@@ -120,11 +120,14 @@ static void tty_buffer_reset(struct tty_buffer *p, size_t size)
void tty_buffer_free_all(struct tty_port *port)
{
struct tty_bufhead *buf = &port->buf;
+ struct tty_buffer *buf_sentinel;
struct tty_buffer *p, *next;
struct llist_node *llist;
unsigned int freed = 0;
int still_used;
+ buf_sentinel = container_of(&buf->sentinel, struct tty_buffer, __hdr);
+
while ((p = buf->head) != NULL) {
buf->head = p->next;
freed += p->size;
@@ -135,9 +138,9 @@ void tty_buffer_free_all(struct tty_port *port)
llist_for_each_entry_safe(p, next, llist, free)
kfree(p);
- tty_buffer_reset(&buf->sentinel, 0);
- buf->head = &buf->sentinel;
- buf->tail = &buf->sentinel;
+ tty_buffer_reset(buf_sentinel, 0);
+ buf->head = buf_sentinel;
+ buf->tail = buf_sentinel;
still_used = atomic_xchg(&buf->mem_used, 0);
WARN(still_used != freed, "we still have not freed %d bytes!",
@@ -576,11 +579,14 @@ int tty_insert_flip_string_and_push_buffer(struct tty_port *port,
void tty_buffer_init(struct tty_port *port)
{
struct tty_bufhead *buf = &port->buf;
+ struct tty_buffer *buf_sentinel;
+
+ buf_sentinel = container_of(&buf->sentinel, struct tty_buffer, __hdr);
mutex_init(&buf->lock);
- tty_buffer_reset(&buf->sentinel, 0);
- buf->head = &buf->sentinel;
- buf->tail = &buf->sentinel;
+ tty_buffer_reset(buf_sentinel, 0);
+ buf->head = buf_sentinel;
+ buf->tail = buf_sentinel;
init_llist_head(&buf->free);
atomic_set(&buf->mem_used, 0);
atomic_set(&buf->priority, 0);
@@ -8,19 +8,24 @@
#include <linux/workqueue.h>
struct tty_buffer {
- union {
- struct tty_buffer *next;
- struct llist_node free;
- };
- unsigned int used;
- unsigned int size;
- unsigned int commit;
- unsigned int lookahead; /* Lazy update on recv, can become less than "read" */
- unsigned int read;
- bool flags;
+ /* New members MUST be added within the struct_group() macro below. */
+ struct_group_tagged(tty_buffer_hdr, __hdr,
+ union {
+ struct tty_buffer *next;
+ struct llist_node free;
+ };
+ unsigned int used;
+ unsigned int size;
+ unsigned int commit;
+ unsigned int lookahead; /* Lazy update on recv, can become less than "read" */
+ unsigned int read;
+ bool flags;
+ );
/* Data points here */
u8 data[] __aligned(sizeof(unsigned long));
};
+static_assert(offsetof(struct tty_buffer, data) == sizeof(struct tty_buffer_hdr),
+ "struct member likely outside of struct_group_tagged()");
static inline u8 *char_buf_ptr(struct tty_buffer *b, unsigned int ofs)
{
@@ -33,15 +38,15 @@ static inline u8 *flag_buf_ptr(struct tty_buffer *b, unsigned int ofs)
}
struct tty_bufhead {
- struct tty_buffer *head; /* Queue head */
- struct work_struct work;
- struct mutex lock;
- atomic_t priority;
- struct tty_buffer sentinel;
- struct llist_head free; /* Free queue head */
- atomic_t mem_used; /* In-use buffers excluding free list */
- int mem_limit;
- struct tty_buffer *tail; /* Active buffer */
+ struct tty_buffer *head; /* Queue head */
+ struct work_struct work;
+ struct mutex lock;
+ atomic_t priority;
+ struct tty_buffer_hdr sentinel;
+ struct llist_head free; /* Free queue head */
+ atomic_t mem_used; /* In-use buffers excluding free list */
+ int mem_limit;
+ struct tty_buffer *tail; /* Active buffer */
};
/*
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally. So, in order to avoid ending up with a flexible-array member in the middle of other structs, we use the `struct_group_tagged()` helper to create a new tagged `struct tty_buffer_hdr`. This structure groups together all the members of the flexible `struct tty_buffer` except the flexible array. As a result, the array is effectively separated from the rest of the members without modifying the memory layout of the flexible structure. We then change the type of the middle struct member currently causing trouble from `struct tty_buffer` to `struct tty_buffer_hdr`. We also want to ensure that when new members need to be added to the flexible structure, they are always included within the newly created tagged struct. For this, we use `static_assert()`. This ensures that the memory layout for both the flexible structure and the new tagged struct is the same after any changes. This approach avoids having to implement `struct tty_buffer_hdr` as a completely separate structure, thus preventing having to maintain two independent but basically identical structures, closing the door to potential bugs in the future. We also use `container_of()` whenever we need to retrieve a pointer to the flexible structure, through which we can access the flexible-array member, if necessary. So, with these changes, fix 384 of the following warnings: include/linux/tty_buffer.h:40:27: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- Changes in v2: - Fix a space at the beginning of the line issue, and adjust the identation of a code coment. v1: - Link: https://lore.kernel.org/linux-hardening/Z6L1XwE-WEzcGFwv@kspp/ drivers/tty/tty_buffer.c | 18 ++++++++++------ include/linux/tty_buffer.h | 43 +++++++++++++++++++++----------------- 2 files changed, 36 insertions(+), 25 deletions(-)