Re: [GIT PULL] hardening fixes for v6.6-rc3
From: Kees Cook
Date: Fri Sep 22 2023 - 23:49:29 EST
On Fri, Sep 22, 2023 at 04:55:45PM -0700, Linus Torvalds wrote:
> On Fri, 22 Sept 2023 at 09:59, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > - Fix UAPI stddef.h to avoid C++-ism (Alexey Dobriyan)
>
> Ugh. Did we really have to make two different versions of that define?
>
> Ok, so C++ did something stupid wrt an empty struct. Fine.
>
> But I think we could have still shared the same definition by just
> using the same 'zero-sized array' trick, regardless of any 'empty
> struct has a size in C++'.
>
> IOW, wouldn't this just work universally, without any "two completely
> different versions" hack?
>
> #define __DECLARE_FLEX_ARRAY(TYPE, NAME) \
> struct { \
> char __empty_ ## NAME[0]; \
> TYPE NAME[]; \
> }
>
> I didn't test. I'm just hating on that '#ifdef __cplusplus'.
Yeah, I had same thought[1], but in the end I left it the way Alexey
suggested for one decent reason, and one weak reason:
1) As discovered[2] while porting this helper to ACPICA, using a flexible
array in a struct like this does not fly with MSVC, so for MSVC
ingesting UAPI, having the separate struct is likely more robust.
2) __cplusplus is relatively common in UAPI headers already:
$ git grep __cplusplus -- include/uapi | wc -l
58
-Kees
[1] https://lore.kernel.org/all/202309151208.C99747375@keescook/
[2] https://github.com/acpica/acpica/pull/837
--
Kees Cook