Re: [PATCH v2][next] netfilter: x_tables: Avoid a couple -Wflex-array-member-not-at-end warnings

Next message: Linus Walleij: "Re: [PATCH] mfd: si476x: Modernize GPIO handling"
Previous message: Sean Christopherson: "[PATCH 3/3] KVM: SVM: Only disable x2AVIC WRMSR interception for MSRs that are accelerated"
In reply to: Florian Westphal: "Re: [PATCH v2][next] netfilter: x_tables: Avoid a couple -Wflex-array-member-not-at-end warnings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Gustavo A. R. Silva

Date: Thu Apr 09 2026 - 18:26:36 EST

On 4/9/26 16:18, Florian Westphal wrote:

Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx> wrote:

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index b39017c80548..9dd5957d9ed4 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -819,13 +819,15 @@ EXPORT_SYMBOL_GPL(xt_compat_match_to_user);

/* non-compat version may have padding after verdict */
struct compat_xt_standard_target {
- struct compat_xt_entry_target t;
- compat_uint_t verdict;
+ TRAILING_OVERLAP(struct compat_xt_entry_target, t, data,
+ compat_uint_t verdict;
+ );
};

struct compat_xt_error_target {
- struct compat_xt_entry_target t;
- char errorname[XT_FUNCTION_MAXNAMELEN];
+ TRAILING_OVERLAP(struct compat_xt_entry_target, t, data,
+ char errorname[XT_FUNCTION_MAXNAMELEN];
+ );
};

You tell me what you prefer.

I have no strong opinion. This compat code is needed to run 32bit
iptables binaries on a 64 bit host, not many users these days I think.
I still hope we can remove this eventually.

But as the above diff is smaller I would prefer it.

Okay; I'll submit this as v3 then.

Thanks for the feedback,
-Gustavo