From patchwork Fri Sep 22 17:52:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 143799 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:910f:0:b0:403:3b70:6f57 with SMTP id r15csp60836vqg; Fri, 22 Sep 2023 20:32:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEXR3vq4oJsyr08SmvlRvdn9r35MMfI4GuVFrlAa9I0TAwZPhh8roBBQBFVgTdJ4OKYpcTI X-Received: by 2002:a25:ca84:0:b0:d80:c80:af18 with SMTP id a126-20020a25ca84000000b00d800c80af18mr1105415ybg.52.1695439932082; Fri, 22 Sep 2023 20:32:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695439932; cv=none; d=google.com; s=arc-20160816; b=bO0T0VE8m4/B5wNyNfJUtOQgTecAR5PjG4q0RZiymbEA+f4F08UuHP/xZlPKSA5wE7 r3/IHVgSADgvX2THHvD68J5uJdfcMSCFiyn/F0zd4mUlFrdM5eSMPNJ2qDuN5ijFIO2Y fnJ+zlC5MtJ1tgiGkNBET1oyvUPQGVxHVfRWNcMHCCsbEJEWT1Yvj12Jy6IYyINudOHk d58pDDjXdpMmLZJA5MANdqKp4NLvPQSdYrbJFWJbifD8TV4IwqlFZ9ejwhh1b/Xmp68n gsRhIkjglUeIE/rTH/pRWgkdDyagIvKCiZZ/GsorRnx5lm/weIzGTXUm6cO35JO2wxkh CY+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Pl35WLgGJCM37J4d+X10Oeina5d9DkaQtxX58zLwSlM=; fh=1r6CNJCep1iDyzkRWAYiw7x1cgLbTirb14RYHBuDlVo=; b=qF+WpmEMRme4aBV64KANhvXu9+XonT/qNbWr47w5tWwHT3TsQ3dVOWq/qz7cUtO61e O+hm6UitVI0gNkdrJIZYCPIOmc6UAV5ph7dE2h7lAn/9ybJprQ7MHIzBo2lMlKzpbtd+ B/iwz1T9DnUItpYigNR1wyeB4uzKhceEs0jIIUeoKQeDCZiKXx0+hXuoCyUlEEYRvf+5 UrwalUKFcheMOW+QRwv4nI8KriwttPNR694aU9nTuvkMh7OstT0Q6l5wVTdsb0ho9dJQ F2Yu1vyHiyjw6CgmD7aKpfq4+b49DnDSbgFWVN6UNrIfQNcIRZ2rquLN4XFZXC5xH6MH nILw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EXY7HNbg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id 69-20020a630048000000b005775e13a6b9si4811126pga.363.2023.09.22.20.32.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 20:32:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EXY7HNbg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 9E70B839E0FD; Fri, 22 Sep 2023 10:54:31 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233381AbjIVRy1 (ORCPT + 28 others); Fri, 22 Sep 2023 13:54:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231843AbjIVRxx (ORCPT ); Fri, 22 Sep 2023 13:53:53 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D208CCC for ; Fri, 22 Sep 2023 10:52:32 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-690d8c05784so2024644b3a.2 for ; Fri, 22 Sep 2023 10:52:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1695405152; x=1696009952; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Pl35WLgGJCM37J4d+X10Oeina5d9DkaQtxX58zLwSlM=; b=EXY7HNbgd/I83aRTxiEzojpDZ8gH+L8V6h9re4yNRVcoWaS6p59GnOOXihNY3qS9+2 wOPGPLHiwU1ncmrWiTA55WICiRmidITiZATzPV0JnjNOtSNrnU1kFCLTCgfW+H4VG9dW /0CA87Rc6pMnhxU83CtWwlQePrKVdqzu5oFbg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695405152; x=1696009952; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Pl35WLgGJCM37J4d+X10Oeina5d9DkaQtxX58zLwSlM=; b=kCRAKYpHvfb0PF5xPxGFIgatYWz9fZzbANOm1lVXTwNPnLhDYBd3rzL3VOqx0w2Vm/ WFTisjwnQm1NZ74fUkC/OLPxQ0sz9iK1/Xj+9Gq+QPg6nb+29fg28+9cuhYD6nZNL0dx rgBdPTCAgj53pGIi477YIJ4gY+bbVxCxi1baW32HLObHH9XWv9PYMZXmO6j3oWI1x48G 7wHufhJ4HlRojhPzW3AcqIKrJ+LvLJSVm2jJhFMOUJfNPvKKtHlQaakocpP4ql1fzeui TLREw73GFJ76hqnIoKcy/d6ABe0F62OUy54dru5r6IJ6KheT5azdUVG7g2BTAuvJw8r9 7Hag== X-Gm-Message-State: AOJu0YwlTp1okXO5c0EGXWSOPwpeVa7rPW/wupVZNcvWOP000YXJKqK2 vM1NllmpgAnO/jwK2JRFgzH1pg== X-Received: by 2002:a05:6a20:d41b:b0:14b:f9e2:e16c with SMTP id il27-20020a056a20d41b00b0014bf9e2e16cmr173591pzb.62.1695405152277; Fri, 22 Sep 2023 10:52:32 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id e14-20020a62ee0e000000b00690d9901ce5sm3463268pfi.102.2023.09.22.10.52.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 10:52:31 -0700 (PDT) From: Kees Cook To: Philipp Zabel Cc: Kees Cook , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: [PATCH] reset: Annotate struct reset_control_array with __counted_by Date: Fri, 22 Sep 2023 10:52:29 -0700 Message-Id: <20230922175229.work.838-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1858; i=keescook@chromium.org; h=from:subject:message-id; bh=zVFGOtqG+KacYumKbB4wtYyfvREXmMdZtLrfDhG/4qk=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlDdRdFctFcnxvk85JokSXmLjz7++yZhNkrwiyb dphp4EydX+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZQ3UXQAKCRCJcvTf3G3A JuJMEACXeQkr31kziRM725dFIKq9wmwrmq6V5N4omADvfekK5/8iU9lpaMiZf8iOy9qf/Bg7PK2 mWIxyUbqQ/S9r5JGIeolWgqkORbkYkeSP9+HwFAEJLBYin7MutM591cCTTXPcOVEFg5hGbI2EbP fI/7TKde7BDVAT2cnicNgpiW56Qkh+8yj3i+5WKqiprSzM/Hp21l0VaufBiaZH9AEr3qIXBaMHN Md49gWgF1Ettd/WSDi0O17J2JAmIHJrw25BgVYqVlQn/VyT70U62+pnBy38cKmomHdESuaQlDXB 4djLkKZ+6i4XbV5nFGFXkdfEYAQoRntXxhgUJh2fD6bLXE7wPMZnpeaYLS5BLZ+D/2qZDdv48MS Uevp63fIw8z2l+7rig5+LHK+LY2HOEjBC0VI/asXjuGTj9+Ilg+Gz63bW3UsoqLRSAL58LGohJZ aephoxoMcu2IEWKGggFxb+YL+64Fz4zRpIwLXplONOgxKxw+MnIFCEBslxDrTbhsCtvT4y/pu78 oRHU2ogHvbU2khR/zEmsS4O0a65Tc7yXsccydS/J14CzdnebtFJY2ZpKjVY+dq/24V55R9BaNwU lkpWsIPIoWjyZnsjF7AQhdEMkmkZto+l4x3SxayKSRKFsg0VK3ZrMSUH0+Ag/jzss1hqhq4710o UDDEkJ7 4SwPXvhw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Fri, 22 Sep 2023 10:54:31 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777797622254228283 X-GMAIL-MSGID: 1777797622254228283 Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct reset_control_array. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Philipp Zabel Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva --- drivers/reset/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/reset/core.c b/drivers/reset/core.c index f0a076e94118..7ece6a8e9858 100644 --- a/drivers/reset/core.c +++ b/drivers/reset/core.c @@ -60,7 +60,7 @@ struct reset_control { struct reset_control_array { struct reset_control base; unsigned int num_rstcs; - struct reset_control *rstc[]; + struct reset_control *rstc[] __counted_by(num_rstcs); }; static const char *rcdev_name(struct reset_controller_dev *rcdev) @@ -1185,6 +1185,7 @@ of_reset_control_array_get(struct device_node *np, bool shared, bool optional, resets = kzalloc(struct_size(resets, rstc, num), GFP_KERNEL); if (!resets) return ERR_PTR(-ENOMEM); + resets->num_rstcs = num; for (i = 0; i < num; i++) { rstc = __of_reset_control_get(np, NULL, i, shared, optional, @@ -1193,7 +1194,6 @@ of_reset_control_array_get(struct device_node *np, bool shared, bool optional, goto err_rst; resets->rstc[i] = rstc; } - resets->num_rstcs = num; resets->base.array = true; return &resets->base;