netlink: replace __NLA_ENSURE implementation

Commit Message

Johannes Berg Oct. 12, 2018, 9:09 a.m. UTC

From: Johannes Berg <johannes.berg@intel.com>

John Garry reported that when we actually use the current
implementation of __NLA_ENSURE, he gets compiler warnings
from -Wvla since there's an array in there, and for some
reason the compiler cannot immediately prove that its size
is constant. It must eventually be able to prove it as we
can use this inside an initializer for a constant, but the
warning still shows up for him.

I haven't been able to reproduce the warning on gcc in any
case that actually should compile, though in the case that
a non-constant value is actually passed I do see both the
VLA warning as well as the non-constant initializer error.
This was with both gcc 7.3.1 (which John also reported to
be using) and 8.1.

However, since we already have BUILD_BUG_ON_ZERO() and I
just missed it when implementing this, just use it, which
avoids this whole issue because it uses the bitfield trick
to force compilation errors, rather than the array trick.

Reported-by: John Garry <john.garry@huawei.com>
Fixes: 3e48be05f3c7 ("netlink: add attribute range validation to policy")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 include/net/netlink.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/include/net/netlink.h b/include/net/netlink.h
index 589683091f16..094012174b6f 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -311,7 +311,7 @@  struct nla_policy {
 #define NLA_POLICY_NESTED_ARRAY(maxattr, policy) \
 	{ .type = NLA_NESTED_ARRAY, .validation_data = policy, .len = maxattr }
 
-#define __NLA_ENSURE(condition) (sizeof(char[1 - 2*!(condition)]) - 1)
+#define __NLA_ENSURE(condition) BUILD_BUG_ON_ZERO(!(condition))
 #define NLA_ENSURE_INT_TYPE(tp)				\
 	(__NLA_ENSURE(tp == NLA_S8 || tp == NLA_U8 ||	\
 		      tp == NLA_S16 || tp == NLA_U16 ||	\