From: David Laight <david.laight.linux@gmail.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Thorsten Blum <thorsten.blum@linux.dev>,
Josh Poimboeuf <jpoimboe@kernel.org>, Kees Cook <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] unwind deferred: Annotate struct unwind_cache with __counted_by
Date: Fri, 14 Nov 2025 14:31:04 +0000 [thread overview]
Message-ID: <20251114143104.0d1aead3@pumpkin> (raw)
In-Reply-To: <20251114084346.6469edc0@gandalf.local.home>
On Fri, 14 Nov 2025 08:43:46 -0500
Steven Rostedt <rostedt@goodmis.org> wrote:
> On Fri, 14 Nov 2025 13:27:47 +0100
> Thorsten Blum <thorsten.blum@linux.dev> wrote:
>
> > Add the __counted_by() compiler attribute to the flexible array member
> > 'entries' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > CONFIG_FORTIFY_SOURCE.
> >
> > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > ---
> > include/linux/unwind_deferred_types.h | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/include/linux/unwind_deferred_types.h b/include/linux/unwind_deferred_types.h
> > index 33b62ac25c86..d4b67f0116f3 100644
> > --- a/include/linux/unwind_deferred_types.h
> > +++ b/include/linux/unwind_deferred_types.h
> > @@ -5,7 +5,7 @@
> > struct unwind_cache {
> > unsigned long unwind_completed;
> > unsigned int nr_entries;
> > - unsigned long entries[];
> > + unsigned long entries[] __counted_by(nr_entries);
> > };
> >
> > /*
>
> Wrong!
>
> I need to add a comment here that entries is not bound by nr_entries.
>
> https://lore.kernel.org/all/20250730093249.4833be14@gandalf.local.home/
>
> Maybe this?:
>
> diff --git a/include/linux/unwind_deferred_types.h b/include/linux/unwind_deferred_types.h
> index 33b62ac25c86..d05409bb14fa 100644
> --- a/include/linux/unwind_deferred_types.h
> +++ b/include/linux/unwind_deferred_types.h
> @@ -5,7 +5,7 @@
> struct unwind_cache {
> unsigned long unwind_completed;
Does that need to be 'long' - 'int' would fit in the padding on 64bit.
> unsigned int nr_entries;
> - unsigned long entries[];
> + unsigned long entries[]; /* Fixed size, not bound by nr_entries */
> };
Perhaps it should be:
unsigned long entries[ /* MAX_UNWIND_ENTRIES */ ];
David
>
> /*
>
>
>
> -- Steve
>
next prev parent reply other threads:[~2025-11-14 14:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 12:27 [PATCH] unwind deferred: Annotate struct unwind_cache with __counted_by Thorsten Blum
2025-11-14 13:43 ` Steven Rostedt
2025-11-14 13:53 ` Steven Rostedt
2025-11-14 14:57 ` Steven Rostedt
2025-11-14 15:02 ` David Laight
2025-11-14 15:48 ` Steven Rostedt
2025-11-14 14:31 ` David Laight [this message]
2025-11-14 14:56 ` Steven Rostedt
2025-11-14 15:49 ` Steven Rostedt
2025-11-14 15:53 ` Steven Rostedt
2025-11-14 16:15 ` Thorsten Blum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251114143104.0d1aead3@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=gustavoars@kernel.org \
--cc=jpoimboe@kernel.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=thorsten.blum@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.