From: Linus Torvalds <torvalds@linux-foundation.org>
To: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
Christoph Lameter <cl@linux.com>, Linux-MM <linux-mm@kvack.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] percpu fix for v5.9-rc6
Date: Fri, 18 Sep 2020 10:23:54 -0700 [thread overview]
Message-ID: <CAHk-=wjH+OH08yjp=LpexkUnGp0Ogusk3WX0G7Q+Lh7Anfr21A@mail.gmail.com> (raw)
In-Reply-To: <20200918162305.GB25599@embeddedor>
On Fri, Sep 18, 2020 at 9:17 AM Gustavo A. R. Silva
<gustavoars@kernel.org> wrote:
>
> This bug could have been prevented by either adopting better
> coding practices or through the use[3] of the recent struct_size() helper.
Well, my unspoken point was that coding practices are just
theoretical. Coding practices don't help - actual *checking* of them
helps.
I realize that structures with flexible-array member are allowed to
use sizeof() in standard C, but if we want to make sure this doesn't
happen, we would need to have a stricter model than that. But a quick
google didn't find any flag to enable such a stricter mode.
I guess a sparse warning would work, but sparse already has too many
warnings and as a result most people don't care - even if they were to
run sparse in the first place.
Is there some gcc option that I didn't find to help find any questionable cases?
Because if we have a coding practice that you should use
'struct_size()', then we should also have a way to _verify_ that.
The whole - and really ONLY - point of using flexible arrays was that
it would protect against these things. And as things are now, it
simply doesn't. It's not an actual improvement over just using a
zero-sized array.
(Slightly related: copying a struct has the exact same issue. A
flexible array is no better than a zero-sized array, and generates the
same code and the same lack of any warnings, afaik).
Linus
next prev parent reply other threads:[~2020-09-18 17:24 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-17 20:45 Dennis Zhou
2020-09-18 1:05 ` Linus Torvalds
2020-09-18 16:23 ` Gustavo A. R. Silva
2020-09-18 17:23 ` Linus Torvalds [this message]
2020-09-18 19:34 ` Gustavo A. R. Silva
2020-09-18 19:37 ` Linus Torvalds
2020-09-18 20:02 ` Matthew Wilcox
2020-09-18 20:14 ` Linus Torvalds
2020-09-18 20:29 ` Arvind Sankar
2020-09-18 20:40 ` Linus Torvalds
2020-09-18 21:00 ` Arvind Sankar
2020-09-18 21:18 ` Linus Torvalds
2020-09-18 22:39 ` Arvind Sankar
2020-09-19 1:28 ` Linus Torvalds
2020-09-19 2:53 ` Arvind Sankar
2020-09-19 3:02 ` Matthew Wilcox
2020-09-19 3:04 ` Linus Torvalds
2020-09-19 2:45 ` Matthew Wilcox
2020-09-19 3:37 ` Arvind Sankar
2020-09-19 15:15 ` David Laight
2020-09-18 20:03 ` Gustavo A. R. Silva
2020-09-18 1:10 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wjH+OH08yjp=LpexkUnGp0Ogusk3WX0G7Q+Lh7Anfr21A@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=cl@linux.com \
--cc=dennis@kernel.org \
--cc=gustavoars@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox