Replace one-element arrays with flexible-array members #79

GustavoARSilva · 2020-06-03T18:37:22Z

There is a regular need in the kernel to provide a way to declare having a
dynamically sized set of trailing elements in a structure. Kernel code should
always use “flexible array members” for these cases. The older style of
one-element or zero-length arrays should no longer be used.

In older C code, dynamically sized trailing elements were done by specifying
a one-element array at the end of a structure:

struct something {
        size_t count;
        struct foo items[1];
};

This led to fragile size calculations via sizeof() (which would need to remove
the size of the single trailing element to get a correct size of the “header”).
A GNU C extension was introduced to allow for zero-length arrays, to avoid
these kinds of size problems:

struct something {
        size_t count;
        struct foo items[0];
};

But this led to other problems, and didn’t solve some problems shared by both
styles, like not being able to detect when such an array is accidentally being
used not at the end of a structure (which could happen directly, or when
such a struct was in unions, structs of structs, etc).

C99 introduced “flexible array members”, which lacks a numeric size for the
array declaration entirely:

struct something {
        size_t count;
        struct foo items[];
};

This is the way the kernel expects dynamically sized trailing elements to be
declared. It allows the compiler to generate errors when the flexible array
does not occur last in the structure, which helps to prevent some kind of
undefined behavior bugs from being inadvertently introduced to the codebase.
It also allows the compiler to correctly analyze array sizes (via sizeof(),
CONFIG_FORTIFY_SOURCE, and CONFIG_UBSAN_BOUNDS). For instance, there is no
mechanism that warns us that the following application of the sizeof() operator
to a zero-length array always results in zero:

struct something {
        size_t count;
        struct foo items[0];
};

struct something *instance;

instance = kmalloc(struct_size(instance, items, count), GFP_KERNEL);
instance->count = count;

size = sizeof(instance->items) * instance->count;
memcpy(instance->items, source, size);

At the last line of code above, size turns out to be zero, when one might have
thought it represents the total size in bytes of the dynamic memory recently
allocated for the trailing array items. Here are a couple examples of this
issue: link 1, link 2. Instead, flexible array members have incomplete type, and so the
sizeof() operator may not be applied, so any misuse of such operators will
be immediately noticed at build time.

With respect to one-element arrays, one has to be acutely aware that such
arrays occupy at least as much space as a single object of the type, hence they
contribute to the size of the enclosing structure. This is prone to error every
time people want to calculate the total size of dynamic memory to allocate for
a structure containing an array of this kind as a member:

struct something {
        size_t count;
        struct foo items[1];
};

struct something *instance;

instance = kmalloc(struct_size(instance, items, count - 1), GFP_KERNEL);
instance->count = count;

size = sizeof(instance->items) * instance->count;
memcpy(instance->items, source, size);

In the example above, we had to remember to calculate count - 1 when using the
struct_size() helper, otherwise we would have –unintentionally– allocated memory
for one too many items objects. The cleanest and least error-prone way to
implement this is through the use of a flexible array member, instead:

struct something {
        size_t count;
        struct foo items[];
};

struct something *instance;

instance = kmalloc(struct_size(instance, items, count), GFP_KERNEL);
instance->count = count;

memcpy(instance->items, source, flex_array_size(instance, items, instance->count));

Latest version of this document: https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays

The text was updated successfully, but these errors were encountered:

There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. For this particular case, it is important to notice that the cachelines change from 7 to 6 after the flexible-array conversion: $ pahole -C 'fifo' drivers/misc/hpilo.o struct fifo { u64 nrents; /* 0 8 */ u64 imask; /* 8 8 */ u64 merge; /* 16 8 */ u64 reset; /* 24 8 */ u8 pad_0[96]; /* 32 96 */ /* --- cacheline 2 boundary (128 bytes) --- */ u64 head; /* 128 8 */ u8 pad_1[120]; /* 136 120 */ /* --- cacheline 4 boundary (256 bytes) --- */ u64 tail; /* 256 8 */ u8 pad_2[120]; /* 264 120 */ /* --- cacheline 6 boundary (384 bytes) --- */ u64 fifobar[1]; /* 384 8 */ /* size: 392, cachelines: 7, members: 10 */ /* last cacheline: 8 bytes */ }; $ pahole -C 'fifo' drivers/misc/hpilo.o struct fifo { u64 nrents; /* 0 8 */ u64 imask; /* 8 8 */ u64 merge; /* 16 8 */ u64 reset; /* 24 8 */ u8 pad_0[96]; /* 32 96 */ /* --- cacheline 2 boundary (128 bytes) --- */ u64 head; /* 128 8 */ u8 pad_1[120]; /* 136 120 */ /* --- cacheline 4 boundary (256 bytes) --- */ u64 tail; /* 256 8 */ u8 pad_2[120]; /* 264 120 */ /* --- cacheline 6 boundary (384 bytes) --- */ u64 fifobar[]; /* 384 0 */ /* size: 384, cachelines: 6, members: 10 */ }; Lastly, remove unnecessary parentheses in fifo_sz() and fix the following checkpatch.pl warning for the whole fifo structure: WARNING: please, no spaces at the start of a line [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] KSPP#79 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/kernel-ci/hpilo-20200714.md Signed-off-by: Gustavo A. R. Silva <[email protected]>

There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases or, as in this particular case, replace the one-element array with a simple value type u8 reserved once this is just a placeholder for alignment. The older style of one-element or zero-length arrays should no longer be used[2]. Also, while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the variable type is changed but the corresponding sizeof that is passed as argument is not. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] KSPP#79 Signed-off-by: Gustavo A. R. Silva <[email protected]>

There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. For this particular case, it is important to notice that the cachelines change from 7 to 6 after the flexible-array conversion: $ pahole -C 'fifo' drivers/misc/hpilo.o struct fifo { u64 nrents; /* 0 8 */ u64 imask; /* 8 8 */ u64 merge; /* 16 8 */ u64 reset; /* 24 8 */ u8 pad_0[96]; /* 32 96 */ /* --- cacheline 2 boundary (128 bytes) --- */ u64 head; /* 128 8 */ u8 pad_1[120]; /* 136 120 */ /* --- cacheline 4 boundary (256 bytes) --- */ u64 tail; /* 256 8 */ u8 pad_2[120]; /* 264 120 */ /* --- cacheline 6 boundary (384 bytes) --- */ u64 fifobar[1]; /* 384 8 */ /* size: 392, cachelines: 7, members: 10 */ /* last cacheline: 8 bytes */ }; $ pahole -C 'fifo' drivers/misc/hpilo.o struct fifo { u64 nrents; /* 0 8 */ u64 imask; /* 8 8 */ u64 merge; /* 16 8 */ u64 reset; /* 24 8 */ u8 pad_0[96]; /* 32 96 */ /* --- cacheline 2 boundary (128 bytes) --- */ u64 head; /* 128 8 */ u8 pad_1[120]; /* 136 120 */ /* --- cacheline 4 boundary (256 bytes) --- */ u64 tail; /* 256 8 */ u8 pad_2[120]; /* 264 120 */ /* --- cacheline 6 boundary (384 bytes) --- */ u64 fifobar[]; /* 384 0 */ /* size: 384, cachelines: 6, members: 10 */ }; Lastly, remove unnecessary parentheses in fifo_sz() and fix the following checkpatch.pl warning for the whole fifo structure: WARNING: please, no spaces at the start of a line [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] KSPP#79 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/kernel-ci/hpilo-20200714.md Signed-off-by: Gustavo A. R. Silva <[email protected]> Link: https://lore.kernel.org/r/20200714154449.GA26153@embeddedor Signed-off-by: Greg Kroah-Hartman <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element arrays with a simple value type u8 reserved, once this is just a placeholder for alignment. Also, while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the variable type is changed but the corresponding sizeof that is passed as argument is not. [1] KSPP#79 Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element array with a simple value type 'u8 reserved'[2], once this is just a placeholder for alignment. [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/wil6210-20200715.md Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element arrays with simple value types 'char reserved_char' and 'compat_int_t reserved'[2], once it seems these are just placeholders for alignment. Also, while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the variable type is changed but the corresponding sizeof that is passed as argument is not. Lastly, fix the checkpatch.pl warnings below: ERROR: code indent should use tabs where possible + char reserved_char;$ WARNING: please, no spaces at the start of a line + char reserved_char;$ ERROR: code indent should use tabs where possible + compat_int_t reserved;$ WARNING: please, no spaces at the start of a line + compat_int_t reserved;$ [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/tty-20200716.md Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element array with a simple value type 'u8 reserved'[2], once it seems this is just a placeholder for alignment. [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/skylake-20200717.md Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element array with a simple value type 'u8 reserved'[2], once it seems this is just a placeholder for alignment. [1] KSPP#79 [2] KSPP#86 Signed-off-by: Gustavo A. R. Silva <[email protected]> Tested-by: kernel test robot <[email protected]> Reviewed-by: Amadeusz Sławiński <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/skylake-20200717.md Link: https://lore.kernel.org/r/20200717215500.GA13910@embeddedor Signed-off-by: Mark Brown <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element array with a simple value type 'u32 reserved2'[2], once it seems this is just a placeholder for alignment. [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/tg3-20200718.md Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element array with a simple value type 'u8 rsvd'[2], once it seems this is just a placeholder for alignment. [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/bfi-20200718.md Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element arrays with simple value types 'char reserved_char' and 'compat_int_t reserved'[2], once it seems these are just placeholders for alignment. Also, while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the variable type is changed but the corresponding sizeof that is passed as argument is not. Lastly, fix the checkpatch.pl warnings below: ERROR: code indent should use tabs where possible + char reserved_char;$ WARNING: please, no spaces at the start of a line + char reserved_char;$ ERROR: code indent should use tabs where possible + compat_int_t reserved;$ WARNING: please, no spaces at the start of a line + compat_int_t reserved;$ [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/tty-20200716.md Acked-by: Jiri Slaby <[email protected]> Signed-off-by: Gustavo A. R. Silva <[email protected]>

There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Also, make use of the array_size() helper instead of the open-coded version in memcpy(). These sorts of multiplication factors need to be wrapped in array_size(). And while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the pointer variable type is changed but the corresponding sizeof that is passed as argument is not. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] KSPP#79 Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element array with a simple value type '__le32 reserved1'[2], once it seems this is just a placeholder for alignment. [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/qed_hsi-20200718.md Signed-off-by: Gustavo A. R. Silva <[email protected]>

There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Also, make use of the array_size() helper instead of the open-coded version in memcpy(). These sorts of multiplication factors need to be wrapped in array_size(). And while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the pointer variable type is changed but the corresponding sizeof that is passed as argument is not. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] KSPP#79 Signed-off-by: Gustavo A. R. Silva <[email protected]> Link: https://lore.kernel.org/r/20200722181534.GA31357@embeddedor Signed-off-by: Greg Kroah-Hartman <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element arrays with a simple value type u8 reserved, once this is just a placeholder for alignment. Also, while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the variable type is changed but the corresponding sizeof that is passed as argument is not. [1] KSPP#79 Signed-off-by: Gustavo A. R. Silva <[email protected]> Link: https://lore.kernel.org/r/20200714214516.GA1040@embeddedor Signed-off-by: Greg Kroah-Hartman <[email protected]>

Replace the single element arrays with a simple value type u8 reserved, even thought is is not used for dynamically sized trailing elements it confuses the effort of replacing one-element arrays with flexible arrays for that purpose. Link: KSPP#79 Cc: Gustavo A. R. Silva <[email protected]> Signed-off-by: Tomas Winkler <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element arrays with simple value types 'char reserved_char' and 'compat_int_t reserved'[2], once it seems these are just placeholders for alignment. [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/tty-20200716.md Acked-by: Jiri Slaby <[email protected]> Signed-off-by: Gustavo A. R. Silva <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element arrays with simple value types 'char reserved_char' and 'compat_int_t reserved'[2], once it seems these are just placeholders for alignment. [1] KSPP#79 [2] KSPP#86 Tested-by: kernel test robot <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/tty-20200716.md Acked-by: Jiri Slaby <[email protected]> Signed-off-by: Gustavo A. R. Silva <[email protected]> Link: https://lore.kernel.org/r/f49bf0e27eaac396c96d21392c8c284f9f5ef52a.1595543280.git.gustavoars@kernel.org Signed-off-by: Greg Kroah-Hartman <[email protected]>

One-element arrays are being deprecated[1]. Replace the one-element array with a simple value type 'u8 reserved'[2], once it seems this is just a placeholder for alignment. [1] KSPP/linux#79 [2] KSPP/linux#86 Signed-off-by: Gustavo A. R. Silva <[email protected]> Tested-by: kernel test robot <[email protected]> Reviewed-by: Amadeusz Sławiński <[email protected]> Link: https://github.com/GustavoARSilva/linux-hardening/blob/master/cii/0-day/skylake-20200717.md Link: https://lore.kernel.org/r/20200717215500.GA13910@embeddedor Signed-off-by: Mark Brown <[email protected]> (cherry picked from commit 23f8d96) BUG=b:162008784 TEST=Test audio on volteer. Signed-off-by: Mike Mason <[email protected]>

… icmsg_negotiate There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Refactor the code according to the use of a flexible-array member in struct icmsg_negotiate, instead of a one-element array. Also, this helps the ongoing efforts to enable -Warray-bounds and fix the following warnings: drivers/hv/channel_mgmt.c:315:23: warning: array subscript 1 is above array bounds of ‘struct ic_version[1]’ [-Warray-bounds] drivers/hv/channel_mgmt.c:316:23: warning: array subscript 1 is above array bounds of ‘struct ic_version[1]’ [-Warray-bounds] [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays Link: KSPP/linux#79 Link: KSPP/linux#109 Signed-off-by: Gustavo A. R. Silva <[email protected]> Reviewed-by: Michael Kelley <[email protected]> Link: https://lore.kernel.org/r/20210201174334.GA171933@embeddedor Signed-off-by: Wei Liu <[email protected]>

…t _MPI2_CONFIG_PAGE_IO_UNIT_3 There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Refactor the code according to the use of a flexible-array member in struct _MPI2_CONFIG_PAGE_IO_UNIT_3, instead of a one-element array, and use the struct_size() helper to calculate the size for the allocation. Also, this helps with the ongoing efforts to enable -Warray-bounds and fix the following warning: drivers/scsi/mpt3sas/mpt3sas_ctl.c:3193:63: warning: array subscript 24 is above array bounds of ‘U16[1]’ {aka ‘short unsigned int[1]’} [-Warray-bounds] [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays Link: KSPP#79 Link: KSPP#109 Signed-off-by: Gustavo A. R. Silva <[email protected]>

…t _MPI2_CONFIG_PAGE_IO_UNIT_3 There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Refactor the code according to the use of a flexible-array member in struct _MPI2_CONFIG_PAGE_IO_UNIT_3, instead of a one-element array, and use the struct_size() helper to calculate the size for the allocation. Also, this helps the ongoing efforts to enable -Warray-bounds and fix the following warnings: drivers/scsi/mpt3sas/mpt3sas_ctl.c:3193:63: warning: array subscript 24 is above array bounds of ‘U16[1]’ {aka ‘short unsigned int[1]’} [-Warray-bounds] [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays Link: KSPP#79 Link: KSPP#109 Signed-off-by: Gustavo A. R. Silva <[email protected]>

… icmsg_negotiate There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Refactor the code according to the use of a flexible-array member in struct icmsg_negotiate, instead of a one-element array. Also, this helps the ongoing efforts to enable -Warray-bounds and fix the following warnings: drivers/hv/channel_mgmt.c:315:23: warning: array subscript 1 is above array bounds of ‘struct ic_version[1]’ [-Warray-bounds] drivers/hv/channel_mgmt.c:316:23: warning: array subscript 1 is above array bounds of ‘struct ic_version[1]’ [-Warray-bounds] [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays Link: KSPP/linux#79 Link: KSPP/linux#109 Signed-off-by: Gustavo A. R. Silva <[email protected]> Reviewed-by: Michael Kelley <[email protected]> Link: https://lore.kernel.org/r/20210201174334.GA171933@embeddedor Signed-off-by: Wei Liu <[email protected]>

…ISLANDS_SMC_SWSTATE There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Refactor the code according to the use of a flexible-array member in struct SISLANDS_SMC_SWSTATE, instead of a one-element array, and use the struct_size() helper to calculate the size for the allocation. Also, this helps with the ongoing efforts to enable -Warray-bounds and fix the following warnings: drivers/gpu/drm/amd/amdgpu/../pm/powerplay/si_dpm.c:2448:20: warning: array subscript 1 is above array bounds of ‘SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’ {aka ‘struct SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’} [-Warray-bounds] drivers/gpu/drm/amd/amdgpu/../pm/powerplay/si_dpm.c:2449:20: warning: array subscript 1 is above array bounds of ‘SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’ {aka ‘struct SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’} [-Warray-bounds] drivers/gpu/drm/amd/amdgpu/../pm/powerplay/si_dpm.c:2450:20: warning: array subscript 1 is above array bounds of ‘SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’ {aka ‘struct SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’} [-Warray-bounds] drivers/gpu/drm/amd/amdgpu/../pm/powerplay/si_dpm.c:2451:20: warning: array subscript 1 is above array bounds of ‘SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’ {aka ‘struct SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’} [-Warray-bounds] drivers/gpu/drm/amd/amdgpu/../pm/powerplay/si_dpm.c:2452:20: warning: array subscript 1 is above array bounds of ‘SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’ {aka ‘struct SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’} [-Warray-bounds] drivers/gpu/drm/amd/amdgpu/../pm/powerplay/si_dpm.c:5570:20: warning: array subscript 1 is above array bounds of ‘SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’ {aka ‘struct SISLANDS_SMC_HW_PERFORMANCE_LEVEL[1]’} [-Warray-bounds] [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays Link: KSPP#79 Link: KSPP#109 Build-tested-by: kernel test robot <[email protected]> Link: https://lore.kernel.org/lkml/6023be58.sk66L%2FV4vuSJI5mI%[email protected]/ Signed-off-by: Gustavo A. R. Silva <[email protected]>

…ber in struct ndis_80211_var_ie There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Refactor the code according to the use of a flexible-array member in struct ndis_80211_var_ie, instead of a one-element array. Also, this helps with the ongoing efforts to enable -Warray-bounds and fix the following warnings: CC [M] drivers/staging/rtl8723bs/core/rtw_wlan_util.o In file included from ./drivers/staging/rtl8723bs/include/drv_types.h:20, from drivers/staging/rtl8723bs/core/rtw_wlan_util.c:9: drivers/staging/rtl8723bs/core/rtw_wlan_util.c: In function ‘HT_caps_handler’: ./drivers/staging/rtl8723bs/include/basic_types.h:108:11: warning: array subscript 1 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Warray-bounds] 108 | (EF1BYTE(*((u8 *)(__pstart)))) | ^ ./drivers/staging/rtl8723bs/include/basic_types.h:42:8: note: in definition of macro ‘EF1BYTE’ 42 | ((u8)(_val)) | ^~~~ ./drivers/staging/rtl8723bs/include/basic_types.h:127:4: note: in expansion of macro ‘LE_P1BYTE_TO_HOST_1BYTE’ 127 | (LE_P1BYTE_TO_HOST_1BYTE(__pstart) >> (__bitoffset)) & \ | ^~~~~~~~~~~~~~~~~~~~~~~ ./drivers/staging/rtl8723bs/include/rtw_ht.h:97:55: note: in expansion of macro ‘LE_BITS_TO_1BYTE’ 97 | #define GET_HT_CAPABILITY_ELE_RX_STBC(_pEleStart) LE_BITS_TO_1BYTE((_pEleStart)+1, 0, 2) | ^~~~~~~~~~~~~~~~ drivers/staging/rtl8723bs/core/rtw_wlan_util.c:1104:58: note: in expansion of macro ‘GET_HT_CAPABILITY_ELE_RX_STBC’ 1104 | if (TEST_FLAG(phtpriv->stbc_cap, STBC_HT_ENABLE_TX) && GET_HT_CAPABILITY_ELE_RX_STBC(pIE->data)) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/staging/rtl8723bs/core/rtw_wlan_util.c:1051:75: warning: array subscript 2 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Warray-bounds] 1051 | if ((pmlmeinfo->HT_caps.u.HT_cap_element.AMPDU_para & 0x3) > (pIE->data[i] & 0x3)) | ~~~~~~~~~^~~ drivers/staging/rtl8723bs/core/rtw_wlan_util.c: In function ‘check_assoc_AP’: drivers/staging/rtl8723bs/core/rtw_wlan_util.c:1606:19: warning: array subscript 4 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Warray-bounds] 1606 | if (pIE->data[4] == 1) | ~~~~~~~~~^~~ drivers/staging/rtl8723bs/core/rtw_wlan_util.c:1609:20: warning: array subscript 5 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Warray-bounds] 1609 | if (pIE->data[5] & RT_HT_CAP_USE_92SE) | ~~~~~~~~~^~~ drivers/staging/rtl8723bs/core/rtw_wlan_util.c:1613:19: warning: array subscript 5 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Warray-bounds] 1613 | if (pIE->data[5] & RT_HT_CAP_USE_SOFTAP) | ~~~~~~~~~^~~ drivers/staging/rtl8723bs/core/rtw_wlan_util.c:1617:20: warning: array subscript 6 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Warray-bounds] 1617 | if (pIE->data[6] & RT_HT_CAP_USE_JAGUAR_BCUT) { | ~~~~~~~~~^~~ [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays Link: KSPP#79 Link: KSPP#109 Build-tested-by: kernel test robot <[email protected]> Link: https://lore.kernel.org/lkml/602434b8.jc5DoXJ0bmHoxgIL%[email protected]/ Signed-off-by: Gustavo A. R. Silva <[email protected]>

…ay member There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. Use flexible-array member in struct hfi_sys_set_property_pkt instead of one-element array. Also, this helps with the ongoing efforts to enable -Warray-bounds and fix the following warnings: drivers/media/platform/qcom/venus/hfi_cmds.c: In function ‘pkt_sys_coverage_config’: drivers/media/platform/qcom/venus/hfi_cmds.c:57:11: warning: array subscript 1 is above array bounds of ‘u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] 57 | pkt->data[1] = mode; | ~~~~~~~~~^~~ [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays Link: KSPP#79 Link: KSPP#109 Build-tested-by: kernel test robot <[email protected]> Link: https://lore.kernel.org/lkml/602416da.iZqae7Dbk7nyl6OY%[email protected]/ Signed-off-by: Gustavo A. R. Silva <[email protected]>

[ Upstream commit 320e2590e281d0a7865e861f50155b5b435e9813 ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct _ATOM_FAKE_EDID_PATCH_RECORD and refactor the rest of the code accordingly. Important to mention is that doing a build before/after this patch results in no binary output differences. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: KSPP/linux#79 Link: KSPP/linux#238 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] Signed-off-by: Paulo Miguel Almeida <[email protected]> Signed-off-by: Alex Deucher <[email protected]> Stable-dep-of: 8155566a26b8 ("drm/amdgpu: properly handle vbios fake edid sizing") Signed-off-by: Sasha Levin <[email protected]>

[ Upstream commit c81c5bd5cf2f428867e0bcfcccd4e4d2f8c68f51 ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct _ATOM_FAKE_EDID_PATCH_RECORD and refactor the rest of the code accordingly. It's worth mentioning that doing a build before/after this patch results in no binary output differences. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: KSPP/linux#79 Link: KSPP/linux#239 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] Reviewed-by: Kees Cook <[email protected]> Signed-off-by: Paulo Miguel Almeida <[email protected]> Signed-off-by: Alex Deucher <[email protected]> Stable-dep-of: 17c6baff3d5f ("drm/radeon: properly handle vbios fake edid sizing") Signed-off-by: Sasha Levin <[email protected]>

[ Upstream commit 320e259 ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct _ATOM_FAKE_EDID_PATCH_RECORD and refactor the rest of the code accordingly. Important to mention is that doing a build before/after this patch results in no binary output differences. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: KSPP/linux#79 Link: KSPP/linux#238 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] Signed-off-by: Paulo Miguel Almeida <[email protected]> Signed-off-by: Alex Deucher <[email protected]> Stable-dep-of: 8155566a26b8 ("drm/amdgpu: properly handle vbios fake edid sizing") Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 24f4bdf1c8bfcbc08934630f972e52362222dd97) Signed-off-by: Sherry Yang <[email protected]>

[ Upstream commit c81c5bd ] One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct _ATOM_FAKE_EDID_PATCH_RECORD and refactor the rest of the code accordingly. It's worth mentioning that doing a build before/after this patch results in no binary output differences. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: KSPP/linux#79 Link: KSPP/linux#239 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] Reviewed-by: Kees Cook <[email protected]> Signed-off-by: Paulo Miguel Almeida <[email protected]> Signed-off-by: Alex Deucher <[email protected]> Stable-dep-of: 17c6baff3d5f ("drm/radeon: properly handle vbios fake edid sizing") Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 4477639573282ea90195a5e12bb671fd8afe3da3) Signed-off-by: Sherry Yang <[email protected]>

…e 1-element array with flexible array Replace the deprecated[1] use of a 1-element array in struct hfi_session_release_buffer_pkt with a modern flexible array. No binary differences are present after this conversion. Link: KSPP#79 [1] Signed-off-by: Kees Cook <[email protected]> Reviewed-by: Gustavo A. R. Silva <[email protected]> Reviewed-by: Bryan O'Donoghue <[email protected]> Acked-by: Vikash Garodia <[email protected]> Link: https://lore.kernel.org/r/[email protected]