Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp179978rdb; Sat, 17 Feb 2024 04:18:39 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWkZv7N9l4nvoghuPOchtUD9jC5JFUhJhHC2FZqkl0R3iOoaOy0wrtTiKswIkK9kZBiFLqCNOwcAvENo+FO0KhWX/mb8q+SXy1EXSw39w== X-Google-Smtp-Source: AGHT+IEGOXCEMDMV0lx5o53ww2ceZzKjL9W1ka9Nb6e55bHpF6xdQHsx04XXxZzayTtMQ7fn122F X-Received: by 2002:a19:f515:0:b0:512:a528:d3fd with SMTP id j21-20020a19f515000000b00512a528d3fdmr777122lfb.43.1708172319070; Sat, 17 Feb 2024 04:18:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708172319; cv=pass; d=google.com; s=arc-20160816; b=r5ZPNcB6C5yEljzXCYMpL4IUSftzJGrt9V03rpaach/mJTsVwq9OOWXeWcMKKjcJbg vhRgOOAAv/J8+jtDZQiPHKNHv2x5jM9uOQwAbfTWjFsZoNe+e/otgn/+RmYfbWObR7iu 4BA0HL64kVw52OvHw65dBCqh3Mo4rNw5JL7Xa8Ic99geLNnxtibb/ulrrTM9zsQQiW5+ j3tRyDcENfeaJ1wKUPUPh184AH/lZ6THFs5zTET50MbLHk/qneuGtRPaf66jdFnMTyJ8 NpzddQBR68Ga+3vzfOBNXUBBQeJ9x0QlTmmtGKrlWFFc8HmUq4w+2AHHCrfpTUKx2eWQ lJOw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=Dakj+J26FIps8JKFMFOM1GnEisCAC0H9NUZsZ7rhH34=; fh=eSIhFcWoitHTGqEOPtlY4ZWFBGyHFUK4WXWm5Bx1oJQ=; b=kPtp6qsa/SB5MeNVwoitMrBBZNOPBqaHcV62N7y6FR0yYDz/g5KxQ3cBGA9ud/2g9a wad7BNTW9Byjinw1c0WTpkxL6/rHGlod3gZ8lwe8qU4c+avaqoaqT94hmjEz1/yY+r4V 00QGawwKdG7OHNWEQ6w31JqeASiRg3MsgV1OjLgjpVYS/Bp/CEGMncGITMiL+obwNh9K yhymgjgRBJlK0Lk36XLvB1O+pzQbFGeT2bVoGicis91w3ONWyIYYpw1OHs8K+WHZQfXh pmdUdfH6ZSDgGmQ3BLhuHn9ve6Xr8DqFPu/Uew4x3D5yyMcz2wvQF5ti43G+0GCWXwRb kHrg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@mojatatu-com.20230601.gappssmtp.com header.s=20230601 header.b=BMQgdtcd; arc=pass (i=1 dkim=pass dkdomain=mojatatu-com.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-69834-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69834-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id d1-20020a50f681000000b005643def3a2esi31295edn.489.2024.02.17.04.18.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 17 Feb 2024 04:18:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-69834-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@mojatatu-com.20230601.gappssmtp.com header.s=20230601 header.b=BMQgdtcd; arc=pass (i=1 dkim=pass dkdomain=mojatatu-com.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-69834-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69834-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id A49DF1F223BA for ; Sat, 17 Feb 2024 12:18:38 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BC7A66A33B; Sat, 17 Feb 2024 12:18:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mojatatu-com.20230601.gappssmtp.com header.i=@mojatatu-com.20230601.gappssmtp.com header.b="BMQgdtcd" Received: from mail-yb1-f172.google.com (mail-yb1-f172.google.com [209.85.219.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DDB66A033 for ; Sat, 17 Feb 2024 12:18:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708172300; cv=none; b=lXng+nS4rANmBbWRny4okJ95thIBEbydW93tZH1CwLHGZTxLTPswhkbpoibGMQZ2qW9VIFPHk4DlmaEnTqwv5tpiYQbwiHDVUv4vfhOocYZ4nPWn0vqtutUYCOE6WrpFxOFn4M6xAvawLAGzAWxoJgeBPqHWcmPzud17UFzZjEs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708172300; c=relaxed/simple; bh=UKjxS5vpoedsgomMAJB5omeAKldlU4nDgXE0PfEP1jw=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=jKpclUiZgXjzEk/cT+ZZoRYQsiO2zGdObG/iRap40zpjqY7VJbXV/+KRC8HIsozedu+HCEkrI0V5BJPpvOVrAjhSQrZHcrj9odD9PSQL+lt6YBteJSERGtS9ts1WE3etNc7FSwf+DYihGnk1er/1ujHImOfwYLhvLgPIPzQd/dE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=mojatatu.com; spf=none smtp.mailfrom=mojatatu.com; dkim=pass (2048-bit key) header.d=mojatatu-com.20230601.gappssmtp.com header.i=@mojatatu-com.20230601.gappssmtp.com header.b=BMQgdtcd; arc=none smtp.client-ip=209.85.219.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=mojatatu.com Received: by mail-yb1-f172.google.com with SMTP id 3f1490d57ef6-dc6d8bd618eso2658007276.3 for ; Sat, 17 Feb 2024 04:18:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20230601.gappssmtp.com; s=20230601; t=1708172297; x=1708777097; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Dakj+J26FIps8JKFMFOM1GnEisCAC0H9NUZsZ7rhH34=; b=BMQgdtcdSf3H47IUiwwr8HJdITWC+49arzOLMbs7H86dMe292pGsAe1MIa0AUnBVwM DuhuNq502KPZZv8CMl7yUXBDtARRAjeoAy1lcJgfEyCELvGZGRetVkArZBhV7q6iBE2u 7pJfn4byabokQtnWB3leKjftoaiS7pM8m1rRWbqPWiNiYQqPiyPt81eDOFNDwjZ820Y4 O7szF1vm/FwlNbhl4XML1+FzlV5Em0B2S+I7aeqR5eKAJc03ZTOqXlxNg1mki0Bbv3ti WOA1Lmc5YUvP2FhXI/WixBjj8vCgJG9SKvskt/Y0O4DQq2Q4OBdhIHYDTzhUIa39g3LV jlxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708172297; x=1708777097; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dakj+J26FIps8JKFMFOM1GnEisCAC0H9NUZsZ7rhH34=; b=stwlTdGQFej3qtJYCsLOCKnowm1UIXQYFiY64XducgmKPj4SyoeT0POUDxVWtLXk+s 8eL8ED8FZsrHsxbOdcRns6cFN8C6lL2GJSG59JSW62JxD7UAT7fQUJSURHBT4TgXSDyz s9NwEaqdq7c1WtEDJnrvVBAkdhUydEL9hOkCv30zyz+/JtbfmpHa4sBgxHS7ajViUvpp 4efi1v70cfPJc7YKBG5vy8dj9f3tjjAlp8KMVnDG4KyOgftBl24B7415PYXKfDeT+cc6 JtBsw4rwz9nEZ/KUHLGqOazod5FIyIhwRAat5vrLyDtX4X6uXPQ40w1CbcBTBHk9YWkf /YAg== X-Forwarded-Encrypted: i=1; AJvYcCUe7vn4KpmTZOEtzvQnraifkkJVW3LHgepYhyMLnsCptU+/vJAfBwsDBhe87Ify/Ty3LWRjKHh6jkOKBDXOgs5QBZHD1KNFN6AbdzsN X-Gm-Message-State: AOJu0YwYQ/AWsQ3JDOxhFbZo1BmRo2GPvRIDlNTg8+ahmfVbf4F3tMgR KZjcrmq5JIvw10tQipVlCYSyb7xilU+7YudJxj8VkJKJEC1/PfdOSqNd9mm083GRR6oGABG6Dzl CV5VtKsAvuMWT9t0yIF/oPzN9Od9Va4sxmL+U X-Received: by 2002:a25:adc9:0:b0:dcd:63f8:ba32 with SMTP id d9-20020a25adc9000000b00dcd63f8ba32mr6963090ybe.65.1708172297594; Sat, 17 Feb 2024 04:18:17 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240216232744.work.514-kees@kernel.org> <9ed28341-8bf7-4b6a-ba9a-6cfe07dc5964@embeddedor.com> In-Reply-To: <9ed28341-8bf7-4b6a-ba9a-6cfe07dc5964@embeddedor.com> From: Jamal Hadi Salim Date: Sat, 17 Feb 2024 07:18:06 -0500 Message-ID: Subject: Re: [PATCH] net: sched: Annotate struct tc_pedit with __counted_by To: "Gustavo A. R. Silva" Cc: Kees Cook , Jakub Kicinski , Cong Wang , Jiri Pirko , "David S. Miller" , Eric Dumazet , Paolo Abeni , "Gustavo A. R. Silva" , netdev@vger.kernel.org, linux-hardening@vger.kernel.org, Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org, llvm@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Feb 16, 2024 at 7:04=E2=80=AFPM Gustavo A. R. Silva wrote: > > > > On 2/16/24 17:27, Kees Cook wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted= _by > > attribute. Flexible array members annotated with __counted_by can have > > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOU= NDS > > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-famil= y > > functions). > > > > As found with Coccinelle[1], add __counted_by for struct tc_pedit. > > Additionally, since the element count member must be set before accessi= ng > > the annotated flexible array member, move its initialization earlier. > > > > Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/exampl= es/counted_by.cocci [1] > > Signed-off-by: Kees Cook > > --- > > Cc: Jakub Kicinski > > Cc: Jamal Hadi Salim > > Cc: Cong Wang > > Cc: Jiri Pirko > > Cc: "David S. Miller" > > Cc: Eric Dumazet > > Cc: Paolo Abeni > > Cc: "Gustavo A. R. Silva" > > Cc: netdev@vger.kernel.org > > Cc: linux-hardening@vger.kernel.org > > `opt->nkeys` updated before `memcpy()`, looks good to me: > > Reviewed-by: Gustavo A. R. Silva Looks good to me. Acked-by: Jamal Hadi Salim cheers, jamal > Thanks! > -- > Gustavo > > > --- > > include/uapi/linux/tc_act/tc_pedit.h | 2 +- > > net/sched/act_pedit.c | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/include/uapi/linux/tc_act/tc_pedit.h b/include/uapi/linux/= tc_act/tc_pedit.h > > index f3e61b04fa01..f5cab7fc96ab 100644 > > --- a/include/uapi/linux/tc_act/tc_pedit.h > > +++ b/include/uapi/linux/tc_act/tc_pedit.h > > @@ -62,7 +62,7 @@ struct tc_pedit_sel { > > tc_gen; > > unsigned char nkeys; > > unsigned char flags; > > - struct tc_pedit_key keys[0]; > > + struct tc_pedit_key keys[] __counted_by(nkeys); > > }; > > > > #define tc_pedit tc_pedit_sel > > diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c > > index 2ef22969f274..21e863d2898c 100644 > > --- a/net/sched/act_pedit.c > > +++ b/net/sched/act_pedit.c > > @@ -515,11 +515,11 @@ static int tcf_pedit_dump(struct sk_buff *skb, st= ruct tc_action *a, > > spin_unlock_bh(&p->tcf_lock); > > return -ENOBUFS; > > } > > + opt->nkeys =3D parms->tcfp_nkeys; > > > > memcpy(opt->keys, parms->tcfp_keys, > > flex_array_size(opt, keys, parms->tcfp_nkeys)); > > opt->index =3D p->tcf_index; > > - opt->nkeys =3D parms->tcfp_nkeys; > > opt->flags =3D parms->tcfp_flags; > > opt->action =3D p->tcf_action; > > opt->refcnt =3D refcount_read(&p->tcf_refcnt) - ref;