| Message ID | AS8PR02MB723728DA244A82D97342D6498B192@AS8PR02MB7237.eurprd02.prod.outlook.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | sctp: annotate struct sctp_assoc_ids with __counted_by() | expand |
Hi, On Wed, May 01, 2024 at 07:01:22PM +0200, Erick Archer wrote: > Prepare for the coming implementation by GCC and Clang of the > __counted_by attribute. Flexible array members annotated with > __counted_by can have their accesses bounds-checked at run-time via > CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE > (for strcpy/memcpy-family functions). > > Suggested-by: Kees Cook <keescook@chromium.org> > Signed-off-by: Erick Archer <erick.archer@outlook.com> > --- > include/uapi/linux/sctp.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h > index b7d91d4cf0db..836173e73401 100644 > --- a/include/uapi/linux/sctp.h > +++ b/include/uapi/linux/sctp.h > @@ -1007,7 +1007,7 @@ enum sctp_sstat_state { > */ > struct sctp_assoc_ids { > __u32 gaids_number_of_ids; > - sctp_assoc_t gaids_assoc_id[]; > + sctp_assoc_t gaids_assoc_id[] __counted_by(gaids_number_of_ids); Crucially, gaids_number_of_ids is assigned before any accesses to gaids_assoc_id[] are made. | ids->gaids_number_of_ids = num; | num = 0; | list_for_each_entry(asoc, &(sp->ep->asocs), asocs) { | ids->gaids_assoc_id[num++] = asoc->assoc_id; | } So this looks good to me. Reviewed-by: Justin Stitt <justinstitt@google.com> > }; > > /* > -- > 2.25.1 > Thanks Justin
On Wed, May 01, 2024 at 07:01:22PM +0200, Erick Archer wrote: > Prepare for the coming implementation by GCC and Clang of the > __counted_by attribute. Flexible array members annotated with > __counted_by can have their accesses bounds-checked at run-time via > CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE > (for strcpy/memcpy-family functions). > > Suggested-by: Kees Cook <keescook@chromium.org> > Signed-off-by: Erick Archer <erick.archer@outlook.com> Thanks! Reviewed-by: Kees Cook <keescook@chromium.org>
Hi, On Wed, May 01, 2024 at 07:01:22PM +0200, Erick Archer wrote: > Prepare for the coming implementation by GCC and Clang of the > __counted_by attribute. Flexible array members annotated with > __counted_by can have their accesses bounds-checked at run-time via > CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE > (for strcpy/memcpy-family functions). > > Suggested-by: Kees Cook <keescook@chromium.org> > Signed-off-by: Erick Archer <erick.archer@outlook.com> > --- > include/uapi/linux/sctp.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h > index b7d91d4cf0db..836173e73401 100644 > --- a/include/uapi/linux/sctp.h > +++ b/include/uapi/linux/sctp.h > @@ -1007,7 +1007,7 @@ enum sctp_sstat_state { > */ > struct sctp_assoc_ids { > __u32 gaids_number_of_ids; > - sctp_assoc_t gaids_assoc_id[]; > + sctp_assoc_t gaids_assoc_id[] __counted_by(gaids_number_of_ids); > }; > > /* Friendly ping: who can take this, please? Regards, Erick
diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h index b7d91d4cf0db..836173e73401 100644 --- a/include/uapi/linux/sctp.h +++ b/include/uapi/linux/sctp.h @@ -1007,7 +1007,7 @@ enum sctp_sstat_state { */ struct sctp_assoc_ids { __u32 gaids_number_of_ids; - sctp_assoc_t gaids_assoc_id[]; + sctp_assoc_t gaids_assoc_id[] __counted_by(gaids_number_of_ids); }; /*
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Erick Archer <erick.archer@outlook.com> --- include/uapi/linux/sctp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)