From: Kees Cook <keescook@chromium.org>
To: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: netdev@vger.kernel.org,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Jesse Brandeburg <jesse.brandeburg@intel.com>,
Eric Dumazet <edumazet@google.com>,
intel-wired-lan@lists.osuosl.org,
linux-hardening@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
linux-kernel@vger.kernel.org
Subject: Re: [Intel-wired-lan] [PATCH][next] iavf: Replace one-element array with flexible-array member
Date: Fri, 26 May 2023 14:00:50 -0700 [thread overview]
Message-ID: <202305261358.EA0ACE712@keescook> (raw)
In-Reply-To: <692650e7-c006-4f89-3b11-dd2f193f510c@intel.com>
On Tue, May 23, 2023 at 11:19:00AM -0700, Tony Nguyen wrote:
> On 5/15/2023 5:44 PM, Gustavo A. R. Silva wrote:
> > One-element arrays are deprecated, and we are replacing them with flexible
> > array members instead. So, replace one-element array with flexible-array
> > member in struct iavf_qvlist_info, and refactor the rest of the code,
> > accordingly.
> >
> > This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
> > routines on memcpy() and help us make progress towards globally
> > enabling -fstrict-flex-arrays=3 [1].
> >
> > Link: https://github.com/KSPP/linux/issues/79
> > Link: https://github.com/KSPP/linux/issues/289
> > Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1]
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> > ---
> > drivers/net/ethernet/intel/iavf/iavf_client.c | 2 +-
> > drivers/net/ethernet/intel/iavf/iavf_client.h | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/intel/iavf/iavf_client.c b/drivers/net/ethernet/intel/iavf/iavf_client.c
> > index 93c903c02c64..782384b3aa38 100644
> > --- a/drivers/net/ethernet/intel/iavf/iavf_client.c
> > +++ b/drivers/net/ethernet/intel/iavf/iavf_client.c
> > @@ -470,7 +470,7 @@ static int iavf_client_setup_qvlist(struct iavf_info *ldev,
> > v_qvlist_info = (struct virtchnl_rdma_qvlist_info *)qvlist_info;
> > msg_size = struct_size(v_qvlist_info, qv_info,
> > - v_qvlist_info->num_vectors - 1);
> > + v_qvlist_info->num_vectors);
>
> The problem is this mirrors the virtchnl struct (virtchnl_rdma_qvlist_info)
> so that structure needs to change as well... However, this goes back to the
> interface that virtchnl provides between PF and VF [1].
>
> I think removing the iavf structure and directly using the virtchnl one
> would make sense. We'd need to adjust virtchnl and follow Kees' suggestion
> [2].
Note that at the time I suggested "[0]", but it should have been
"[]". But, yes, Keeping the "over allocation" is fine since it's a
hardware ABI.
Alternatively, it could be defined with a union to keep all the sizes
the same:
struct iavf_qvlist_info {
u32 num_vectors;
- struct iavf_qv_info qv_info[1];
+ union {
+ struct iavf_qv_info single_qv_info;
+ DECLARE_FLEX_ARRAY(struct iavf_qv_info, qv_info)
+ };
};
-Kees
>
> > adapter->client_pending |= BIT(VIRTCHNL_OP_CONFIG_RDMA_IRQ_MAP);
> > err = iavf_aq_send_msg_to_pf(&adapter->hw,
> > diff --git a/drivers/net/ethernet/intel/iavf/iavf_client.h b/drivers/net/ethernet/intel/iavf/iavf_client.h
> > index c5d51d7dc7cc..500269bc0f5b 100644
> > --- a/drivers/net/ethernet/intel/iavf/iavf_client.h
> > +++ b/drivers/net/ethernet/intel/iavf/iavf_client.h
> > @@ -53,7 +53,7 @@ struct iavf_qv_info {
> > struct iavf_qvlist_info {
> > u32 num_vectors;
> > - struct iavf_qv_info qv_info[1];
> > + struct iavf_qv_info qv_info[];
> > };
> > #define IAVF_CLIENT_MSIX_ALL 0xFFFFFFFF
>
> [1] https://lore.kernel.org/intel-wired-lan/f3674339c0390ced22b365101f2d3e3a2bf26845.camel@intel.com/
> [2] https://lore.kernel.org/intel-wired-lan/202106091424.37E833794@keescook/
--
Kees Cook
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>,
Jesse Brandeburg <jesse.brandeburg@intel.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
"Keller, Jacob E" <jacob.e.keller@intel.com>
Subject: Re: [PATCH][next] iavf: Replace one-element array with flexible-array member
Date: Fri, 26 May 2023 14:00:50 -0700 [thread overview]
Message-ID: <202305261358.EA0ACE712@keescook> (raw)
In-Reply-To: <692650e7-c006-4f89-3b11-dd2f193f510c@intel.com>
On Tue, May 23, 2023 at 11:19:00AM -0700, Tony Nguyen wrote:
> On 5/15/2023 5:44 PM, Gustavo A. R. Silva wrote:
> > One-element arrays are deprecated, and we are replacing them with flexible
> > array members instead. So, replace one-element array with flexible-array
> > member in struct iavf_qvlist_info, and refactor the rest of the code,
> > accordingly.
> >
> > This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
> > routines on memcpy() and help us make progress towards globally
> > enabling -fstrict-flex-arrays=3 [1].
> >
> > Link: https://github.com/KSPP/linux/issues/79
> > Link: https://github.com/KSPP/linux/issues/289
> > Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1]
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> > ---
> > drivers/net/ethernet/intel/iavf/iavf_client.c | 2 +-
> > drivers/net/ethernet/intel/iavf/iavf_client.h | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/intel/iavf/iavf_client.c b/drivers/net/ethernet/intel/iavf/iavf_client.c
> > index 93c903c02c64..782384b3aa38 100644
> > --- a/drivers/net/ethernet/intel/iavf/iavf_client.c
> > +++ b/drivers/net/ethernet/intel/iavf/iavf_client.c
> > @@ -470,7 +470,7 @@ static int iavf_client_setup_qvlist(struct iavf_info *ldev,
> > v_qvlist_info = (struct virtchnl_rdma_qvlist_info *)qvlist_info;
> > msg_size = struct_size(v_qvlist_info, qv_info,
> > - v_qvlist_info->num_vectors - 1);
> > + v_qvlist_info->num_vectors);
>
> The problem is this mirrors the virtchnl struct (virtchnl_rdma_qvlist_info)
> so that structure needs to change as well... However, this goes back to the
> interface that virtchnl provides between PF and VF [1].
>
> I think removing the iavf structure and directly using the virtchnl one
> would make sense. We'd need to adjust virtchnl and follow Kees' suggestion
> [2].
Note that at the time I suggested "[0]", but it should have been
"[]". But, yes, Keeping the "over allocation" is fine since it's a
hardware ABI.
Alternatively, it could be defined with a union to keep all the sizes
the same:
struct iavf_qvlist_info {
u32 num_vectors;
- struct iavf_qv_info qv_info[1];
+ union {
+ struct iavf_qv_info single_qv_info;
+ DECLARE_FLEX_ARRAY(struct iavf_qv_info, qv_info)
+ };
};
-Kees
>
> > adapter->client_pending |= BIT(VIRTCHNL_OP_CONFIG_RDMA_IRQ_MAP);
> > err = iavf_aq_send_msg_to_pf(&adapter->hw,
> > diff --git a/drivers/net/ethernet/intel/iavf/iavf_client.h b/drivers/net/ethernet/intel/iavf/iavf_client.h
> > index c5d51d7dc7cc..500269bc0f5b 100644
> > --- a/drivers/net/ethernet/intel/iavf/iavf_client.h
> > +++ b/drivers/net/ethernet/intel/iavf/iavf_client.h
> > @@ -53,7 +53,7 @@ struct iavf_qv_info {
> > struct iavf_qvlist_info {
> > u32 num_vectors;
> > - struct iavf_qv_info qv_info[1];
> > + struct iavf_qv_info qv_info[];
> > };
> > #define IAVF_CLIENT_MSIX_ALL 0xFFFFFFFF
>
> [1] https://lore.kernel.org/intel-wired-lan/f3674339c0390ced22b365101f2d3e3a2bf26845.camel@intel.com/
> [2] https://lore.kernel.org/intel-wired-lan/202106091424.37E833794@keescook/
--
Kees Cook
next prev parent reply other threads:[~2023-05-26 21:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-16 0:44 [Intel-wired-lan] [PATCH][next] iavf: Replace one-element array with flexible-array member Gustavo A. R. Silva
2023-05-16 0:44 ` Gustavo A. R. Silva
2023-05-16 10:19 ` [Intel-wired-lan] " Simon Horman
2023-05-16 10:19 ` Simon Horman
2023-05-16 19:01 ` [Intel-wired-lan] " Kees Cook
2023-05-16 19:01 ` Kees Cook
2023-05-23 18:19 ` [Intel-wired-lan] " Tony Nguyen
2023-05-23 18:19 ` Tony Nguyen
2023-05-26 21:00 ` Kees Cook [this message]
2023-05-26 21:00 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202305261358.EA0ACE712@keescook \
--to=keescook@chromium.org \
--cc=anthony.l.nguyen@intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gustavoars@kernel.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jesse.brandeburg@intel.com \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.