| Message ID | 20230922175327.work.985-kees@kernel.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | b7c67206594a56be2407ae4da54a114c90609e53 |
| Headers | show |
| Series | mm/memcg: Annotate struct mem_cgroup_threshold_ary with __counted_by | expand |
On Fri, Sep 22, 2023 at 10:53 AM Kees Cook <keescook@chromium.org> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct mem_cgroup_threshold_ary. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Shakeel Butt <shakeelb@google.com> > Cc: Roman Gushchin <roman.gushchin@linux.dev> > Cc: Johannes Weiner <hannes@cmpxchg.org> > Cc: Michal Hocko <mhocko@suse.com> > Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > include/linux/memcontrol.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h > index 45d0c10e86cc..e0cfab58ab71 100644 > --- a/include/linux/memcontrol.h > +++ b/include/linux/memcontrol.h > @@ -143,7 +143,7 @@ struct mem_cgroup_threshold_ary { > /* Size of entries[] */ > unsigned int size; > /* Array of thresholds */ > - struct mem_cgroup_threshold entries[]; > + struct mem_cgroup_threshold entries[] __counted_by(size); Does 'size' here have to be a member of the same struct as entries? We have nodeinfo[] in struct mem_cgroup whose size is nr_node_ids which is global. Will __counted_by() work for that?
On Fri, Sep 22, 2023 at 11:25:56AM -0700, Shakeel Butt wrote: > On Fri, Sep 22, 2023 at 10:53 AM Kees Cook <keescook@chromium.org> wrote: > > > > Prepare for the coming implementation by GCC and Clang of the __counted_by > > attribute. Flexible array members annotated with __counted_by can have > > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > > functions). > > > > As found with Coccinelle[1], add __counted_by for struct mem_cgroup_threshold_ary. > > > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > > > Cc: Andrew Morton <akpm@linux-foundation.org> > > Cc: Shakeel Butt <shakeelb@google.com> > > Cc: Roman Gushchin <roman.gushchin@linux.dev> > > Cc: Johannes Weiner <hannes@cmpxchg.org> > > Cc: Michal Hocko <mhocko@suse.com> > > Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> > > Signed-off-by: Kees Cook <keescook@chromium.org> > > --- > > include/linux/memcontrol.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h > > index 45d0c10e86cc..e0cfab58ab71 100644 > > --- a/include/linux/memcontrol.h > > +++ b/include/linux/memcontrol.h > > @@ -143,7 +143,7 @@ struct mem_cgroup_threshold_ary { > > /* Size of entries[] */ > > unsigned int size; > > /* Array of thresholds */ > > - struct mem_cgroup_threshold entries[]; > > + struct mem_cgroup_threshold entries[] __counted_by(size); > > Does 'size' here have to be a member of the same struct as entries? We > have nodeinfo[] in struct mem_cgroup whose size is nr_node_ids which > is global. Will __counted_by() work for that? Not presently, no. This may come in future expansions of the feature. We're also hoping to gain expressions for places where a size isn't a native count, like for big endian, or a byte count that includes the entire struct, etc. For now, though, the feature is narrowly scoped just to get the common case landed. -Kees
On Fri, Sep 22, 2023 at 10:53 AM Kees Cook <keescook@chromium.org> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct mem_cgroup_threshold_ary. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Shakeel Butt <shakeelb@google.com> > Cc: Roman Gushchin <roman.gushchin@linux.dev> > Cc: Johannes Weiner <hannes@cmpxchg.org> > Cc: Michal Hocko <mhocko@suse.com> > Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> > Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Shakeel Butt <shakeelb@google.com>
On Fri, Sep 22, 2023 at 10:53:28AM -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct mem_cgroup_threshold_ary. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Shakeel Butt <shakeelb@google.com> > Cc: Roman Gushchin <roman.gushchin@linux.dev> > Cc: Johannes Weiner <hannes@cmpxchg.org> > Cc: Michal Hocko <mhocko@suse.com> > Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> > Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Roman Gushchin <roman.gushchin@linux.dev> Thanks!
On Fri, Sep 22, 2023 at 10:53:28AM -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct mem_cgroup_threshold_ary. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Shakeel Butt <shakeelb@google.com> > Cc: Roman Gushchin <roman.gushchin@linux.dev> > Cc: Johannes Weiner <hannes@cmpxchg.org> > Cc: Michal Hocko <mhocko@suse.com> > Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks -- Gustavo > --- > include/linux/memcontrol.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h > index 45d0c10e86cc..e0cfab58ab71 100644 > --- a/include/linux/memcontrol.h > +++ b/include/linux/memcontrol.h > @@ -143,7 +143,7 @@ struct mem_cgroup_threshold_ary { > /* Size of entries[] */ > unsigned int size; > /* Array of thresholds */ > - struct mem_cgroup_threshold entries[]; > + struct mem_cgroup_threshold entries[] __counted_by(size); > }; > > struct mem_cgroup_thresholds { > -- > 2.34.1 > >
On Fri 22-09-23 10:53:28, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct mem_cgroup_threshold_ary. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Shakeel Butt <shakeelb@google.com> > Cc: Roman Gushchin <roman.gushchin@linux.dev> > Cc: Johannes Weiner <hannes@cmpxchg.org> > Cc: Michal Hocko <mhocko@suse.com> > Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> > Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Michal Hocko <mhocko@suse.com> > --- > include/linux/memcontrol.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h > index 45d0c10e86cc..e0cfab58ab71 100644 > --- a/include/linux/memcontrol.h > +++ b/include/linux/memcontrol.h > @@ -143,7 +143,7 @@ struct mem_cgroup_threshold_ary { > /* Size of entries[] */ > unsigned int size; > /* Array of thresholds */ > - struct mem_cgroup_threshold entries[]; > + struct mem_cgroup_threshold entries[] __counted_by(size); > }; > > struct mem_cgroup_thresholds { > -- > 2.34.1
diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h index 45d0c10e86cc..e0cfab58ab71 100644 --- a/include/linux/memcontrol.h +++ b/include/linux/memcontrol.h @@ -143,7 +143,7 @@ struct mem_cgroup_threshold_ary { /* Size of entries[] */ unsigned int size; /* Array of thresholds */ - struct mem_cgroup_threshold entries[]; + struct mem_cgroup_threshold entries[] __counted_by(size); }; struct mem_cgroup_thresholds {
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct mem_cgroup_threshold_ary. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Shakeel Butt <shakeelb@google.com> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@suse.com> Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> Signed-off-by: Kees Cook <keescook@chromium.org> --- include/linux/memcontrol.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)