From: Kees Cook <keescook@chromium.org>
To: Alex Elder <elder@ieee.org>
Cc: Jakub Kicinski <kuba@kernel.org>, Alex Elder <elder@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, Jamal Hadi Salim <jhs@mojatatu.com>,
David Ahern <dsahern@kernel.org>,
Martin KaFai Lau <martin.lau@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Yisen Zhuang <yisen.zhuang@huawei.com>,
Salil Mehta <salil.mehta@huawei.com>,
Claudiu Manoil <claudiu.manoil@nxp.com>,
Vladimir Oltean <vladimir.oltean@nxp.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Long Li <longli@microsoft.com>,
Ajay Sharma <sharmaajay@microsoft.com>,
Pravin B Shelar <pshelar@ovn.org>,
Shaokun Zhang <zhangshaokun@hisilicon.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
Jiri Pirko <jiri@resnulli.us>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>, Simon Horman <horms@kernel.org>,
linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org,
linux-rdma@vger.kernel.org, dev@openvswitch.org,
linux-parisc@vger.kernel.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH 08/14] net: ipa: Annotate struct ipa_power with __counted_by
Date: Sat, 23 Sep 2023 19:03:26 -0700 [thread overview]
Message-ID: <202309231859.D8467DB23@keescook> (raw)
In-Reply-To: <6f52f36c-be16-2427-c19f-0e8b3dd2ff5f@ieee.org>
On Sat, Sep 23, 2023 at 07:09:19AM -0500, Alex Elder wrote:
> On 9/22/23 12:28 PM, Kees Cook wrote:
> > Prepare for the coming implementation by GCC and Clang of the __counted_by
> > attribute. Flexible array members annotated with __counted_by can have
> > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> > functions).
> >
> > As found with Coccinelle[1], add __counted_by for struct ipa_power.
>
> Looks good, thanks.
>
> Reviewed-by: Alex Elder <elder@linaro.org>
>
> Note that there is some interaction between struct ipa_power_data
> and struct ipa_power (the former is used to initialize the latter).
> Both of these contain flexible arrays counted by another field in
> the structure. It seems possible that the way these are initialized
> might need slight modification to allow the compiler to do its
> enforcement; if that's the case, please reach out to me.
I think it's all okay:
struct ipa_power_data {
u32 core_clock_rate;
u32 interconnect_count; /* # entries in interconnect_data[] */
const struct ipa_interconnect_data *interconnect_data;
};
"interconnect_data" here is a pointer, not a flexible array. (Yes,
__counted_by is expected to be expanded in the future for pointers,
but not yet.) Looking at initializers, I didn't see any problems with
how struct ipa_power is allocated.
Thanks for the heads-up; I'm sure I'll look at this again when we can
further expand __counted_by to pointers. :)
-Kees
--
Kees Cook
next prev parent reply other threads:[~2023-09-24 2:03 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-22 17:28 [PATCH 00/14] Batch 1: Annotate structs with __counted_by Kees Cook
2023-09-22 17:28 ` [PATCH 01/14] ipv4: Annotate struct fib_info " Kees Cook
2023-09-23 1:43 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 02/14] ipv4/igmp: Annotate struct ip_sf_socklist " Kees Cook
2023-09-23 1:50 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 03/14] ipv6: Annotate struct ip6_sf_socklist " Kees Cook
2023-09-23 1:51 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 04/14] net: hns: Annotate struct ppe_common_cb " Kees Cook
2023-09-23 1:51 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 05/14] net: enetc: Annotate struct enetc_int_vector " Kees Cook
2023-09-23 1:52 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 06/14] net: hisilicon: Annotate struct rcb_common_cb " Kees Cook
2023-09-23 1:52 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 07/14] net: mana: Annotate struct mana_rxq " Kees Cook
2023-09-23 1:55 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 08/14] net: ipa: Annotate struct ipa_power " Kees Cook
2023-09-23 1:55 ` Gustavo A. R. Silva
2023-09-23 12:09 ` Alex Elder
2023-09-24 2:03 ` Kees Cook [this message]
2023-09-22 17:28 ` [PATCH 09/14] net: mana: Annotate struct hwc_dma_buf " Kees Cook
2023-09-23 1:56 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 10/14] net: openvswitch: Annotate struct dp_meter_instance " Kees Cook
2023-09-23 1:56 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 11/14] net: enetc: Annotate struct enetc_psfp_gate " Kees Cook
2023-09-23 1:56 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 12/14] net: openvswitch: Annotate struct dp_meter " Kees Cook
2023-09-23 1:57 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 13/14] net: tulip: Annotate struct mediatable " Kees Cook
2023-09-23 1:57 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 14/14] net: sched: Annotate struct tc_pedit " Kees Cook
2023-09-22 18:18 ` Kees Cook
2023-09-22 18:23 ` Kees Cook
2023-09-23 2:06 ` Gustavo A. R. Silva
2023-09-27 15:57 ` [PATCH 00/14] Batch 1: Annotate structs " Kees Cook
2023-10-02 18:26 ` Jakub Kicinski
2023-10-02 20:29 ` Kees Cook
2023-10-02 18:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202309231859.D8467DB23@keescook \
--to=keescook@chromium.org \
--cc=ast@kernel.org \
--cc=claudiu.manoil@nxp.com \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=dev@openvswitch.org \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=elder@ieee.org \
--cc=elder@kernel.org \
--cc=gustavoars@kernel.org \
--cc=haiyangz@microsoft.com \
--cc=horms@kernel.org \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=kys@microsoft.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=longli@microsoft.com \
--cc=martin.lau@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pshelar@ovn.org \
--cc=salil.mehta@huawei.com \
--cc=sharmaajay@microsoft.com \
--cc=trix@redhat.com \
--cc=vladimir.oltean@nxp.com \
--cc=wei.liu@kernel.org \
--cc=xiyou.wangcong@gmail.com \
--cc=yisen.zhuang@huawei.com \
--cc=zhangshaokun@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).