Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp296893rdd; Tue, 9 Jan 2024 04:40:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IFneb/3L9jocWwAmBgDrFRi4n9ydR21LoyDlBDUq4qrQu/3UOSp1Mt9fu9uhvkdQHKRpkrW X-Received: by 2002:a50:d788:0:b0:557:17c4:6747 with SMTP id w8-20020a50d788000000b0055717c46747mr2644228edi.56.1704804045605; Tue, 09 Jan 2024 04:40:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704804045; cv=none; d=google.com; s=arc-20160816; b=QPk8S4TJh5LF/+LjyHxJN56ZgvGKdJM2o2uGw8hY2KrK/6aN+Z/J4oZ2FGywfoifcD D0EAVFkTp3MxDh9dBALCKAbyvFaIc8XqRVH0taV/bOEeRrk1TFEvzmtg+ZHooYLFTO+H xzpBpttrk3hdY9C4Wz7uFXEW3p8WPGvXMMMkXdZb8N2X4HMv/wS0/l+K0aQ26Qe5W1t1 6cg81XxJuNDxi1ezVevTYGJhEyTKwMHcSRl2P8ENqj0B16EvI2JCdC5MqQsmjO27VKDS Kp0ZGzkEyPd0VOz3r6rIjIwEvvSvQLyMaKWyNvgO/yfWudScVCbfikSCxKol5/hmgfjw P2NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+K+iBGf5qDJUPXHd12KoLyityxUnYoSVawKfBzB7oKM=; fh=oQdfhu0Kegww/zd2TTM2CKOc8ToGux9mOHP9c9HNOiM=; b=ait9hmL5gagvVP1oXmmkp8GsHu34O7a9/1c8ZA2oIhAE6TySTiJzcuJb5IZwPTSahv vxyjclGOJo3so8wnLhB6CkjYvl47vAcxujAY5s+i01FH7EZO4DlvCmP5vLcQwopZnzll C8lAzdoXmz3viQG3f6p2OUchs/0vE5a+FtT2BcKe52lDa0z8OPO8faMgKXNNUtrKMhJL QAFgLtcwh+pbUYiZvtF4oOEGLxCjeRrQ3IU45YH+bBnQUgURvSOFpWGGJ6dBXLTBEU5d Fnse5MO8x9fLXallxFOPcOeWN2I5Uja2UUEDEA7Uaz7J7GzEtn3vmZauTTuULm3tItFF hMCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=CtqOLqJw; spf=pass (google.com: domain of linux-kernel+bounces-20847-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20847-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id di19-20020a056402319300b00554728117casi724435edb.84.2024.01.09.04.40.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 04:40:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20847-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=CtqOLqJw; spf=pass (google.com: domain of linux-kernel+bounces-20847-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20847-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 597811F24A8D for ; Tue, 9 Jan 2024 12:40:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E0CDB38DDD; Tue, 9 Jan 2024 12:40:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="CtqOLqJw" Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC6F3381C3 for ; Tue, 9 Jan 2024 12:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-28bc8540299so1658800a91.0 for ; Tue, 09 Jan 2024 04:40:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1704804032; x=1705408832; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=+K+iBGf5qDJUPXHd12KoLyityxUnYoSVawKfBzB7oKM=; b=CtqOLqJwMUwEbgcD4NnJmGg+ciLhVp3uBmR95Zs7DejavkHVzl/aPvf88XD8RWTGgk GAZDUnoDGvbEOqnRqDb1OML2635DyAmsT/ofckD5xVDSXhSXM44GZlmJHquCKDlsGIcm x1j1M9quKbukzfY1koFcCHnwyH+jQlk9N2440= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704804032; x=1705408832; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+K+iBGf5qDJUPXHd12KoLyityxUnYoSVawKfBzB7oKM=; b=K3Hh9XO5fZ1CK2C84fnWHUxHyuTBRzKn1NuDbOihYUN/PmsRTE8eIYpo8sTCD2wKLN EakPUALVUDrVdW/G5VPinXpqgm2UD6+r+kOulbpzuzNJUZ1bj0qVg8YNXrVPk0UrnQRb uOddS7KSDLBu4+KNu7JR+gyyJf3Zo2grvEYXAI3nLau4tXxlpA8uFOxD9sMnXSZYt9Mw gkmPd2tZw0TaLMFXw9s2F6BnVKWDknnTHgT7xNpJ5u4kUwskBOzQ1jYPos75di8Fuan8 bkHXKRMDRVtgONoFvRMZgXSAN+BObaG+ptgHhmpZbn4qZ/d+QvDcWDQR3b7WJmoO7Lsh vrog== X-Gm-Message-State: AOJu0YyYEWsPkyaKqwyHV7FPIO3vHO/2sLq6FqPxCtn7mzodEyIIcGOb ZbYO3uRpSL4wpsR/SF7OuJsORftfn+xL X-Received: by 2002:a17:90a:62c4:b0:28c:843c:105b with SMTP id k4-20020a17090a62c400b0028c843c105bmr2285019pjs.27.1704804032290; Tue, 09 Jan 2024 04:40:32 -0800 (PST) Received: from google.com (KD124209171220.ppp-bb.dion.ne.jp. [124.209.171.220]) by smtp.gmail.com with ESMTPSA id f89-20020a17090a706200b0028c2b4f5f32sm2027011pjk.3.2024.01.09.04.40.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 04:40:31 -0800 (PST) Date: Tue, 9 Jan 2024 21:40:26 +0900 From: Sergey Senozhatsky To: Kees Cook Cc: "Gustavo A. R. Silva" , Stanimir Varbanov , Vikash Garodia , Bryan O'Donoghue , Andy Gross , Bjorn Andersson , Konrad Dybcio , Mauro Carvalho Chehab , linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH][next] media: venus: hfi_cmds: Replace one-element array with flex-array member and use __counted_by Message-ID: <20240109124026.GA1012017@google.com> References: <202310091252.660CFA9@keescook> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202310091252.660CFA9@keescook> On (23/10/09 12:52), Kees Cook wrote: > On Mon, Oct 09, 2023 at 12:42:05PM -0600, Gustavo A. R. Silva wrote: > > Array `data` in `struct hfi_sfr` is being used as a fake flexible array > > at run-time: > > > > drivers/media/platform/qcom/venus/hfi_venus.c: > > 1033 p = memchr(sfr->data, '\0', sfr->buf_size); > > 1034 /* > > 1035 * SFR isn't guaranteed to be NULL terminated since SYS_ERROR indicates > > 1036 * that Venus is in the process of crashing. > > 1037 */ > > 1038 if (!p) > > 1039 sfr->data[sfr->buf_size - 1] = '\0'; > > 1040 > > 1041 dev_err_ratelimited(dev, "SFR message from FW: %s\n", sfr->data); > > > > Fake flexible arrays are deprecated, and should be replaced by > > flexible-array members. So, replace one-element array with a > > flexible-array member in `struct hfi_sfr`. > > > > While there, also annotate array `data` with __counted_by() to prepare > > for the coming implementation by GCC and Clang of the __counted_by > > attribute. Flexible array members annotated with __counted_by can have > > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > > functions). > > > > This results in no differences in binary output. > > Thanks for checking! Sorry for shameless plug, a quick question: has any compiler implemented support for counted_by() at this point?