From: Alexey Dobriyan adobriyan@gmail.com
stable inclusion from stable-v5.10.210 commit 6388d0e3200dd496c19b31aa44827a01b134197a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9HK6L CVE: CVE-2024-26907
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit 32a4ec211d4164e667d9d0b807fadf02053cd2e9 ]
__DECLARE_FLEX_ARRAY(T, member) macro expands to
struct { struct {} __empty_member; T member[]; };
which is subtly wrong in C++ because sizeof(struct{}) is 1 not 0, changing UAPI structures layouts.
This can be fixed by expanding to
T member[];
Now g++ doesn't like "T member[]" either, throwing errors on the following code:
struct S { union { T1 member1[]; T2 member2[]; }; };
or
struct S { T member[]; };
Use "T member[0];" which seems to work and does the right thing wrt structure layout.
Signed-off-by: Alexey Dobriyan adobriyan@gmail.com Fixes: 3080ea5553cc ("stddef: Introduce DECLARE_FLEX_ARRAY() helper") Link: https://lore.kernel.org/r/97242381-f1ec-4a4a-9472-1a464f575657@p183 Signed-off-by: Kees Cook keescook@chromium.org Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- include/uapi/linux/stddef.h | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/include/uapi/linux/stddef.h b/include/uapi/linux/stddef.h index 7837ba4fe728..46c7bab501cb 100644 --- a/include/uapi/linux/stddef.h +++ b/include/uapi/linux/stddef.h @@ -29,6 +29,11 @@ struct TAG { MEMBERS } ATTRS NAME; \ }
+#ifdef __cplusplus +/* sizeof(struct{}) is 1 in C++, not 0, can't use C version of the macro. */ +#define __DECLARE_FLEX_ARRAY(T, member) \ + T member[0] +#else /** * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union * @@ -45,3 +50,5 @@ TYPE NAME[]; \ } #endif + +#endif