Message ID | 20230922175351.work.018-kees@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | mailbox: zynqmp: Annotate struct zynqmp_ipi_pdata with __counted_by | expand |
On 9/22/23 11:53, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct zynqmp_ipi_pdata. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Jassi Brar <jassisinghbrar@gmail.com> > Cc: Michal Simek <michal.simek@amd.com> > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks
On 9/22/23 19:53, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct zynqmp_ipi_pdata. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Jassi Brar <jassisinghbrar@gmail.com> > Cc: Michal Simek <michal.simek@amd.com> > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mailbox/zynqmp-ipi-mailbox.c b/drivers/mailbox/zynqmp-ipi-mailbox.c > index e4fcac97dbfa..7fa533e80dd9 100644 > --- a/drivers/mailbox/zynqmp-ipi-mailbox.c > +++ b/drivers/mailbox/zynqmp-ipi-mailbox.c > @@ -108,7 +108,7 @@ struct zynqmp_ipi_pdata { > unsigned int method; > u32 local_id; > int num_mboxes; > - struct zynqmp_ipi_mbox ipi_mboxes[]; > + struct zynqmp_ipi_mbox ipi_mboxes[] __counted_by(num_mboxes); > }; > > static struct device_driver zynqmp_ipi_mbox_driver = { Acked-by: Michal Simek <michal.simek@amd.com> Thanks, Michal
On Fri, Sep 22, 2023 at 10:54 AM Kees Cook <keescook@chromium.org> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct zynqmp_ipi_pdata. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Jassi Brar <jassisinghbrar@gmail.com> > Cc: Michal Simek <michal.simek@amd.com> > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> > --- Great patch! Crucially, the count is _correctly_ assigned to before the flexible array member is accessed. Reviewed-by: Justin Stitt <justinstitt@google.com> > drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mailbox/zynqmp-ipi-mailbox.c b/drivers/mailbox/zynqmp-ipi-mailbox.c > index e4fcac97dbfa..7fa533e80dd9 100644 > --- a/drivers/mailbox/zynqmp-ipi-mailbox.c > +++ b/drivers/mailbox/zynqmp-ipi-mailbox.c > @@ -108,7 +108,7 @@ struct zynqmp_ipi_pdata { > unsigned int method; > u32 local_id; > int num_mboxes; > - struct zynqmp_ipi_mbox ipi_mboxes[]; > + struct zynqmp_ipi_mbox ipi_mboxes[] __counted_by(num_mboxes); > }; > > static struct device_driver zynqmp_ipi_mbox_driver = { > -- > 2.34.1 > > Thanks Justin
On Fri, 22 Sep 2023 10:53:51 -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct zynqmp_ipi_pdata. > > [...] Applied to for-next/hardening, thanks! [1/1] mailbox: zynqmp: Annotate struct zynqmp_ipi_pdata with __counted_by https://git.kernel.org/kees/c/6b607a3a311a Take care,
diff --git a/drivers/mailbox/zynqmp-ipi-mailbox.c b/drivers/mailbox/zynqmp-ipi-mailbox.c index e4fcac97dbfa..7fa533e80dd9 100644 --- a/drivers/mailbox/zynqmp-ipi-mailbox.c +++ b/drivers/mailbox/zynqmp-ipi-mailbox.c @@ -108,7 +108,7 @@ struct zynqmp_ipi_pdata { unsigned int method; u32 local_id; int num_mboxes; - struct zynqmp_ipi_mbox ipi_mboxes[]; + struct zynqmp_ipi_mbox ipi_mboxes[] __counted_by(num_mboxes); }; static struct device_driver zynqmp_ipi_mbox_driver = {
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct zynqmp_ipi_pdata. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Jassi Brar <jassisinghbrar@gmail.com> Cc: Michal Simek <michal.simek@amd.com> Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)