| Message ID | 20250114214956.915982-2-thorsten.blum@linux.dev (mailing list archive) |
|---|---|
| State | In Next |
| Commit | afa92869776a1aff196d8a55b200da52a58f9d76 |
| Headers | show |
| Series | [RESEND,v2] params: Annotate struct module_param_attrs with __counted_by() | expand |
On 14. Jan 2025, at 22:49, Thorsten Blum wrote: > Add the __counted_by compiler attribute to the flexible array member > attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > CONFIG_FORTIFY_SOURCE. > > Increment num before adding a new param_attribute to the attrs array and > adjust the array index accordingly. Increment num immediately after the > first reallocation such that the reallocation for the NULL terminator > only needs to add 1 (instead of 2) to mk->mp->num. > > Use struct_size() instead of manually calculating the size for the > reallocation. > > Use krealloc_array() for the additional NULL terminator. Hi, could someone please take another look at this? It was already applied to modules-next in August 2024, but dropped shortly after because of a Clang issue: https://lore.kernel.org/all/20241029140036.577804-1-kernel@jfarr.cc The Clang issue has been fixed for a while and this patch could be applied again. Thanks, Thorsten
On 4. Feb 2025, at 17:44, Thorsten Blum wrote: > On 14. Jan 2025, at 22:49, Thorsten Blum wrote: >> Add the __counted_by compiler attribute to the flexible array member >> attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and >> CONFIG_FORTIFY_SOURCE. >> >> Increment num before adding a new param_attribute to the attrs array and >> adjust the array index accordingly. Increment num immediately after the >> first reallocation such that the reallocation for the NULL terminator >> only needs to add 1 (instead of 2) to mk->mp->num. >> >> Use struct_size() instead of manually calculating the size for the >> reallocation. >> >> Use krealloc_array() for the additional NULL terminator. > > Hi, could someone please take another look at this? > > It was already applied to modules-next in August 2024, but dropped > shortly after because of a Clang issue: > > https://lore.kernel.org/all/20241029140036.577804-1-kernel@jfarr.cc > > The Clang issue has been fixed for a while and this patch could be > applied again. Hi Luis, you already applied this to modules-next in September of last year [1]. Could you apply it again now that the Clang issue has been fixed? Thanks, Thorsten [1] https://lore.kernel.org/linux-kernel/ZuHaiiMV6ESS8p7z@bombadil.infradead.org/
On Tue, Feb 11, 2025 at 02:18:08PM +0100, Thorsten Blum wrote: > On 4. Feb 2025, at 17:44, Thorsten Blum wrote: > > On 14. Jan 2025, at 22:49, Thorsten Blum wrote: > >> Add the __counted_by compiler attribute to the flexible array member > >> attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > >> CONFIG_FORTIFY_SOURCE. > >> > >> Increment num before adding a new param_attribute to the attrs array and > >> adjust the array index accordingly. Increment num immediately after the > >> first reallocation such that the reallocation for the NULL terminator > >> only needs to add 1 (instead of 2) to mk->mp->num. > >> > >> Use struct_size() instead of manually calculating the size for the > >> reallocation. > >> > >> Use krealloc_array() for the additional NULL terminator. > > > > Hi, could someone please take another look at this? > > > > It was already applied to modules-next in August 2024, but dropped > > shortly after because of a Clang issue: > > > > https://lore.kernel.org/all/20241029140036.577804-1-kernel@jfarr.cc > > > > The Clang issue has been fixed for a while and this patch could be > > applied again. > > Hi Luis, > > you already applied this to modules-next in September of last year [1]. > Could you apply it again now that the Clang issue has been fixed? Please resend and Cc new co-maintainers, we are rotating every 6 months so to helps scale and support Rust modules too. Luis > > Thanks, > Thorsten > > [1] https://lore.kernel.org/linux-kernel/ZuHaiiMV6ESS8p7z@bombadil.infradead.org/
diff --git a/kernel/params.c b/kernel/params.c index 2e447f8ae183..5f6643676697 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -551,7 +551,7 @@ struct module_param_attrs { unsigned int num; struct attribute_group grp; - struct param_attribute attrs[]; + struct param_attribute attrs[] __counted_by(num); }; #ifdef CONFIG_SYSFS @@ -651,35 +651,32 @@ static __modinit int add_sysfs_param(struct module_kobject *mk, } /* Enlarge allocations. */ - new_mp = krealloc(mk->mp, - sizeof(*mk->mp) + - sizeof(mk->mp->attrs[0]) * (mk->mp->num + 1), + new_mp = krealloc(mk->mp, struct_size(mk->mp, attrs, mk->mp->num + 1), GFP_KERNEL); if (!new_mp) return -ENOMEM; mk->mp = new_mp; + mk->mp->num++; /* Extra pointer for NULL terminator */ - new_attrs = krealloc(mk->mp->grp.attrs, - sizeof(mk->mp->grp.attrs[0]) * (mk->mp->num + 2), - GFP_KERNEL); + new_attrs = krealloc_array(mk->mp->grp.attrs, mk->mp->num + 1, + sizeof(mk->mp->grp.attrs[0]), GFP_KERNEL); if (!new_attrs) return -ENOMEM; mk->mp->grp.attrs = new_attrs; /* Tack new one on the end. */ - memset(&mk->mp->attrs[mk->mp->num], 0, sizeof(mk->mp->attrs[0])); - sysfs_attr_init(&mk->mp->attrs[mk->mp->num].mattr.attr); - mk->mp->attrs[mk->mp->num].param = kp; - mk->mp->attrs[mk->mp->num].mattr.show = param_attr_show; + memset(&mk->mp->attrs[mk->mp->num - 1], 0, sizeof(mk->mp->attrs[0])); + sysfs_attr_init(&mk->mp->attrs[mk->mp->num - 1].mattr.attr); + mk->mp->attrs[mk->mp->num - 1].param = kp; + mk->mp->attrs[mk->mp->num - 1].mattr.show = param_attr_show; /* Do not allow runtime DAC changes to make param writable. */ if ((kp->perm & (S_IWUSR | S_IWGRP | S_IWOTH)) != 0) - mk->mp->attrs[mk->mp->num].mattr.store = param_attr_store; + mk->mp->attrs[mk->mp->num - 1].mattr.store = param_attr_store; else - mk->mp->attrs[mk->mp->num].mattr.store = NULL; - mk->mp->attrs[mk->mp->num].mattr.attr.name = (char *)name; - mk->mp->attrs[mk->mp->num].mattr.attr.mode = kp->perm; - mk->mp->num++; + mk->mp->attrs[mk->mp->num - 1].mattr.store = NULL; + mk->mp->attrs[mk->mp->num - 1].mattr.attr.name = (char *)name; + mk->mp->attrs[mk->mp->num - 1].mattr.attr.mode = kp->perm; /* Fix up all the pointers, since krealloc can move us */ for (i = 0; i < mk->mp->num; i++)
Add the __counted_by compiler attribute to the flexible array member attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Increment num before adding a new param_attribute to the attrs array and adjust the array index accordingly. Increment num immediately after the first reallocation such that the reallocation for the NULL terminator only needs to add 1 (instead of 2) to mk->mp->num. Use struct_size() instead of manually calculating the size for the reallocation. Use krealloc_array() for the additional NULL terminator. Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> --- Changes in v2: - Use krealloc_array() as suggested by Andy Shevchenko - Link to v1: https://lore.kernel.org/r/20240823123300.37574-1-thorsten.blum@toblux.com/ --- kernel/params.c | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-)