From: Johannes Berg <johannes.berg@xxxxxxxxx> John Garry reported that when we actually use the current implementation of __NLA_ENSURE, he gets compiler warnings from -Wvla since there's an array in there, and for some reason the compiler cannot immediately prove that its size is constant. It must eventually be able to prove it as we can use this inside an initializer for a constant, but the warning still shows up for him. I haven't been able to reproduce the warning on gcc in any case that actually should compile, though in the case that a non-constant value is actually passed I do see both the VLA warning as well as the non-constant initializer error. This was with both gcc 7.3.1 (which John also reported to be using) and 8.1. However, since we already have BUILD_BUG_ON_ZERO() and I just missed it when implementing this, just use it, which avoids this whole issue because it uses the bitfield trick to force compilation errors, rather than the array trick. Reported-by: John Garry <john.garry@xxxxxxxxxx> Fixes: 3e48be05f3c7 ("netlink: add attribute range validation to policy") Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> --- include/net/netlink.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/netlink.h b/include/net/netlink.h index 589683091f16..094012174b6f 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -311,7 +311,7 @@ struct nla_policy { #define NLA_POLICY_NESTED_ARRAY(maxattr, policy) \ { .type = NLA_NESTED_ARRAY, .validation_data = policy, .len = maxattr } -#define __NLA_ENSURE(condition) (sizeof(char[1 - 2*!(condition)]) - 1) +#define __NLA_ENSURE(condition) BUILD_BUG_ON_ZERO(!(condition)) #define NLA_ENSURE_INT_TYPE(tp) \ (__NLA_ENSURE(tp == NLA_S8 || tp == NLA_U8 || \ tp == NLA_S16 || tp == NLA_U16 || \ -- 2.14.4