Xen project Mailing List

Re: [PATCH] xen/public: fix flexible array definitions

Date: Thu, 30 Nov 2023 09:24:27 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+1jL6UfUo5JuIxAjehJPBzE6PntVVAu5RmhSCI5OUw0=; b=SjTZTav5BE7ZoU5pncY1wosxhBjp306dOrOxj/lEoyDs6/0nwzhxXkufyjaKwm9pgsUwjy24Jtw+mnSyTKq60QZfPOeZGTy35aDWXfPTS6rxKD3I4rEqWNp/OZh8CXepTLr/J4Su1qdvat6wCvRDn5oTO0AFGULorTsxZyYFuzKmSm/ykFH+fUigUdhTmOalIMam+uaAkM9dSoJxpVDbVtyFsBtLxcITokqyfrKh5nibIRNDmzb93/YGyaPNSQrci+VpTyRdF/Ofo2gxN8bxMdK92QQ3THDyU9p3pRuC+jiVwuOxMfWj75mvWJHd7xZKqSClCGnPnIEZi1EcYEjBEA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nfJQy32KXtsr40WQ8bYKh4Fo0LtwlVifnpdREvtNV4uTH/hFkonEKHykeMSuwklOPrSmR764ZLGnB/tfXB/Llhqz91YEDwcZOignudrjdG3qXLOkhDFNXuJUwHIjeEuf+d5/F1MEGs6QH44lhNl2Zn34zuVmNsib7YffO6T6MBXUhhglSCwxOIlQbQSEnKxM5qS937i9794yT6CwHhTFT8m1LIqZZFI8U5ptZGaToxfoDeNYRqkgv1YxUzAF14CTbNjum2hMseYNWXXJnKtIt7laIwOyjGrwFwqLvbEVVNsY+bxpNazZXrc+KRbEz1q9BZ+Pn50XERqqFUaHdvM5vg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Thu, 30 Nov 2023 08:24:53 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 29.11.2023 12:58, Juergen Gross wrote: > On 09.08.23 11:42, Juergen Gross wrote: >> On 26.07.23 07:52, Jan Beulich wrote: >>> On 25.07.2023 18:59, Andrew Cooper wrote: >>>> On 25/07/2023 5:16 pm, Jan Beulich wrote: >>>>> On 25.07.2023 15:55, Juergen Gross wrote: >>>>>> Flexible arrays in public headers can be problematic with some >>>>>> compilers. >>>>>> >>>>>> Replace them with arr[XEN_FLEX_ARRAY_DIM] in order to avoid compilation >>>>>> errors. >>>>>> >>>>>> This includes arrays defined as "arr[1]", as seen with a recent Linux >>>>>> kernel [1]. >>>>>> >>>>>> [1]: https://bugzilla.kernel.org/show_bug.cgi?id=217693 >>>>>> >>>>>> Signed-off-by: Juergen Gross <jgross@xxxxxxxx> >>>>> I think we need to be careful here: What if someone somewhere applies >>>>> sizeof() to any of the types you alter? >>>> >>>> Then the code was most likely wrong already. >>> >>> That's possible to judge only when seeing the code in question. >>> >>>>> The resulting value would >>>>> change with the changes you propose, which we cannot allow to happen >>>>> in a stable interface. Therefore imo it can only be an opt-in feature >>>>> to have these arrays no longer be one-element ones. >>>> >>>> I don't consider this an issue. >>>> >>>> If people take an update to the headers and their code stops compiling, >>>> then of course they fix the compilation issue. That's normal. >>> >>> The code may continue to compile fine, and even appear to work initially. >>> >>>> It's unreasonable to take opt-in features to a set of headers intended >>>> to be vendored in the first place, to work around a corner case that's >>>> likely buggy already. >>> >>> The original intention clearly was to allow use of these headers as is. >>> Anyway, I've voiced my view, yet if there are enough people agreeing >>> with you, then so be it. >> >> Any further thoughts? >> >> I have checked the code in the Linux kernel meanwhile. There should be no >> fallout resulting from this change, but I think there are some user mode >> backends outside of qemu which are probably using affected structs. > > I've received another mail regarding the report [1] above. I think we should > _really_ come to a conclusion. > > I'm still in favor of applying my suggested patch. I think the change would be fine to make when adjusted to be conditional upon (suitably bumped) __XEN_LATEST_INTERFACE_VERSION__. Yet while looking at the patch and the headers again, it also looks as if there might be another small issue: ring.h uses XEN_FLEX_ARRAY_DIM without itself including xen.h. That's probably okay considering that all headers including ring.h also include grant_table.h (which in turn includes xen.h), but this dependency may still want making explicit. Finally - is the change actually going to help everywhere (not just in Linux)? It effectively depends on people enabling C99 mode. Older gcc for example didn't even define __STDC_VERSION__ when -std wasn't used. Linux doesn't permit use of such old gcc versions anymore, but recall we're aiming to be C89 compatible. Therefore I think that in addition we'd need a way for consumers of the headers to indicate that the C99 form of XEN_FLEX_ARRAY_DIM can be used even when __STDC_VERSION__ isn't defined. (This may as well simply be done by allowing people to pre-define XEN_FLEX_ARRAY_DIM before including any Xen headers.) Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.