From: Kees Cook <keescook@chromium.org>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v2] uapi: fix __DECLARE_FLEX_ARRAY for C++
Date: Fri, 8 Sep 2023 09:11:08 -0700 [thread overview]
Message-ID: <202309080910.44BB7CEF@keescook> (raw)
In-Reply-To: <f1819874-2b91-4983-9ebe-6cd83d5d3bc3@p183>
On Fri, Sep 08, 2023 at 07:03:17PM +0300, Alexey Dobriyan wrote:
> On Fri, Sep 08, 2023 at 08:53:12AM -0700, Kees Cook wrote:
> > On Fri, Sep 08, 2023 at 06:14:38PM +0300, Alexey Dobriyan wrote:
> > > __DECLARE_FLEX_ARRAY(T, member) macro expands to
> > >
> > > struct {
> > > struct {} __empty_member;
> > > T member[];
> > > };
> > >
> > > which is subtly wrong in C++ because sizeof(struct{}) is 1 not 0,
> >
> > Ewwww. Isn't this a bug in C++?
>
> Sort of, but it can't be fixed.
>
> > > changing UAPI structures layouts.
> > >
> > > This can be fixed by expanding to
> > >
> > > T member[];
> > >
> > > Now g++ doesn't like "T member[]" either throwing errors on code like
> > > this:
> > >
> > > struct S {
> > > union {
> > > T1 member1[];
> > > T2 member2[];
> > > };
> > > };
> > >
> > > or
> > >
> > > struct S {
> > > T member[];
> > > };
> > > So use
> > >
> > > T member[0];
> > >
> > > which seems to work and does the right thing wrt structure layout.
> >
> > It seems sad to leave C++ broken, but I guess we have to do this.
> >
> > Acked-by: Kees Cook <keescook@chromium.org>
> >
> > > Fix header guard while I'm at it.
> >
> > Hm, when did that get broken? Maybe that should be fixed separately?
>
> By your last commit?
:( Oops. I'm shocked this hasn't caused bigger problems.
>
> > > Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
> >
> > Probably a Fixes: tag would be nice too.
>
> OK
>
> Fixes: c8248faf3ca2 ("Compiler Attributes: counted_by: Adjust name and identifier expansion")
> Fixes: 3080ea5553cc ("stddef: Introduce DECLARE_FLEX_ARRAY() helper")
Okay, can you please split the patch so they can be backported
separately? Then I'll get them landed, etc.
Thanks for fixing these!
-Kees
--
Kees Cook
next prev parent reply other threads:[~2023-09-08 16:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-08 11:32 [PATCH] uapi: partially fix __DECLARE_FLEX_ARRAY for C++ Alexey Dobriyan
2023-09-08 15:14 ` [PATCH v2] uapi: " Alexey Dobriyan
2023-09-08 15:53 ` Kees Cook
2023-09-08 16:03 ` Alexey Dobriyan
2023-09-08 16:11 ` Kees Cook [this message]
2023-09-11 8:19 ` David Laight
2023-09-12 15:06 ` Alexey Dobriyan
2023-09-12 16:22 ` [PATCH v3 1/2] " Alexey Dobriyan
2023-09-12 16:23 ` [PATCH v3 2/2] uapi: fix header guard in include/uapi/linux/stddef.h Alexey Dobriyan
2023-09-15 19:14 ` [PATCH v3 1/2] uapi: fix __DECLARE_FLEX_ARRAY for C++ Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202309080910.44BB7CEF@keescook \
--to=keescook@chromium.org \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.