From: Kees Cook <keescook@chromium.org>
To: "GONG, Ruiqi" <gongruiqi1@huawei.com>
Cc: kernel test robot <lkp@intel.com>,
llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev,
Florian Westphal <fw@strlen.de>,
linux-hardening@vger.kernel.org
Subject: Re: [netfilter-nf-next:testing 2/9] ./usr/include/linux/netfilter_bridge/ebtables.h:163:26: warning: field 'target' with variable sized type 'struct ebt_entry_target' not at the end of a struct or class is a GNU extension
Date: Wed, 16 Aug 2023 23:09:00 -0700 [thread overview]
Message-ID: <202308162257.F7876776C9@keescook> (raw)
In-Reply-To: <202308171249.g1ywxhII-lkp@intel.com>
On Thu, Aug 17, 2023 at 01:03:20PM +0800, kernel test robot wrote:
> tree: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git testing
> head: 015e2d9101d3713c7bee16dccad171df04a3bbd5
> commit: 61b9e6bd48a6317c0a44ee4f3fecdec9de5baa9e [2/9] netfilter: ebtables: replace zero-length array members
> config: i386-buildonly-randconfig-r004-20230817 (https://download.01.org/0day-ci/archive/20230817/202308171249.g1ywxhII-lkp@intel.com/config)
> compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> reproduce: (https://download.01.org/0day-ci/archive/20230817/202308171249.g1ywxhII-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202308171249.g1ywxhII-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
> In file included from <built-in>:1:
> >> ./usr/include/linux/netfilter_bridge/ebtables.h:163:26: warning: field 'target' with variable sized type 'struct ebt_entry_target' not at the end of a struct or class is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
> struct ebt_entry_target target;
> ^
> 1 warning generated.
Eww, it looks like "struct ebt_entry_target" is used _within_ another
struct:
struct ebt_standard_target {
struct ebt_entry_target target;
int verdict;
};
So "verdict" overlaps with the "data" FAM:
struct ebt_entry_target {
union {
struct {
char name[EBT_EXTENSION_MAXNAMELEN];
__u8 revision;
};
struct xt_target *target;
} u;
/* size of data */
unsigned int target_size;
unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
These have been fixed in the past in a variety of ways -- it all depends
on how userspace is using them. In looking at Debian Code Search:
https://codesearch.debian.net/search?q=struct+ebt_standard_target&literal=1
It is exclusively doing casts and looking at the "verdict" member. So
the easiest conversion might be this:
struct ebt_standard_target {
- struct ebt_entry_target target;
+ unsigned char hdr[sizeof(struct ebt_entry_target)];
int verdict;
};
Or this might work (not tested):
diff --git a/include/uapi/linux/netfilter_bridge/ebtables.h b/include/uapi/linux/netfilter_bridge/ebtables.h
index a494cf43a755..d6f10163b14a 100644
--- a/include/uapi/linux/netfilter_bridge/ebtables.h
+++ b/include/uapi/linux/netfilter_bridge/ebtables.h
@@ -146,23 +146,25 @@ struct ebt_entry_watcher {
};
struct ebt_entry_target {
- union {
- struct {
- char name[EBT_EXTENSION_MAXNAMELEN];
- __u8 revision;
- };
- struct xt_target *target;
- } u;
- /* size of data */
- unsigned int target_size;
- unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+ struct ebt_entry_target_hdr {
+ union {
+ struct {
+ char name[EBT_EXTENSION_MAXNAMELEN];
+ __u8 revision;
+ };
+ struct xt_target *target;
+ } u;
+ /* size of data */
+ unsigned int target_size;
+ };
+ unsigned char data[] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
#define EBT_STANDARD_TARGET "standard"
struct ebt_standard_target {
- struct ebt_entry_target target;
- int verdict;
+ struct ebt_entry_target_hdr target;
+ int verdict __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};
/* one entry */
--
Kees Cook
next prev parent reply other threads:[~2023-08-17 6:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-17 5:03 [netfilter-nf-next:testing 2/9] ./usr/include/linux/netfilter_bridge/ebtables.h:163:26: warning: field 'target' with variable sized type 'struct ebt_entry_target' not at the end of a struct or class is a GNU extension kernel test robot
2023-08-17 6:09 ` Kees Cook [this message]
2023-08-17 8:26 ` Florian Westphal
2023-08-17 17:02 ` Kees Cook
2023-08-18 3:24 ` GONG, Ruiqi
2023-08-18 5:23 ` GONG, Ruiqi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202308162257.F7876776C9@keescook \
--to=keescook@chromium.org \
--cc=fw@strlen.de \
--cc=gongruiqi1@huawei.com \
--cc=linux-hardening@vger.kernel.org \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.