Re: [GIT PULL] percpu fix for v5.9-rc6

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
	Christoph Lameter <cl@linux.com>, Linux-MM <linux-mm@kvack.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Kees Cook <keescook@chromium.org>
Subject: Re: [GIT PULL] percpu fix for v5.9-rc6
Date: Fri, 18 Sep 2020 15:03:45 -0500	[thread overview]
Message-ID: <20200918200344.GB15213@embeddedor> (raw)
In-Reply-To: <CAHk-=wg=vvSf3M9O1VkwyYB4D4W6XS2AHVpQn6hEQY+usWrKGg@mail.gmail.com>

On Fri, Sep 18, 2020 at 12:37:48PM -0700, Linus Torvalds wrote:
> On Fri, Sep 18, 2020 at 12:28 PM Gustavo A. R. Silva
> <gustavoars@kernel.org> wrote:
> >
> > OK. It seems that we are talking about two different things here. One thing
> > is to apply sizeof() to a structure that contains a flexible-array member.
> > And the other thing is to apply sizeof() to a flexible array. The former
> > is allowed, the latter is wrong and we already get a build error when that
> > occurs.
> 
> The latter I'm not even interested in, it's such a pointless thing to do.
> 
> > Applying sizeof() to a structure containing a flex-array member is allowed,
> 
> Yes, and that's wrong and inconsistent, but what else is new about the
> C standard. It's what allows these kinds of bugs to slip through.
> 
> I sent Luc a couple of examples in the hope that maybe sparse could do
> better, but..
> 
> > > Is there some gcc option that I didn't find to help find any questionable cases?
> >
> > If the questionable case is the application of sizeof() to a flex-array
> > member or a flex-array member not occuring last in the containing structure,
> > then yes, GCC already generates a build error for both cases. And that's
> > what we want, see at the bottom...
> 
> No.
> 
> The questionable thing is to do "sizeof(struct-with-flex-array)".

I see now... 

> The point is, it's returning the same thing as if it was just a
> zero-sized array, which makes the whole flex array entirely pointless
> from a type safety standpoint.
> 
> The *only* thing it protects against is the "must be at the end" case,
> which is almost entirely pointless and uninteresting.
> 

But you are missing the point about CONFIG_UBSAN_BOUNDS, which doesn't
work with zero-lenght and one-element arrays. And we want to be able
to use that configuration. That's the main reason why we are replacing
those arrays with a flexible one. I should have made more emphasis on
that point in my last response.

Thanks
--
Gustavo

next prev parent reply	other threads:[~2020-09-18 19:58 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-17 20:45 [GIT PULL] percpu fix for v5.9-rc6 Dennis Zhou
2020-09-18  1:05 ` Linus Torvalds
2020-09-18 16:23   ` Gustavo A. R. Silva
2020-09-18 17:23     ` Linus Torvalds
2020-09-18 19:34       ` Gustavo A. R. Silva
2020-09-18 19:37         ` Linus Torvalds
2020-09-18 20:02           ` Matthew Wilcox
2020-09-18 20:14             ` Linus Torvalds
2020-09-18 20:29               ` Arvind Sankar
2020-09-18 20:40                 ` Linus Torvalds
2020-09-18 21:00                   ` Arvind Sankar
2020-09-18 21:18                     ` Linus Torvalds
2020-09-18 22:39                       ` Arvind Sankar
2020-09-19  1:28                         ` Linus Torvalds
2020-09-19  2:53                           ` Arvind Sankar
2020-09-19  3:02                             ` Matthew Wilcox
2020-09-19  3:04                             ` Linus Torvalds
2020-09-19  2:45                         ` Matthew Wilcox
2020-09-19  3:37                           ` Arvind Sankar
2020-09-19 15:15                         ` David Laight
2020-09-18 20:03           ` Gustavo A. R. Silva [this message]
2020-09-18  1:10 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200918200344.GB15213@embeddedor \
    --to=gustavoars@kernel.org \
    --cc=cl@linux.com \
    --cc=dennis@kernel.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=tj@kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.