Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp1084827rdb;
        Tue, 19 Sep 2023 21:41:52 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHQOqRsXwxv61/0znzGRmgoPtQ8e53IqSw2B9KsZ5ttn2hWOwniR2vNPx9zrIT+orB0PenY
X-Received: by 2002:a17:902:6ac8:b0:1bb:1523:b311 with SMTP id i8-20020a1709026ac800b001bb1523b311mr1116847plt.41.1695184912057;
        Tue, 19 Sep 2023 21:41:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695184912; cv=none;
        d=google.com; s=arc-20160816;
        b=FW5XFpeXgCGYkhhaLrA2QOZdaHl6zk5v7B5xbgLOhAEERFC1GoX2IK5vP6p5nQc+xn
         sOBCvAT7QmLoT7S0yjyVHeRBMD++EaglTOeYyWF1xfKRsWO38C3VwDceALwWiABdvapZ
         Zvv73DfjU8fybLqF6SfAhBSVnUlcqJ2FU77NwYPW57+hBlg7LcWNxCmq35nwyeiLJ3TJ
         IE4W5RMiULXgwZuI9BD4KC8i7T/9cLHfAb+nvlWUStSOBz+qD9T/nzwNA5fvShtnPsPI
         zGEPE+i8h3gdwi0wbNAioZyfgmsmQUTmQCGx2ucl3rOpwzlyXN0PrfKoPSz1rVm7JOjG
         +20Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:dkim-signature:date;
        bh=G9eTz/QahZOPqLKrGjaKqGMUmxzEd2GX3xz/Fx2MTUU=;
        fh=cP6TXIes1h4OzRdAB/0TANN9KKlfG0aeDhahCJOPreg=;
        b=zuNz8aUAvbXDrD34QXfC0eT6jltBTmiqkKmYwEooTQ+9Molj2lPIEg63bSZ0zf457n
         EhT1q41Dx96O4M8QNusBAbvMxGgYW7irNaSmjRYwU5Nl56zlE67eb+4mEx4FBzcPa7c8
         n00RPM4a5nkD6Rf3B6MKTeBCzmfDD5xM6a3tICIJiHj+Liqg//OtkTskIymiPQGRkb1T
         EcYCpnZHrZdklDr6eXzUpsf+CfpKFxQMC0C2I8iumF+ehvmvACKxf+eqWQM1UA5bO3m8
         8Y2S+3ATMxiE14NkX/w0zLsrfc1jsUwd92014/j6RHQ25YDoqy5BPx1gTyyYuVhNJFTX
         /pUA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b=dZ8b1tKK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32])
        by mx.google.com with ESMTPS id w2-20020a1709026f0200b001c36018fdaasi10445650plk.219.2023.09.19.21.41.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Sep 2023 21:41:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b=dZ8b1tKK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id D0AD280E6CBF;
	Tue, 19 Sep 2023 14:23:45 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233354AbjISVXa (ORCPT <rfc822;bh1scw@gmail.com> + 99 others);
        Tue, 19 Sep 2023 17:23:30 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57230 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233342AbjISVX3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 19 Sep 2023 17:23:29 -0400
Received: from out-219.mta1.migadu.com (out-219.mta1.migadu.com [IPv6:2001:41d0:203:375::db])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58C04B3
        for <linux-kernel@vger.kernel.org>; Tue, 19 Sep 2023 14:23:23 -0700 (PDT)
Date:   Tue, 19 Sep 2023 17:23:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
        t=1695158601;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=G9eTz/QahZOPqLKrGjaKqGMUmxzEd2GX3xz/Fx2MTUU=;
        b=dZ8b1tKKDI3YmYOtf9qCOVOWCShr5qT7k8EC9WUB8eaGvcfaCkOSdp1RYxMxmc6hn1F/Zu
        W7rPr9cnJ0whyt0zlESzlNMVp+bxg2F56s44O+SAZawTCDI41/KybHjRMFYj7HYbplaeyO
        oqLaHvnqaL4qL5d/QEnLaDPz5ViohEU=
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From:   Kent Overstreet <kent.overstreet@linux.dev>
To:     Kees Cook <keescook@chromium.org>
Cc:     Stephen Rothwell <sfr@canb.auug.org.au>,
        Linux Next Mailing List <linux-next@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-hardening@vger.kernel.org
Subject: Re: linux-next: Tree for Sep 12 (bcachefs)
Message-ID: <20230919212318.6kr772hz3m5dsyck@moria.home.lan>
References: <20230912152645.0868a96a@canb.auug.org.au>
 <202309131803.6A3C1D05A@keescook>
 <20230914193807.ozcmylp6n6dsqkbi@moria.home.lan>
 <202309141708.C8B61D4D@keescook>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <202309141708.C8B61D4D@keescook>
X-Migadu-Flow: FLOW_OUT
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 19 Sep 2023 14:23:46 -0700 (PDT)

On Thu, Sep 14, 2023 at 05:20:41PM -0700, Kees Cook wrote:
> Because they're ambiguous and then the compiler can't do appropriate
> bounds checking, compile-time diagnostics, etc. Maybe it's actually zero
> sized, maybe it's not. Nothing stops them from being in the middle of
> the structure so if someone accidentally tries to put members after it
> (which has happened before), we end up with bizarre corruptions, etc,
> etc. Flexible arrays are unambiguous, and that's why we committed to
> converting all the fake flex arrays. The compiler does not have to guess
> (or as has been the case: give up on) figuring out what was intended.

So it does seem like we need to be able to distinguish between normal
flex arrays that go at the end of a struct vs. - what should we call
them, markers? that go in the middle.

> Regardless, I'm just trying to help make sure folks that run with
> CONFIG_UBSAN_BOUNDS=y (as done in Android, Ubuntu, etc) will be able to
> use bcachefs without runtime warnings, etc. Indexing through a 0-sized
> array is going to trip the diagnostic either at runtime or when building
> with -Warray-bounds.

I do have CONFIG_UBSAN_BOUNDS=y testing in my own CI, so all the runtime
errors should be fixed now (some of them with casts, but the casts are
in helpers that know what they're doing, not scattered around at
random).

So I think we're good for now - I'm going to hold off on more cleanup
for now unless reports of actual ubsan splats turn up, since I'm getting
a bit bombarded at the moment :)