Message ID | 20230105033743.never.628-kees@kernel.org (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | io_uring: Replace 0-length array with flexible array | expand |
On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote: > Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's > "bufs" with a flexible array member. (How is the size of this array > verified?) Detected with GCC 13, using -fstrict-flex-arrays=3: > > In function 'io_ring_buffer_select', > inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: > io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] > 141 | buf = &br->bufs[head]; > | ^~~~~~~~~~~~~~~ > In file included from include/linux/io_uring.h:7, > from io_uring/kbuf.c:10: > include/uapi/linux/io_uring.h: In function 'io_buffer_select': > include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' > 628 | struct io_uring_buf bufs[0]; > | ^~~~ > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays > > Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") > Cc: Jens Axboe <axboe@kernel.dk> > Cc: Pavel Begunkov <asml.silence@gmail.com> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: stable@vger.kernel.org > Cc: io-uring@vger.kernel.org > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > include/uapi/linux/io_uring.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h > index 2780bce62faf..9d8861899cde 100644 > --- a/include/uapi/linux/io_uring.h > +++ b/include/uapi/linux/io_uring.h > @@ -625,7 +625,7 @@ struct io_uring_buf_ring { > __u16 resv3; > __u16 tail; > }; > - struct io_uring_buf bufs[0]; > + struct io_uring_buf bufs[]; > }; > }; Oops, please ignore. My test build misfired... > > -- > 2.34.1 >
Hi Kees, I love your patch! Yet something to improve: [auto build test ERROR on kees/for-next/pstore] [also build test ERROR on kees/for-next/kspp linus/master v6.2-rc2 next-20230105] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/io_uring-Replace-0-length-array-with-flexible-array/20230105-114008 base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/pstore patch link: https://lore.kernel.org/r/20230105033743.never.628-kees%40kernel.org patch subject: [PATCH] io_uring: Replace 0-length array with flexible array config: arc-defconfig compiler: arc-elf-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/intel-lab-lkp/linux/commit/6239ffe2f8611e707b90e0c902bfa1f0dbe578bb git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Kees-Cook/io_uring-Replace-0-length-array-with-flexible-array/20230105-114008 git checkout 6239ffe2f8611e707b90e0c902bfa1f0dbe578bb # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=arc olddefconfig COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=arc SHELL=/bin/bash If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot <lkp@intel.com> All errors (new ones prefixed by >>): In file included from include/linux/io_uring.h:7, from kernel/fork.c:97: >> include/uapi/linux/io_uring.h:628:41: error: flexible array member in union 628 | struct io_uring_buf bufs[]; | ^~~~ kernel/fork.c:162:13: warning: no previous prototype for 'arch_release_task_struct' [-Wmissing-prototypes] 162 | void __weak arch_release_task_struct(struct task_struct *tsk) | ^~~~~~~~~~~~~~~~~~~~~~~~ kernel/fork.c:862:20: warning: no previous prototype for 'arch_task_cache_init' [-Wmissing-prototypes] 862 | void __init __weak arch_task_cache_init(void) { } | ^~~~~~~~~~~~~~~~~~~~ kernel/fork.c:957:12: warning: no previous prototype for 'arch_dup_task_struct' [-Wmissing-prototypes] 957 | int __weak arch_dup_task_struct(struct task_struct *dst, | ^~~~~~~~~~~~~~~~~~~~ -- In file included from include/linux/io_uring.h:7, from kernel/exit.c:67: >> include/uapi/linux/io_uring.h:628:41: error: flexible array member in union 628 | struct io_uring_buf bufs[]; | ^~~~ kernel/exit.c:1901:13: warning: no previous prototype for 'abort' [-Wmissing-prototypes] 1901 | __weak void abort(void) | ^~~~~ -- In file included from include/linux/io_uring.h:7, from fs/exec.c:64: >> include/uapi/linux/io_uring.h:628:41: error: flexible array member in union 628 | struct io_uring_buf bufs[]; | ^~~~ -- In file included from include/linux/io_uring.h:7, from io_uring/io_uring.c:72: >> include/uapi/linux/io_uring.h:628:41: error: flexible array member in union 628 | struct io_uring_buf bufs[]; | ^~~~ io_uring/io_uring.c: In function '__io_submit_flush_completions': io_uring/io_uring.c:1443:40: warning: variable 'prev' set but not used [-Wunused-but-set-variable] 1443 | struct io_wq_work_node *node, *prev; | ^~~~ -- In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: >> include/uapi/linux/io_uring.h:628:41: error: flexible array member in union 628 | struct io_uring_buf bufs[]; | ^~~~ In file included from include/linux/container_of.h:5, from include/linux/kernel.h:21, from io_uring/kbuf.c:2: io_uring/kbuf.c: In function 'io_register_pbuf_ring': include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:277:50: note: in expansion of macro '__must_be_array' 277 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \ | ^~~~~~~~~~~~~~~ include/linux/overflow.h:293:32: note: in expansion of macro 'flex_array_size' 293 | sizeof(*(p)) + flex_array_size(p, member, count), \ | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~ include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:278:56: note: in expansion of macro '__must_be_array' 278 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member))) | ^~~~~~~~~~~~~~~ include/linux/overflow.h:293:32: note: in expansion of macro 'flex_array_size' 293 | sizeof(*(p)) + flex_array_size(p, member, count), \ | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~ include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:277:50: note: in expansion of macro '__must_be_array' 277 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \ | ^~~~~~~~~~~~~~~ include/linux/overflow.h:294:40: note: in expansion of macro 'flex_array_size' 294 | size_add(sizeof(*(p)), flex_array_size(p, member, count))) | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~ include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:278:56: note: in expansion of macro '__must_be_array' 278 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member))) | ^~~~~~~~~~~~~~~ include/linux/overflow.h:294:40: note: in expansion of macro 'flex_array_size' 294 | size_add(sizeof(*(p)), flex_array_size(p, member, count))) | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~ vim +628 include/uapi/linux/io_uring.h 615 616 struct io_uring_buf_ring { 617 union { 618 /* 619 * To avoid spilling into more pages than we need to, the 620 * ring tail is overlaid with the io_uring_buf->resv field. 621 */ 622 struct { 623 __u64 resv1; 624 __u32 resv2; 625 __u16 resv3; 626 __u16 tail; 627 }; > 628 struct io_uring_buf bufs[]; 629 }; 630 }; 631
On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote: > Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's > "bufs" with a flexible array member. (How is the size of this array > verified?) Detected with GCC 13, using -fstrict-flex-arrays=3: > > In function 'io_ring_buffer_select', > inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: > io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] > 141 | buf = &br->bufs[head]; > | ^~~~~~~~~~~~~~~ > In file included from include/linux/io_uring.h:7, > from io_uring/kbuf.c:10: > include/uapi/linux/io_uring.h: In function 'io_buffer_select': > include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' > 628 | struct io_uring_buf bufs[0]; > | ^~~~ > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays > > Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") > Cc: Jens Axboe <axboe@kernel.dk> > Cc: Pavel Begunkov <asml.silence@gmail.com> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: stable@vger.kernel.org Build problem aside, why is this a stable kernel issue? thanks, greg k-h
On Thu, Jan 05, 2023 at 08:39:48AM +0100, Greg KH wrote: > On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote: > > Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's > > "bufs" with a flexible array member. (How is the size of this array > > verified?) Detected with GCC 13, using -fstrict-flex-arrays=3: > > > > In function 'io_ring_buffer_select', > > inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: > > io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] > > 141 | buf = &br->bufs[head]; > > | ^~~~~~~~~~~~~~~ > > In file included from include/linux/io_uring.h:7, > > from io_uring/kbuf.c:10: > > include/uapi/linux/io_uring.h: In function 'io_buffer_select': > > include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' > > 628 | struct io_uring_buf bufs[0]; > > | ^~~~ > > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays > > > > Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") > > Cc: Jens Axboe <axboe@kernel.dk> > > Cc: Pavel Begunkov <asml.silence@gmail.com> > > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > > Cc: stable@vger.kernel.org > > Build problem aside, why is this a stable kernel issue? My thinking was that since this is technically a UAPI change, it'd be best to get it changed as widely as possible.
On Thu, Jan 05, 2023 at 10:04:19AM -0800, Kees Cook wrote: > On Thu, Jan 05, 2023 at 08:39:48AM +0100, Greg KH wrote: > > On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote: > > > Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's > > > "bufs" with a flexible array member. (How is the size of this array > > > verified?) Detected with GCC 13, using -fstrict-flex-arrays=3: > > > > > > In function 'io_ring_buffer_select', > > > inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: > > > io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] > > > 141 | buf = &br->bufs[head]; > > > | ^~~~~~~~~~~~~~~ > > > In file included from include/linux/io_uring.h:7, > > > from io_uring/kbuf.c:10: > > > include/uapi/linux/io_uring.h: In function 'io_buffer_select': > > > include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' > > > 628 | struct io_uring_buf bufs[0]; > > > | ^~~~ > > > > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays > > > > > > Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") > > > Cc: Jens Axboe <axboe@kernel.dk> > > > Cc: Pavel Begunkov <asml.silence@gmail.com> > > > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > > > Cc: stable@vger.kernel.org > > > > Build problem aside, why is this a stable kernel issue? > > My thinking was that since this is technically a UAPI change, it'd be > best to get it changed as widely as possible. You can't break the uapi, so it should be the same with or without your change right? confused, greg k-h
[resend -- I failed to CC the thread] On Thu, Jan 05, 2023 at 08:38:01PM +0100, Greg KH wrote: > On Thu, Jan 05, 2023 at 10:04:19AM -0800, Kees Cook wrote: > > On Thu, Jan 05, 2023 at 08:39:48AM +0100, Greg KH wrote: > > > On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote: > > > > Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's > > > > "bufs" with a flexible array member. (How is the size of this array > > > > verified?) Detected with GCC 13, using -fstrict-flex-arrays=3: > > > > > > > > In function 'io_ring_buffer_select', > > > > inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: > > > > io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] > > > > 141 | buf = &br->bufs[head]; > > > > | ^~~~~~~~~~~~~~~ > > > > In file included from include/linux/io_uring.h:7, > > > > from io_uring/kbuf.c:10: > > > > include/uapi/linux/io_uring.h: In function 'io_buffer_select': > > > > include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' > > > > 628 | struct io_uring_buf bufs[0]; > > > > | ^~~~ > > > > > > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays > > > > > > > > Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") > > > > Cc: Jens Axboe <axboe@kernel.dk> > > > > Cc: Pavel Begunkov <asml.silence@gmail.com> > > > > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > > > > Cc: stable@vger.kernel.org > > > > > > Build problem aside, why is this a stable kernel issue? > > > > My thinking was that since this is technically a UAPI change, it'd be > > best to get it changed as widely as possible. > > You can't break the uapi, so it should be the same with or without your > change right? > > confused, Correct -- but we've had a hard time finding breakages (with extremely weird stuff like non-C .h file scrapers) due to the lag between making UAPI changes like this. Anyway, I can drop the CC stable if it's more sensible.
diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h index 2780bce62faf..9d8861899cde 100644 --- a/include/uapi/linux/io_uring.h +++ b/include/uapi/linux/io_uring.h @@ -625,7 +625,7 @@ struct io_uring_buf_ring { __u16 resv3; __u16 tail; }; - struct io_uring_buf bufs[0]; + struct io_uring_buf bufs[]; }; };
Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's "bufs" with a flexible array member. (How is the size of this array verified?) Detected with GCC 13, using -fstrict-flex-arrays=3: In function 'io_ring_buffer_select', inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] 141 | buf = &br->bufs[head]; | ^~~~~~~~~~~~~~~ In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: include/uapi/linux/io_uring.h: In function 'io_buffer_select': include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' 628 | struct io_uring_buf bufs[0]; | ^~~~ [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") Cc: Jens Axboe <axboe@kernel.dk> Cc: Pavel Begunkov <asml.silence@gmail.com> Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> Cc: stable@vger.kernel.org Cc: io-uring@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> --- include/uapi/linux/io_uring.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)