Re: [PATCH][next] treewide: uapi: Replace zero-length arrays with flexible-array members

[David Woodhouse]

On 2022-07-28 at 10:54:58 -0700, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> The issue here seems to be a collision between "unknown array size"
> and known sizes:
> 
> struct bpf_lpm_trie_key {
>         __u32   prefixlen;      /* up to 32 for AF_INET, 128 for AF_INET6 */
>         __u8    data[0];        /* Arbitrary size */
> };
> 
> struct lpm_key {
> 	struct bpf_lpm_trie_key trie_key;
> 	__u32 data;
> };
> 
> This is treating trie_key as a header, which it's not: it's a complete
> structure. :)
> 
> Perhaps:
> 
> struct lpm_key {
>         __u32 prefixlen;
>         __u32 data;
> };
> 
> I don't see anything else trying to include bpf_lpm_trie_key.

What was the eventual conclusion here?

These changes broke userspace compilation, because a *lot* of these
structures ending with VLAs are very much used as headers.

QEMU does it, for example...

uint64_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
{
    struct {
        struct kvm_msrs info;
        struct kvm_msr_entry entries[1];
    } msr_data = {};


... which works in C but not in C++, which gives an error I can't work
out how to avoid.

Am I missing something, or did we break our userspace headers for C++
and make them C-only?

 $ cat test_kvm.cpp 
#include <cstdlib>
#include <asm/kvm.h>

struct msr_data {
	struct kvm_msrs info;
	struct kvm_msr_entry entries[1];
};

struct msr_data *alloc_msr_data(void)
{
	return static_cast<struct msr_data *>(malloc(sizeof(struct msr_data)));
}

 $ g++    -c -o test_kvm.o test_kvm.cpp
In file included from test_kvm.cpp:2:
/usr/include/x86_64-linux-gnu/asm/kvm.h:194:30: error: flexible array member ‘kvm_msrs::entries’ not at end of ‘struct msr_data’
  194 |         struct kvm_msr_entry entries[];
      |                              ^~~~~~~
test_kvm.cpp:6:30: note: next member ‘kvm_msr_entry msr_data::entries [1]’ declared here
    6 |         struct kvm_msr_entry entries[1];
      |                              ^~~~~~~
test_kvm.cpp:4:8: note: in the definition of ‘struct msr_data’
    4 | struct msr_data {
      |        ^~~~~~~~

Attachment: smime.p7s
Description: S/MIME cryptographic signature