From: Sergey Senozhatsky <senozhatsky@chromium.org>
To: Kees Cook <keescook@chromium.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>,
Stanimir Varbanov <stanimir.k.varbanov@gmail.com>,
Vikash Garodia <quic_vgarodia@quicinc.com>,
Bryan O'Donoghue <bryan.odonoghue@linaro.org>,
Andy Gross <agross@kernel.org>,
Bjorn Andersson <andersson@kernel.org>,
Konrad Dybcio <konrad.dybcio@linaro.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH][next] media: venus: hfi_cmds: Replace one-element array with flex-array member and use __counted_by
Date: Tue, 9 Jan 2024 21:40:26 +0900 [thread overview]
Message-ID: <20240109124026.GA1012017@google.com> (raw)
In-Reply-To: <202310091252.660CFA9@keescook>
On (23/10/09 12:52), Kees Cook wrote:
> On Mon, Oct 09, 2023 at 12:42:05PM -0600, Gustavo A. R. Silva wrote:
> > Array `data` in `struct hfi_sfr` is being used as a fake flexible array
> > at run-time:
> >
> > drivers/media/platform/qcom/venus/hfi_venus.c:
> > 1033 p = memchr(sfr->data, '\0', sfr->buf_size);
> > 1034 /*
> > 1035 * SFR isn't guaranteed to be NULL terminated since SYS_ERROR indicates
> > 1036 * that Venus is in the process of crashing.
> > 1037 */
> > 1038 if (!p)
> > 1039 sfr->data[sfr->buf_size - 1] = '\0';
> > 1040
> > 1041 dev_err_ratelimited(dev, "SFR message from FW: %s\n", sfr->data);
> >
> > Fake flexible arrays are deprecated, and should be replaced by
> > flexible-array members. So, replace one-element array with a
> > flexible-array member in `struct hfi_sfr`.
> >
> > While there, also annotate array `data` with __counted_by() to prepare
> > for the coming implementation by GCC and Clang of the __counted_by
> > attribute. Flexible array members annotated with __counted_by can have
> > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> > functions).
> >
> > This results in no differences in binary output.
>
> Thanks for checking!
Sorry for shameless plug, a quick question: has any compiler implemented
support for counted_by() at this point?
next prev parent reply other threads:[~2024-01-09 12:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-09 18:42 [PATCH][next] media: venus: hfi_cmds: Replace one-element array with flex-array member and use __counted_by Gustavo A. R. Silva
2023-10-09 19:52 ` Kees Cook
2024-01-09 12:40 ` Sergey Senozhatsky [this message]
2024-01-09 13:17 ` Gustavo A. R. Silva
2024-01-09 13:28 ` Sergey Senozhatsky
2024-01-09 13:59 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240109124026.GA1012017@google.com \
--to=senozhatsky@chromium.org \
--cc=agross@kernel.org \
--cc=andersson@kernel.org \
--cc=bryan.odonoghue@linaro.org \
--cc=gustavoars@kernel.org \
--cc=keescook@chromium.org \
--cc=konrad.dybcio@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=quic_vgarodia@quicinc.com \
--cc=stanimir.k.varbanov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.