Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1978107pxb; Sat, 28 Aug 2021 00:31:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGA8hqCTPrO6aHRXoUFxxYjRDcma5oLmQkURnnAi18vUuKrkYrmTPvGEY7dPvdPmZMWe31 X-Received: by 2002:a92:7b10:: with SMTP id w16mr9615499ilc.241.1630135917984; Sat, 28 Aug 2021 00:31:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630135917; cv=none; d=google.com; s=arc-20160816; b=D0Fm1ipJQnV5TDIC/JibSlpUY/OaF5OeENnQe316O0kBM/yubt7zsKo84DftKU4rjB rVju5sFi/qUnEND/raQFKzCWgETdnnsB4UBZcY613Kn7yLyIU2vfHTYPBGxKyYXdnUqx XKpNstrJJyTkZ2AGcoKW9dbZpmMNPC0qhKdy1G6WeaPkOoYLWnLfRl5hI0LUq+stsQFl BlavBmyp9KxglJ85LnxK0K7Ka74x+FBmKlnqk/aovVr0Zpo3JKREmnWYmWynLvDBJmUo WCVxOzZvDUcq7pz6/gGA6+QZ+Vui79bBnYdTiK/YJ0yV6H3cpJsr/EpGHiRbjGZMtVxj b4Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version; bh=amoaT6Gx1brn6kakzuiyTfsVKRAB+W31O+LF0+vhH3E=; b=THDOsbh8s5N1sPJ4I6ECrpx48F0UojV1Xdaw+yFXmEK7/EI/cLqmtpGy9l/lyMGAfP FlQcH3mB0cxRdMQXK7JDsk4g8cB/bqLInusM0C0xbM0uY6I1gJbxQNthjqKovc3CgLCA M45oI12eV3i3U9XIPaNRajG/ZKGCLj6GCL5XxpenblV3IsfzccRyacmzZx60g9mXplzQ O6Hax6Jej+FR/3R3YTYooRx1C6jgUPy3fmG96FFSMMBQ3LcUsgqYbAmEapfBNUD5jn98 OyvijhDrbOeCUAJlveTmNF92Y9eKpncl/v1v+6qMUJ2DIuSgcPDhSwHgdpkWC9z3rZBz 7fDA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h11si8751846ild.67.2021.08.28.00.31.31; Sat, 28 Aug 2021 00:31:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233469AbhH1HcR convert rfc822-to-8bit (ORCPT + 99 others); Sat, 28 Aug 2021 03:32:17 -0400 Received: from mail-pj1-f50.google.com ([209.85.216.50]:37642 "EHLO mail-pj1-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233348AbhH1HcQ (ORCPT ); Sat, 28 Aug 2021 03:32:16 -0400 Received: by mail-pj1-f50.google.com with SMTP id j10-20020a17090a94ca00b00181f17b7ef7so10504166pjw.2; Sat, 28 Aug 2021 00:31:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=72FGwkr2cgYiG2mCqnRFPrgyEIFWlTQT13Q2rpcWR6c=; b=L+vVgObJEkYk7Kj9HifFAAdZZz9aNXuZhrDFsHtkhV/VNZ9897PRKglf16uBw9UTmi 9cddLe4hmacg1zuTx0Re7pbPE0Mu2682dNgSCqsErobItEHcivwT4vp0DIXGbjgUNEMj 2rNX76AW5H0hrl6T6OAuJSsZgYY6aqgBfjAIYp0eQCb0lOsI1miW8y6tD+fBfmbGH5Ga hrwwnW2IxSwKUGz2+WagX5HEe7uKuGUCf7NdHgX2EfrSVPgXUU4QsDrlFGsE7cXEIpds hSdsKTY1p6UZEaEMMAy25+O4GC4/8THYW7nXYvxNsptsURic/iQqiZiRFCP6azgQDCae 3Emw== X-Gm-Message-State: AOAM532ki5yPgAYmkfZytjljhxN8sJ4nQPsm0mxEFyhA1t4fcpcHX1ON VbT0VlKLLafWNf5/vTAAermSbuEibtBEYOKX4zU= X-Received: by 2002:a17:902:9b89:b0:12d:7f02:f6a5 with SMTP id y9-20020a1709029b8900b0012d7f02f6a5mr12373883plp.39.1630135885761; Sat, 28 Aug 2021 00:31:25 -0700 (PDT) MIME-Version: 1.0 References: <20210826050458.1540622-1-keescook@chromium.org> <20210826050458.1540622-3-keescook@chromium.org> <20210826062452.jekmoo43f4xu5jxk@pengutronix.de> <202108270915.B4DD070AF@keescook> In-Reply-To: <202108270915.B4DD070AF@keescook> From: Vincent MAILHOL Date: Sat, 28 Aug 2021 16:31:14 +0900 Message-ID: Subject: Re: [PATCH v2 2/5] treewide: Replace open-coded flex arrays in unions To: Kees Cook Cc: Marc Kleine-Budde , open list , "Gustavo A. R. Silva" , Arnd Bergmann , Ayush Sawal , Vinay Kumar Yadav , Rohit Maheshwari , Herbert Xu , "David S. Miller" , Kalle Valo , Jakub Kicinski , Stanislaw Gruszka , Luca Coelho , "James E.J. Bottomley" , "Martin K. Petersen" , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Johannes Berg , Mordechay Goodstein , Lee Jones , Wolfgang Grandegger , Arunachalam Santhanam , Mikulas Patocka , linux-crypto@vger.kernel.org, ath10k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev , linux-scsi@vger.kernel.org, linux-can , bpf@vger.kernel.org, Rasmus Villemoes , Keith Packard , Dan Williams , Daniel Vetter , clang-built-linux@googlegroups.com, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Le sam. 28 août 2021 à 01:17, Kees Cook a écrit : > > On Thu, Aug 26, 2021 at 08:24:52AM +0200, Marc Kleine-Budde wrote: > > [...] > > BTW: Is there opportunity for conversion, too? > > > > | drivers/net/can/peak_canfd/peak_pciefd_main.c:146:32: warning: array of flexible structures > > Untested potential solution: > > diff --git a/drivers/net/can/peak_canfd/peak_pciefd_main.c b/drivers/net/can/peak_canfd/peak_pciefd_main.c > index 1df3c4b54f03..efa2b5a52bd7 100644 > --- a/drivers/net/can/peak_canfd/peak_pciefd_main.c > +++ b/drivers/net/can/peak_canfd/peak_pciefd_main.c > @@ -143,7 +143,11 @@ struct pciefd_rx_dma { > __le32 irq_status; > __le32 sys_time_low; > __le32 sys_time_high; > - struct pucan_rx_msg msg[]; > + /* > + * with "msg" being pciefd_irq_rx_cnt(priv->irq_status)-many > + * variable-sized struct pucan_rx_msg following. > + */ > + __le32 msg[]; Isn't u8 msg[] preferable here? > } __packed __aligned(4); > > /* Tx Link record */ > @@ -327,7 +331,7 @@ static irqreturn_t pciefd_irq_handler(int irq, void *arg) > > /* handle rx messages (if any) */ > peak_canfd_handle_msgs_list(&priv->ucan, > - rx_dma->msg, > + (struct pucan_rx_msg *)rx_dma->msg, > pciefd_irq_rx_cnt(priv->irq_status)); > > /* handle tx link interrupt (if any) */ > > > It's not great, but it's also not strictly a flex array, in the sense > that since struct pucan_rx_msg is a variable size, the compiler cannot > reason about the size of struct pciefd_rx_dma based only on the > irq_status encoding... In the same spirit, it is a bit cleaner to change the prototype of handle_msgs_list(). Like that: diff --git a/drivers/net/can/peak_canfd/peak_canfd.c b/drivers/net/can/peak_canf d/peak_canfd.c index d08718e98e11..81a9faa6193f 100644 --- a/drivers/net/can/peak_canfd/peak_canfd.c +++ b/drivers/net/can/peak_canfd/peak_canfd.c @@ -484,9 +484,8 @@ int peak_canfd_handle_msg(struct peak_canfd_priv *priv, /* handle a list of rx_count messages from rx_msg memory address */ int peak_canfd_handle_msgs_list(struct peak_canfd_priv *priv, - struct pucan_rx_msg *msg_list, int msg_count) + void *msg_ptr, int msg_count) { - void *msg_ptr = msg_list; int i, msg_size = 0; for (i = 0; i < msg_count; i++) { diff --git a/drivers/net/can/peak_canfd/peak_canfd_user.h b/drivers/net/can/peak _canfd/peak_canfd_user.h index a72719dc3b74..ef91f92e70c3 100644 --- a/drivers/net/can/peak_canfd/peak_canfd_user.h +++ b/drivers/net/can/peak_canfd/peak_canfd_user.h @@ -42,5 +42,5 @@ struct net_device *alloc_peak_canfd_dev(int sizeof_priv, int index, int peak_canfd_handle_msg(struct peak_canfd_priv *priv, struct pucan_rx_msg *msg); int peak_canfd_handle_msgs_list(struct peak_canfd_priv *priv, - struct pucan_rx_msg *rx_msg, int rx_count); + void *msg_ptr, int rx_count); #endif diff --git a/drivers/net/can/peak_canfd/peak_pciefd_main.c b/drivers/net/can/peak_canfd/peak_pciefd_main.c index 1df3c4b54f03..c1de1e3dc4bc 100644 --- a/drivers/net/can/peak_canfd/peak_pciefd_main.c +++ b/drivers/net/can/peak_canfd/peak_pciefd_main.c @@ -143,7 +143,11 @@ struct pciefd_rx_dma { __le32 irq_status; __le32 sys_time_low; __le32 sys_time_high; - struct pucan_rx_msg msg[]; + /* + * with "msg" being pciefd_irq_rx_cnt(priv->irq_status)-many + * variable-sized struct pucan_rx_msg following. + */ + u8 msg[]; } __packed __aligned(4); /* Tx Link record */ Another solution would be to declare a maximum length for struct pucan_rx_msg::d. Because these are CAN FD messages, I suppose that maximum length would be CANFD_MAX_DLEN. struct canfd_frame from the UAPI uses the same pattern. N.B. This solution is not exclusive from the above one (actually, I think that using both would be the best solution). diff --git a/include/linux/can/dev/peak_canfd.h b/include/linux/can/dev/peak_canfd.h index f38772fd0c07..a048359db430 100644 --- a/include/linux/can/dev/peak_canfd.h +++ b/include/linux/can/dev/peak_canfd.h @@ -189,7 +189,7 @@ struct __packed pucan_rx_msg { u8 client; __le16 flags; __le32 can_id; - u8 d[]; + u8 d[CANFD_MAX_DLEN]; }; /* uCAN error types */ I only tested for compilation. Yours sincerely, Vincent