Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_fw_request.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel <[email protected]>
Cc: Franky Lin <[email protected]>
Cc: Hante Meuleman <[email protected]>
Cc: Kalle Valo <[email protected]>
Cc: Matthias Brugger <[email protected]>
Cc: Hector Martin <[email protected]>
Cc: "Alvin Šipraga" <[email protected]>
Cc: Hans de Goede <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
index 1266cbaee072..4002d326fd21 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
@@ -69,7 +69,7 @@ struct brcmf_fw_request {
u16 bus_nr;
u32 n_items;
const char *board_types[BRCMF_FW_MAX_BOARD_TYPES];
- struct brcmf_fw_item items[];
+ struct brcmf_fw_item items[] __counted_by(n_items);
};
struct brcmf_fw_name {
--
2.34.1
Kees Cook <[email protected]> wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct brcmf_fw_request.
>
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Arend van Spriel <[email protected]>
> Cc: Franky Lin <[email protected]>
> Cc: Hante Meuleman <[email protected]>
> Cc: Kalle Valo <[email protected]>
> Cc: Matthias Brugger <[email protected]>
> Cc: Hector Martin <[email protected]>
> Cc: "Alvin Šipraga" <[email protected]>
> Cc: Hans de Goede <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
> Signed-off-by: Kees Cook <[email protected]>
> Reviewed-by: Gustavo A. R. Silva <[email protected]>
> Reviewed-by: Matthias Brugger <[email protected]>
Patch applied to wireless-next.git, thanks.
45aec443bbb0 wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches