From: Kees Cook <[email protected]>
ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
Similar to "Replace one-element array with flexible-array", replace the
1-element array with a proper flexible array member as defined by C99.
This allows the code to operate without tripping compile-time and run-
time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
and/or -fstrict-flex-arrays=3).
The sizeof() uses with struct acpi_nfit_flush_address and struct
acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
of the trailing single element. The result is no binary differences in
.text nor .data sections.
Link: https://github.com/acpica/acpica/commit/44f1af06
Signed-off-by: Bob Moore <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
---
drivers/acpi/nfit/core.c | 2 +-
include/acpi/actbl2.h | 16 ++++++++--------
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 4e48d6db05eb..981f8b0f595d 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -3477,7 +3477,7 @@ static __init int nfit_init(void)
BUILD_BUG_ON(sizeof(struct acpi_nfit_system_address) != 64);
BUILD_BUG_ON(sizeof(struct acpi_nfit_memory_map) != 48);
BUILD_BUG_ON(sizeof(struct acpi_nfit_interleave) != 20);
- BUILD_BUG_ON(sizeof(struct acpi_nfit_smbios) != 9);
+ BUILD_BUG_ON(sizeof(struct acpi_nfit_smbios) != 8);
BUILD_BUG_ON(sizeof(struct acpi_nfit_control_region) != 80);
BUILD_BUG_ON(sizeof(struct acpi_nfit_data_region) != 40);
BUILD_BUG_ON(sizeof(struct acpi_nfit_capabilities) != 16);
diff --git a/include/acpi/actbl2.h b/include/acpi/actbl2.h
index db292f325696..6d3251ea4c53 100644
--- a/include/acpi/actbl2.h
+++ b/include/acpi/actbl2.h
@@ -397,7 +397,7 @@ struct acpi_iort_node {
u32 identifier;
u32 mapping_count;
u32 mapping_offset;
- char node_data[1];
+ char node_data[];
};
/* Values for subtable Type above */
@@ -453,14 +453,14 @@ struct acpi_iort_memory_access {
*/
struct acpi_iort_its_group {
u32 its_count;
- u32 identifiers[1]; /* GIC ITS identifier array */
+ u32 identifiers[]; /* GIC ITS identifier array */
};
struct acpi_iort_named_component {
u32 node_flags;
u64 memory_properties; /* Memory access properties */
u8 memory_address_limit; /* Memory address size limit */
- char device_name[1]; /* Path of namespace object */
+ char device_name[]; /* Path of namespace object */
};
/* Masks for Flags field above */
@@ -474,7 +474,7 @@ struct acpi_iort_root_complex {
u32 pci_segment_number;
u8 memory_address_limit; /* Memory address size limit */
u16 pasid_capabilities; /* PASID Capabilities */
- u8 reserved[1]; /* Reserved, must be zero */
+ u8 reserved[]; /* Reserved, must be zero */
};
/* Masks for ats_attribute field above */
@@ -496,7 +496,7 @@ struct acpi_iort_smmu {
u32 context_interrupt_offset;
u32 pmu_interrupt_count;
u32 pmu_interrupt_offset;
- u64 interrupts[1]; /* Interrupt array */
+ u64 interrupts[]; /* Interrupt array */
};
/* Values for Model field above */
@@ -975,7 +975,7 @@ struct acpi_madt_local_sapic {
u8 reserved[3]; /* Reserved, must be zero */
u32 lapic_flags;
u32 uid; /* Numeric UID - ACPI 3.0 */
- char uid_string[1]; /* String UID - ACPI 3.0 */
+ char uid_string[]; /* String UID - ACPI 3.0 */
};
/* 8: Platform Interrupt Source */
@@ -1708,7 +1708,7 @@ struct acpi_nfit_interleave {
struct acpi_nfit_smbios {
struct acpi_nfit_header header;
u32 reserved; /* Reserved, must be zero */
- u8 data[1]; /* Variable length */
+ u8 data[]; /* Variable length */
};
/* 4: NVDIMM Control Region Structure */
@@ -1765,7 +1765,7 @@ struct acpi_nfit_flush_address {
u32 device_handle;
u16 hint_count;
u8 reserved[6]; /* Reserved, must be zero */
- u64 hint_address[1]; /* Variable length */
+ u64 hint_address[]; /* Variable length */
};
/* 7: Platform Capabilities Structure */
--
2.35.3
Rafael J. Wysocki wrote:
> From: Kees Cook <[email protected]>
>
> ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
>
> Similar to "Replace one-element array with flexible-array", replace the
> 1-element array with a proper flexible array member as defined by C99.
>
> This allows the code to operate without tripping compile-time and run-
> time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
> and/or -fstrict-flex-arrays=3).
>
> The sizeof() uses with struct acpi_nfit_flush_address and struct
> acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
> of the trailing single element. The result is no binary differences in
> .text nor .data sections.
>
> Link: https://github.com/acpica/acpica/commit/44f1af06
> Signed-off-by: Bob Moore <[email protected]>
> Signed-off-by: Rafael J. Wysocki <[email protected]>
Reviewed-by: Dan Williams <[email protected]>
Dan Williams wrote:
> Rafael J. Wysocki wrote:
> > From: Kees Cook <[email protected]>
> >
> > ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
> >
> > Similar to "Replace one-element array with flexible-array", replace the
> > 1-element array with a proper flexible array member as defined by C99.
> >
> > This allows the code to operate without tripping compile-time and run-
> > time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
> > and/or -fstrict-flex-arrays=3).
> >
> > The sizeof() uses with struct acpi_nfit_flush_address and struct
> > acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
> > of the trailing single element. The result is no binary differences in
> > .text nor .data sections.
> >
> > Link: https://github.com/acpica/acpica/commit/44f1af06
> > Signed-off-by: Bob Moore <[email protected]>
> > Signed-off-by: Rafael J. Wysocki <[email protected]>
>
> Reviewed-by: Dan Williams <[email protected]>
Unit tests say NAK, though.
This causes a regression, but I think I see where. Will send a fixed
patch in a bit.
Rafael J. Wysocki wrote:
> From: Kees Cook <[email protected]>
>
> ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
>
> Similar to "Replace one-element array with flexible-array", replace the
> 1-element array with a proper flexible array member as defined by C99.
>
> This allows the code to operate without tripping compile-time and run-
> time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
> and/or -fstrict-flex-arrays=3).
>
> The sizeof() uses with struct acpi_nfit_flush_address and struct
> acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
> of the trailing single element. The result is no binary differences in
> .text nor .data sections.
>
> Link: https://github.com/acpica/acpica/commit/44f1af06
> Signed-off-by: Bob Moore <[email protected]>
> Signed-off-by: Rafael J. Wysocki <[email protected]>
This one needs the following folded in to pass my tests.
Feel free to fold and add:
Co-developed-by: Dan Williams <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
-- >8 --
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 981f8b0f595d..85d9d67e38a4 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -894,7 +894,7 @@ static size_t sizeof_flush(struct acpi_nfit_flush_address *flush)
{
if (flush->header.length < sizeof(*flush))
return 0;
- return sizeof(*flush) + sizeof(u64) * (flush->hint_count - 1);
+ return struct_size(flush, hint_address, flush->hint_count);
}
static bool add_flush(struct acpi_nfit_desc *acpi_desc,
diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c
index c75abb497a1a..745c4a27bc35 100644
--- a/tools/testing/nvdimm/test/nfit.c
+++ b/tools/testing/nvdimm/test/nfit.c
@@ -1878,14 +1878,14 @@ static size_t sizeof_spa(struct acpi_nfit_system_address *spa)
static int nfit_test0_alloc(struct nfit_test *t)
{
struct acpi_nfit_system_address *spa = NULL;
+ struct acpi_nfit_flush_address *flush;
size_t nfit_size = sizeof_spa(spa) * NUM_SPA
+ sizeof(struct acpi_nfit_memory_map) * NUM_MEM
+ sizeof(struct acpi_nfit_control_region) * NUM_DCR
+ offsetof(struct acpi_nfit_control_region,
window_size) * NUM_DCR
+ sizeof(struct acpi_nfit_data_region) * NUM_BDW
- + (sizeof(struct acpi_nfit_flush_address)
- + sizeof(u64) * NUM_HINTS) * NUM_DCR
+ + struct_size(flush, hint_address, NUM_HINTS) * NUM_DCR
+ sizeof(struct acpi_nfit_capabilities);
int i;
Kees Cook wrote:
>
>
> On April 5, 2023 5:22:55 PM PDT, Dan Williams <[email protected]> wrote:
> >Dan Williams wrote:
> >> Rafael J. Wysocki wrote:
> >> > From: Kees Cook <[email protected]>
> >> >
> >> > ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
> >> >
> >> > Similar to "Replace one-element array with flexible-array", replace the
> >> > 1-element array with a proper flexible array member as defined by C99.
> >> >
> >> > This allows the code to operate without tripping compile-time and run-
> >> > time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
> >> > and/or -fstrict-flex-arrays=3).
> >> >
> >> > The sizeof() uses with struct acpi_nfit_flush_address and struct
> >> > acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
> >> > of the trailing single element. The result is no binary differences in
> >> > .text nor .data sections.
> >> >
> >> > Link: https://github.com/acpica/acpica/commit/44f1af06
> >> > Signed-off-by: Bob Moore <[email protected]>
> >> > Signed-off-by: Rafael J. Wysocki <[email protected]>
> >>
> >> Reviewed-by: Dan Williams <[email protected]>
> >
> >Unit tests say NAK, though.
> >
> >This causes a regression, but I think I see where. Will send a fixed
> >patch in a bit.
>
> Ah, which tests? I must have missed something!
You're doubly forgiven for not running them because 1/ they typically
require setting up a VM, and 2/ they've been broken since v6.3-rc1 due
to where the test modules moved.
On April 5, 2023 5:22:55 PM PDT, Dan Williams <[email protected]> wrote:
>Dan Williams wrote:
>> Rafael J. Wysocki wrote:
>> > From: Kees Cook <[email protected]>
>> >
>> > ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
>> >
>> > Similar to "Replace one-element array with flexible-array", replace the
>> > 1-element array with a proper flexible array member as defined by C99.
>> >
>> > This allows the code to operate without tripping compile-time and run-
>> > time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
>> > and/or -fstrict-flex-arrays=3).
>> >
>> > The sizeof() uses with struct acpi_nfit_flush_address and struct
>> > acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
>> > of the trailing single element. The result is no binary differences in
>> > .text nor .data sections.
>> >
>> > Link: https://github.com/acpica/acpica/commit/44f1af06
>> > Signed-off-by: Bob Moore <[email protected]>
>> > Signed-off-by: Rafael J. Wysocki <[email protected]>
>>
>> Reviewed-by: Dan Williams <[email protected]>
>
>Unit tests say NAK, though.
>
>This causes a regression, but I think I see where. Will send a fixed
>patch in a bit.
Ah, which tests? I must have missed something!
Thanks for digging in.
-Kees
--
Kees Cook
On Thu, Apr 6, 2023 at 2:36 AM Dan Williams <[email protected]> wrote:
>
> Rafael J. Wysocki wrote:
> > From: Kees Cook <[email protected]>
> >
> > ACPICA commit 44f1af0664599e87bebc3a1260692baa27b2f264
> >
> > Similar to "Replace one-element array with flexible-array", replace the
> > 1-element array with a proper flexible array member as defined by C99.
> >
> > This allows the code to operate without tripping compile-time and run-
> > time bounds checkers (e.g. via __builtin_object_size(), -fsanitize=bounds,
> > and/or -fstrict-flex-arrays=3).
> >
> > The sizeof() uses with struct acpi_nfit_flush_address and struct
> > acpi_nfit_smbios have been adjusted to drop the open-coded subtraction
> > of the trailing single element. The result is no binary differences in
> > .text nor .data sections.
> >
> > Link: https://github.com/acpica/acpica/commit/44f1af06
> > Signed-off-by: Bob Moore <[email protected]>
> > Signed-off-by: Rafael J. Wysocki <[email protected]>
>
> This one needs the following folded in to pass my tests.
>
> Feel free to fold and add:
Done, thank you!
> Co-developed-by: Dan Williams <[email protected]>
> Signed-off-by: Dan Williams <[email protected]>
>
> -- >8 --
> diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
> index 981f8b0f595d..85d9d67e38a4 100644
> --- a/drivers/acpi/nfit/core.c
> +++ b/drivers/acpi/nfit/core.c
> @@ -894,7 +894,7 @@ static size_t sizeof_flush(struct acpi_nfit_flush_address *flush)
> {
> if (flush->header.length < sizeof(*flush))
> return 0;
> - return sizeof(*flush) + sizeof(u64) * (flush->hint_count - 1);
> + return struct_size(flush, hint_address, flush->hint_count);
> }
>
> static bool add_flush(struct acpi_nfit_desc *acpi_desc,
> diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c
> index c75abb497a1a..745c4a27bc35 100644
> --- a/tools/testing/nvdimm/test/nfit.c
> +++ b/tools/testing/nvdimm/test/nfit.c
> @@ -1878,14 +1878,14 @@ static size_t sizeof_spa(struct acpi_nfit_system_address *spa)
> static int nfit_test0_alloc(struct nfit_test *t)
> {
> struct acpi_nfit_system_address *spa = NULL;
> + struct acpi_nfit_flush_address *flush;
> size_t nfit_size = sizeof_spa(spa) * NUM_SPA
> + sizeof(struct acpi_nfit_memory_map) * NUM_MEM
> + sizeof(struct acpi_nfit_control_region) * NUM_DCR
> + offsetof(struct acpi_nfit_control_region,
> window_size) * NUM_DCR
> + sizeof(struct acpi_nfit_data_region) * NUM_BDW
> - + (sizeof(struct acpi_nfit_flush_address)
> - + sizeof(u64) * NUM_HINTS) * NUM_DCR
> + + struct_size(flush, hint_address, NUM_HINTS) * NUM_DCR
> + sizeof(struct acpi_nfit_capabilities);
> int i;
>