Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2323868rdb; Tue, 3 Oct 2023 18:52:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEGJVkDSYWGYjhs8FTLMmsc09vLf9lrOfNNj/ftWFIZ4k1taY+vjsOuGa9dg+bW9LQRt1nK X-Received: by 2002:a05:6808:1998:b0:3a7:36f9:51aa with SMTP id bj24-20020a056808199800b003a736f951aamr1444396oib.17.1696384323013; Tue, 03 Oct 2023 18:52:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696384322; cv=none; d=google.com; s=arc-20160816; b=eF7qprMThQKhO9XaWoMINwdcAyShIrJCv2N/2D+w4z1LW1uu8fgN/U7BVQMtnXFS5N rmGRg3mxgdmyC7dn5rM4oCvYkvheXl78yq/GngWECZQubvT8X80L7fU61JaVglnNjNIp 6Px8PSNtxd4Dqw1miAghWD+rBM70JXHM6nvaM3mTF+Vx3zr53Fl22haoZkcKtyfMLZTG Izz2/HUmC76mfb/ED0KZ9qfJGYJnuX+g6hPJNrl8/EtEUxslnxu9aqWdKjz5aMW1VnGo lL71LrmCFtRsx+FBi3g5E9zFNV0loxZt5c8mOVjy3BWrvtn9aOGIOWz8S/+voLV8vPHh DlPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=ggHCHkGU+2wCnzyFW6haFKxRKI3yRdbYc3yFtrU2eIA=; fh=SOetmnQB6glRjihyrRsiP5ROR+OBwS3oyfAjgeeo0y4=; b=n1zUTVyBxVB84rbutzWK6/eZBWZ1eOtX1CwvmZioczaCm5Fb5lffmMwrvifjv8nGbp f6XCKgZ2ZtVx75TBHFlIImpVXsprieffkEjiY3dRCi6s9BoWyoW6MzlV7t4bc1hH43kT 5i/vQpmL+66bFV0BIBl9ks3aN8wbO2g2Us6djLlaOMRKw/hSocoH1wMXOSFNYRw29PWU gPlBf/p6ubgOJU7Ptm9Bp3ysrORtHeoBZLMFTO8PLjDBfw3fT6k9zqh+dhzR0jqTVRJr fxHPK3X4U/FWFKeOZiEMwkpIfKNwjNGtNPZS1SUNFe4H1rdWQ5u/hvni3JSi/wEufcb7 JaTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@embeddedor.com header.s=default header.b=tTeN4mvJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id 23-20020a630217000000b00584ac83e116si2811834pgc.321.2023.10.03.18.52.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 18:52:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=fail header.i=@embeddedor.com header.s=default header.b=tTeN4mvJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 9441D822B2D9; Tue, 3 Oct 2023 18:52:00 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240148AbjJDBvx (ORCPT + 99 others); Tue, 3 Oct 2023 21:51:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230274AbjJDBvw (ORCPT ); Tue, 3 Oct 2023 21:51:52 -0400 Received: from omta040.useast.a.cloudfilter.net (omta040.useast.a.cloudfilter.net [44.202.169.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E747A1; Tue, 3 Oct 2023 18:51:49 -0700 (PDT) Received: from eig-obgw-5007a.ext.cloudfilter.net ([10.0.29.141]) by cmsmtp with ESMTP id npJ5q0DBfaLCxnr3EqMOM4; Wed, 04 Oct 2023 01:51:48 +0000 Received: from gator4166.hostgator.com ([108.167.133.22]) by cmsmtp with ESMTPS id nr3DqxFyKoD58nr3Eq9rAr; Wed, 04 Oct 2023 01:51:48 +0000 X-Authority-Analysis: v=2.4 cv=Ou1cdgzt c=1 sm=1 tr=0 ts=651cc534 a=1YbLdUo/zbTtOZ3uB5T3HA==:117 a=Dx1Zrv+1i3YEdDUMOX3koA==:17 a=OWjo9vPv0XrRhIrVQ50Ab3nP57M=:19 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=IkcTkHD0fZMA:10 a=bhdUkHdE2iEA:10 a=wYkD_t78qR0A:10 a=7ZN4cI0QAAAA:8 a=FNyBlpCuAAAA:8 a=J1Y8HTJGAAAA:8 a=VwQbUJbxAAAA:8 a=NEAV23lmAAAA:8 a=cm27Pg_UAAAA:8 a=cZbiYKqXTMG0Wr-ZeUwA:9 a=QEXdDO2ut3YA:10 a=Dl0WHwQvj8hGZljrFLtM:22 a=RlW-AWeGUCXs_Nkyno-6:22 a=y1Q9-5lHfBjTkpIzbSAN:22 a=AjGcO6oz07-iQ99wixmX:22 a=xmb-EsYY8bH0VWELuYED:22 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=embeddedor.com; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:From:References:Cc:To:Subject:MIME-Version:Date:Message-ID:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ggHCHkGU+2wCnzyFW6haFKxRKI3yRdbYc3yFtrU2eIA=; b=tTeN4mvJkuNKZc/5rouT9pns/Z 3cj2Axtd2GRqcmFamUMG7bR/flgJsr33ZbRlsjfZ4NF8P1WNmJ7AxNRT0B6VPxJXkl8GMvZ3S+dqZ /Bh4Xio+87sTDSEQITowCpk+ovAD3b8Uxu9N6m8iz7WJSMR0Jp1Ghe7GsGX0edxBKl4HBeeACMbhY om2Uqs7CuUAKA2m7DE7enV/S6TQnou42HMdF+ttxzgCuql6QUlQ2UAFXhHn/99caQQGFWV/GeWZtF JXF6wX6j/VvN6Kl1ils9iw7DVbjDQCFiiaCbTEQODoJ4g79vEB29on3v+O9eEmRJb1tRNs6XGXC6c KBfFF0sQ==; Received: from 94-238-9-39.abo.bbox.fr ([94.238.9.39]:50436 helo=[192.168.1.98]) by gator4166.hostgator.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1qnoyd-001TCG-1l; Tue, 03 Oct 2023 18:38:55 -0500 Message-ID: <37d2d198-d9e7-3427-af4f-05ac42c38ede@embeddedor.com> Date: Wed, 4 Oct 2023 01:38:50 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [PATCH] xfrm: Annotate struct xfrm_sec_ctx with __counted_by Content-Language: en-US To: Kees Cook , Steffen Klassert Cc: Herbert Xu , "David S. Miller" , netdev@vger.kernel.org, "Gustavo A. R. Silva" , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev References: <20231003231828.work.527-kees@kernel.org> From: "Gustavo A. R. Silva" In-Reply-To: <20231003231828.work.527-kees@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 94.238.9.39 X-Source-L: No X-Exim-ID: 1qnoyd-001TCG-1l X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: 94-238-9-39.abo.bbox.fr ([192.168.1.98]) [94.238.9.39]:50436 X-Source-Auth: gustavo@embeddedor.com X-Email-Count: 0 X-Org: HG=hgshared;ORG=hostgator; X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes X-CMAE-Envelope: MS4xfKHY7ZSGoi8l/b5c92Q78wOnWZw3iIyT+RB53iNp7tMGmPZF2xXBcWhbGRqlNEHdKn2D/7D6+GiASZ/w2J7Nl8Lc4+m2r5h4R3DeRWBvOrCMN449Ukt2 19vtn9YGoemLssaA7WVl3LgTrWXyBjUZiGpHx1h2V28gROscngnQTPaCgSpeD4DEXVx/sp65ERuZqPucGg0NgMSNH3+leqATQF8okm7nCMTbIC4jIrO7+BzV Ahdv0FhentkhuZhiRf9dKwNbokc/0XLXf8YiC8Uh/t/rDNyDP+lP9urNgb2VW/tm X-Spam-Status: No, score=-1.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 03 Oct 2023 18:52:00 -0700 (PDT) On 10/4/23 01:18, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct xfrm_sec_ctx. > > Cc: Steffen Klassert > Cc: Herbert Xu > Cc: "David S. Miller" > Cc: netdev@vger.kernel.org > Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1] > Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva Thanks -- Gustavo > --- > include/uapi/linux/xfrm.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h > index 23543c33fee8..6a77328be114 100644 > --- a/include/uapi/linux/xfrm.h > +++ b/include/uapi/linux/xfrm.h > @@ -4,6 +4,7 @@ > > #include > #include > +#include > > /* All of the structures in this file may not change size as they are > * passed into the kernel from userspace via netlink sockets. > @@ -33,7 +34,7 @@ struct xfrm_sec_ctx { > __u8 ctx_alg; > __u16 ctx_len; > __u32 ctx_sid; > - char ctx_str[]; > + char ctx_str[] __counted_by(ctx_len); > }; > > /* Security Context Domains of Interpretation */