| Message ID | 20230922175416.work.272-kees@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | accel/ivpu: Annotate struct ivpu_job with __counted_by | expand |
On Fri, Sep 22, 2023 at 10:54:17AM -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct ivpu_job. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com> > Cc: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com> > Cc: Oded Gabbay <ogabbay@kernel.org> > Cc: Nathan Chancellor <nathan@kernel.org> > Cc: Nick Desaulniers <ndesaulniers@google.com> > Cc: Tom Rix <trix@redhat.com> > Cc: dri-devel@lists.freedesktop.org > Cc: llvm@lists.linux.dev > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com> Please apply the patch via whatever tree is appropriate. Or if I have to take it via drm-misc, please let me know. Regards Stanislaw > --- > drivers/accel/ivpu/ivpu_job.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/accel/ivpu/ivpu_job.h b/drivers/accel/ivpu/ivpu_job.h > index aa1f0b9479b0..5514c2d8a609 100644 > --- a/drivers/accel/ivpu/ivpu_job.h > +++ b/drivers/accel/ivpu/ivpu_job.h > @@ -51,7 +51,7 @@ struct ivpu_job { > u32 job_id; > u32 engine_idx; > size_t bo_count; > - struct ivpu_bo *bos[]; > + struct ivpu_bo *bos[] __counted_by(bo_count); > }; > > int ivpu_submit_ioctl(struct drm_device *dev, void *data, struct drm_file *file); > -- > 2.34.1 >
On Fri, 22 Sep 2023 10:54:17 -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct ivpu_job. > > [...] Thanks Stanislaw! I'll take it through my for-next/hardening tree then: [1/1] accel/ivpu: Annotate struct ivpu_job with __counted_by https://git.kernel.org/kees/c/2eabbbb8275b Take care,
diff --git a/drivers/accel/ivpu/ivpu_job.h b/drivers/accel/ivpu/ivpu_job.h index aa1f0b9479b0..5514c2d8a609 100644 --- a/drivers/accel/ivpu/ivpu_job.h +++ b/drivers/accel/ivpu/ivpu_job.h @@ -51,7 +51,7 @@ struct ivpu_job { u32 job_id; u32 engine_idx; size_t bo_count; - struct ivpu_bo *bos[]; + struct ivpu_bo *bos[] __counted_by(bo_count); }; int ivpu_submit_ioctl(struct drm_device *dev, void *data, struct drm_file *file);
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct ivpu_job. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com> Cc: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com> Cc: Oded Gabbay <ogabbay@kernel.org> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Tom Rix <trix@redhat.com> Cc: dri-devel@lists.freedesktop.org Cc: llvm@lists.linux.dev Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/accel/ivpu/ivpu_job.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)