` [Xen-devel] " Paolo Bonzini
2020-03-04 0:58 ` [PATCH 2/2] misc: Replace zero-length arrays with flexible array member (manual) Philippe Mathieu-Daudé
2020-03-04 0:58 ` [Xen-devel] " Philippe Mathieu-Daudé
2020-03-04 8:19 ` David Hildenbrand
2020-03-04 8:19 ` [Xen-devel] " David Hildenbrand
2020-03-04 9:00 ` Philippe Mathieu-Daudé
2020-03-04 9:00 ` [Xen-devel] " Philippe Mathieu-Daudé
2020-03-04 11:14 ` [PATCH 0/2] misc: Replace zero-length arrays with flexible array member Paolo Bonzini
2020-03-04 11:14 ` [Xen-devel] " Paolo Bonzini
2020-03-04 15:35 Philippe Mathieu-Daudé
2020-03-04 15:36 ` [PATCH 1/2] misc: Replace zero-length arrays with flexible array member (automatic) Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f1d4241c-e82e-53db-cc33-898890a0b070@redhat.com \
--to=philmd@redhat.com \
--cc=anthony.perard@citrix.com \
--cc=arei.gonglei@huawei.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=ehabkost@redhat.com \
--cc=eric.auger@redhat.com \
--cc=fam@euphon.net \
--cc=gustavo@embeddedor.com \
--cc=imammedo@redhat.com \
--cc=jasowang@redhat.com \
--cc=jsnow@redhat.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=laurent@vivier.eu \
--cc=marcandre.lureau@redhat.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=paul@xen.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=sstabellini@kernel.org \
--cc=thuth@redhat.com \
--cc=xen-devel@lists.xenproject.org \
--cc=xiaoguangrong.eric@gmail.com \
--cc=yuval.shaia.ml@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.