Re: [GIT PULL] percpu fix for v5.9-rc6

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
	Christoph Lameter <cl@linux.com>, Linux-MM <linux-mm@kvack.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Kees Cook <keescook@chromium.org>
Subject: Re: [GIT PULL] percpu fix for v5.9-rc6
Date: Fri, 18 Sep 2020 15:03:45 -0500	[thread overview]
Message-ID: <20200918200344.GB15213@embeddedor> (raw)
In-Reply-To: <CAHk-=wg=vvSf3M9O1VkwyYB4D4W6XS2AHVpQn6hEQY+usWrKGg@mail.gmail.com>

On Fri, Sep 18, 2020 at 12:37:48PM -0700, Linus Torvalds wrote:
> On Fri, Sep 18, 2020 at 12:28 PM Gustavo A. R. Silva
> <gustavoars@kernel.org> wrote:
> >
> > OK. It seems that we are talking about two different things here. One thing
> > is to apply sizeof() to a structure that contains a flexible-array member.
> > And the other thing is to apply sizeof() to a flexible array. The former
> > is allowed, the latter is wrong and we already get a build error when that
> > occurs.
> 
> The latter I'm not even interested in, it's such a pointless thing to do.
> 
> > Applying sizeof() to a structure containing a flex-array member is allowed,
> 
> Yes, and that's wrong and inconsistent, but what else is new about the
> C standard. It's what allows these kinds of bugs to slip through.
> 
> I sent Luc a couple of examples in the hope that maybe sparse could do
> better, but..
> 
> > > Is there some gcc option that I didn't find to help find any questionable cases?
> >
> > If the questionable case is the application of sizeof() to a flex-array
> > member or a flex-array member not occuring last in the containing structure,
> > then yes, GCC already generates a build error for both cases. And that's
> > what we want, see at the bottom...
> 
> No.
> 
> The questionable thing is to do "sizeof(struct-with-flex-array)".

I see now... 

> The point is, it's returning the same thing as if it was just a
> zero-sized array, which makes the whole flex array entirely pointless
> from a type safety standpoint.
> 
> The *only* thing it protects against is the "must be at the end" case,
> which is almost entirely pointless and uninteresting.
> 

But you are missing the point about CONFIG_UBSAN_BOUNDS, which doesn't
work with zero-lenght and one-element arrays. And we want to be able
to use that configuration. That's the main reason why we are replacing
those arrays with a flexible one. I should have made more emphasis on
that point in my last response.

Thanks
--
Gustavo

next prev parent reply	other threads:[~2020-09-18 19:58 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-17 20:45 Dennis Zhou
2020-09-18  1:05 ` Linus Torvalds
2020-09-18 16:23   ` Gustavo A. R. Silva
2020-09-18 17:23     ` Linus Torvalds
2020-09-18 19:34       ` Gustavo A. R. Silva
2020-09-18 19:37         ` Linus Torvalds
2020-09-18 20:02           ` Matthew Wilcox
2020-09-18 20:14             ` Linus Torvalds
2020-09-18 20:29               ` Arvind Sankar
2020-09-18 20:40                 ` Linus Torvalds
2020-09-18 21:00                   ` Arvind Sankar
2020-09-18 21:18                     ` Linus Torvalds
2020-09-18 22:39                       ` Arvind Sankar
2020-09-19  1:28                         ` Linus Torvalds
2020-09-19  2:53                           ` Arvind Sankar
2020-09-19  3:02                             ` Matthew Wilcox
2020-09-19  3:04                             ` Linus Torvalds
2020-09-19  2:45                         ` Matthew Wilcox
2020-09-19  3:37                           ` Arvind Sankar
2020-09-19 15:15                         ` David Laight
2020-09-18 20:03           ` Gustavo A. R. Silva [this message]
2020-09-18  1:10 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200918200344.GB15213@embeddedor \
    --to=gustavoars@kernel.org \
    --cc=cl@linux.com \
    --cc=dennis@kernel.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=tj@kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox