From: Steven Rostedt <rostedt@goodmis.org>
To: David Laight <david.laight.linux@gmail.com>
Cc: Thorsten Blum <thorsten.blum@linux.dev>,
Josh Poimboeuf <jpoimboe@kernel.org>, Kees Cook <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] unwind deferred: Annotate struct unwind_cache with __counted_by
Date: Fri, 14 Nov 2025 09:56:44 -0500 [thread overview]
Message-ID: <20251114095644.116a767d@gandalf.local.home> (raw)
In-Reply-To: <20251114143104.0d1aead3@pumpkin>
On Fri, 14 Nov 2025 14:31:04 +0000
David Laight <david.laight.linux@gmail.com> wrote:
> On Fri, 14 Nov 2025 08:43:46 -0500
> Steven Rostedt <rostedt@goodmis.org> wrote:
>
> > On Fri, 14 Nov 2025 13:27:47 +0100
> > Thorsten Blum <thorsten.blum@linux.dev> wrote:
> >
> > > Add the __counted_by() compiler attribute to the flexible array member
> > > 'entries' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > CONFIG_FORTIFY_SOURCE.
> > >
> > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > > ---
> > > include/linux/unwind_deferred_types.h | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/include/linux/unwind_deferred_types.h b/include/linux/unwind_deferred_types.h
> > > index 33b62ac25c86..d4b67f0116f3 100644
> > > --- a/include/linux/unwind_deferred_types.h
> > > +++ b/include/linux/unwind_deferred_types.h
> > > @@ -5,7 +5,7 @@
> > > struct unwind_cache {
> > > unsigned long unwind_completed;
> > > unsigned int nr_entries;
> > > - unsigned long entries[];
> > > + unsigned long entries[] __counted_by(nr_entries);
> > > };
> > >
> > > /*
> >
> > Wrong!
> >
> > I need to add a comment here that entries is not bound by nr_entries.
> >
> > https://lore.kernel.org/all/20250730093249.4833be14@gandalf.local.home/
> >
> > Maybe this?:
> >
> > diff --git a/include/linux/unwind_deferred_types.h b/include/linux/unwind_deferred_types.h
> > index 33b62ac25c86..d05409bb14fa 100644
> > --- a/include/linux/unwind_deferred_types.h
> > +++ b/include/linux/unwind_deferred_types.h
> > @@ -5,7 +5,7 @@
> > struct unwind_cache {
> > unsigned long unwind_completed;
>
> Does that need to be 'long' - 'int' would fit in the padding on 64bit.
We could make it 32 bit, then the number of tracers attached would be the
same as it would be on 32 bit archs (which would be 30). Maybe that's enough.
>
> > unsigned int nr_entries;
> > - unsigned long entries[];
> > + unsigned long entries[]; /* Fixed size, not bound by nr_entries */
> > };
>
> Perhaps it should be:
> unsigned long entries[ /* MAX_UNWIND_ENTRIES */ ];
Whatever would keep the coccinelle folks from sending more patches.
-- Steve
next prev parent reply other threads:[~2025-11-14 14:56 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 12:27 [PATCH] unwind deferred: Annotate struct unwind_cache with __counted_by Thorsten Blum
2025-11-14 13:43 ` Steven Rostedt
2025-11-14 13:53 ` Steven Rostedt
2025-11-14 14:57 ` Steven Rostedt
2025-11-14 15:02 ` David Laight
2025-11-14 15:48 ` Steven Rostedt
2025-11-14 14:31 ` David Laight
2025-11-14 14:56 ` Steven Rostedt [this message]
2025-11-14 15:49 ` Steven Rostedt
2025-11-14 15:53 ` Steven Rostedt
2025-11-14 16:15 ` Thorsten Blum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251114095644.116a767d@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=david.laight.linux@gmail.com \
--cc=gustavoars@kernel.org \
--cc=jpoimboe@kernel.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=thorsten.blum@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox