| Message ID | 20230915201449.never.649-kees@kernel.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 2d26302bdff1300029a67931739f5770eac22493 |
| Headers | show |
| Series | afs: Annotate struct afs_addr_list with __counted_by | expand |
On 9/15/23 14:14, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct afs_addr_list. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: David Howells <dhowells@redhat.com> > Cc: Marc Dionne <marc.dionne@auristor.com> > Cc: linux-afs@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks
On Fri, 15 Sep 2023 13:14:49 -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct afs_addr_list. > > [...] Applied to for-next/hardening, thanks! [1/1] afs: Annotate struct afs_addr_list with __counted_by https://git.kernel.org/kees/c/7a709daf5d40 Take care,
diff --git a/fs/afs/internal.h b/fs/afs/internal.h index da73b97e19a9..07433a5349ca 100644 --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -87,7 +87,7 @@ struct afs_addr_list { enum dns_lookup_status status:8; unsigned long failed; /* Mask of addrs that failed locally/ICMP */ unsigned long responded; /* Mask of addrs that responded */ - struct sockaddr_rxrpc addrs[]; + struct sockaddr_rxrpc addrs[] __counted_by(max_addrs); #define AFS_MAX_ADDRESSES ((unsigned int)(sizeof(unsigned long) * 8)) };
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct afs_addr_list. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: David Howells <dhowells@redhat.com> Cc: Marc Dionne <marc.dionne@auristor.com> Cc: linux-afs@lists.infradead.org Signed-off-by: Kees Cook <keescook@chromium.org> --- fs/afs/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)