Message ID | 20230613210400.never.078-kees@kernel.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp837247vqr; Tue, 13 Jun 2023 14:35:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4IOup78Zv81o24xQqS7/61drO97K8FXxlMkmRRKBo/VtqK8EVz7pTtkK7uiqoeep9Wwx5Y X-Received: by 2002:aa7:ce13:0:b0:50d:fcfb:861b with SMTP id d19-20020aa7ce13000000b0050dfcfb861bmr8606960edv.0.1686692126838; Tue, 13 Jun 2023 14:35:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686692126; cv=none; d=google.com; s=arc-20160816; b=MVB8Z2lR9Fdj28o8M9pqGucnHS4NRWS6JoFdYd2QfBsqXowSJDRZAla/D+vqFyufZP Rb5UgyNoxMsbjUt1ECLPIlYFZhn5n9JnB8+vaabda/fA5WB20CfijZmHrlXrrxPcCtS8 z2B0bY3ujdMVSvAh5QmZMa8PVHtDkqFYRmoBUVbhNNn2ISTbSWeKCWijx2oOMOsxvsvU rsVDcT0VvEfuJ4S97Ta78EJ7TgTfKfXDbR9tXZAoW4/KzFcrl1ip1x3CH8lYB9L0yJCA alA+UgreT2Wuat5TkD46aO8Y+h4q0ozjC9emzdU1zxbSan2UwHFBDtmPWIgmCTv1tjfh ZG6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=BOx1Cb4CrkzgKdN2+7kWQPFrvO7Tgljw4Xt6t1AfgN4=; b=Xmd6TmKBZit2vGK1bL6feNLqNk2nS2xLlSFGW/KHyezg/KiqrLW3NWwBwK/4ppA0xV SzFSpfagvK7a2zLuAeg8Jd2lnso+PkmU/EyDj5RwriJ9Qafg0Wfi5/PBmNoia5WV4zPM RENrlOztob8YBVNzY/Tnq1Xc33uU5sdl4k+uQaFu2740LDUI+Fg2uFpgge21FaJIbA82 bziS1CI72z6XbhxJon4KXPxuJ9x15Ug/lxM8dAXX1IZHr739xJNJX4i1BtENHoPmuTfn Ox65Sfhy/y2l5+iRgugDWa2cRDprdJ7tDGlL38sUUVm/jyzUp0lgNeP2bjaG1Dn4p01m wL9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Wrgk0HFK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c8-20020a056402100800b005187d375624si175802edu.47.2023.06.13.14.35.02; Tue, 13 Jun 2023 14:35:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Wrgk0HFK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235552AbjFMVEL (ORCPT <rfc822;lekhanya01809@gmail.com> + 99 others); Tue, 13 Jun 2023 17:04:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55570 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232924AbjFMVEJ (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 13 Jun 2023 17:04:09 -0400 Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E600C19A8 for <linux-kernel@vger.kernel.org>; Tue, 13 Jun 2023 14:04:07 -0700 (PDT) Received: by mail-oi1-x22d.google.com with SMTP id 5614622812f47-39a505b901dso3396269b6e.0 for <linux-kernel@vger.kernel.org>; Tue, 13 Jun 2023 14:04:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1686690247; x=1689282247; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=BOx1Cb4CrkzgKdN2+7kWQPFrvO7Tgljw4Xt6t1AfgN4=; b=Wrgk0HFKlb86zVDE/KpwIxBXfv2OLpAmFYzNC8qwKVw4dirnXILmb3uDaY5URVddY1 dlgkG9awQpBaW37Z/nuuojDOQo/OSOfOu6sBnDiOSpqkQf5m/vYJuHAoukeGYJmbsB5z 8GuqxaqUtUn1ZlO/diFZ2jx26EETlfzz2934o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686690247; x=1689282247; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BOx1Cb4CrkzgKdN2+7kWQPFrvO7Tgljw4Xt6t1AfgN4=; b=g4wzxswrkxhEbY3h9NRc9qEtRiVaeH8UQYu/7BhNPc7sXnKijGKF32tWQuhLDEAsBe AjU8EFQhvFIKGZaQpRhevasrNVU5a6oPK/6YdWIz92UniUlX4E5gQ2PFBZqZ2QGyyj7+ p+r8bLBTZEAI48sduAoOuVPsaNBkDPKS1KlshENgrg3c4olx7gcm3SaI1gucw4Wdzlue QdoSTtvPLEx4JOeIjL2NIpChQJ5zWHwju4d+TtnKDtUzRiJzX6047w9SJSTvvEAQraqk RK/70IfygZyHVC/SdCNhuuI72AE2BkXkXZK77Nee5fW3c4MFoo1hdWRxY3WRN5Qi+xls X7kA== X-Gm-Message-State: AC+VfDySV51F7dOUWZoD8aUM8QWhIbkNQJJgjR8t2a0YzvWoOMWHQ/JB 6JSSLXoM4pijHpvCMpcABpjvNvVEQf6QvrmZlZI= X-Received: by 2002:a05:6808:284:b0:397:f82f:90a4 with SMTP id z4-20020a056808028400b00397f82f90a4mr8059633oic.3.1686690246395; Tue, 13 Jun 2023 14:04:06 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id 2-20020a630b02000000b0051b7d83ff22sm9713553pgl.80.2023.06.13.14.04.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 14:04:05 -0700 (PDT) From: Kees Cook <keescook@chromium.org> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Kees Cook <keescook@chromium.org>, kernel test robot <oliver.sang@intel.com>, kernel test robot <lkp@intel.com>, "Gustavo A. R. Silva" <gustavoars@kernel.org>, Dan Williams <dan.j.williams@intel.com>, =?utf-8?b?SsOzIMOBZ2lsYSBCaXRzY2g=?= <jgilab@gmail.com>, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] usb: ch9: Replace 1-element array with flexible array Date: Tue, 13 Jun 2023 14:04:04 -0700 Message-Id: <20230613210400.never.078-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1428; h=from:subject:message-id; bh=JnLkH4pmZPr+c0qLV33G9jBQkGYO6fWW64bmkRy4SIY=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBkiNnDHBwR1Ie8fRBd7eHhD8fIQtVxLvTp5alQtuBH DWwFQ8+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZIjZwwAKCRCJcvTf3G3AJsFCD/ 4x1nXqX6El0WiD6bCA9teDACqjOpqTmk7gcwUI9PdJzVcHeJrbFFtmwxJ9gFMI26Ez67hVKTcXf1di tls62NokgUH9nDlkOUyA3GiEkC8ltgIwI0LHUxeY+Wd9rFiN/f2xceF1pQocUGQ8RdrllXpFObeXKO vq8LBMV6Vv8mnY1xjf/3uS+bNlmcb/TzoeaUGKuwUTJUryRwEnP+IhjjhiLoKq/xVLYinuUPnC3mZ0 VAekizBZYNPHWItfimEw5qQYAR+3GQU2yHhLgOCqXffbmYPIEsElbUK7zun6tPn5F/eMEbcqclBmnL uPSr7hHjqn47v/iuYyXW0XbuxyLrwmJ9BhB7rmfionI+Wo09ttk03hc7IQXzjcpR5frONcP/3DiGn0 G0syov5rKbYlVlxjgUpUZxzs4owZAWVHJdD4fz9ik+qsv6/87Rgos42x+sM+GP/tDIQNmvIxTOGtqb 2YYPNlIP97Y/9zZ9O7b+Z+H1MgJU566fTTcQS9Z2a8ucWzJcXGxnVURF3UlHs+6JP9AzQp3RBCGCpL DMMkA8C1LDWlWMuKfgiCvuBNkX03/Nz4pR7MhEZoWRdqwnOgZq9NOv3yFo4q5l1P4Z5HFlrPY6XPGJ CZxVwukYn6Hzl3Zhl0SrGCQ//moINSF/AnPh2j+2TSVHTIMnlwoLq8KD4B9w== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768624883740140018?= X-GMAIL-MSGID: =?utf-8?q?1768624883740140018?= |
Series |
usb: ch9: Replace 1-element array with flexible array
|
|
Commit Message
Kees Cook
June 13, 2023, 9:04 p.m. UTC
With "-fstrict-flex-arrays=3" enabled, UBSAN_BOUNDS no longer pretends
1-element arrays are unbounded. Walking wData will trigger a warning,
so make it a proper flexible array. Add a union to keep the struct size
identical for userspace in case anything was depending on the old size.
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202306102333.8f5a7443-oliver.sang@intel.com
Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: kernel test robot <lkp@intel.com>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: "Jó Ágila Bitsch" <jgilab@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
include/uapi/linux/usb/ch9.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Comments
On Tue, Jun 13, 2023 at 02:04:04PM -0700, Kees Cook wrote: > With "-fstrict-flex-arrays=3" enabled, UBSAN_BOUNDS no longer pretends > 1-element arrays are unbounded. Walking wData will trigger a warning, > so make it a proper flexible array. Add a union to keep the struct size > identical for userspace in case anything was depending on the old size. > > Reported-by: kernel test robot <oliver.sang@intel.com> > Closes: https://lore.kernel.org/oe-lkp/202306102333.8f5a7443-oliver.sang@intel.com > Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") I always have mixed feelings about a 'Fixes' tag applied to a commit like this (one that enables a compiler option that avoids the introduction of buggy code), when we are addressing the potentially buggy code that the option is inteded to prevent. (thinkingface) > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Cc: kernel test robot <lkp@intel.com> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: Dan Williams <dan.j.williams@intel.com> > Cc: "Jó Ágila Bitsch" <jgilab@gmail.com> > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks! -- Gustavo > --- > include/uapi/linux/usb/ch9.h | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/include/uapi/linux/usb/ch9.h b/include/uapi/linux/usb/ch9.h > index b17e3a21b15f..82ec6af71a1d 100644 > --- a/include/uapi/linux/usb/ch9.h > +++ b/include/uapi/linux/usb/ch9.h > @@ -376,7 +376,10 @@ struct usb_string_descriptor { > __u8 bLength; > __u8 bDescriptorType; > > - __le16 wData[1]; /* UTF-16LE encoded */ > + union { > + __le16 legacy_padding; > + __DECLARE_FLEX_ARRAY(__le16, wData); /* UTF-16LE encoded */ > + }; > } __attribute__ ((packed)); > > /* note that "string" zero is special, it holds language codes that > -- > 2.34.1 >
On Tue, Jun 13, 2023 at 04:52:08PM -0600, Gustavo A. R. Silva wrote: > On Tue, Jun 13, 2023 at 02:04:04PM -0700, Kees Cook wrote: > > With "-fstrict-flex-arrays=3" enabled, UBSAN_BOUNDS no longer pretends > > 1-element arrays are unbounded. Walking wData will trigger a warning, > > so make it a proper flexible array. Add a union to keep the struct size > > identical for userspace in case anything was depending on the old size. > > > > Reported-by: kernel test robot <oliver.sang@intel.com> > > Closes: https://lore.kernel.org/oe-lkp/202306102333.8f5a7443-oliver.sang@intel.com > > Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") > > I always have mixed feelings about a 'Fixes' tag applied to a commit > like this (one that enables a compiler option that avoids the introduction > of buggy code), when we are addressing the potentially buggy code that > the option is inteded to prevent. (thinkingface) Yeah, the original code here is not incorrect, it's that you added a new build warning, so this is more like an "update" :) > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > Cc: kernel test robot <lkp@intel.com> > > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > > Cc: Dan Williams <dan.j.williams@intel.com> > > Cc: "Jó Ágila Bitsch" <jgilab@gmail.com> > > Signed-off-by: Kees Cook <keescook@chromium.org> > > Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Odd that checkpatch.pl doesn't cc: the usb lists for this file. I'll go update the MAINTAINERS file with this location... thanks, greg k-h
On Tue, Jun 13, 2023 at 04:52:08PM -0600, Gustavo A. R. Silva wrote: > On Tue, Jun 13, 2023 at 02:04:04PM -0700, Kees Cook wrote: > > With "-fstrict-flex-arrays=3" enabled, UBSAN_BOUNDS no longer pretends > > 1-element arrays are unbounded. Walking wData will trigger a warning, > > so make it a proper flexible array. Add a union to keep the struct size > > identical for userspace in case anything was depending on the old size. > > > > Reported-by: kernel test robot <oliver.sang@intel.com> > > Closes: https://lore.kernel.org/oe-lkp/202306102333.8f5a7443-oliver.sang@intel.com > > Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") > > I always have mixed feelings about a 'Fixes' tag applied to a commit > like this (one that enables a compiler option that avoids the introduction > of buggy code), when we are addressing the potentially buggy code that > the option is inteded to prevent. (thinkingface) Yeah, I've been on the fence about this too. Since it's fixing a (modern) coding style issue, there's nothing wrong technically. i.e. I can't say "Fixes: ...usb commit..." since this isn't a bug. But it's fixing a warning introduced by the fstrict-flex-arrays=3, and tracking those issues is useful. But, it's not really fixing _that_ commit, as it's doing exactly what it should be doing. So, perhaps, in the future I can just mention it more directly in the commit log without a Fixes tag. For example, this should probably have been written as: Since commit df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3"), UBSAN_BOUNDS no longer pretends 1-element arrays are unbounded. Walking wData will trigger a warning, so make it a proper flexible array. Add a union to keep the struct size identical for userspace in case anything was depending on the old size. Reported-by: kernel test robot <oliver.sang@intel.com> Closes: https://lore.kernel.org/oe-lkp/202306102333.8f5a7443-oliver.sang@intel.com -Kees
diff --git a/include/uapi/linux/usb/ch9.h b/include/uapi/linux/usb/ch9.h index b17e3a21b15f..82ec6af71a1d 100644 --- a/include/uapi/linux/usb/ch9.h +++ b/include/uapi/linux/usb/ch9.h @@ -376,7 +376,10 @@ struct usb_string_descriptor { __u8 bLength; __u8 bDescriptorType; - __le16 wData[1]; /* UTF-16LE encoded */ + union { + __le16 legacy_padding; + __DECLARE_FLEX_ARRAY(__le16, wData); /* UTF-16LE encoded */ + }; } __attribute__ ((packed)); /* note that "string" zero is special, it holds language codes that