bpf: Avoid gcc-10 stringop-overflow warning in struct bpf_prog

gcc-10 warns about accesses to zero-length arrays:

kernel/bpf/core.c: In function 'bpf_patch_insn_single':
cc1: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
In file included from kernel/bpf/core.c:21:
include/linux/filter.h:550:20: note: at offset 0 to object 'insnsi' with size 0 declared here
  550 |   struct bpf_insn  insnsi[0];
      |                    ^~~~~~

In this case, we really want to have two flexible-array members,
but that is not possible. Removing the union to make insnsi a
flexible-array member while leaving insns as a zero-length array
fixes the warning, as nothing writes to the other one in that way.

This trick only works on linux-3.18 or higher, as older versions
had additional members in the union.

Fixes: 60a3b2253c41 ("net: bpf: make eBPF interpreter images read-only")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200430213101.135134-6-arnd@arndb.de

diff --git a/include/linux/filter.h b/include/linux/filter.h
index af37318bb1c569e94e79f89f543546c5bfe65a6a..73d06a39e2d6106e3369a345c31056f65b5844ca 100644 (file)
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -545,10 +545,8 @@ struct bpf_prog {
        unsigned int            (*bpf_func)(const void *ctx,
                                            const struct bpf_insn *insn);
        /* Instructions for interpreter */
-       union {
-               struct sock_filter      insns[0];
-               struct bpf_insn         insnsi[0];
-       };
+       struct sock_filter      insns[0];
+       struct bpf_insn         insnsi[];
 };
 
 struct sk_filter {