Message ID | 20230922175407.work.754-kees@kernel.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:910f:0:b0:403:3b70:6f57 with SMTP id r15csp60548vqg; Fri, 22 Sep 2023 20:31:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEJHWNmW87VWUL+10LEn9v4R2rxVD51dX/aB4UoRh8/cLkGy2EdjVJ29Vjt40w9K30RW8Qn X-Received: by 2002:a05:6808:2185:b0:3ae:156f:d31e with SMTP id be5-20020a056808218500b003ae156fd31emr1964369oib.1.1695439874569; Fri, 22 Sep 2023 20:31:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695439874; cv=none; d=google.com; s=arc-20160816; b=Gce3uZ3YBpdwp8mof19ntb8yKYXwSkp+QwDWy1Yq18/8rzR3FaJmp5d4sUjHRlVQVC Q6KIUgR0lIbfG144qZ2VXyAzXTGZand7JYMh5MAlBLhdTjByIyvuC2R5QwCtIWG6MUz/ FA72PNJ0aWQ1fDL+cI7aXzS4X6nkYN+NQrhIkZ+PmRdh0qChLG3UklAfI/Hw1kKEBctF ZzAdGpvZC2LfYmP3tHu2KSG/AnmKegfWt3L2QsJjhTZQYEJVFYE+drtWpCfa/DNYlOGa ObbBKmfmkD44aqYIyKLCOMy8hx/zh5t7jSh61fGzwfITYlqbYnUS9h+E+ijKBiN3BmYI T+8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=lczi2Cwwgxsbc7BUm+vtmTYjmzCLrPy7IPWzoMjHXsA=; fh=K2zGJNjR7dmW2f/zn6YabnJVHjvQn/1mNW5cVmtYM1I=; b=e4fb8dtMG2S0Jy59vRsG3DyBIU3f+zAk/Ef4H/RqpqGa7NrkOKygzuACa3ir6r6Lh1 s3oFpsE6r5dBkMcTR+B4AotuvahCWD1YdeiULDEn25e4wIoZ47XBAlxmGB2rF25j0gkg MoMVGbbFoRAB/xBDoN+hqAmQUhvzDyl2TD5MMh+y2SAfxM5ZrxyyKFnTpY5RuIpuBcDX xuW7rRLI/OHmA7LxxFnF5U+px2CW+/bRqcb9FKZZw6CpVDnZ4GUlKiQp4yjjEpdcXbBK z/QwJUh1SikHeyzpkHXJEoGQyW1F2pTlgNJYeOE9hj/OK2tD2mXzsFXQtl3HIsDr6lcK WB0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ebwM2fkO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id b24-20020a656698000000b00578889362a7si5222226pgw.5.2023.09.22.20.31.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 20:31:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ebwM2fkO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 3C83E83ED8B6; Fri, 22 Sep 2023 10:58:44 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233675AbjIVR4L (ORCPT <rfc822;pwkd43@gmail.com> + 28 others); Fri, 22 Sep 2023 13:56:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233877AbjIVRz7 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 22 Sep 2023 13:55:59 -0400 Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 523D0358B for <linux-kernel@vger.kernel.org>; Fri, 22 Sep 2023 10:54:10 -0700 (PDT) Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-692b2bdfce9so692061b3a.3 for <linux-kernel@vger.kernel.org>; Fri, 22 Sep 2023 10:54:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1695405249; x=1696010049; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=lczi2Cwwgxsbc7BUm+vtmTYjmzCLrPy7IPWzoMjHXsA=; b=ebwM2fkOJ304R9q9EGa55WcVxfSQTdUIX6iCSAosIHS85pHHsATJxyEh2pDuEeJJEX qBaLRDvvmBtg0TUcJKpnseApLY1tyXPlZQi0hPWDPPv+lJR09rTx8b0tbQInEhKI5cPj kWdAtU83TPjXEcpQV0iBtb6w8uVMWZuE59LIY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695405249; x=1696010049; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lczi2Cwwgxsbc7BUm+vtmTYjmzCLrPy7IPWzoMjHXsA=; b=mj8+nB5Xgxvb2//u572DL2JHAS8Tujr/N5p0qc42tBXyICmns/ceiZnKaZTm4RPpx3 svHTEFQmmBJmosM/6hICo1PRh5qkEDsWPW1334tr38Qd2DhgK/4q2FkDCVXCnm2mMAQY ZVU2YDpE3uq4SQO2VTliGm8fMxHl59A7135C1Cawo0Kdg02bhcEN8lbKyEdBKMY/YRbR BBT7SMa0EhGZpd1A3gn6Gar0esRjSxWk0OdHsK+8tt01N3U1RF9jeIemzyighlTKryYD 59TbZKThytbJh0rdwWFB87X+wK1olpZzPKZq68RZNV5w9WPtr+UeOYEHlGabCIx7xvzY Crmw== X-Gm-Message-State: AOJu0YyYNVtMarHpy2xwUwLx5BFYRBs2ooUoL83EPFPLVD0LyLekmdWQ Dzk6zAvPVUoQ3iy7kGcMvN/DTA== X-Received: by 2002:a05:6a20:1451:b0:154:a1e4:b676 with SMTP id a17-20020a056a20145100b00154a1e4b676mr388927pzi.4.1695405249724; Fri, 22 Sep 2023 10:54:09 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id c7-20020a170903234700b001b86dd825e7sm3790470plh.108.2023.09.22.10.54.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 10:54:09 -0700 (PDT) From: Kees Cook <keescook@chromium.org> To: David Howells <dhowells@redhat.com> Cc: Kees Cook <keescook@chromium.org>, Randy Dunlap <rdunlap@infradead.org>, Al Viro <viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org>, Jonathan Corbet <corbet@lwn.net>, Siddh Raman Pant <code@siddh.me>, Mauro Carvalho Chehab <mchehab@kernel.org>, Qian Cai <cai@redhat.com>, Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Tom Rix <trix@redhat.com>, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: [PATCH] watch_queue: Annotate struct watch_filter with __counted_by Date: Fri, 22 Sep 2023 10:54:08 -0700 Message-Id: <20230922175407.work.754-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1413; i=keescook@chromium.org; h=from:subject:message-id; bh=PSX5a1GORIau6HOLEFzIyGta203teU7R+OIUQRXG3Fk=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlDdTAOP5KZ2dBsFnuwjohj6M1/RzR+kLr/9Sv4 5Rswa1TpGqJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZQ3UwAAKCRCJcvTf3G3A JpjmD/9Vb3G83w+T0Wm/a0TVUDR575aerkGd7NneXzI+vKqZgtBAYZPk4naeGlBK2uKaFHbFdNr SlqoyxinV0iOg0ptX+Gf5W0eUVcJqHwqh4U+/pI7awSyRoAD2ABO0dsfxVpZSAeuCGfVrjct9Gd oQ+ndS4eDOmS6ZxpR6h+Z2l3h9MOOkGxqkx8DKV5GXifL5ZKYk1RQx+Uf4TwSgxqAd3ZHr7UGPu adWMmlITuMSzYPZx2CjFXaTX7UFjgYcJcQapVcH2Ah9eaXyE0lC/0AP49hCh8s366nf9wv56ebv v2SJEjmzwpCIZc2Wu9YW0m/rnd4jaw+loDzAVlwtAPAB527kuAdKZU27cvyJtH/JNyqid8TeJ4H wrgLm6ee9sA1pRh24Os8dwG318HMDhFouCEcmd7+XwFdqkb9dLVQD2fn/vee7yQEyWiWeQJaU0+ yXescem2+8Vs9UR/1cVXg1v8bR1Wh21oalTGmLEzaHfWS3z/VLCPEQa3xTFfV7SD3ecYcHspZkE BzzasVKk8/UV2sWMkkMcdLtsRRlEFXsArK+JO0XvTE0186H+K1uLjuymyQ0j5ivbPH/vDHqjA0D 1tryEZISdYtCxgwBqkQ/b+wsleVx9W9rHiBpH7TO/BfVgU8Jp7qS6q62Die+z0XY/kghOQvxIes 6+wRhxw owRe2EBA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 22 Sep 2023 10:58:44 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777797561706733703 X-GMAIL-MSGID: 1777797561706733703 |
Series |
watch_queue: Annotate struct watch_filter with __counted_by
|
|
Commit Message
Kees Cook
Sept. 22, 2023, 5:54 p.m. UTC
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct watch_filter.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: David Howells <dhowells@redhat.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Siddh Raman Pant <code@siddh.me>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Qian Cai <cai@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
include/linux/watch_queue.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Fri, 22 Sep 2023 23:24:08 +0530, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct watch_filter. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: David Howells <dhowells@redhat.com> > Cc: Randy Dunlap <rdunlap@infradead.org> > Cc: Al Viro <viro@zeniv.linux.org.uk> > Cc: Christian Brauner <brauner@kernel.org> > Cc: Jonathan Corbet <corbet@lwn.net> > Cc: Siddh Raman Pant <code@siddh.me> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: Qian Cai <cai@redhat.com> > Signed-off-by: Kees Cook <keescook@chromium.org> Tested with keyutils testsuite. Tested-by: Siddh Raman Pant <code@siddh.me> Thanks, Siddh > --- > include/linux/watch_queue.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/watch_queue.h b/include/linux/watch_queue.h > index 45cd42f55d49..429c7b6afead 100644 > --- a/include/linux/watch_queue.h > +++ b/include/linux/watch_queue.h > @@ -32,7 +32,7 @@ struct watch_filter { > DECLARE_BITMAP(type_filter, WATCH_TYPE__NR); > }; > u32 nr_filters; /* Number of filters */ > - struct watch_type_filter filters[]; > + struct watch_type_filter filters[] __counted_by(nr_filters); > }; > > struct watch_queue { > -- > 2.34.1
On 9/22/23 11:54, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct watch_filter. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: David Howells <dhowells@redhat.com> > Cc: Randy Dunlap <rdunlap@infradead.org> > Cc: Al Viro <viro@zeniv.linux.org.uk> > Cc: Christian Brauner <brauner@kernel.org> > Cc: Jonathan Corbet <corbet@lwn.net> > Cc: Siddh Raman Pant <code@siddh.me> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: Qian Cai <cai@redhat.com> > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks
On Fri, 22 Sep 2023 10:54:08 -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct watch_filter. > > [...] Applied to the vfs.misc branch of the vfs/vfs.git tree. Patches in the vfs.misc branch should appear in linux-next soon. Please report any outstanding bugs that were missed during review in a new review to the original patch series allowing us to drop it. It's encouraged to provide Acked-bys and Reviewed-bys even though the patch has now been applied. If possible patch trailers will be updated. Note that commit hashes shown below are subject to change due to rebase, trailer updates or similar. If in doubt, please check the listed branch. tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git branch: vfs.misc [1/1] watch_queue: Annotate struct watch_filter with __counted_by https://git.kernel.org/vfs/vfs/c/6b601adb5e79
diff --git a/include/linux/watch_queue.h b/include/linux/watch_queue.h index 45cd42f55d49..429c7b6afead 100644 --- a/include/linux/watch_queue.h +++ b/include/linux/watch_queue.h @@ -32,7 +32,7 @@ struct watch_filter { DECLARE_BITMAP(type_filter, WATCH_TYPE__NR); }; u32 nr_filters; /* Number of filters */ - struct watch_type_filter filters[]; + struct watch_type_filter filters[] __counted_by(nr_filters); }; struct watch_queue {