Hi,
This annotates several structures with the coming __counted_by attribute
for bounds checking of flexible arrays at run-time. For more details, see
commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").
Thanks!
-Kees
Kees Cook (7):
RDMA: Annotate struct rdma_hw_stats with __counted_by
RDMA/core: Annotate struct ib_pkey_cache with __counted_by
RDMA/usnic: Annotate struct usnic_uiom_chunk with __counted_by
RDMA/siw: Annotate struct siw_pbl with __counted_by
IB/srp: Annotate struct srp_fr_pool with __counted_by
IB/mthca: Annotate struct mthca_icm_table with __counted_by
IB/hfi1: Annotate struct tid_rb_node with __counted_by
drivers/infiniband/core/cache.c | 2 +-
drivers/infiniband/hw/hfi1/user_exp_rcv.h | 2 +-
drivers/infiniband/hw/mthca/mthca_memfree.h | 2 +-
drivers/infiniband/hw/usnic/usnic_uiom.h | 2 +-
drivers/infiniband/sw/siw/siw.h | 2 +-
drivers/infiniband/ulp/srp/ib_srp.h | 2 +-
include/rdma/ib_verbs.h | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
--
2.34.1
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct tid_rb_node.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Dennis Dalessandro <[email protected]>
Cc: Jason Gunthorpe <[email protected]>
Cc: Leon Romanovsky <[email protected]>
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/infiniband/hw/hfi1/user_exp_rcv.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.h b/drivers/infiniband/hw/hfi1/user_exp_rcv.h
index b85de9070aee..055726f7c139 100644
--- a/drivers/infiniband/hw/hfi1/user_exp_rcv.h
+++ b/drivers/infiniband/hw/hfi1/user_exp_rcv.h
@@ -36,7 +36,7 @@ struct tid_rb_node {
dma_addr_t dma_addr;
bool freed;
unsigned int npages;
- struct page *pages[];
+ struct page *pages[] __counted_by(npages);
};
static inline int num_user_pages(unsigned long addr,
--
2.34.1
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct usnic_uiom_chunk.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Christian Benvenuti <[email protected]>
Cc: Nelson Escobar <[email protected]>
Cc: Jason Gunthorpe <[email protected]>
Cc: Leon Romanovsky <[email protected]>
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/infiniband/hw/usnic/usnic_uiom.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/usnic/usnic_uiom.h b/drivers/infiniband/hw/usnic/usnic_uiom.h
index 5a9acf941510..70d51d919d12 100644
--- a/drivers/infiniband/hw/usnic/usnic_uiom.h
+++ b/drivers/infiniband/hw/usnic/usnic_uiom.h
@@ -77,7 +77,7 @@ struct usnic_uiom_reg {
struct usnic_uiom_chunk {
struct list_head list;
int nents;
- struct scatterlist page_list[];
+ struct scatterlist page_list[] __counted_by(nents);
};
struct usnic_uiom_pd *usnic_uiom_alloc_pd(struct device *dev);
--
2.34.1
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ib_pkey_cache.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Jason Gunthorpe <[email protected]>
Cc: Leon Romanovsky <[email protected]>
Cc: "HÃ¥kon Bugge" <[email protected]>
Cc: Avihai Horon <[email protected]>
Cc: Anand Khoje <[email protected]>
Cc: Mark Bloch <[email protected]>
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/infiniband/core/cache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
index 7acc0f936dad..c02a96d3572a 100644
--- a/drivers/infiniband/core/cache.c
+++ b/drivers/infiniband/core/cache.c
@@ -46,7 +46,7 @@
struct ib_pkey_cache {
int table_len;
- u16 table[];
+ u16 table[] __counted_by(table_len);
};
struct ib_update_work {
--
2.34.1
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct srp_fr_pool.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Bart Van Assche <[email protected]>
Cc: Jason Gunthorpe <[email protected]>
Cc: Leon Romanovsky <[email protected]>
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/infiniband/ulp/srp/ib_srp.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.h b/drivers/infiniband/ulp/srp/ib_srp.h
index 5d94db453df3..349576ff3845 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.h
+++ b/drivers/infiniband/ulp/srp/ib_srp.h
@@ -306,7 +306,7 @@ struct srp_fr_pool {
int max_page_list_len;
spinlock_t lock;
struct list_head free_list;
- struct srp_fr_desc desc[];
+ struct srp_fr_desc desc[] __counted_by(size);
};
/**
--
2.34.1
On Fri, 29 Sep 2023 11:04:23 -0700, Kees Cook wrote:
> This annotates several structures with the coming __counted_by attribute
> for bounds checking of flexible arrays at run-time. For more details, see
> commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").
>
> Thanks!
>
> -Kees
>
> [...]
Applied, thanks!
[1/7] RDMA: Annotate struct rdma_hw_stats with __counted_by
https://git.kernel.org/rdma/rdma/c/4755dc6f29597d
[2/7] RDMA/core: Annotate struct ib_pkey_cache with __counted_by
https://git.kernel.org/rdma/rdma/c/fc424078f50840
[3/7] RDMA/usnic: Annotate struct usnic_uiom_chunk with __counted_by
https://git.kernel.org/rdma/rdma/c/ed7c64de622ff9
[4/7] RDMA/siw: Annotate struct siw_pbl with __counted_by
https://git.kernel.org/rdma/rdma/c/0bc018b7a7b733
[5/7] IB/srp: Annotate struct srp_fr_pool with __counted_by
https://git.kernel.org/rdma/rdma/c/bd8eec5bfa59b5
[6/7] IB/mthca: Annotate struct mthca_icm_table with __counted_by
https://git.kernel.org/rdma/rdma/c/2aba54a9e0ead5
[7/7] IB/hfi1: Annotate struct tid_rb_node with __counted_by
https://git.kernel.org/rdma/rdma/c/964168970cef5f
Best regards,
--
Leon Romanovsky <[email protected]>
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct siw_pbl.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Bernard Metzler <[email protected]>
Cc: Jason Gunthorpe <[email protected]>
Cc: Leon Romanovsky <[email protected]>
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/infiniband/sw/siw/siw.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/siw/siw.h b/drivers/infiniband/sw/siw/siw.h
index 1c78c1ca7d7a..cec5cccd2e75 100644
--- a/drivers/infiniband/sw/siw/siw.h
+++ b/drivers/infiniband/sw/siw/siw.h
@@ -137,7 +137,7 @@ struct siw_pble {
struct siw_pbl {
unsigned int num_buf;
unsigned int max_buf;
- struct siw_pble pbe[];
+ struct siw_pble pbe[] __counted_by(max_buf);
};
/*
--
2.34.1