On Fri. 6 Jan 2023 at 22:19, Jann Horn <jannh@xxxxxxxxxx> wrote:
> On Fri, Jan 6, 2023 at 5:28 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> > Zero-length arrays are deprecated[1]. Replace struct ethtool_rxnfc's
> > "rule_locs" 0-length array with a flexible array. Detected with GCC 13,
> > using -fstrict-flex-arrays=3:
> >
> > net/ethtool/common.c: In function 'ethtool_get_max_rxnfc_channel':
> > net/ethtool/common.c:558:55: warning: array subscript i is outside array bounds of '__u32[0]' {aka 'unsigned int[]'} [-Warray-bounds=]
> > 558 | .fs.location = info->rule_locs[i],
> > | ~~~~~~~~~~~~~~~^~~
> > In file included from include/linux/ethtool.h:19,
> > from include/uapi/linux/ethtool_netlink.h:12,
> > from include/linux/ethtool_netlink.h:6,
> > from net/ethtool/common.c:3:
> > include/uapi/linux/ethtool.h:1186:41: note: while referencing
> > 'rule_locs'
> > 1186 | __u32 rule_locs[0];
> > | ^~~~~~~~~
> >
> > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays
> >
> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> > Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> > Cc: Andrew Lunn <andrew@xxxxxxx>
> > Cc: kernel test robot <lkp@xxxxxxxxx>
> > Cc: Oleksij Rempel <linux@xxxxxxxxxxxxxxxx>
> > Cc: Sean Anderson <sean.anderson@xxxxxxxx>
> > Cc: Alexandru Tachici <alexandru.tachici@xxxxxxxxxx>
> > Cc: Amit Cohen <amcohen@xxxxxxxxxx>
> > Cc: "Gustavo A. R. Silva" <gustavoars@xxxxxxxxxx>
> > Cc: Vincent Mailhol <mailhol.vincent@xxxxxxxxxx>
> > Cc: netdev@xxxxxxxxxxxxxxx
> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> > ---
> > v3: don't use helper (vincent)
> > v2: https://lore.kernel.org/lkml/20230105233420.gonna.036-kees@xxxxxxxxxx
> > ---
> > include/uapi/linux/ethtool.h | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/include/uapi/linux/ethtool.h b/include/uapi/linux/ethtool.h
> > index 58e587ba0450..3135fa0ba9a4 100644
> > --- a/include/uapi/linux/ethtool.h
> > +++ b/include/uapi/linux/ethtool.h
> > @@ -1183,7 +1183,7 @@ struct ethtool_rxnfc {
> > __u32 rule_cnt;
> > __u32 rss_context;
> > };
> > - __u32 rule_locs[0];
> > + __u32 rule_locs[];
>
> Stupid question: Is this syntax allowed in UAPI headers despite not
> being part of standard C90 or C++? Are we relying on all C/C++
> compilers for pre-C99 having gcc/clang extensions?
The [0] isn't part of the C90 standard either. So having to choose
between [0] and [], the latter is the most portable nowadays.
If I do a bit of speleology, I can see that C99 flexible array members
were used as early as v2.6.19 (released in November 2006):
https://elixir.bootlin.com/linux/v2.6.19/source/include/linux/usb/audio.h#L36
This is prior to the include/linux and include/uapi/linux split, but
believe me, this usb/audio.h file is indeed part of the uapi.
So, yes, using C99 flexible array members in the UAPI is de facto
allowed because it was used for the last 16 years.
An interesting sub question would be:
What are the minimum compiler requirements to build a program using
the Linux UAPI?
And, after research, I could not find the answer. The requirements to
build the kernel are well documented:
https://docs.kernel.org/process/changes.html#changes
But no clue for the uapi. I guess that at one point in 2006, people
decided that it was time to set the minimum requirement to C99. Maybe
this matches the end of life of the latest pre-C99 GCC version? The
detailed answer must be hidden somewhere on lkml.
Yours sincerely,
Vincent Mailhol
