Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp908216rdb; Sun, 1 Oct 2023 10:24:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFlTj1eET1mGmTiXuYiiuiPvPl4DPbmR1UfDbzXYjuuTJ5mHEKzcmEY1OnDt0E6GNdxjRQm X-Received: by 2002:a05:6a20:a183:b0:15e:7323:5bf3 with SMTP id r3-20020a056a20a18300b0015e73235bf3mr947368pzk.26.1696181094975; Sun, 01 Oct 2023 10:24:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696181094; cv=none; d=google.com; s=arc-20160816; b=anAnEu3T6yLsngPcb3H+jDHn1wP6W/AyOArxGApem1La6Zq3PDITNp/SYKNBuUMYXA WEqonTFJRsQLUvepu7gKpwI5hgkU0XE0oDLNE1//FzlY3MtFwlVTf0SaNAXaI/RmeAr2 qeX+sDyM1xYYImwlG4bakpbLAbB7WHyRa/vXfc6PrwTR6hw9Ju9mA4U9aTTSBkF4OxpH Qfoyisdm/lFUVfx+uAjKmhdlAYWhYus5ikgXrRRX8jqGCcJO4Bz7jOe1fCsHOSd+dIlJ YIxti1/i8OAnYFMeBF0Uw4KqisGBwrq+hra7ftBxNWTYARJoHF061lrcNkFnNfuNoMSO p+bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:message-id :in-reply-to:subject:cc:to:from:date:dkim-signature; bh=HErumfQldrZ1wEAyapunbIKIjtch5VpFsR6qI9KUJ58=; fh=Yv45ZiipHFBwnitwQPEwRhAFBeYFtwghWxeWcGNu3Nc=; b=g9MD2anG6zlF5aQTJGAewih3cMAGU9jn2gNq5vfIr8ZznH/VPILGxsyjHmAMwrzRms JIDdDFO4dNhYHKVMjlr+EHah4vOwWXGK9hjk2/Ag8QdCcQZjUVWPHt7zJlaqyvtfRh52 Q+Zd8c+aV6XZPPXY7h6pIk0uzAN0i7NJYGsvpZK+3B5L07yUHbWmnErN4VCXNGxtkuQ5 00yJ68fb1VvrI/qIb+V0pxKWDw+GQmCCZbHbNVfqPmQOonnQMWrE8Ypay1IRO9wsjszc b6semDX3gUwS0zIm7plaJT2JGBI/u0vAhYJvMjHQKbYSRIAZqaJdx1uWgZweSq1RNOnl QmLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@inria.fr header.s=dc header.b=dvJxunxc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=inria.fr Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id r20-20020a6560d4000000b00585a02550dfsi5711261pgv.117.2023.10.01.10.24.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Oct 2023 10:24:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@inria.fr header.s=dc header.b=dvJxunxc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=inria.fr Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 8C1C480279D1; Sun, 1 Oct 2023 00:46:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234430AbjJAHpr (ORCPT + 99 others); Sun, 1 Oct 2023 03:45:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234425AbjJAHpq (ORCPT ); Sun, 1 Oct 2023 03:45:46 -0400 Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D92BAC2; Sun, 1 Oct 2023 00:45:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=HErumfQldrZ1wEAyapunbIKIjtch5VpFsR6qI9KUJ58=; b=dvJxunxcAAF9RE+E67eRBJamxQtvEHk9DK6p9GV/Ku+VnWJlkR3aFP7S HKheznWnSAH41GJxiZpIMcvi6dA0oM0iNwXnk43vHh7W0IN0FHBfQ4Dfg QjCU/4hS/CDm02LQarZa3bgivW9k72emllYOZ/odOX3XpW4DwmvM34hL2 w=; Authentication-Results: mail3-relais-sop.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=julia.lawall@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="6.03,191,1694728800"; d="scan'208";a="67431193" Received: from 231.85.89.92.rev.sfr.net (HELO hadrien) ([92.89.85.231]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2023 09:45:42 +0200 Date: Sun, 1 Oct 2023 09:45:41 +0200 (CEST) From: Julia Lawall X-X-Sender: jll@hadrien To: Kees Cook cc: Christophe JAILLET , Ian Abbott , H Hartley Sweeten , "Gustavo A. R. Silva" , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH] comedi: Annotate struct comedi_lrange with __counted_by In-Reply-To: <202309301342.5B5BED40A1@keescook> Message-ID: References: <5c3b7459b820e22e2ac6ce892d4aadcc119cc919.1696065263.git.christophe.jaillet@wanadoo.fr> <202309301342.5B5BED40A1@keescook> User-Agent: Alpine 2.22 (DEB 394 2020-01-19) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Sun, 01 Oct 2023 00:46:39 -0700 (PDT) On Sat, 30 Sep 2023, Kees Cook wrote: > On Sat, Sep 30, 2023 at 11:14:47AM +0200, Christophe JAILLET wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > > attribute. Flexible array members annotated with __counted_by can have > > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > > functions). > > > > Signed-off-by: Christophe JAILLET > > --- > > This patch is part of a work done in parallel of what is currently worked > > on by Kees Cook. > > > > My patches are only related to corner cases that do NOT match the > > semantic of his Coccinelle script[1]. > > Nice! > > struct comedi_lrange { > int length; > struct comedi_krange range[]; > }; > ... > static const struct comedi_lrange range_rti800_ai_10_bipolar = { > 4, { > BIP_RANGE(10), > BIP_RANGE(1), > BIP_RANGE(0.1), > BIP_RANGE(0.02) > } > }; > > I'm struggling to come up with a way for Coccinelle to find this kind of > thing in other places... Kees, what exactly are you trying to match? Static allocations? julia > > > In this case, it is been spotted because of comedi_alloc_spriv(). > > All other usages of struct comedi_lrange seem to be static definition of > > the structure that explicitly set the .length field. > > Ah-ha, I found it in drivers/comedi/drivers/das16.c das16_ai_range(): > > lrange = comedi_alloc_spriv(s, > struct_size(lrange, range, 1)); > > I was also able to find this: > > union jr3_pci_single_range { > struct comedi_lrange l; > char _reserved[offsetof(struct comedi_lrange, range[1])]; > }; > > Which looks a lot like DEFINE_FLEX: > https://lore.kernel.org/linux-hardening/20230912115937.1645707-2-przemyslaw.kitszel@intel.com/ > But that above for stack varaibles rather than globals. But I'm way off > topic now. ;) > > Reviewed-by: Kees Cook > > > > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > --- > > include/linux/comedi/comedidev.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/include/linux/comedi/comedidev.h b/include/linux/comedi/comedidev.h > > index 0a1150900ef3..c08416a7364b 100644 > > --- a/include/linux/comedi/comedidev.h > > +++ b/include/linux/comedi/comedidev.h > > @@ -633,7 +633,7 @@ extern const struct comedi_lrange range_unknown; > > */ > > struct comedi_lrange { > > int length; > > - struct comedi_krange range[]; > > + struct comedi_krange range[] __counted_by(length); > > }; > > > > /** > > -- > > 2.34.1 > > > > -- > Kees Cook >