On March 2, 2026 9:04:24 PM PST, "Gustavo A. R. Silva" <[email protected]>
wrote:
>-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
>getting ready to enable it, globally.
>
>struct bpf_prog_array is a flexible structure, this is a structure that
>contains a flexible-array member (struct bpf_prog_array_item items[];).
>
>We create the new struct bpf_prog_array_hdr type, and use it to replace
>the object type causing trouble in struct bpf_empty_prog_array, namely
>struct bpf_prog_array hdr;
>
>Also, once -fms-extensions is enabled, we can use transparent struct
Typo: "since" instead of "once".
>members in struct bpf_prog_array.
>
>Notice that the newly created type does not contain the flex-array
>member `items`, which is the object causing the -Wfamnae warnings
>in struct bpf_empty_prog_array.
>
>With these changes, fix the following warnings:
>
>7659 ./include/linux/bpf.h:2369:31: warning: structure containing a flexible
>array member is not at the end of another structure
>[-Wflex-array-member-not-at-end]
>
>Signed-off-by: Gustavo A. R. Silva <[email protected]>
>---
> include/linux/bpf-cgroup.h | 2 +-
> include/linux/bpf.h | 8 ++++++--
> kernel/bpf/core.c | 6 +++---
> 3 files changed, 10 insertions(+), 6 deletions(-)
>
>diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
>index 2f535331f926..e7d266600ac7 100644
>--- a/include/linux/bpf-cgroup.h
>+++ b/include/linux/bpf-cgroup.h
>@@ -184,7 +184,7 @@ static inline bool cgroup_bpf_sock_enabled(struct sock *sk,
> struct bpf_prog_array *array;
>
> array = rcu_access_pointer(cgrp->bpf.effective[type]);
>- return array != &bpf_empty_prog_array.hdr;
>+ return (void *)array != (void *)&bpf_empty_prog_array.hdr;
> }
>
> /* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled.
> */
>diff --git a/include/linux/bpf.h b/include/linux/bpf.h
>index 05b34a6355b0..488de065466e 100644
>--- a/include/linux/bpf.h
>+++ b/include/linux/bpf.h
>@@ -2360,13 +2360,17 @@ struct bpf_prog_array_item {
> };
> };
>
>-struct bpf_prog_array {
>+struct bpf_prog_array_hdr {
> struct rcu_head rcu;
>+};
>+
>+struct bpf_prog_array {
>+ struct bpf_prog_array_hdr;
> struct bpf_prog_array_item items[];
> };
>
> struct bpf_empty_prog_array {
>- struct bpf_prog_array hdr;
>+ struct bpf_prog_array_hdr hdr;
> struct bpf_prog *null_prog;
> };
AFAICT, this struct exists entirely to populate a single element of "items" in
a global variable. (I only see "null_prog" used during the initializer.) None
of this is needed; globals will be correctly sized with an array initializer of
a FAM. Totally untested:
struct bpf_prog_array bpf_empty_prog_array = {
.items = { NULL, },
};
>
>diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
>index 229c74f3d6ae..ac15ab8b7d3c 100644
>--- a/kernel/bpf/core.c
>+++ b/kernel/bpf/core.c
>@@ -2598,14 +2598,14 @@ struct bpf_prog_array *bpf_prog_array_alloc(u32
>prog_cnt, gfp_t flags)
> if (prog_cnt)
> p = kzalloc_flex(*p, items, prog_cnt + 1, flags);
> else
>- p = &bpf_empty_prog_array.hdr;
>+ p = (void *)&bpf_empty_prog_array.hdr;
Then there also shouldn't be any need for the casting (or the "hdr" addressing):
p = &bpf_empty_prog_array;
Etc
-Kees
>
> return p;
> }
>
> void bpf_prog_array_free(struct bpf_prog_array *progs)
> {
>- if (!progs || progs == &bpf_empty_prog_array.hdr)
>+ if (!progs || (void *)progs == (void *)&bpf_empty_prog_array.hdr)
> return;
> kfree_rcu(progs, rcu);
> }
>@@ -2626,7 +2626,7 @@ static void __bpf_prog_array_free_sleepable_cb(struct
>rcu_head *rcu)
>
> void bpf_prog_array_free_sleepable(struct bpf_prog_array *progs)
> {
>- if (!progs || progs == &bpf_empty_prog_array.hdr)
>+ if (!progs || (void *)progs == (void *)&bpf_empty_prog_array.hdr)
> return;
> call_rcu_tasks_trace(&progs->rcu, __bpf_prog_array_free_sleepable_cb);
> }
--
Kees Cook
