[PATCH 0/5] chelsio: Annotate structs with __counted_by

[PATCH 0/5] chelsio: Annotate structs with __counted_by

[Kees Cook]

Hi,

This annotates several chelsio structures with the coming __counted_by
attribute for bounds checking of flexible arrays at run-time. For more details,
see commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").

Thanks!

-Kees

Kees Cook (5):
  chelsio/l2t: Annotate struct l2t_data with __counted_by
  cxgb4: Annotate struct clip_tbl with __counted_by
  cxgb4: Annotate struct cxgb4_tc_u32_table with __counted_by
  cxgb4: Annotate struct sched_table with __counted_by
  cxgb4: Annotate struct smt_data with __counted_by

 drivers/net/ethernet/chelsio/cxgb3/l2t.h                | 2 +-
 drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h           | 2 +-
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h | 2 +-
 drivers/net/ethernet/chelsio/cxgb4/l2t.c                | 2 +-
 drivers/net/ethernet/chelsio/cxgb4/sched.h              | 2 +-
 drivers/net/ethernet/chelsio/cxgb4/smt.h                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

-- 
2.34.1

[PATCH 1/5] chelsio/l2t: Annotate struct l2t_data with __counted_by

[Kees Cook]

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct l2t_data.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Raju Rangoju <rajur@chelsio.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
 drivers/net/ethernet/chelsio/cxgb4/l2t.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
index ea75f275023f..646ca0bc25bd 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
+++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
@@ -76,7 +76,7 @@ struct l2t_data {
 	atomic_t nfree;		/* number of free entries */
 	rwlock_t lock;
 	struct rcu_head rcu_head;	/* to handle rcu cleanup */
-	struct l2t_entry l2tab[];
+	struct l2t_entry l2tab[] __counted_by(nentries);
 };
 
 typedef void (*arp_failure_handler_func)(struct t3cdev * dev,
diff --git a/drivers/net/ethernet/chelsio/cxgb4/l2t.c b/drivers/net/ethernet/chelsio/cxgb4/l2t.c
index a10a6862a9a4..1e5f5b1a22a6 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/l2t.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/l2t.c
@@ -59,7 +59,7 @@ struct l2t_data {
 	rwlock_t lock;
 	atomic_t nfree;             /* number of free entries */
 	struct l2t_entry *rover;    /* starting point for next allocation */
-	struct l2t_entry l2tab[];  /* MUST BE LAST */
+	struct l2t_entry l2tab[] __counted_by(l2t_size);  /* MUST BE LAST */
 };
 
 static inline unsigned int vlan_prio(const struct l2t_entry *e)
-- 
2.34.1

[PATCH 2/5] cxgb4: Annotate struct clip_tbl with __counted_by

[Kees Cook]

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct clip_tbl.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Raju Rangoju <rajur@chelsio.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h b/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h
index 290c1058069a..847c7fc2bbd9 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h
+++ b/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h
@@ -29,7 +29,7 @@ struct clip_tbl {
 	atomic_t nfree;
 	struct list_head ce_free_head;
 	void *cl_list;
-	struct list_head hash_list[];
+	struct list_head hash_list[] __counted_by(clipt_size);
 };
 
 enum {
-- 
2.34.1

[PATCH 3/5] cxgb4: Annotate struct cxgb4_tc_u32_table with __counted_by

[Kees Cook]

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct cxgb4_tc_u32_table.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Raju Rangoju <rajur@chelsio.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h
index f59dd4b2ae6f..9050568a034c 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h
@@ -331,6 +331,6 @@ struct cxgb4_link {
 
 struct cxgb4_tc_u32_table {
 	unsigned int size;          /* number of entries in table */
-	struct cxgb4_link table[]; /* Jump table */
+	struct cxgb4_link table[] __counted_by(size); /* Jump table */
 };
 #endif /* __CXGB4_TC_U32_PARSE_H */
-- 
2.34.1

[PATCH 4/5] cxgb4: Annotate struct sched_table with __counted_by

[Kees Cook]

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct sched_table.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Raju Rangoju <rajur@chelsio.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/chelsio/cxgb4/sched.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb4/sched.h b/drivers/net/ethernet/chelsio/cxgb4/sched.h
index 5f8b871d79af..6b3c778815f0 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/sched.h
+++ b/drivers/net/ethernet/chelsio/cxgb4/sched.h
@@ -82,7 +82,7 @@ struct sched_class {
 
 struct sched_table {      /* per port scheduling table */
 	u8 sched_size;
-	struct sched_class tab[];
+	struct sched_class tab[] __counted_by(sched_size);
 };
 
 static inline bool can_sched(struct net_device *dev)
-- 
2.34.1

[PATCH 5/5] cxgb4: Annotate struct smt_data with __counted_by

[Kees Cook]

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct smt_data.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Raju Rangoju <rajur@chelsio.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/chelsio/cxgb4/smt.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb4/smt.h b/drivers/net/ethernet/chelsio/cxgb4/smt.h
index 541249d78914..109c1dff563a 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/smt.h
+++ b/drivers/net/ethernet/chelsio/cxgb4/smt.h
@@ -66,7 +66,7 @@ struct smt_entry {
 struct smt_data {
 	unsigned int smt_size;
 	rwlock_t lock;
-	struct smt_entry smtab[];
+	struct smt_entry smtab[] __counted_by(smt_size);
 };
 
 struct smt_data *t4_init_smt(void);
-- 
2.34.1

Re: [PATCH 0/5] chelsio: Annotate structs with __counted_by

[Kees Cook]

On Fri, Sep 29, 2023 at 11:11:44AM -0700, Kees Cook wrote:
> Hi,
> 
> This annotates several chelsio structures with the coming __counted_by
> attribute for bounds checking of flexible arrays at run-time. For more details,
> see commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").
> 
> Thanks!
> 
> -Kees
> 
> Kees Cook (5):
>   chelsio/l2t: Annotate struct l2t_data with __counted_by
>   cxgb4: Annotate struct clip_tbl with __counted_by
>   cxgb4: Annotate struct cxgb4_tc_u32_table with __counted_by
>   cxgb4: Annotate struct sched_table with __counted_by
>   cxgb4: Annotate struct smt_data with __counted_by
> 
>  drivers/net/ethernet/chelsio/cxgb3/l2t.h                | 2 +-
>  drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h           | 2 +-
>  drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h | 2 +-
>  drivers/net/ethernet/chelsio/cxgb4/l2t.c                | 2 +-
>  drivers/net/ethernet/chelsio/cxgb4/sched.h              | 2 +-
>  drivers/net/ethernet/chelsio/cxgb4/smt.h                | 2 +-
>  6 files changed, 6 insertions(+), 6 deletions(-)

Hm, it looks like this is not "Supported" any more? I'm getting bounces
from "Raju Rangoju <rajur@chelsio.com>" ...

CXGB4 ETHERNET DRIVER (CXGB4)
M:      Raju Rangoju <rajur@chelsio.com>
L:      netdev@vger.kernel.org
S:      Supported
W:      http://www.chelsio.com
F:      drivers/net/ethernet/chelsio/cxgb4/

-Kees

-- 
Kees Cook

Re: [PATCH 1/5] chelsio/l2t: Annotate struct l2t_data with __counted_by

[Christophe JAILLET]

Le 29/09/2023 à 20:11, Kees Cook a écrit :
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
> 
> As found with Coccinelle[1], add __counted_by for struct l2t_data.
> 
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> 
> Cc: Raju Rangoju <rajur@chelsio.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>   drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
>   drivers/net/ethernet/chelsio/cxgb4/l2t.c | 2 +-
>   2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
> index ea75f275023f..646ca0bc25bd 100644
> --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
> +++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
> @@ -76,7 +76,7 @@ struct l2t_data {
>   	atomic_t nfree;		/* number of free entries */
>   	rwlock_t lock;
>   	struct rcu_head rcu_head;	/* to handle rcu cleanup */
> -	struct l2t_entry l2tab[];
> +	struct l2t_entry l2tab[] __counted_by(nentries);
>   };
>   
>   typedef void (*arp_failure_handler_func)(struct t3cdev * dev,
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/l2t.c b/drivers/net/ethernet/chelsio/cxgb4/l2t.c
> index a10a6862a9a4..1e5f5b1a22a6 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/l2t.c
> +++ b/drivers/net/ethernet/chelsio/cxgb4/l2t.c
> @@ -59,7 +59,7 @@ struct l2t_data {
>   	rwlock_t lock;
>   	atomic_t nfree;             /* number of free entries */
>   	struct l2t_entry *rover;    /* starting point for next allocation */
> -	struct l2t_entry l2tab[];  /* MUST BE LAST */
> +	struct l2t_entry l2tab[] __counted_by(l2t_size);  /* MUST BE LAST */

Nit: the comment is maybe unneeded.

>   };
>   
>   static inline unsigned int vlan_prio(const struct l2t_entry *e)

Re: [PATCH 1/5] chelsio/l2t: Annotate struct l2t_data with __counted_by

[Gustavo A. R. Silva]

On 9/29/23 20:11, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
> 
> As found with Coccinelle[1], add __counted_by for struct l2t_data.
> 
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> 
> Cc: Raju Rangoju <rajur@chelsio.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks
--
Gustavo

> ---
>   drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
>   drivers/net/ethernet/chelsio/cxgb4/l2t.c | 2 +-
>   2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
> index ea75f275023f..646ca0bc25bd 100644
> --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
> +++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
> @@ -76,7 +76,7 @@ struct l2t_data {
>   	atomic_t nfree;		/* number of free entries */
>   	rwlock_t lock;
>   	struct rcu_head rcu_head;	/* to handle rcu cleanup */
> -	struct l2t_entry l2tab[];
> +	struct l2t_entry l2tab[] __counted_by(nentries);
>   };
>   
>   typedef void (*arp_failure_handler_func)(struct t3cdev * dev,
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/l2t.c b/drivers/net/ethernet/chelsio/cxgb4/l2t.c
> index a10a6862a9a4..1e5f5b1a22a6 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/l2t.c
> +++ b/drivers/net/ethernet/chelsio/cxgb4/l2t.c
> @@ -59,7 +59,7 @@ struct l2t_data {
>   	rwlock_t lock;
>   	atomic_t nfree;             /* number of free entries */
>   	struct l2t_entry *rover;    /* starting point for next allocation */
> -	struct l2t_entry l2tab[];  /* MUST BE LAST */
> +	struct l2t_entry l2tab[] __counted_by(l2t_size);  /* MUST BE LAST */
>   };
>   
>   static inline unsigned int vlan_prio(const struct l2t_entry *e)

Re: [PATCH 2/5] cxgb4: Annotate struct clip_tbl with __counted_by

[Gustavo A. R. Silva]

On 9/29/23 20:11, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
> 
> As found with Coccinelle[1], add __counted_by for struct clip_tbl.
> 
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> 
> Cc: Raju Rangoju <rajur@chelsio.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks
--
Gustavo

> ---
>   drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h b/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h
> index 290c1058069a..847c7fc2bbd9 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h
> +++ b/drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h
> @@ -29,7 +29,7 @@ struct clip_tbl {
>   	atomic_t nfree;
>   	struct list_head ce_free_head;
>   	void *cl_list;
> -	struct list_head hash_list[];
> +	struct list_head hash_list[] __counted_by(clipt_size);
>   };
>   
>   enum {

Re: [PATCH 3/5] cxgb4: Annotate struct cxgb4_tc_u32_table with __counted_by

[Gustavo A. R. Silva]

On 9/29/23 20:11, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
> 
> As found with Coccinelle[1], add __counted_by for struct cxgb4_tc_u32_table.
> 
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> 
> Cc: Raju Rangoju <rajur@chelsio.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks
--
Gustavo

> ---
>   drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h
> index f59dd4b2ae6f..9050568a034c 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h
> +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h
> @@ -331,6 +331,6 @@ struct cxgb4_link {
>   
>   struct cxgb4_tc_u32_table {
>   	unsigned int size;          /* number of entries in table */
> -	struct cxgb4_link table[]; /* Jump table */
> +	struct cxgb4_link table[] __counted_by(size); /* Jump table */
>   };
>   #endif /* __CXGB4_TC_U32_PARSE_H */

Re: [PATCH 4/5] cxgb4: Annotate struct sched_table with __counted_by

[Gustavo A. R. Silva]

On 9/29/23 20:11, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
> 
> As found with Coccinelle[1], add __counted_by for struct sched_table.
> 
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> 
> Cc: Raju Rangoju <rajur@chelsio.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks
--
Gustavo

> ---
>   drivers/net/ethernet/chelsio/cxgb4/sched.h | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/sched.h b/drivers/net/ethernet/chelsio/cxgb4/sched.h
> index 5f8b871d79af..6b3c778815f0 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/sched.h
> +++ b/drivers/net/ethernet/chelsio/cxgb4/sched.h
> @@ -82,7 +82,7 @@ struct sched_class {
>   
>   struct sched_table {      /* per port scheduling table */
>   	u8 sched_size;
> -	struct sched_class tab[];
> +	struct sched_class tab[] __counted_by(sched_size);
>   };
>   
>   static inline bool can_sched(struct net_device *dev)

Re: [PATCH 5/5] cxgb4: Annotate struct smt_data with __counted_by

[Gustavo A. R. Silva]

On 9/29/23 20:11, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
> 
> As found with Coccinelle[1], add __counted_by for struct smt_data.
> 
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> 
> Cc: Raju Rangoju <rajur@chelsio.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks
--
Gustavo

> ---
>   drivers/net/ethernet/chelsio/cxgb4/smt.h | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/smt.h b/drivers/net/ethernet/chelsio/cxgb4/smt.h
> index 541249d78914..109c1dff563a 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/smt.h
> +++ b/drivers/net/ethernet/chelsio/cxgb4/smt.h
> @@ -66,7 +66,7 @@ struct smt_entry {
>   struct smt_data {
>   	unsigned int smt_size;
>   	rwlock_t lock;
> -	struct smt_entry smtab[];
> +	struct smt_entry smtab[] __counted_by(smt_size);
>   };
>   
>   struct smt_data *t4_init_smt(void);

Re: [PATCH 0/5] chelsio: Annotate structs with __counted_by

[Jakub Kicinski]

On Fri, 29 Sep 2023 12:44:45 -0700 Kees Cook wrote:
> On Fri, Sep 29, 2023 at 11:11:44AM -0700, Kees Cook wrote:
> > Hi,
> > 
> > This annotates several chelsio structures with the coming __counted_by
> > attribute for bounds checking of flexible arrays at run-time. For more details,
> > see commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").
> > 
> > Thanks!
> > 
> > -Kees
> > 
> > Kees Cook (5):
> >   chelsio/l2t: Annotate struct l2t_data with __counted_by
> >   cxgb4: Annotate struct clip_tbl with __counted_by
> >   cxgb4: Annotate struct cxgb4_tc_u32_table with __counted_by
> >   cxgb4: Annotate struct sched_table with __counted_by
> >   cxgb4: Annotate struct smt_data with __counted_by
> > 
> >  drivers/net/ethernet/chelsio/cxgb3/l2t.h                | 2 +-
> >  drivers/net/ethernet/chelsio/cxgb4/clip_tbl.h           | 2 +-
> >  drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32_parse.h | 2 +-
> >  drivers/net/ethernet/chelsio/cxgb4/l2t.c                | 2 +-
> >  drivers/net/ethernet/chelsio/cxgb4/sched.h              | 2 +-
> >  drivers/net/ethernet/chelsio/cxgb4/smt.h                | 2 +-
> >  6 files changed, 6 insertions(+), 6 deletions(-)  
> 
> Hm, it looks like this is not "Supported" any more? I'm getting bounces
> from "Raju Rangoju <rajur@chelsio.com>" ...
> 
> CXGB4 ETHERNET DRIVER (CXGB4)
> M:      Raju Rangoju <rajur@chelsio.com>
> L:      netdev@vger.kernel.org
> S:      Supported
> W:      http://www.chelsio.com
> F:      drivers/net/ethernet/chelsio/cxgb4/

Hi Ayush,

any idea who should be maintaining the Ethernet part of cxgb4 
at this point?

Re: [PATCH 0/5] chelsio: Annotate structs with __counted_by

[patchwork-bot+netdevbpf]

Hello:

This series was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Fri, 29 Sep 2023 11:11:44 -0700 you wrote:
> Hi,
> 
> This annotates several chelsio structures with the coming __counted_by
> attribute for bounds checking of flexible arrays at run-time. For more details,
> see commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").
> 
> Thanks!
> 
> [...]

Here is the summary with links:
  - [1/5] chelsio/l2t: Annotate struct l2t_data with __counted_by
    https://git.kernel.org/netdev/net-next/c/3bbae5f1c651
  - [2/5] cxgb4: Annotate struct clip_tbl with __counted_by
    https://git.kernel.org/netdev/net-next/c/c3db467b0822
  - [3/5] cxgb4: Annotate struct cxgb4_tc_u32_table with __counted_by
    https://git.kernel.org/netdev/net-next/c/157c56a4fede
  - [4/5] cxgb4: Annotate struct sched_table with __counted_by
    https://git.kernel.org/netdev/net-next/c/ceba9725fb45
  - [5/5] cxgb4: Annotate struct smt_data with __counted_by
    https://git.kernel.org/netdev/net-next/c/1508cb7e0752

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Re: [PATCH 0/5] chelsio: Annotate structs with __counted_by

[Jakub Kicinski]

On Fri, 6 Oct 2023 01:58:54 +0530 Ayush Sawal wrote:
>   The current maintainer for cxgb4 driver is Sourabh Sagar 
> <sourabh.sagar@chelsio.com>, I have added him in the CC.
>   He will update the MAINTAINERS file for cxgb4 driver.

Thanks & looking forward to the update!