Re: [PATCH][next] integrity: Avoid -Wflex-array-member-not-at-end warnings

From: Gustavo A. R. Silva
Date: Wed Mar 20 2024 - 23:40:09 EST

Next message: Jakub Kicinski: "Re: [PATCH v3 resend] net/ipv4: add tracepoint for icmp_send"
Previous message: Jakub Kicinski: "Re: [PATCH] ipv6: delay procfs initialization after the ipv6 structs are ready"
In reply to: Mimi Zohar: "Re: [PATCH][next] integrity: Avoid -Wflex-array-member-not-at-end warnings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20/03/24 19:19, Mimi Zohar wrote:

Hi Gustavo,

Sorry for the delay...

No worries. :)

On Mon, 2024-03-04 at 11:52 -0600, Gustavo A. R. Silva wrote:

-Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
ready to enable it globally.

There is currently an object (`hdr)` in `struct ima_max_digest_data`
that contains a flexible structure (`struct ima_digest_data`):

struct ima_max_digest_data {
struct ima_digest_data hdr;
u8 digest[HASH_MAX_DIGESTSIZE];
} __packed;

So, in order to avoid ending up with a flexible-array member in the
middle of another struct, we use the `struct_group_tagged()` helper to
separate the flexible array from the rest of the members in the flexible
structure:

struct ima_digest_data {
struct_group_tagged(ima_digest_data_hdr, hdr,

... the rest of the members

);
u8 digest[];
} __packed;

With the change described above, we can now declare an object of the
type of the tagged struct, without embedding the flexible array in the
middle of another struct:

struct ima_max_digest_data {
struct ima_digest_data_hdr hdr;
u8 digest[HASH_MAX_DIGESTSIZE];
} __packed;

We also use `container_of()` whenever we need to retrieve a pointer to
the flexible structure.

Nice!

So, with these changes, fix the following warnings:

security/integrity/evm/evm.h:45:32: warning: structure containing a flexible
array member is not at the end of another structure [-Wflex-array-member-not-
at-end]
security/integrity/evm/evm.h:45:32: warning: structure containing a flexible
array member is not at the end of another structure [-Wflex-array-member-not-
at-end]
security/integrity/evm/evm.h:45:32: warning: structure containing a flexible
array member is not at the end of another structure [-Wflex-array-member-not-
at-end]

A similar change would need to be made to struct evm_digest:

struct evm_digest {
struct ima_digest_data hdr;
char digest[IMA_MAX_DIGEST_SIZE];
} __packed;

Is there are another patch?

Oh, I missed that one. I'll include it and send v2, shortly.

Thanks!
--
Gustavo

Next message: Jakub Kicinski: "Re: [PATCH v3 resend] net/ipv4: add tracepoint for icmp_send"
Previous message: Jakub Kicinski: "Re: [PATCH] ipv6: delay procfs initialization after the ipv6 structs are ready"
In reply to: Mimi Zohar: "Re: [PATCH][next] integrity: Avoid -Wflex-array-member-not-at-end warnings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]