Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's "bufs" with a flexible array member. (How is the size of this array verified?) Detected with GCC 13, using -fstrict-flex-arrays=3:
In function 'io_ring_buffer_select', inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] 141 | buf = &br->bufs[head]; | ^~~~~~~~~~~~~~~ In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: include/uapi/linux/io_uring.h: In function 'io_buffer_select': include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' 628 | struct io_uring_buf bufs[0]; | ^~~~
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-a...
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") Cc: Jens Axboe axboe@kernel.dk Cc: Pavel Begunkov asml.silence@gmail.com Cc: "Gustavo A. R. Silva" gustavoars@kernel.org Cc: stable@vger.kernel.org Cc: io-uring@vger.kernel.org Signed-off-by: Kees Cook keescook@chromium.org --- include/uapi/linux/io_uring.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h index 2780bce62faf..9d8861899cde 100644 --- a/include/uapi/linux/io_uring.h +++ b/include/uapi/linux/io_uring.h @@ -625,7 +625,7 @@ struct io_uring_buf_ring { __u16 resv3; __u16 tail; }; - struct io_uring_buf bufs[0]; + struct io_uring_buf bufs[]; }; };
On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote:
Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's "bufs" with a flexible array member. (How is the size of this array verified?) Detected with GCC 13, using -fstrict-flex-arrays=3:
In function 'io_ring_buffer_select', inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] 141 | buf = &br->bufs[head]; | ^~~~~~~~~~~~~~~ In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: include/uapi/linux/io_uring.h: In function 'io_buffer_select': include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' 628 | struct io_uring_buf bufs[0]; | ^~~~
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-a...
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") Cc: Jens Axboe axboe@kernel.dk Cc: Pavel Begunkov asml.silence@gmail.com Cc: "Gustavo A. R. Silva" gustavoars@kernel.org Cc: stable@vger.kernel.org Cc: io-uring@vger.kernel.org Signed-off-by: Kees Cook keescook@chromium.org
include/uapi/linux/io_uring.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h index 2780bce62faf..9d8861899cde 100644 --- a/include/uapi/linux/io_uring.h +++ b/include/uapi/linux/io_uring.h @@ -625,7 +625,7 @@ struct io_uring_buf_ring { __u16 resv3; __u16 tail; };
struct io_uring_buf bufs[0];
struct io_uring_buf bufs[];};
Oops, please ignore. My test build misfired...
2.34.1
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on kees/for-next/pstore] [also build test ERROR on kees/for-next/kspp linus/master v6.2-rc2 next-20230105] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/io_uring-Replace-0-... base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/pstore patch link: https://lore.kernel.org/r/20230105033743.never.628-kees%40kernel.org patch subject: [PATCH] io_uring: Replace 0-length array with flexible array config: arc-defconfig compiler: arc-elf-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/intel-lab-lkp/linux/commit/6239ffe2f8611e707b90e0c902bfa1... git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Kees-Cook/io_uring-Replace-0-length-array-with-flexible-array/20230105-114008 git checkout 6239ffe2f8611e707b90e0c902bfa1f0dbe578bb # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=arc olddefconfig COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=arc SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot lkp@intel.com
All errors (new ones prefixed by >>):
In file included from include/linux/io_uring.h:7, from kernel/fork.c:97:
include/uapi/linux/io_uring.h:628:41: error: flexible array member in union
628 | struct io_uring_buf bufs[]; | ^~~~ kernel/fork.c:162:13: warning: no previous prototype for 'arch_release_task_struct' [-Wmissing-prototypes] 162 | void __weak arch_release_task_struct(struct task_struct *tsk) | ^~~~~~~~~~~~~~~~~~~~~~~~ kernel/fork.c:862:20: warning: no previous prototype for 'arch_task_cache_init' [-Wmissing-prototypes] 862 | void __init __weak arch_task_cache_init(void) { } | ^~~~~~~~~~~~~~~~~~~~ kernel/fork.c:957:12: warning: no previous prototype for 'arch_dup_task_struct' [-Wmissing-prototypes] 957 | int __weak arch_dup_task_struct(struct task_struct *dst, | ^~~~~~~~~~~~~~~~~~~~ -- In file included from include/linux/io_uring.h:7, from kernel/exit.c:67:
include/uapi/linux/io_uring.h:628:41: error: flexible array member in union
628 | struct io_uring_buf bufs[]; | ^~~~ kernel/exit.c:1901:13: warning: no previous prototype for 'abort' [-Wmissing-prototypes] 1901 | __weak void abort(void) | ^~~~~ -- In file included from include/linux/io_uring.h:7, from fs/exec.c:64:
include/uapi/linux/io_uring.h:628:41: error: flexible array member in union
628 | struct io_uring_buf bufs[]; | ^~~~ -- In file included from include/linux/io_uring.h:7, from io_uring/io_uring.c:72:
include/uapi/linux/io_uring.h:628:41: error: flexible array member in union
628 | struct io_uring_buf bufs[]; | ^~~~ io_uring/io_uring.c: In function '__io_submit_flush_completions': io_uring/io_uring.c:1443:40: warning: variable 'prev' set but not used [-Wunused-but-set-variable] 1443 | struct io_wq_work_node *node, *prev; | ^~~~ -- In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10:
include/uapi/linux/io_uring.h:628:41: error: flexible array member in union
628 | struct io_uring_buf bufs[]; | ^~~~ In file included from include/linux/container_of.h:5, from include/linux/kernel.h:21, from io_uring/kbuf.c:2: io_uring/kbuf.c: In function 'io_register_pbuf_ring': include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:277:50: note: in expansion of macro '__must_be_array' 277 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \ | ^~~~~~~~~~~~~~~ include/linux/overflow.h:293:32: note: in expansion of macro 'flex_array_size' 293 | sizeof(*(p)) + flex_array_size(p, member, count), \ | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~ include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:278:56: note: in expansion of macro '__must_be_array' 278 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member))) | ^~~~~~~~~~~~~~~ include/linux/overflow.h:293:32: note: in expansion of macro 'flex_array_size' 293 | sizeof(*(p)) + flex_array_size(p, member, count), \ | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~ include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:277:50: note: in expansion of macro '__must_be_array' 277 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \ | ^~~~~~~~~~~~~~~ include/linux/overflow.h:294:40: note: in expansion of macro 'flex_array_size' 294 | size_add(sizeof(*(p)), flex_array_size(p, member, count))) | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~ include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ include/linux/compiler.h:232:33: note: in expansion of macro 'BUILD_BUG_ON_ZERO' 232 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) | ^~~~~~~~~~~~~~~~~ include/linux/overflow.h:278:56: note: in expansion of macro '__must_be_array' 278 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member))) | ^~~~~~~~~~~~~~~ include/linux/overflow.h:294:40: note: in expansion of macro 'flex_array_size' 294 | size_add(sizeof(*(p)), flex_array_size(p, member, count))) | ^~~~~~~~~~~~~~~ io_uring/kbuf.c:508:30: note: in expansion of macro 'struct_size' 508 | struct_size(br, bufs, reg.ring_entries), | ^~~~~~~~~~~
vim +628 include/uapi/linux/io_uring.h
615 616 struct io_uring_buf_ring { 617 union { 618 /* 619 * To avoid spilling into more pages than we need to, the 620 * ring tail is overlaid with the io_uring_buf->resv field. 621 */ 622 struct { 623 __u64 resv1; 624 __u32 resv2; 625 __u16 resv3; 626 __u16 tail; 627 };
628 struct io_uring_buf bufs[];
629 }; 630 }; 631
On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote:
Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's "bufs" with a flexible array member. (How is the size of this array verified?) Detected with GCC 13, using -fstrict-flex-arrays=3:
In function 'io_ring_buffer_select', inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] 141 | buf = &br->bufs[head]; | ^~~~~~~~~~~~~~~ In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: include/uapi/linux/io_uring.h: In function 'io_buffer_select': include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' 628 | struct io_uring_buf bufs[0]; | ^~~~
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-a...
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") Cc: Jens Axboe axboe@kernel.dk Cc: Pavel Begunkov asml.silence@gmail.com Cc: "Gustavo A. R. Silva" gustavoars@kernel.org Cc: stable@vger.kernel.org
Build problem aside, why is this a stable kernel issue?
thanks,
greg k-h
On Thu, Jan 05, 2023 at 08:39:48AM +0100, Greg KH wrote:
On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote:
Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's "bufs" with a flexible array member. (How is the size of this array verified?) Detected with GCC 13, using -fstrict-flex-arrays=3:
In function 'io_ring_buffer_select', inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] 141 | buf = &br->bufs[head]; | ^~~~~~~~~~~~~~~ In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: include/uapi/linux/io_uring.h: In function 'io_buffer_select': include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' 628 | struct io_uring_buf bufs[0]; | ^~~~
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-a...
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") Cc: Jens Axboe axboe@kernel.dk Cc: Pavel Begunkov asml.silence@gmail.com Cc: "Gustavo A. R. Silva" gustavoars@kernel.org Cc: stable@vger.kernel.org
Build problem aside, why is this a stable kernel issue?
My thinking was that since this is technically a UAPI change, it'd be best to get it changed as widely as possible.
On Thu, Jan 05, 2023 at 10:04:19AM -0800, Kees Cook wrote:
On Thu, Jan 05, 2023 at 08:39:48AM +0100, Greg KH wrote:
On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote:
Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's "bufs" with a flexible array member. (How is the size of this array verified?) Detected with GCC 13, using -fstrict-flex-arrays=3:
In function 'io_ring_buffer_select', inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] 141 | buf = &br->bufs[head]; | ^~~~~~~~~~~~~~~ In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: include/uapi/linux/io_uring.h: In function 'io_buffer_select': include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' 628 | struct io_uring_buf bufs[0]; | ^~~~
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-a...
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") Cc: Jens Axboe axboe@kernel.dk Cc: Pavel Begunkov asml.silence@gmail.com Cc: "Gustavo A. R. Silva" gustavoars@kernel.org Cc: stable@vger.kernel.org
Build problem aside, why is this a stable kernel issue?
My thinking was that since this is technically a UAPI change, it'd be best to get it changed as widely as possible.
You can't break the uapi, so it should be the same with or without your change right?
confused,
greg k-h
[resend -- I failed to CC the thread]
On Thu, Jan 05, 2023 at 08:38:01PM +0100, Greg KH wrote:
On Thu, Jan 05, 2023 at 10:04:19AM -0800, Kees Cook wrote:
On Thu, Jan 05, 2023 at 08:39:48AM +0100, Greg KH wrote:
On Wed, Jan 04, 2023 at 07:37:48PM -0800, Kees Cook wrote:
Zero-length arrays are deprecated[1]. Replace struct io_uring_buf_ring's "bufs" with a flexible array member. (How is the size of this array verified?) Detected with GCC 13, using -fstrict-flex-arrays=3:
In function 'io_ring_buffer_select', inlined from 'io_buffer_select' at io_uring/kbuf.c:183:10: io_uring/kbuf.c:141:23: warning: array subscript 255 is outside the bounds of an interior zero-length array 'struct io_uring_buf[0]' [-Wzero-length-bounds] 141 | buf = &br->bufs[head]; | ^~~~~~~~~~~~~~~ In file included from include/linux/io_uring.h:7, from io_uring/kbuf.c:10: include/uapi/linux/io_uring.h: In function 'io_buffer_select': include/uapi/linux/io_uring.h:628:41: note: while referencing 'bufs' 628 | struct io_uring_buf bufs[0]; | ^~~~
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-a...
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers") Cc: Jens Axboe axboe@kernel.dk Cc: Pavel Begunkov asml.silence@gmail.com Cc: "Gustavo A. R. Silva" gustavoars@kernel.org Cc: stable@vger.kernel.org
Build problem aside, why is this a stable kernel issue?
My thinking was that since this is technically a UAPI change, it'd be best to get it changed as widely as possible.
You can't break the uapi, so it should be the same with or without your change right?
confused,
Correct -- but we've had a hard time finding breakages (with extremely weird stuff like non-C .h file scrapers) due to the lag between making UAPI changes like this.
Anyway, I can drop the CC stable if it's more sensible.
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on kees/for-next/pstore] [also build test ERROR on kees/for-next/kspp linus/master v6.2-rc2 next-20230105] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/io_uring-Replace-0-... base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/pstore patch link: https://lore.kernel.org/r/20230105033743.never.628-kees%40kernel.org patch subject: [PATCH] io_uring: Replace 0-length array with flexible array config: x86_64-rhel-8.3-rust compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/intel-lab-lkp/linux/commit/6239ffe2f8611e707b90e0c902bfa1... git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Kees-Cook/io_uring-Replace-0-length-array-with-flexible-array/20230105-114008 git checkout 6239ffe2f8611e707b90e0c902bfa1f0dbe578bb # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 olddefconfig COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/nvme/host/
If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot lkp@intel.com
All errors (new ones prefixed by >>):
In file included from drivers/nvme/host/ioctl.c:8: In file included from include/linux/io_uring.h:7:
include/uapi/linux/io_uring.h:628:23: error: flexible array member 'bufs' in a union is not allowed
struct io_uring_buf bufs[]; ^ 1 error generated.
vim +/bufs +628 include/uapi/linux/io_uring.h
615 616 struct io_uring_buf_ring { 617 union { 618 /* 619 * To avoid spilling into more pages than we need to, the 620 * ring tail is overlaid with the io_uring_buf->resv field. 621 */ 622 struct { 623 __u64 resv1; 624 __u32 resv2; 625 __u16 resv3; 626 __u16 tail; 627 };
628 struct io_uring_buf bufs[];
629 }; 630 }; 631
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on kees/for-next/pstore] [also build test ERROR on kees/for-next/kspp linus/master v6.2-rc2 next-20230105] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/io_uring-Replace-0-... base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/pstore patch link: https://lore.kernel.org/r/20230105033743.never.628-kees%40kernel.org patch subject: [PATCH] io_uring: Replace 0-length array with flexible array config: x86_64-randconfig-a004 compiler: gcc-11 (Debian 11.3.0-8) 11.3.0 reproduce (this is a W=1 build): # https://github.com/intel-lab-lkp/linux/commit/6239ffe2f8611e707b90e0c902bfa1... git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Kees-Cook/io_uring-Replace-0-length-array-with-flexible-array/20230105-114008 git checkout 6239ffe2f8611e707b90e0c902bfa1f0dbe578bb # save the config file mkdir build_dir && cp config build_dir/.config make W=1 O=build_dir ARCH=x86_64 olddefconfig make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot lkp@intel.com
All errors (new ones prefixed by >>):
In file included from <command-line>:
./usr/include/linux/io_uring.h:628:41: error: flexible array member in union
628 | struct io_uring_buf bufs[]; | ^~~~
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Kees Cook -
kernel test robot