Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3653088pxf; Mon, 29 Mar 2021 07:59:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXCm5ggnnRCYYhBp1fBBzELUCfyUTkvQNMj2WoQ04g4EdYvrnXr27wQzNWaRmHl/XOPYQU X-Received: by 2002:a17:906:2b0a:: with SMTP id a10mr28946240ejg.513.1617029967799; Mon, 29 Mar 2021 07:59:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617029967; cv=none; d=google.com; s=arc-20160816; b=SRyvWNUS2KKMxe2fwvjWhsr9dQGQ3cixLRKHEbE0v2QHE/PzQNZDMWsLoeUZaqa93b pCzBshI25gOsuE2HsJyounn3KKrGsMrAmLJC3jpVhY6KoLdYpDQpC17DsoP7QlRbRMqq qjMd+xqeiIVu0c0RSyUuvRyadWdunRK9DnlKXhLtfDDj+rkR60g7BN/ZzZNMGBNllxzu sfLrKVavrLAtXVZGr0wRbRo0NIDSQz6T61WSpIxMT1MM9tZYa4j2byWDaeswbOBlV4SK 2RGd/LkodFDNc8E3ShMNHQt21aA9kW1cH5Zpw/B5MmBWyFS/6FcNoUgvHPiC/7R2CG8R L7kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:reply-to:in-reply-to:references:mime-version; bh=7ozO7sVG91zVF50Ts/g6SJ375Qk29Ksra9toKzc0DA0=; b=Jxnn9B+77nx/KTO+hQI4dtaW0ri6WAjieJijR39WT8gPvDzwlAutPthg1RGwM92Ra8 4tgxVdz0VA4idNlHqF2E8yGUC/wKF0Ede5HXsM12W6AbKBH+rK4r0yXmGksfXAeowkt1 LGiTSTZkuLMszrg3bWa/xwyROyfGVBr4svEyGrwBUNv31iVvDrTE45J/I8uMoQKnWMf7 m8fvk9Kl/GffmyivpZplbOI5E+aWJunsQvTLI5gwFkYpt22fop+9MX14oqsrqIwc9WKl PDLpEZpxadQQIBakaLjTEiT8QQXWW11oI7VyZFz4O1DUGaW+WEHxtGnVh6CqUbvfOFv2 JyPA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c18si12356073ede.125.2021.03.29.07.59.00; Mon, 29 Mar 2021 07:59:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230271AbhC2O6Y convert rfc822-to-8bit (ORCPT + 99 others); Mon, 29 Mar 2021 10:58:24 -0400 Received: from mail-lf1-f46.google.com ([209.85.167.46]:36572 "EHLO mail-lf1-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229750AbhC2O6G (ORCPT ); Mon, 29 Mar 2021 10:58:06 -0400 Received: by mail-lf1-f46.google.com with SMTP id n138so18916926lfa.3; Mon, 29 Mar 2021 07:58:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc:content-transfer-encoding; bh=faG4TU2vNgmCikSBekGZBz25Hr88VzPfl/YRL0OakNk=; b=GuFQwncG8RT/REvulOWuUFBt8BHPb+/FwvRBN2gGQr/dlVrc/4N6s1D1wxyX2xcZZ8 OYxWgwEoeoO2+A05V1lR3hOo4nivfnj5YbNdqEAuRzXk/50X3V2XYGjEPK516qj7NKLE RH/qTt5lZxVz5mnLgvApwbwjwLhpcLu7ItbJhlC7hmGwqGt3QHVTqyVL0tUpzFP3cmeo BP9ToP/9ar5/3kg4Rz7LNkZYzjFXBLiUKT8qDnEDP9Wa2auFjBhpN+7dYPMLNERuflKy QKJton/ElFP3Yyf1R2J7TAnFmPhpQ63wLLJGjdmxoEoZDfrzMcdvTPlueMHWjf1PLJFV 1YZg== X-Gm-Message-State: AOAM532Gb6Jug2/3FeFBkubrfP20OZXmlfChfNZfKdpehjGkqE2uRwuY zfk8vQ0XfDTebbtbQkdG/WWTdS3WboCLGV7muutrJpDgEdyaEw== X-Received: by 2002:a05:6512:33ca:: with SMTP id d10mr16376219lfg.170.1617029885141; Mon, 29 Mar 2021 07:58:05 -0700 (PDT) MIME-Version: 1.0 References: <20210323224858.GA293698@embeddedor> In-Reply-To: <20210323224858.GA293698@embeddedor> Reply-To: chucklever@gmail.com From: Chuck Lever Date: Mon, 29 Mar 2021 10:57:54 -0400 Message-ID: Subject: Re: [PATCH][next] UAPI: nfsfh.h: Replace one-element array with flexible-array member To: "Gustavo A. R. Silva" Cc: "J. Bruce Fields" , Linux NFS Mailing List , Linux Kernel Mailing List , linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Sorry for the reply via gmail, the original patch did not show up in my Oracle mailbox. I've been waiting for a resolution of this thread (and perhaps a Reviewed-by). But in the meantime I've committed this, provisionally, to the for-next topic branch in git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git On Wed, Mar 24, 2021 at 4:39 AM Gustavo A. R. Silva wrote: > > There is a regular need in the kernel to provide a way to declare having > a dynamically sized set of trailing elements in a structure. Kernel code > should always use “flexible array members”[1] for these cases. The older > style of one-element or zero-length arrays should no longer be used[2]. > > Use an anonymous union with a couple of anonymous structs in order to > keep userspace unchanged: > > $ pahole -C nfs_fhbase_new fs/nfsd/nfsfh.o > struct nfs_fhbase_new { > union { > struct { > __u8 fb_version_aux; /* 0 1 */ > __u8 fb_auth_type_aux; /* 1 1 */ > __u8 fb_fsid_type_aux; /* 2 1 */ > __u8 fb_fileid_type_aux; /* 3 1 */ > __u32 fb_auth[1]; /* 4 4 */ > }; /* 0 8 */ > struct { > __u8 fb_version; /* 0 1 */ > __u8 fb_auth_type; /* 1 1 */ > __u8 fb_fsid_type; /* 2 1 */ > __u8 fb_fileid_type; /* 3 1 */ > __u32 fb_auth_flex[0]; /* 4 0 */ > }; /* 0 4 */ > }; /* 0 8 */ > > /* size: 8, cachelines: 1, members: 1 */ > /* last cacheline: 8 bytes */ > }; > > Also, this helps with the ongoing efforts to enable -Warray-bounds by > fixing the following warnings: > > fs/nfsd/nfsfh.c: In function ‘nfsd_set_fh_dentry’: > fs/nfsd/nfsfh.c:191:41: warning: array subscript 1 is above array bounds of ‘__u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] > 191 | ntohl((__force __be32)fh->fh_fsid[1]))); > | ~~~~~~~~~~~^~~ > ./include/linux/kdev_t.h:12:46: note: in definition of macro ‘MKDEV’ > 12 | #define MKDEV(ma,mi) (((ma) << MINORBITS) | (mi)) > | ^~ > ./include/uapi/linux/byteorder/little_endian.h:40:26: note: in expansion of macro ‘__swab32’ > 40 | #define __be32_to_cpu(x) __swab32((__force __u32)(__be32)(x)) > | ^~~~~~~~ > ./include/linux/byteorder/generic.h:136:21: note: in expansion of macro ‘__be32_to_cpu’ > 136 | #define ___ntohl(x) __be32_to_cpu(x) > | ^~~~~~~~~~~~~ > ./include/linux/byteorder/generic.h:140:18: note: in expansion of macro ‘___ntohl’ > 140 | #define ntohl(x) ___ntohl(x) > | ^~~~~~~~ > fs/nfsd/nfsfh.c:191:8: note: in expansion of macro ‘ntohl’ > 191 | ntohl((__force __be32)fh->fh_fsid[1]))); > | ^~~~~ > fs/nfsd/nfsfh.c:192:32: warning: array subscript 2 is above array bounds of ‘__u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] > 192 | fh->fh_fsid[1] = fh->fh_fsid[2]; > | ~~~~~~~~~~~^~~ > fs/nfsd/nfsfh.c:192:15: warning: array subscript 1 is above array bounds of ‘__u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] > 192 | fh->fh_fsid[1] = fh->fh_fsid[2]; > | ~~~~~~~~~~~^~~ > > [1] https://en.wikipedia.org/wiki/Flexible_array_member > [2] https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays > > Link: https://github.com/KSPP/linux/issues/79 > Link: https://github.com/KSPP/linux/issues/109 > Signed-off-by: Gustavo A. R. Silva > --- > include/uapi/linux/nfsd/nfsfh.h | 27 +++++++++++++++++++-------- > 1 file changed, 19 insertions(+), 8 deletions(-) > > diff --git a/include/uapi/linux/nfsd/nfsfh.h b/include/uapi/linux/nfsd/nfsfh.h > index ff0ca88b1c8f..427294dd56a1 100644 > --- a/include/uapi/linux/nfsd/nfsfh.h > +++ b/include/uapi/linux/nfsd/nfsfh.h > @@ -64,13 +64,24 @@ struct nfs_fhbase_old { > * in include/linux/exportfs.h for currently registered values. > */ > struct nfs_fhbase_new { > - __u8 fb_version; /* == 1, even => nfs_fhbase_old */ > - __u8 fb_auth_type; > - __u8 fb_fsid_type; > - __u8 fb_fileid_type; > - __u32 fb_auth[1]; > -/* __u32 fb_fsid[0]; floating */ > -/* __u32 fb_fileid[0]; floating */ > + union { > + struct { > + __u8 fb_version_aux; /* == 1, even => nfs_fhbase_old */ > + __u8 fb_auth_type_aux; > + __u8 fb_fsid_type_aux; > + __u8 fb_fileid_type_aux; > + __u32 fb_auth[1]; > + /* __u32 fb_fsid[0]; floating */ > + /* __u32 fb_fileid[0]; floating */ > + }; > + struct { > + __u8 fb_version; /* == 1, even => nfs_fhbase_old */ > + __u8 fb_auth_type; > + __u8 fb_fsid_type; > + __u8 fb_fileid_type; > + __u32 fb_auth_flex[]; /* flexible-array member */ > + }; > + }; > }; > > struct knfsd_fh { > @@ -97,7 +108,7 @@ struct knfsd_fh { > #define fh_fsid_type fh_base.fh_new.fb_fsid_type > #define fh_auth_type fh_base.fh_new.fb_auth_type > #define fh_fileid_type fh_base.fh_new.fb_fileid_type > -#define fh_fsid fh_base.fh_new.fb_auth > +#define fh_fsid fh_base.fh_new.fb_auth_flex > > /* Do not use, provided for userspace compatiblity. */ > #define fh_auth fh_base.fh_new.fb_auth > -- > 2.27.0 > -- When the world is being engulfed by a comet, go ahead and excrete where you want to.