From patchwork Wed Oct 16 00:27:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13837483 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EE7221E3BE; Wed, 16 Oct 2024 00:27:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038440; cv=none; b=AXda3WNdYv5PDeGcAk64HZ3nlc6FMTyIesACNHAmURYvf14bDdUO3C10K9OejfOMXXqJRgZ3zpN/4FC8nm5gNv7Xz8VN89H3es/Jt1BWoumRGJN7C5SfFA8U/DwXaPlgZCzer4tlSQpneBqAyUz0gj2DeBgik7o9fPEvTpYmdL8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038440; c=relaxed/simple; bh=tb27nyjCDeyfMIeUU/H/vPrhrpUAIwTNDYMgKdWPE/k=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=n6BveyD+Bqv1iNj+myTSlS7qRkMy9QTwqeUp0pxgL5XPxNNSy6caB/371irePsBePQ9gpnEC9lrWo/Wofd93IPL9jmLPkuP7B3364vxRZNuIUfHYwfTwJhft7qztFhWr2mDMTmpSgIi0IXy7dCaOE9WR/Ag31VgFWeFlNBc7ysw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EVnUjrir; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EVnUjrir" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A437CC4CEC6; Wed, 16 Oct 2024 00:27:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1729038440; bh=tb27nyjCDeyfMIeUU/H/vPrhrpUAIwTNDYMgKdWPE/k=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=EVnUjrirJfI0CQ6PbgD9SsPhu0EYkLRiy6T4LvhzCGWDRwlT6ZNBIiDhA15ejC1GS CaqTLPLzonrxQV+iQPTJETIShHv6gKfo6dHHoz/CFDkAuHriwUkm3PFQCjQBYw6zKm 8oP7yjcUVwyTRarcEYaMLCt70EJmi+kMvaQzAFXjhdSOLLggBWSQgkj/ga1wDuRLc0 3gvd8h6ZNn/vQhwwuow4w1prgNmxpfIPUT+/zlPMPkXf9GQuZ12B9MoLBHjzt1l+qf h769qvKrVGqmZCMDzsgVf9Q7TQu8R5kNNDUptV1KTs7eeiBfGVAUEYRlri4rDGnL1H EEt2NmRME0thQ== Date: Tue, 15 Oct 2024 18:27:16 -0600 From: "Gustavo A. R. Silva" To: Andrew Lunn , Johannes Berg , David Ahern , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org, linux-wireless@vger.kernel.org, Kees Cook Subject: [PATCH 1/5][next] net: dev: Introduce struct sockaddr_legacy Message-ID: <1c12601bea3e9c18da6adc106bfcf5b7569e5dfb.1729037131.git.gustavoars@kernel.org> References: Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: We are currently working on enabling the -Wflex-array-member-not-at-end compiler option. This option has helped us detect several objects of the type `struct sockaddr` that appear in the middle of composite structures like `struct rtentry`, `struct compat_rtentry`, and others: include/uapi/linux/wireless.h:751:33: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:776:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:833:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:857:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:864:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/route.h:33:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/route.h:34:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/route.h:35:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:118:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:119:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:121:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:126:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:127:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/net/compat.h:34:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/net/compat.h:35:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] fs/nfsd/nfsd.h:74:33: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] fs/nfsd/nfsd.h:75:33: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] In order to fix the warnings above, we introduce `struct sockaddr_legacy`. The intention is to use it to replace the type of several struct members in the middle of composite structures, currently of type `struct sockaddr`. These middle struct members are currently causing thousands of warnings because `struct sockaddr` contains a flexible-array member, introduced by commit b5f0de6df6dce ("net: dev: Convert sa_data to flexible array in struct sockaddr"). The new `struct sockaddr_legacy` doesn't include a flexible-array member, making it suitable for use as the type of middle members in composite structs that don't really require the flexible-array member in `struct sockaddr`, thus avoiding -Wflex-array-member-not-at-end warnings. Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kuniyuki Iwashima --- include/linux/socket.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/include/linux/socket.h b/include/linux/socket.h index d18cc47e89bd..f370ae0e6c82 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -40,6 +40,25 @@ struct sockaddr { }; }; +/* + * This is the legacy form of `struct sockaddr`. The original `struct sockaddr` + * was modified in commit b5f0de6df6dce ("net: dev: Convert sa_data to flexible + * array in struct sockaddR") due to the fact that "One of the worst offenders + * of "fake flexible arrays" is struct sockaddr". This means that the original + * `char sa_data[14]` behaved as a flexible array at runtime, so a proper + * flexible-array member was introduced. + * + * This caused several flexible-array-in-the-middle issues: + * https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wflex-array-member-not-at-end + * + * `struct sockaddr_legacy` replaces `struct sockaddr` in all instances where + * objects of this type do not appear at the end of composite structures. + */ +struct sockaddr_legacy { + sa_family_t sa_family; /* address family, AF_xxx */ + char sa_data[14]; /* 14 bytes of protocol address */ +}; + struct linger { int l_onoff; /* Linger active */ int l_linger; /* How long to linger for */ From patchwork Wed Oct 16 00:29:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13837486 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A86AFB641; Wed, 16 Oct 2024 00:29:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038575; cv=none; b=dysIJ5vBtnyMYO0S50FKDc6IFEEYVrrAlRWQWwhZ0CL2UwRhQYJj5dVW0FrvUAYWE787eMEHSz+xGbzIFE+eVHNZ+Gvh1k9SnCnh14ec5+ed72rL9s9+Xa+fq3P3YWR1M9CyJbMcf6UvyG4LTlX0hQmDtjieQSHKnNNs210fSGk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038575; c=relaxed/simple; bh=UX50Uuxyl6KpeCZ9V3FN/RT0FMfn23uteQZUQF7qX3w=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=eCbl8wwZ4DJIt9O0wO54bplr2uwVm0km/XznQfFmmyWC7LzmjrUENRUCAwZUK0zIZohI12dHg7N8CG6gD5oBirb89Ul8J+48/CCABgsiCJCkJIevCpj82SQft7FDm5TG6PuF9r61Vf/LT+RfxbmMdvE5jnyu6rHY52fTgPNT24Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rmV1IpK7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rmV1IpK7" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1550C4CEC6; Wed, 16 Oct 2024 00:29:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1729038575; bh=UX50Uuxyl6KpeCZ9V3FN/RT0FMfn23uteQZUQF7qX3w=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=rmV1IpK7eC0ZkRA9iAfkT4ehVfQmWr/FMidbJ6A0Ua6XWquSP1/uz2h4etMyqXMXU CJc6ms0TTFw5KgWfNb/Ou8cMEDodCNEejrvib/NL+AfLYZQVyZ+FFg/kvJne0hiCtB bSw5AmObtOsM31cU47axeglWnUnWfk1EQcaWImPrl3cqkOjKfa/hhzvFTms586Z/zT JdTTgIinlVvliFxvIdEIfidTA9NVb82pVBB5omfCoVBBp/Qn4z9jlhv9W071EG3xE/ svnhpuPwU+QIDpBhHr9dryqi9xIkT/xjxp1toZ0//rJRyc8oDN9PpxQEVZCUB7pBdk YHMNaKt5SoZ3g== Date: Tue, 15 Oct 2024 18:29:31 -0600 From: "Gustavo A. R. Silva" To: Chuck Lever , Jeff Layton , Neil Brown , Olga Kornievskaia , Dai Ngo , Tom Talpey Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org, Kees Cook Subject: [PATCH 2/5][next] nfsd: avoid -Wflex-array-member-not-at-end warnings Message-ID: <9a04f3f766b2f8438887f6a003cf288d0f366fb8.1729037131.git.gustavoars@kernel.org> References: Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: -Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally. Address the following warnings by changing the type of the middle struct members in `struct nfsd_genl_rqstp`, which are currently causing trouble, from `struct sockaddr` to `struct sockaddr_legacy`. Note that the latter struct doesn't contain a flexible-array member. fs/nfsd/nfsd.h:74:33: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] fs/nfsd/nfsd.h:75:33: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] Also, update some related code, accordingly. No binary differences are present after these changes. Signed-off-by: Gustavo A. R. Silva --- fs/nfsd/nfsctl.c | 4 ++-- fs/nfsd/nfsd.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 3adbc05ebaac..884bfdc7a255 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1599,9 +1599,9 @@ int nfsd_nl_rpc_status_get_dumpit(struct sk_buff *skb, genl_rqstp.rq_stime = rqstp->rq_stime; genl_rqstp.rq_opcnt = 0; memcpy(&genl_rqstp.rq_daddr, svc_daddr(rqstp), - sizeof(struct sockaddr)); + sizeof(struct sockaddr_legacy)); memcpy(&genl_rqstp.rq_saddr, svc_addr(rqstp), - sizeof(struct sockaddr)); + sizeof(struct sockaddr_legacy)); #ifdef CONFIG_NFSD_V4 if (rqstp->rq_vers == NFS4_VERSION && diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h index 004415651295..44be32510595 100644 --- a/fs/nfsd/nfsd.h +++ b/fs/nfsd/nfsd.h @@ -71,8 +71,8 @@ struct readdir_cd { #define NFSD_MAX_OPS_PER_COMPOUND 50 struct nfsd_genl_rqstp { - struct sockaddr rq_daddr; - struct sockaddr rq_saddr; + struct sockaddr_legacy rq_daddr; + struct sockaddr_legacy rq_saddr; unsigned long rq_flags; ktime_t rq_stime; __be32 rq_xid; From patchwork Wed Oct 16 00:31:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13837487 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD3CBBA42; Wed, 16 Oct 2024 00:31:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038710; cv=none; b=k1ZiDWLfIF0tXB5zu2JI8NaJVcEkTlo9QVGZCv29KIa/oK8uBqYDhzp97qiej48WVDzQ81GM8lJmgUWgT8jzZpl+hoRJlownOYRiowVuDr5ekwlY7qYyODc7kNjl5CKdsCEdCpnQkQaxEpzwyuZBTPcg+ChlobAZPMhNH8LpuY4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038710; c=relaxed/simple; bh=h/0LiuTcJJi5xVByk4esB4Kk1MBKkOZ8H5VO5I5yi9Y=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=BnHR4iKLl2BgzosGGmkl1YTHuaRVcWFFHM9Vimlw74vMLab1yCRrJiHKAIKpH8rQhFVoksocQRN+Hg3Hy1DCquU4jI63CPrm8PWcvXWFnMNRsstJDI3ewh4bImGaIAeJeUGcgvyIHHZPmPY43a3y2De95EgMqUOJmT0BWXoRXY4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=P5yhXm81; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="P5yhXm81" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9391AC4CEC6; Wed, 16 Oct 2024 00:31:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1729038710; bh=h/0LiuTcJJi5xVByk4esB4Kk1MBKkOZ8H5VO5I5yi9Y=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=P5yhXm81qTTez88jN3ABjVLKMZuhPgYT1WznUQP9fytzhr1WpV2EacUy2W/ntDLvF XSOE023SBjSuax5wOd+cLy31PTXWaSkDqE9ueABCxOyTUe2uoySVkpbAqyOTwLuSKw Ljj6tXz6Ut0+R/sTJhBtdN3GSe5f1poSnJhXTm1kAEay2jPRX0PSpPBEEuhet4mZXo d3ZppAXEUVAF6DEVZvSuW81Ube0ERuxUbtFfLJPwfhMn9Jqi3QVpogi/RRvNcnegxZ woQCnwII3KT91mcB+PNBOFE/M1TvstkiqEnPEhBwjPlQfn4pmhHcvzEm/XlSjQ9Yr/ 4UaGppmzvGUdw== Date: Tue, 15 Oct 2024 18:31:47 -0600 From: "Gustavo A. R. Silva" To: Johannes Berg Cc: linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org, Kees Cook Subject: [PATCH 3/5][next] uapi: wireless: Avoid -Wflex-array-member-not-at-end warnings Message-ID: References: Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: -Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally. Address the following warnings by changing the type of the middle struct members in various composite structs, which are currently causing trouble, from `struct sockaddr` to `struct sockaddr_legacy`. Note that the latter struct doesn't contain a flexible-array member. include/uapi/linux/wireless.h:751:33: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:776:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:833:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:857:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/wireless.h:864:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] No binary differences are present after these changes. Signed-off-by: Gustavo A. R. Silva --- include/uapi/linux/wireless.h | 50 +++++++++++++++++------------------ 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/include/uapi/linux/wireless.h b/include/uapi/linux/wireless.h index 3c2ad5fae17f..b29ab42fa2e2 100644 --- a/include/uapi/linux/wireless.h +++ b/include/uapi/linux/wireless.h @@ -748,7 +748,7 @@ struct iw_missed { * Quality range (for spy threshold) */ struct iw_thrspy { - struct sockaddr addr; /* Source address (hw/mac) */ + struct sockaddr_legacy addr; /* Source address (hw/mac) */ struct iw_quality qual; /* Quality of the link */ struct iw_quality low; /* Low threshold */ struct iw_quality high; /* High threshold */ @@ -766,15 +766,15 @@ struct iw_thrspy { * current BSS if the driver is in Managed mode and associated with an AP. */ struct iw_scan_req { - __u8 scan_type; /* IW_SCAN_TYPE_{ACTIVE,PASSIVE} */ - __u8 essid_len; - __u8 num_channels; /* num entries in channel_list; - * 0 = scan all allowed channels */ - __u8 flags; /* reserved as padding; use zero, this may - * be used in the future for adding flags - * to request different scan behavior */ - struct sockaddr bssid; /* ff:ff:ff:ff:ff:ff for broadcast BSSID or - * individual address of a specific BSS */ + __u8 scan_type; /* IW_SCAN_TYPE_{ACTIVE,PASSIVE} */ + __u8 essid_len; + __u8 num_channels; /* num entries in channel_list; + * 0 = scan all allowed channels */ + __u8 flags; /* reserved as padding; use zero, this may + * be used in the future for adding flags + * to request different scan behavior */ + struct sockaddr_legacy bssid; /* ff:ff:ff:ff:ff:ff for broadcast BSSID or + * individual address of a specific BSS */ /* * Use this ESSID if IW_SCAN_THIS_ESSID flag is used instead of using @@ -827,15 +827,15 @@ struct iw_scan_req { * debugging/testing. */ struct iw_encode_ext { - __u32 ext_flags; /* IW_ENCODE_EXT_* */ - __u8 tx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ - __u8 rx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ - struct sockaddr addr; /* ff:ff:ff:ff:ff:ff for broadcast/multicast - * (group) keys or unicast address for - * individual keys */ - __u16 alg; /* IW_ENCODE_ALG_* */ - __u16 key_len; - __u8 key[]; + __u32 ext_flags; /* IW_ENCODE_EXT_* */ + __u8 tx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ + __u8 rx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ + struct sockaddr_legacy addr; /* ff:ff:ff:ff:ff:ff for broadcast/multicast + * (group) keys or unicast address for + * individual keys */ + __u16 alg; /* IW_ENCODE_ALG_* */ + __u16 key_len; + __u8 key[]; }; /* SIOCSIWMLME data */ @@ -853,16 +853,16 @@ struct iw_mlme { #define IW_PMKID_LEN 16 struct iw_pmksa { - __u32 cmd; /* IW_PMKSA_* */ - struct sockaddr bssid; - __u8 pmkid[IW_PMKID_LEN]; + __u32 cmd; /* IW_PMKSA_* */ + struct sockaddr_legacy bssid; + __u8 pmkid[IW_PMKID_LEN]; }; /* IWEVMICHAELMICFAILURE data */ struct iw_michaelmicfailure { - __u32 flags; - struct sockaddr src_addr; - __u8 tsc[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ + __u32 flags; + struct sockaddr_legacy src_addr; + __u8 tsc[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ }; /* IWEVPMKIDCAND data */ From patchwork Wed Oct 16 00:32:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13837490 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64C2910A2A; Wed, 16 Oct 2024 00:32:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038767; cv=none; b=Uuz2HfCJuRbQjQecWM9guf7lVmJwkjH1SRL+AFjUTmPjsHns2eb/I8OFPVnRJeV0XgxtDwYb785G2hArHiGUfJK+vpQv94xQpZwXMZkzFwtfK8WMpsQtwIEwONyW0AxXXMo7w6jzeUb1EXxocVpaEC0fesJOt0aHlTqXB55iq7g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038767; c=relaxed/simple; bh=iHoB2CtxcbvJ6Ygv4kl5YbKNImTMb7GFaBl6ohxzF0A=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=svGcvHHAcGAEE1P8I/Y7H2zxCVp17D+CI7mfjsBF4KDWsC0JgjPVLgXYxiogkJI0X5cwafcRBp6CXb4XBMuJKtKsLe6ozezZpUc/DOyGEh69jKGHiBXWmf/7/aZJxea/7rcw95nizAyLQzP9vqrZluwbHdc5pBq/skN+eUZ1XaI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=P6lznSgu; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="P6lznSgu" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B586FC4CEC6; Wed, 16 Oct 2024 00:32:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1729038766; bh=iHoB2CtxcbvJ6Ygv4kl5YbKNImTMb7GFaBl6ohxzF0A=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=P6lznSguM+46Y9q2WGQsWzv5yGOriwtV/gu0pd2QmpsZD4AvrHIAcS0UAhi1fv+4w x3vsGaeV+LzGSVgfKr56Mfo7OVvLeYoQhaU+wo1G2U/PaOFbXtFb+HPI2e7fL503s9 V1SWG5JwZ7Z56aVyDdy9c3+iKF+a6fuzZmtll2vxMvFzjzRoH3OmNSoqMSss1RkWwl CYo+TM7UTGxP4uO9D8arRN0TN5WEiJIM5y7OdR4vRc+E7FNnT0WNUVdySFODIr2oUf uYQzkDhAQoWcMtJeSybIu7oprak4XjKRMmrRFfSK9QO3rRz7K6PP97lfGEltIwpgfW Tg4dfAyPnM0IA== Date: Tue, 15 Oct 2024 18:32:43 -0600 From: "Gustavo A. R. Silva" To: Andrew Lunn , David Ahern , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org, Kees Cook Subject: [PATCH 4/5][next] uapi: net: arp: Avoid -Wflex-array-member-not-at-end warnings Message-ID: References: Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: -Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally. Address the following warnings by changing the type of the middle struct members in a couple of composite structs, which are currently causing trouble, from `struct sockaddr` to `struct sockaddr_legacy`. Note that the latter struct doesn't contain a flexible-array member. include/uapi/linux/if_arp.h:118:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:119:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:121:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:126:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/if_arp.h:127:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] Also, update some related code, accordingly. No binary differences are present after these changes. Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kuniyuki Iwashima --- include/uapi/linux/if_arp.h | 18 +++++++++--------- net/ipv4/arp.c | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/uapi/linux/if_arp.h b/include/uapi/linux/if_arp.h index 4783af9fe520..cb6813f7783a 100644 --- a/include/uapi/linux/if_arp.h +++ b/include/uapi/linux/if_arp.h @@ -115,18 +115,18 @@ /* ARP ioctl request. */ struct arpreq { - struct sockaddr arp_pa; /* protocol address */ - struct sockaddr arp_ha; /* hardware address */ - int arp_flags; /* flags */ - struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ - char arp_dev[IFNAMSIZ]; + struct sockaddr_legacy arp_pa; /* protocol address */ + struct sockaddr_legacy arp_ha; /* hardware address */ + int arp_flags; /* flags */ + struct sockaddr_legacy arp_netmask; /* netmask (only for proxy arps) */ + char arp_dev[IFNAMSIZ]; }; struct arpreq_old { - struct sockaddr arp_pa; /* protocol address */ - struct sockaddr arp_ha; /* hardware address */ - int arp_flags; /* flags */ - struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ + struct sockaddr_legacy arp_pa; /* protocol address */ + struct sockaddr_legacy arp_ha; /* hardware address */ + int arp_flags; /* flags */ + struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ }; /* ARP Flag values. */ diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index 11c1519b3699..3a97efe1587b 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -1185,7 +1185,7 @@ static int arp_req_get(struct net *net, struct arpreq *r) read_lock_bh(&neigh->lock); memcpy(r->arp_ha.sa_data, neigh->ha, - min(dev->addr_len, sizeof(r->arp_ha.sa_data_min))); + min(dev->addr_len, sizeof(r->arp_ha.sa_data))); r->arp_flags = arp_state_to_flags(neigh); read_unlock_bh(&neigh->lock); From patchwork Wed Oct 16 00:33:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13837491 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F102F27442; Wed, 16 Oct 2024 00:33:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038807; cv=none; b=BV9hKqMXVQekXSQ6wN4d2R5J75jRH2G9qDc53goeOfXrR5y1SB38ZdyydXdp3rV0onQZo1lYrHgXT20j+dnO7DADKUbZaZGyUmbAD1r4rK9YGW40rQzB25Wm6a8yndfDUh6c6sUgippFqXCmOhxyM+ce1N+LRQTgBA/jgguGuEw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729038807; c=relaxed/simple; bh=oCHAROvOfTrDd21uZhMKFN0mvX2Z8eFLJfvyvCryopU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=azqludNCkBQk41Q8U6BHZk/Q3G6jO6gixvuDE9Ww5tL/6XDLS8blL6nl2XeWIXhngEOWrXl2z06RyvPXeVTLkI0bbiDv8LnJlvIqgcjS/J/CskLBG3uL00G6kgvxrBtXFzTZNXI45NOt8q3F2pTp/Vc73CX2R9MTisobs0DXC0E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=U/ZDfg4Z; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="U/ZDfg4Z" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E06BCC4CEC6; Wed, 16 Oct 2024 00:33:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1729038806; bh=oCHAROvOfTrDd21uZhMKFN0mvX2Z8eFLJfvyvCryopU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=U/ZDfg4ZW2jJhzFvezkTW3RHesXKCzaGqIvjexwiCVMrOjWzzqnv67ehbWf3En/wa qhxzPQbZt4DFL8gdb8NeSm90FjkqcU3wYrsNHtJi6KJzN95p7xQmCJPrkoIofBSTS5 I2PfpxVSjuYL/mqCMq83YrRRF8A/ThQQ69PgAwRbvWR5LEv6++gqYwtNDJJkwG7QXn 0lUug0BEYdzOJWu/9k11HfbNCXasJArkbbMy/UDFo6drSaqhsA8b9tKRWJGzq0Mj0j WZQiYkTIw7uKgdEkOyfqThn5TtH+4o1Ge2OUFsTWBbDe7/CN59ObHOhPlW693lz2KI dBeizE1bd/s0A== Date: Tue, 15 Oct 2024 18:33:23 -0600 From: "Gustavo A. R. Silva" To: David Ahern , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org, Kees Cook Subject: [PATCH 5/5][next] uapi: net: Avoid -Wflex-array-member-not-at-end warnings Message-ID: References: Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: -Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally. Address the following warnings by changing the type of the middle struct members in a couple of composite structs, which are currently causing trouble, from `struct sockaddr` to `struct sockaddr_legacy`. Note that the latter struct doesn't contain a flexible-array member. include/uapi/linux/route.h:33:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/route.h:34:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/uapi/linux/route.h:35:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end include/net/compat.h:34:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] include/net/compat.h:35:25: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] Also, update some related code, accordingly. Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kuniyuki Iwashima --- include/net/compat.h | 30 +++++++++++++++--------------- include/uapi/linux/route.h | 28 ++++++++++++++-------------- net/appletalk/ddp.c | 2 +- net/ipv4/af_inet.c | 2 +- net/ipv4/fib_frontend.c | 2 +- 5 files changed, 32 insertions(+), 32 deletions(-) diff --git a/include/net/compat.h b/include/net/compat.h index 84c163f40f38..89e891d8dcf3 100644 --- a/include/net/compat.h +++ b/include/net/compat.h @@ -29,21 +29,21 @@ struct compat_cmsghdr { }; struct compat_rtentry { - u32 rt_pad1; - struct sockaddr rt_dst; /* target address */ - struct sockaddr rt_gateway; /* gateway addr (RTF_GATEWAY) */ - struct sockaddr rt_genmask; /* target network mask (IP) */ - unsigned short rt_flags; - short rt_pad2; - u32 rt_pad3; - unsigned char rt_tos; - unsigned char rt_class; - short rt_pad4; - short rt_metric; /* +1 for binary compatibility! */ - compat_uptr_t rt_dev; /* forcing the device at add */ - u32 rt_mtu; /* per route MTU/Window */ - u32 rt_window; /* Window clamping */ - unsigned short rt_irtt; /* Initial RTT */ + u32 rt_pad1; + struct sockaddr_legacy rt_dst; /* target address */ + struct sockaddr_legacy rt_gateway; /* gateway addr (RTF_GATEWAY) */ + struct sockaddr_legacy rt_genmask; /* target network mask (IP) */ + unsigned short rt_flags; + short rt_pad2; + u32 rt_pad3; + unsigned char rt_tos; + unsigned char rt_class; + short rt_pad4; + short rt_metric; /* +1 for binary compatibility! */ + compat_uptr_t rt_dev; /* forcing the device at add */ + u32 rt_mtu; /* per route MTU/Window */ + u32 rt_window; /* Window clamping */ + unsigned short rt_irtt; /* Initial RTT */ }; int __get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr *msg, diff --git a/include/uapi/linux/route.h b/include/uapi/linux/route.h index a0de9a7331a2..7e43765e03dd 100644 --- a/include/uapi/linux/route.h +++ b/include/uapi/linux/route.h @@ -29,22 +29,22 @@ /* This structure gets passed by the SIOCADDRT and SIOCDELRT calls. */ struct rtentry { - unsigned long rt_pad1; - struct sockaddr rt_dst; /* target address */ - struct sockaddr rt_gateway; /* gateway addr (RTF_GATEWAY) */ - struct sockaddr rt_genmask; /* target network mask (IP) */ - unsigned short rt_flags; - short rt_pad2; - unsigned long rt_pad3; - void *rt_pad4; - short rt_metric; /* +1 for binary compatibility! */ - char __user *rt_dev; /* forcing the device at add */ - unsigned long rt_mtu; /* per route MTU/Window */ + unsigned long rt_pad1; + struct sockaddr_legacy rt_dst; /* target address */ + struct sockaddr_legacy rt_gateway; /* gateway addr (RTF_GATEWAY) */ + struct sockaddr_legacy rt_genmask; /* target network mask (IP) */ + unsigned short rt_flags; + short rt_pad2; + unsigned long rt_pad3; + void *rt_pad4; + short rt_metric; /* +1 for binary compatibility! */ + char __user *rt_dev; /* forcing the device at add */ + unsigned long rt_mtu; /* per route MTU/Window */ #ifndef __KERNEL__ -#define rt_mss rt_mtu /* Compatibility :-( */ +#define rt_mss rt_mtu /* Compatibility :-( */ #endif - unsigned long rt_window; /* Window clamping */ - unsigned short rt_irtt; /* Initial RTT */ + unsigned long rt_window; /* Window clamping */ + unsigned short rt_irtt; /* Initial RTT */ }; diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c index b068651984fe..aac82a4af36f 100644 --- a/net/appletalk/ddp.c +++ b/net/appletalk/ddp.c @@ -1832,7 +1832,7 @@ static int atalk_compat_routing_ioctl(struct sock *sk, unsigned int cmd, struct rtentry rt; if (copy_from_user(&rt.rt_dst, &ur->rt_dst, - 3 * sizeof(struct sockaddr)) || + 3 * sizeof(struct sockaddr_legacy)) || get_user(rt.rt_flags, &ur->rt_flags) || get_user(rt.rt_metric, &ur->rt_metric) || get_user(rt.rt_mtu, &ur->rt_mtu) || diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index b24d74616637..75bd15d884e3 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1021,7 +1021,7 @@ static int inet_compat_routing_ioctl(struct sock *sk, unsigned int cmd, struct rtentry rt; if (copy_from_user(&rt.rt_dst, &ur->rt_dst, - 3 * sizeof(struct sockaddr)) || + 3 * sizeof(struct sockaddr_legacy)) || get_user(rt.rt_flags, &ur->rt_flags) || get_user(rt.rt_metric, &ur->rt_metric) || get_user(rt.rt_mtu, &ur->rt_mtu) || diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 8353518b110a..595b9ac58e92 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -452,7 +452,7 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, itag); } -static inline __be32 sk_extract_addr(struct sockaddr *addr) +static inline __be32 sk_extract_addr(struct sockaddr_legacy *addr) { return ((struct sockaddr_in *) addr)->sin_addr.s_addr; }