* Re: [PATCH] mtd: rawnand: rockchip: Use struct_size()
2023-10-01 7:44 [PATCH] mtd: rawnand: rockchip: Use struct_size() Christophe JAILLET
@ 2023-10-01 7:49 ` Gustavo A. R. Silva
2023-10-09 19:59 ` Kees Cook
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Gustavo A. R. Silva @ 2023-10-01 7:49 UTC (permalink / raw)
To: Christophe JAILLET, Miquel Raynal, Richard Weinberger,
Vignesh Raghavendra, Heiko Stuebner, Kees Cook,
Gustavo A. R. Silva, Nathan Chancellor, Nick Desaulniers, Tom Rix
Cc: linux-kernel, kernel-janitors, linux-mtd, linux-arm-kernel,
linux-rockchip, linux-hardening, llvm
On 10/1/23 09:44, Christophe JAILLET wrote:
> Use struct_size() instead of hand writing it.
> This is less verbose and more robust.
>
> While at it, prepare for the coming implementation by GCC and Clang of the
> __counted_by attribute. Flexible array members annotated with __counted_by
> can have their accesses bounds-checked at run-time checking via
> CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
> strcpy/memcpy-family functions).
Again, I'd prefer this as two separate patches.
>
> Also remove a useless comment about the position of a flex-array in a
> structure.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
In any case:
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Thanks
--
Gustavo
> ---
> This patch is part of a work done in parallel of what is currently worked
> on by Kees Cook.
>
> My patches are only related to corner cases that do NOT match the
> semantic of his Coccinelle script[1].
>
> In this case, struct_size() was not used to compute the size needed for the
> structure and its flex array.
>
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> ---
> drivers/mtd/nand/raw/rockchip-nand-controller.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> index 5bc90ffa721f..596cf9a78274 100644
> --- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
> +++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> @@ -158,8 +158,7 @@ struct rk_nfc_nand_chip {
> u32 timing;
>
> u8 nsels;
> - u8 sels[];
> - /* Nothing after this field. */
> + u8 sels[] __counted_by(nsels);
> };
>
> struct rk_nfc {
> @@ -1119,7 +1118,7 @@ static int rk_nfc_nand_chip_init(struct device *dev, struct rk_nfc *nfc,
> return -EINVAL;
> }
>
> - rknand = devm_kzalloc(dev, sizeof(*rknand) + nsels * sizeof(u8),
> + rknand = devm_kzalloc(dev, struct_size(rknand, sels, nsels),
> GFP_KERNEL);
> if (!rknand)
> return -ENOMEM;
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] mtd: rawnand: rockchip: Use struct_size()
2023-10-01 7:44 [PATCH] mtd: rawnand: rockchip: Use struct_size() Christophe JAILLET
2023-10-01 7:49 ` Gustavo A. R. Silva
@ 2023-10-09 19:59 ` Kees Cook
2023-10-09 20:18 ` Heiko Stuebner
2023-10-16 9:29 ` Miquel Raynal
3 siblings, 0 replies; 5+ messages in thread
From: Kees Cook @ 2023-10-09 19:59 UTC (permalink / raw)
To: Christophe JAILLET
Cc: Miquel Raynal, Richard Weinberger, Vignesh Raghavendra,
Heiko Stuebner, Gustavo A. R. Silva, Nathan Chancellor,
Nick Desaulniers, Tom Rix, linux-kernel, kernel-janitors,
linux-mtd, linux-arm-kernel, linux-rockchip, linux-hardening,
llvm
On Sun, Oct 01, 2023 at 09:44:04AM +0200, Christophe JAILLET wrote:
> Use struct_size() instead of hand writing it.
> This is less verbose and more robust.
>
> While at it, prepare for the coming implementation by GCC and Clang of the
> __counted_by attribute. Flexible array members annotated with __counted_by
> can have their accesses bounds-checked at run-time checking via
> CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
> strcpy/memcpy-family functions).
>
> Also remove a useless comment about the position of a flex-array in a
> structure.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
It seems the consensus is to keep the struct_size() changes together
with the __counted_by annotation, so yes, this looks correct to me:
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mtd: rawnand: rockchip: Use struct_size()
2023-10-01 7:44 [PATCH] mtd: rawnand: rockchip: Use struct_size() Christophe JAILLET
2023-10-01 7:49 ` Gustavo A. R. Silva
2023-10-09 19:59 ` Kees Cook
@ 2023-10-09 20:18 ` Heiko Stuebner
2023-10-16 9:29 ` Miquel Raynal
3 siblings, 0 replies; 5+ messages in thread
From: Heiko Stuebner @ 2023-10-09 20:18 UTC (permalink / raw)
To: Miquel Raynal, Richard Weinberger, Vignesh Raghavendra, Kees Cook,
Gustavo A. R. Silva, Nathan Chancellor, Nick Desaulniers, Tom Rix,
Christophe JAILLET
Cc: linux-kernel, kernel-janitors, Christophe JAILLET, linux-mtd,
linux-arm-kernel, linux-rockchip, linux-hardening, llvm
Am Sonntag, 1. Oktober 2023, 09:44:04 CEST schrieb Christophe JAILLET:
> Use struct_size() instead of hand writing it.
> This is less verbose and more robust.
>
> While at it, prepare for the coming implementation by GCC and Clang of the
> __counted_by attribute. Flexible array members annotated with __counted_by
> can have their accesses bounds-checked at run-time checking via
> CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
> strcpy/memcpy-family functions).
>
> Also remove a useless comment about the position of a flex-array in a
> structure.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Heiko Stuebner <heiko@sntech.de>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mtd: rawnand: rockchip: Use struct_size()
2023-10-01 7:44 [PATCH] mtd: rawnand: rockchip: Use struct_size() Christophe JAILLET
` (2 preceding siblings ...)
2023-10-09 20:18 ` Heiko Stuebner
@ 2023-10-16 9:29 ` Miquel Raynal
3 siblings, 0 replies; 5+ messages in thread
From: Miquel Raynal @ 2023-10-16 9:29 UTC (permalink / raw)
To: Christophe JAILLET, Miquel Raynal, Richard Weinberger,
Vignesh Raghavendra, Heiko Stuebner, Kees Cook,
Gustavo A. R. Silva, Nathan Chancellor, Nick Desaulniers, Tom Rix
Cc: linux-kernel, kernel-janitors, linux-mtd, linux-arm-kernel,
linux-rockchip, linux-hardening, llvm
On Sun, 2023-10-01 at 07:44:04 UTC, Christophe JAILLET wrote:
> Use struct_size() instead of hand writing it.
> This is less verbose and more robust.
>
> While at it, prepare for the coming implementation by GCC and Clang of the
> __counted_by attribute. Flexible array members annotated with __counted_by
> can have their accesses bounds-checked at run-time checking via
> CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
> strcpy/memcpy-family functions).
>
> Also remove a useless comment about the position of a flex-array in a
> structure.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> Acked-by: Heiko Stuebner <heiko@sntech.de>
Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks.
Miquel
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread