[PATCH][next] integrity: Avoid -Wflex-array-member-not-at-end warnings
Mimi Zohar
zohar at linux.ibm.com
Thu Mar 21 01:19:36 UTC 2024
Hi Gustavo,
Sorry for the delay...
On Mon, 2024-03-04 at 11:52 -0600, Gustavo A. R. Silva wrote:
> -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
> ready to enable it globally.
>
> There is currently an object (`hdr)` in `struct ima_max_digest_data`
> that contains a flexible structure (`struct ima_digest_data`):
>
> struct ima_max_digest_data {
> struct ima_digest_data hdr;
> u8 digest[HASH_MAX_DIGESTSIZE];
> } __packed;
>
> So, in order to avoid ending up with a flexible-array member in the
> middle of another struct, we use the `struct_group_tagged()` helper to
> separate the flexible array from the rest of the members in the flexible
> structure:
>
> struct ima_digest_data {
> struct_group_tagged(ima_digest_data_hdr, hdr,
>
> ... the rest of the members
>
> );
> u8 digest[];
> } __packed;
>
> With the change described above, we can now declare an object of the
> type of the tagged struct, without embedding the flexible array in the
> middle of another struct:
>
> struct ima_max_digest_data {
> struct ima_digest_data_hdr hdr;
> u8 digest[HASH_MAX_DIGESTSIZE];
> } __packed;
>
> We also use `container_of()` whenever we need to retrieve a pointer to
> the flexible structure.
Nice!
>
> So, with these changes, fix the following warnings:
>
> security/integrity/evm/evm.h:45:32: warning: structure containing a flexible
> array member is not at the end of another structure [-Wflex-array-member-not-
> at-end]
> security/integrity/evm/evm.h:45:32: warning: structure containing a flexible
> array member is not at the end of another structure [-Wflex-array-member-not-
> at-end]
> security/integrity/evm/evm.h:45:32: warning: structure containing a flexible
> array member is not at the end of another structure [-Wflex-array-member-not-
> at-end]
A similar change would need to be made to struct evm_digest:
struct evm_digest {
struct ima_digest_data hdr;
char digest[IMA_MAX_DIGEST_SIZE];
} __packed;
Is there are another patch?
Mimi
>
> Signed-off-by: Gustavo A. R. Silva <gustavoars at kernel.org>
>
More information about the Linux-security-module-archive
mailing list