From: Vincent MAILHOL <mailhol.vincent@wanadoo.fr>
To: Kees Cook <keescook@chromium.org>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>,
open list <linux-kernel@vger.kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Ayush Sawal <ayush.sawal@chelsio.com>,
Vinay Kumar Yadav <vinay.yadav@chelsio.com>,
Rohit Maheshwari <rohitm@chelsio.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Kalle Valo <kvalo@codeaurora.org>,
Jakub Kicinski <kuba@kernel.org>,
Stanislaw Gruszka <stf_xl@wp.pl>,
Luca Coelho <luciano.coelho@intel.com>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Johannes Berg <johannes.berg@intel.com>,
Mordechay Goodstein <mordechay.goodstein@intel.com>,
Lee Jones <lee.jones@linaro.org>,
Wolfgang Grandegger <wg@grandegger.com>,
Arunachalam Santhanam <arunachalam.santhanam@in.bosch.com>,
Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>,
linux-crypto@vger.kernel.org, ath10k@lists.infradead.org,
linux-wireless@vger.kernel.org, netdev <netdev@vger.kernel.org>,
linux-scsi@vger.kernel.org, linux-can <linux-can@vger.kernel.org>,
bpf@vger.kernel.org, Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Keith Packard <keithp@keithp.com>,
Dan Williams <dan.j.williams@intel.com>,
Daniel Vetter <daniel.vetter@ffwll.ch>,
clang-built-linux@googlegroups.com,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH v2 2/5] treewide: Replace open-coded flex arrays in unions
Date: Sat, 28 Aug 2021 16:31:14 +0900 [thread overview]
Message-ID: <CAMZ6Rq+b1wy3miNvXyeM5Cbp16CH78RKRf2WxUSL4s4w5=+aYg@mail.gmail.com> (raw)
In-Reply-To: <202108270915.B4DD070AF@keescook>
Le sam. 28 août 2021 à 01:17, Kees Cook <keescook@chromium.org> a écrit :
>
> On Thu, Aug 26, 2021 at 08:24:52AM +0200, Marc Kleine-Budde wrote:
> > [...]
> > BTW: Is there opportunity for conversion, too?
> >
> > | drivers/net/can/peak_canfd/peak_pciefd_main.c:146:32: warning: array of flexible structures
>
> Untested potential solution:
>
> diff --git a/drivers/net/can/peak_canfd/peak_pciefd_main.c b/drivers/net/can/peak_canfd/peak_pciefd_main.c
> index 1df3c4b54f03..efa2b5a52bd7 100644
> --- a/drivers/net/can/peak_canfd/peak_pciefd_main.c
> +++ b/drivers/net/can/peak_canfd/peak_pciefd_main.c
> @@ -143,7 +143,11 @@ struct pciefd_rx_dma {
> __le32 irq_status;
> __le32 sys_time_low;
> __le32 sys_time_high;
> - struct pucan_rx_msg msg[];
> + /*
> + * with "msg" being pciefd_irq_rx_cnt(priv->irq_status)-many
> + * variable-sized struct pucan_rx_msg following.
> + */
> + __le32 msg[];
Isn't u8 msg[] preferable here?
> } __packed __aligned(4);
>
> /* Tx Link record */
> @@ -327,7 +331,7 @@ static irqreturn_t pciefd_irq_handler(int irq, void *arg)
>
> /* handle rx messages (if any) */
> peak_canfd_handle_msgs_list(&priv->ucan,
> - rx_dma->msg,
> + (struct pucan_rx_msg *)rx_dma->msg,
> pciefd_irq_rx_cnt(priv->irq_status));
>
> /* handle tx link interrupt (if any) */
>
>
> It's not great, but it's also not strictly a flex array, in the sense
> that since struct pucan_rx_msg is a variable size, the compiler cannot
> reason about the size of struct pciefd_rx_dma based only on the
> irq_status encoding...
In the same spirit, it is a bit cleaner to change the prototype of
handle_msgs_list().
Like that:
diff --git a/drivers/net/can/peak_canfd/peak_canfd.c b/drivers/net/can/peak_canf
d/peak_canfd.c
index d08718e98e11..81a9faa6193f 100644
--- a/drivers/net/can/peak_canfd/peak_canfd.c
+++ b/drivers/net/can/peak_canfd/peak_canfd.c
@@ -484,9 +484,8 @@ int peak_canfd_handle_msg(struct peak_canfd_priv *priv,
/* handle a list of rx_count messages from rx_msg memory address */
int peak_canfd_handle_msgs_list(struct peak_canfd_priv *priv,
- struct pucan_rx_msg *msg_list, int msg_count)
+ void *msg_ptr, int msg_count)
{
- void *msg_ptr = msg_list;
int i, msg_size = 0;
for (i = 0; i < msg_count; i++) {
diff --git a/drivers/net/can/peak_canfd/peak_canfd_user.h b/drivers/net/can/peak
_canfd/peak_canfd_user.h
index a72719dc3b74..ef91f92e70c3 100644
--- a/drivers/net/can/peak_canfd/peak_canfd_user.h
+++ b/drivers/net/can/peak_canfd/peak_canfd_user.h
@@ -42,5 +42,5 @@ struct net_device *alloc_peak_canfd_dev(int
sizeof_priv, int index,
int peak_canfd_handle_msg(struct peak_canfd_priv *priv,
struct pucan_rx_msg *msg);
int peak_canfd_handle_msgs_list(struct peak_canfd_priv *priv,
- struct pucan_rx_msg *rx_msg, int rx_count);
+ void *msg_ptr, int rx_count);
#endif
diff --git a/drivers/net/can/peak_canfd/peak_pciefd_main.c
b/drivers/net/can/peak_canfd/peak_pciefd_main.c
index 1df3c4b54f03..c1de1e3dc4bc 100644
--- a/drivers/net/can/peak_canfd/peak_pciefd_main.c
+++ b/drivers/net/can/peak_canfd/peak_pciefd_main.c
@@ -143,7 +143,11 @@ struct pciefd_rx_dma {
__le32 irq_status;
__le32 sys_time_low;
__le32 sys_time_high;
- struct pucan_rx_msg msg[];
+ /*
+ * with "msg" being pciefd_irq_rx_cnt(priv->irq_status)-many
+ * variable-sized struct pucan_rx_msg following.
+ */
+ u8 msg[];
} __packed __aligned(4);
/* Tx Link record */
Another solution would be to declare a maximum length for struct
pucan_rx_msg::d. Because these are CAN FD messages, I suppose
that maximum length would be CANFD_MAX_DLEN. struct canfd_frame
from the UAPI uses the same pattern.
N.B. This solution is not exclusive from the above one (actually,
I think that using both would be the best solution).
diff --git a/include/linux/can/dev/peak_canfd.h
b/include/linux/can/dev/peak_canfd.h
index f38772fd0c07..a048359db430 100644
--- a/include/linux/can/dev/peak_canfd.h
+++ b/include/linux/can/dev/peak_canfd.h
@@ -189,7 +189,7 @@ struct __packed pucan_rx_msg {
u8 client;
__le16 flags;
__le32 can_id;
- u8 d[];
+ u8 d[CANFD_MAX_DLEN];
};
/* uCAN error types */
I only tested for compilation.
Yours sincerely,
Vincent
next prev parent reply other threads:[~2021-08-28 7:31 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 5:04 [PATCH v2 0/5] Enable -Warray-bounds and -Wzero-length-bounds Kees Cook
2021-08-26 5:04 ` [PATCH v2 1/5] stddef: Add flexible array union helper Kees Cook
2021-08-26 5:04 ` [PATCH v2 2/5] treewide: Replace open-coded flex arrays in unions Kees Cook
2021-08-26 6:24 ` Marc Kleine-Budde
2021-08-27 16:08 ` Kees Cook
2021-08-27 17:08 ` Marc Kleine-Budde
2021-08-27 16:17 ` Kees Cook
2021-08-28 7:31 ` Vincent MAILHOL [this message]
2021-08-26 7:36 ` Vincent MAILHOL
2021-08-26 15:39 ` Kees Cook
2021-08-26 5:04 ` [PATCH v2 3/5] treewide: Replace 0-element memcpy() destinations with flexible arrays Kees Cook
2021-08-26 5:24 ` Keith Packard
2021-08-26 5:51 ` Kees Cook
2021-08-26 5:04 ` [PATCH v2 4/5] Makefile: Enable -Warray-bounds Kees Cook
2021-08-26 5:04 ` [PATCH v2 5/5] Makefile: Enable -Wzero-length-bounds Kees Cook
2021-08-27 9:25 ` [PATCH v2 1/5] stddef: Add flexible array union helper Vincent Mailhol
2021-08-27 15:39 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMZ6Rq+b1wy3miNvXyeM5Cbp16CH78RKRf2WxUSL4s4w5=+aYg@mail.gmail.com' \
--to=mailhol.vincent@wanadoo.fr \
--cc=andrii@kernel.org \
--cc=arnd@arndb.de \
--cc=arunachalam.santhanam@in.bosch.com \
--cc=ast@kernel.org \
--cc=ath10k@lists.infradead.org \
--cc=ayush.sawal@chelsio.com \
--cc=bpf@vger.kernel.org \
--cc=clang-built-linux@googlegroups.com \
--cc=dan.j.williams@intel.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=gustavoars@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jejb@linux.ibm.com \
--cc=johannes.berg@intel.com \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=keescook@chromium.org \
--cc=keithp@keithp.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=kvalo@codeaurora.org \
--cc=lee.jones@linaro.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=luciano.coelho@intel.com \
--cc=martin.petersen@oracle.com \
--cc=mikulas@artax.karlin.mff.cuni.cz \
--cc=mkl@pengutronix.de \
--cc=mordechay.goodstein@intel.com \
--cc=netdev@vger.kernel.org \
--cc=rohitm@chelsio.com \
--cc=songliubraving@fb.com \
--cc=stf_xl@wp.pl \
--cc=vinay.yadav@chelsio.com \
--cc=wg@grandegger.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).