| Message ID | 20231006201744.work.135-kees@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:a888:0:b0:403:3b70:6f57 with SMTP id x8csp574129vqo;
Fri, 6 Oct 2023 13:18:26 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IEjZznzGraJ4YrApGBufK8KDi5URxYdTCrwhZ9oVfrNghXMWIxDlJwJnGJ9ECy0HCQeZ1Jo
X-Received: by 2002:a05:6a00:3906:b0:690:c75e:25d7 with SMTP id
fh6-20020a056a00390600b00690c75e25d7mr9602920pfb.18.1696623506558;
Fri, 06 Oct 2023 13:18:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696623506; cv=none;
d=google.com; s=arc-20160816;
b=xniaE3iicG0Me09DPCR9OOdd4p0oQDPDhjB2bP988DaSZp+SoZlBLP9XIqG5z92WWd
0hmpvszm2+UMV37JkPh0q3f+eCDoBH+ZVrF21YsjpVHyNcB4HclJFwA113CINJE1atoP
9aFK1exFmww7uqelUJkxc0StOz8CGSUZ4MP2F1YvDUwfi65X9x3Aq69NUm03kXhOhquw
n6uYBDh30xen6t6a5H8znEWAEDzZai3uUeHXtC78nhok6tSum1R4LCHZqBLEHucnElin
Kn6jxxYI9bh8Tto/zNw8zqw3NVmJPAnnF/VMepGq+73WletgLwaPcZz3UTx4XPPCWlIb
Wrig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=A77BC7QX8Slsx+Ll7LU4L519A9TQl4V4ehtBrSUIzrM=;
fh=/fDwgZh0dqJhLjpXGMne+CK7+1i4vu83zKjmN+ZChmo=;
b=ycZXwLW3fgnP+aRA0UxRX7mJc7c+O82SHbNuEBkMsUHVuLpmfXy1E2dvgwXnfSep+A
7dSC/XZo9BUvCqJfo3L8gDI9jTUYOY+/h/gNiLlFAF4BvnUTRYbdfPmPpjhFEl2wpKD3
Twopy8kAG/XLaVRjgPBdMWH5LeOoVxemlafEo02e5AAeUPh/r2Bdj32jkaHPyZFEq1Z5
QZVLgY+kIPBY0ykaQF7ePXCMmnDhB5NC9L5GGMA73aKD408KeLfyJ/n4viG9RMdhrZMS
I5LMx6Ce5l+w2p2GhyU4SISFF4z9WAtDPtK/bddl86FK577TuCNKBVfWW7cXKnK0EFsM
PeOQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=ckLGhNPV;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from morse.vger.email (morse.vger.email. [23.128.96.31])
by mx.google.com with ESMTPS id
p2-20020a056a000b4200b006901504b6a3si2223239pfo.153.2023.10.06.13.18.26
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 06 Oct 2023 13:18:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=ckLGhNPV;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by morse.vger.email (Postfix) with ESMTP id 7362F80B02BE;
Fri, 6 Oct 2023 13:18:24 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233398AbjJFUSO (ORCPT <rfc822;ezelljr.billy@gmail.com>
+ 18 others); Fri, 6 Oct 2023 16:18:14 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59286 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233481AbjJFUSI (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 6 Oct 2023 16:18:08 -0400
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com
[IPv6:2607:f8b0:4864:20::434])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 812DC12F
for <linux-kernel@vger.kernel.org>;
Fri, 6 Oct 2023 13:17:49 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id
d2e1a72fcca58-690ce3c55f1so2179386b3a.0
for <linux-kernel@vger.kernel.org>;
Fri, 06 Oct 2023 13:17:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1696623467; x=1697228267;
darn=vger.kernel.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=A77BC7QX8Slsx+Ll7LU4L519A9TQl4V4ehtBrSUIzrM=;
b=ckLGhNPVWd/ulrIPe3jfQ2NPXZ5eQalV+PIbFvURC8Tht9blWsgYmkRxjPcf1YYmPV
hLDJRhfCeXE2xIjvGWIOpgauahjfj/K3LigI/k1Am9D3C0HugKDAtmjYjd8ZlwLgCyf8
j+6SPq0cqEkZKZ4SVc7YNOmpQoTCcQnYFAp2k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1696623467; x=1697228267;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=A77BC7QX8Slsx+Ll7LU4L519A9TQl4V4ehtBrSUIzrM=;
b=e9MzdzDGlZrniOmygGJOSDvj1FnDF5kMX0of1ADOaqAIGISx9MBtaSaUzidYOm1AGD
Oo8m8s5Smhepe7VyxXE2P5Mry9+uu2D4O146jZMh22YyMSzlGN5b1WjH5scRng1fGMd+
9WDPxg87UMXpsjP4ibZCPuP003QZd0wQZX+BZv0hqW+EWEothxpcpVPNmEcrqNgvd9fi
HkMGzeI346j7gm8EioUT7w2i0K1ouUI+O0UrUQoZ2zbo26tMedxfypdPf9y8dW+IqSDS
qQXSSNZED/r5Ej6Lb4QCIKtWLx8i+kJ4yPSM5BW2+2mdh3o9DeTDrgfPvi9c2dy8241E
DC3g==
X-Gm-Message-State: AOJu0YxN0Vn31wIy4osd9qdcNHoGN3UGJXlNORJI+q2kEBzbqRWghH5I
JWbNgNIMuHrBT9tdYxwINukCUQ==
X-Received: by 2002:a05:6a21:3294:b0:16b:8572:5a4a with SMTP id
yt20-20020a056a21329400b0016b85725a4amr3266606pzb.61.1696623467330;
Fri, 06 Oct 2023 13:17:47 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net.
[198.0.35.241])
by smtp.gmail.com with ESMTPSA id
a23-20020a656417000000b005898c8caee3sm1648955pgv.30.2023.10.06.13.17.46
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 06 Oct 2023 13:17:46 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Jani Nikula <jani.nikula@linux.intel.com>
Cc: Kees Cook <keescook@chromium.org>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
David Airlie <airlied@gmail.com>,
Daniel Vetter <daniel@ffwll.ch>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
John Harrison <John.C.Harrison@Intel.com>,
Matthew Brost <matthew.brost@intel.com>,
Michal Wajdeczko <michal.wajdeczko@intel.com>,
Matt Roper <matthew.d.roper@intel.com>,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-hardening@vger.kernel.org,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>,
Andi Shyti <andi.shyti@linux.intel.com>,
Nirmoy Das <nirmoy.das@intel.com>,
Jonathan Cavitt <jonathan.cavitt@intel.com>,
Fei Yang <fei.yang@intel.com>, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev
Subject: [PATCH] drm/i915/guc: Annotate struct ct_incoming_msg with
__counted_by
Date: Fri, 6 Oct 2023 13:17:45 -0700
Message-Id: <20231006201744.work.135-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=1706; i=keescook@chromium.org;
h=from:subject:message-id; bh=hfOPKMbt1kpgmTXk+IkFUv+LIQHu3WxQ85BLA+j39zk=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlIGtoRE75uVdefxFjupuMMe0I9OTzEzXxNkbpt
Mqtn/fIxmuJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZSBraAAKCRCJcvTf3G3A
JsbYEACIjnXC26TRyjqe/0XWkVlFq8iUwQznZxL2nYr71KqzJo7xxRVqvbDairu1uyWkYlykJY1
kzgJsioAawovDGi2WulfUyJJz+El41D1UlndyRYdC51Cd5QQBOyD3c8o9VvGFuESblrrl4NSvSy
3m3RtEpfHAf2jD06tgBw+JDlLyNSUA9xbUf7CpCZwb6ii/JBNo6LwdbfC0s3PhT+DCjc1KEJBru
f1D/ILZwWFEOzjiUQrRqlI3knZeHJNX/naWBjHRCQ06a3k03bxBwLrEOVUaJTEfouhXMQ/e0Vyw
L8WPx4oAmc2jZktsESGFsciiAMduhLe1Pg+kNMFKeRhK7HZGoPkWBU6bTSdW81Za4g/eiZ/Wn06
dnS24kWZENnfXtCkJhTUVO9gvpt+55FECMcTrpbC514WTeNhLxdEm+VCxucKdwyu5ESU82wsNDF
XReLmc/Xq4yADXdU2p7jtMbNnGSd2LOploXFLd49VU8MSVuTbC+xMIXEga+cfVe3WGRzMLGqJGB
cxKbEz8P7g+kp4k7wITnztl62lr3/mnTn5EYu2kkMXKPGIppa4h6rJ0KfCGu0vqMtNRmpCxO47K
1v3sG/hPAcXC91EScYf5WstnOgdVKZvXShDQ0I7beJ6/+MpM4EBeY5CmZ85YUrxS5a+uafYPqms
EE3Lf0b zByqJ28g==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]);
Fri, 06 Oct 2023 13:18:24 -0700 (PDT)
X-Spam-Level: **
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1779038690005572219
X-GMAIL-MSGID: 1779038690005572219
|
| Series |
drm/i915/guc: Annotate struct ct_incoming_msg with __counted_by
|
|
Commit Message
Kees Cook
Oct. 6, 2023, 8:17 p.m. UTC
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ct_incoming_msg.
Cc: Jani Nikula <jani.nikula@linux.intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: David Airlie <airlied@gmail.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: John Harrison <John.C.Harrison@Intel.com>
Cc: Matthew Brost <matthew.brost@intel.com>
Cc: Michal Wajdeczko <michal.wajdeczko@intel.com>
Cc: Matt Roper <matthew.d.roper@intel.com>
Cc: intel-gfx@lists.freedesktop.org
Cc: dri-devel@lists.freedesktop.org
Cc: linux-hardening@vger.kernel.org
Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 10/6/23 22:17, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct ct_incoming_msg. > > Cc: Jani Nikula <jani.nikula@linux.intel.com> > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> > Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> > Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com> > Cc: David Airlie <airlied@gmail.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: John Harrison <John.C.Harrison@Intel.com> > Cc: Matthew Brost <matthew.brost@intel.com> > Cc: Michal Wajdeczko <michal.wajdeczko@intel.com> > Cc: Matt Roper <matthew.d.roper@intel.com> > Cc: intel-gfx@lists.freedesktop.org > Cc: dri-devel@lists.freedesktop.org > Cc: linux-hardening@vger.kernel.org > Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1] > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks!
Hi Kees, On Fri, Oct 06, 2023 at 01:17:45PM -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct ct_incoming_msg. > > Cc: Jani Nikula <jani.nikula@linux.intel.com> > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> > Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> > Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com> > Cc: David Airlie <airlied@gmail.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: John Harrison <John.C.Harrison@Intel.com> > Cc: Matthew Brost <matthew.brost@intel.com> > Cc: Michal Wajdeczko <michal.wajdeczko@intel.com> > Cc: Matt Roper <matthew.d.roper@intel.com> > Cc: intel-gfx@lists.freedesktop.org > Cc: dri-devel@lists.freedesktop.org > Cc: linux-hardening@vger.kernel.org > Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1] > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com> Andi
Hi Kees, On Fri, Oct 06, 2023 at 01:17:45PM -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct ct_incoming_msg. > > Cc: Jani Nikula <jani.nikula@linux.intel.com> > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> > Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> > Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com> > Cc: David Airlie <airlied@gmail.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: John Harrison <John.C.Harrison@Intel.com> > Cc: Matthew Brost <matthew.brost@intel.com> > Cc: Michal Wajdeczko <michal.wajdeczko@intel.com> > Cc: Matt Roper <matthew.d.roper@intel.com> > Cc: intel-gfx@lists.freedesktop.org > Cc: dri-devel@lists.freedesktop.org > Cc: linux-hardening@vger.kernel.org > Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1] > Signed-off-by: Kees Cook <keescook@chromium.org> merged in drm-intel-gt-next. Thanks, Andi
diff --git a/drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c b/drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c index 6e22af31513a..c33210ead1ef 100644 --- a/drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c +++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c @@ -96,7 +96,7 @@ struct ct_request { struct ct_incoming_msg { struct list_head link; u32 size; - u32 msg[]; + u32 msg[] __counted_by(size); }; enum { CTB_SEND = 0, CTB_RECV = 1 };