Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp615604rdb; Sat, 30 Sep 2023 20:05:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEbT2Jc8RIYnWm+/jExpJohD1By6axePvoG1LBU4ghzfEQXeQ2OHrQksJ9zkd1uBBF6bR5H X-Received: by 2002:a05:6e02:1d01:b0:34f:b7b7:11a5 with SMTP id i1-20020a056e021d0100b0034fb7b711a5mr10139383ila.2.1696129551035; Sat, 30 Sep 2023 20:05:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696129551; cv=none; d=google.com; s=arc-20160816; b=x5X8aus5YS3huj0GVT6YGqeyDTJ4l+7YA993oBk4fnE1aAih2ve1aVK7lhsIJ2chjW 9UKJVVrOogQtfxFY6SNc8jNxaHJB1AONkDNRxlV/KK2EpS6WHFp+38iXx8irJzJdgkty 7KiCcJuhFJVMBY/kLzYo4UBNzOrq5HN1HEoy+dW+TVgNzU6MpEFoasHgEVmYThXyqqWN /iIYv9adMCWc4t/YU0/LPHdPe/BV3+k+HKiC0ovTT04laatnMUuba2a+yqyhgvwA54nx upvILAgAY6ER1BIhoL4V1Zo6WBi1muVqRM6SVt0OrEAaGLohvEyWssLfEhSDaXbwlpo6 c+xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=F8ShV6E/8QsJOCzMhx8IRO8TVLv4FnaEtvtGItg5wE4=; fh=HngL6zjIB39Vqpe40bCvYyl3AJ+NYDbdNRP/PWo7D6Q=; b=FQlCw6phVtJRjn5zm3+ZdFsQzCtCCGT0Pf5PDjbi2jb3UTxAVKK+3hvTBVbeGMTexf EsseplWm+oxmL4nmlS4fQx+QjjHX4Eo5oAtjjCVnViE2nW/zPVb+0qPB3JLsdmpzARFN B+03jZvlTfhGeVLMnwjOvAOtXoe1DLLhX509RgCd4T832wJ4HOpvjBITeMu1h575UMwu U/ztTnH4L6aNc3MiX5zolgYEOxfuwsfvJOT6qQaj6kzN5OBj8ll2JbFM7+gs6xP1IE17 r1+FCBiymeUMqfZLHmA69aSYqiuBuAW+cLEo8n8dgrzJ1AYr2IrVxHoZ4sMF1W5mJafY ZfuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cZxRnjs8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id z19-20020a63e113000000b00580e32f778csi18850253pgh.506.2023.09.30.20.05.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 Sep 2023 20:05:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cZxRnjs8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 49ECD8283A55; Sat, 30 Sep 2023 14:04:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233926AbjI3U5S (ORCPT + 99 others); Sat, 30 Sep 2023 16:57:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232658AbjI3U5R (ORCPT ); Sat, 30 Sep 2023 16:57:17 -0400 Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0897DD for ; Sat, 30 Sep 2023 13:57:14 -0700 (PDT) Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-1c737d61a00so27155315ad.3 for ; Sat, 30 Sep 2023 13:57:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1696107434; x=1696712234; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=F8ShV6E/8QsJOCzMhx8IRO8TVLv4FnaEtvtGItg5wE4=; b=cZxRnjs8xuLe22cyUvJKz48zZ5sPRdbdfhyzq0BhREf8IvBWNBPqtoPu7mW8mTNoyS eHQpHlytoAy+PUhOgmr2UIRIL1X/MsCvfcj5ghkT5XLG7h7hYAV9buucE/BvVC6+ERPR UDs59KQ5ia3ikpBcm8LMWfuNLypcd6LfCyh4k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696107434; x=1696712234; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=F8ShV6E/8QsJOCzMhx8IRO8TVLv4FnaEtvtGItg5wE4=; b=brP+NBRR4bF5+zK69eFJhW21Uoy1Q0/29lrIKxXmTC/r5w3i4qHhEpDdYgrcnyVxX1 XjFTNHp9VPfUBhhpp/172KAzkz+eMhuyg5Ibo7IoKSVfZTiONkBBCyejupdNjpqI32iZ Fj8LXuX2gCV5C/CBXIw6kkKIK+y8OE6WEna2lkC7RTZCAEGkVnVPzj9+mfVudmd2i1La 4WIoeiiHNWZgqS27GFlnqums1C6REHzERqrmzrT8rrnngTaOZbKwOyLnB2Tjx5xJtWX3 3vQwkgbBqqWiIvVADEhULvjbWTqlWUFyUxIxuS5qt6dUQM65E/tox0kfe92ztUB1W2kx u58w== X-Gm-Message-State: AOJu0YxIb3F3Klslm9RZRi7qH6gk93qCgFZUbMul3KwyA9haOFcml8kq FbPqhVNvw3GuunMQhY+0u7GG2A== X-Received: by 2002:a17:903:1247:b0:1bf:8779:e045 with SMTP id u7-20020a170903124700b001bf8779e045mr9024419plh.50.1696107434169; Sat, 30 Sep 2023 13:57:14 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id b12-20020a170903228c00b001bbb7af4963sm19102341plh.68.2023.09.30.13.57.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 Sep 2023 13:57:13 -0700 (PDT) Date: Sat, 30 Sep 2023 13:57:09 -0700 From: Kees Cook To: Christophe JAILLET Cc: Ian Abbott , H Hartley Sweeten , "Gustavo A. R. Silva" , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH] comedi: Annotate struct comedi_lrange with __counted_by Message-ID: <202309301342.5B5BED40A1@keescook> References: <5c3b7459b820e22e2ac6ce892d4aadcc119cc919.1696065263.git.christophe.jaillet@wanadoo.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5c3b7459b820e22e2ac6ce892d4aadcc119cc919.1696065263.git.christophe.jaillet@wanadoo.fr> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Sat, 30 Sep 2023 14:04:57 -0700 (PDT) On Sat, Sep 30, 2023 at 11:14:47AM +0200, Christophe JAILLET wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > Signed-off-by: Christophe JAILLET > --- > This patch is part of a work done in parallel of what is currently worked > on by Kees Cook. > > My patches are only related to corner cases that do NOT match the > semantic of his Coccinelle script[1]. Nice! struct comedi_lrange { int length; struct comedi_krange range[]; }; ... static const struct comedi_lrange range_rti800_ai_10_bipolar = { 4, { BIP_RANGE(10), BIP_RANGE(1), BIP_RANGE(0.1), BIP_RANGE(0.02) } }; I'm struggling to come up with a way for Coccinelle to find this kind of thing in other places... > In this case, it is been spotted because of comedi_alloc_spriv(). > All other usages of struct comedi_lrange seem to be static definition of > the structure that explicitly set the .length field. Ah-ha, I found it in drivers/comedi/drivers/das16.c das16_ai_range(): lrange = comedi_alloc_spriv(s, struct_size(lrange, range, 1)); I was also able to find this: union jr3_pci_single_range { struct comedi_lrange l; char _reserved[offsetof(struct comedi_lrange, range[1])]; }; Which looks a lot like DEFINE_FLEX: https://lore.kernel.org/linux-hardening/20230912115937.1645707-2-przemyslaw.kitszel@intel.com/ But that above for stack varaibles rather than globals. But I'm way off topic now. ;) Reviewed-by: Kees Cook > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > --- > include/linux/comedi/comedidev.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/comedi/comedidev.h b/include/linux/comedi/comedidev.h > index 0a1150900ef3..c08416a7364b 100644 > --- a/include/linux/comedi/comedidev.h > +++ b/include/linux/comedi/comedidev.h > @@ -633,7 +633,7 @@ extern const struct comedi_lrange range_unknown; > */ > struct comedi_lrange { > int length; > - struct comedi_krange range[]; > + struct comedi_krange range[] __counted_by(length); > }; > > /** > -- > 2.34.1 > -- Kees Cook