[next] ASoC: sigmadsp: Add __counted_by for struct sigmadsp_data and use struct_size()
| Message ID | ZSRvh1j2MVVhuOUv@work |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:a888:0:b0:403:3b70:6f57 with SMTP id x8csp2128519vqo;
Mon, 9 Oct 2023 14:24:45 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IHDxn0SDuwVPEjT4VBnbgBjQeBhFGXOoXs1UMkgEHEiLL7/dTbTWDiS4pbZtTwwYXYasK9u
X-Received: by 2002:a05:6a20:938c:b0:14e:2208:d62f with SMTP id
x12-20020a056a20938c00b0014e2208d62fmr21781401pzh.22.1696886685041;
Mon, 09 Oct 2023 14:24:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696886685; cv=none;
d=google.com; s=arc-20160816;
b=Yhw9NRRotb4kHUiqepu86hbDwRcIB//BaVrikdKLOCXZTpiXocq4/2cuRpxNN3XFJ2
c3ygY+GOQSAG9Xsin8neZiszBMZnwDGby6tDakr9+V0W+xjNgM7sEgG/pZ/oMSCkazc3
Gwq7w1GRJG6bUqxS7U8+YKP9i8yqRzPqU39/MHrBfVjGdwjYkF9w+PSWA4RFWI36VObX
/b068Hgq/kxHolRIqhvn8FrkW8LgPZeRh0WFYBih7GuG9DjzmSybKiTrmJ9LvBzilODS
ZVelLAbHBjYrUbe+b0tTq53+5oBxIh49Rj5P7evLXxZe1+PV6o9M4wE0X+VuViFva+yn
qJRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-disposition:mime-version:message-id
:subject:cc:to:from:date:dkim-signature;
bh=MrrSxioCBF8bQ8gAFpfbPmCeJM6TzNvfWQMCPxj/Ehw=;
fh=KmHmHMF3ydm4hWYDKBwNBTUGezRUm/woSeKXCjNreq0=;
b=Ov1WrCYTDjd5n58bcJtj3iPaU9Rpg2bhdE/VKOKGS3O12547hccVQeKnIIfzsp0RSB
11D1hJJphEBEvwp7S0yFoMgxUQlFtuswUDJ8dsW3WyKov9Rca8B9OVV1YQpNazltsYwy
9FErVmIBhCQwBDmFtdGVjZlc1++A85FK0jz8chbKccHPCNCCAUKiHYlp3Co16wMT1TEy
MGCWX50Hn7i4ZKQvDjOgprrcw/TlFkqJJVxXzFY7q3Hpg1j+8rmLwObWMR2k3habmHvU
dA0lKgEygeGh5YWX9xCjYJbs/0zQIlqNjOCkM+s4oUwu0dkKtpzbWaFPKNJ9gvCSUV7N
rsBA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BiPv9zXm;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1])
by mx.google.com with ESMTPS id
bw21-20020a056a00409500b00690f8ed35dbsi7987898pfb.345.2023.10.09.14.24.44
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 09 Oct 2023 14:24:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
client-ip=2620:137:e000::3:1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BiPv9zXm;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by morse.vger.email (Postfix) with ESMTP id 550C380B908C;
Mon, 9 Oct 2023 14:24:42 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1378693AbjJIVYc (ORCPT <rfc822;makky5685@gmail.com> + 19 others);
Mon, 9 Oct 2023 17:24:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57460 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1378713AbjJIVY3 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 9 Oct 2023 17:24:29 -0400
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FECCAC
for <linux-kernel@vger.kernel.org>;
Mon, 9 Oct 2023 14:24:28 -0700 (PDT)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23F99C433C8;
Mon, 9 Oct 2023 21:24:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1696886667;
bh=WDmw1Lkn0054EpRVmv+kdxletOsKLERQEoDJyoxjqdU=;
h=Date:From:To:Cc:Subject:From;
b=BiPv9zXmszOBPcmG48Mh6TvipxEcahZxzlDRsWXYqdepL9wT7+Vn8qAY5HJ7EjURU
Qln+pgHxDCTi2UPs4OET/5c7iJUUFCiRHO9JGLHWFpXYeO5YDncD9yWizhmwYXue9h
nv1dAFqV9lXnXi/h4ohvwqR4qqVOtG6G374XjNxV8VpxEECu5li51qs8W1IzE9gpR6
E0Gksfg2Bm2vezhEWB4DcWlumpOW4kh5lq2tdYpBu0CQipPowOJtsU2v83LznaUWVe
tWcDxfnoLtKHEtcaYW2Q3uimxCCZ5mwulbBSf0j4vWVnkisSiIP2YHWmc9JWBe1U5m
/QHaWN9cUcofg==
Date: Mon, 9 Oct 2023 15:24:23 -0600
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
To: Lars-Peter Clausen <lars@metafoo.de>,
Nuno =?iso-8859-1?q?S=E1?= <nuno.sa@analog.com>,
Liam Girdwood <lgirdwood@gmail.com>, Mark Brown <broonie@kernel.org>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>
Cc: alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-hardening@vger.kernel.org
Subject: [PATCH][next] ASoC: sigmadsp: Add __counted_by for struct
sigmadsp_data and use struct_size()
Message-ID: <ZSRvh1j2MVVhuOUv@work>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=2.4 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]);
Mon, 09 Oct 2023 14:24:42 -0700 (PDT)
X-Spam-Level: **
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1779314652660679365
X-GMAIL-MSGID: 1779314652660679365
|
| Series |
[next] ASoC: sigmadsp: Add __counted_by for struct sigmadsp_data and use struct_size()
|
|
Commit Message
Gustavo A. R. Silva
Oct. 9, 2023, 9:24 p.m. UTC
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
While there, use struct_size() and size_sub() helpers, instead of the
open-coded version, to calculate the size for the allocation of the
whole flexible structure, including of course, the flexible-array
member.
This code was found with the help of Coccinelle, and audited and
fixed manually.
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
sound/soc/codecs/sigmadsp.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
Comments
On Mon, Oct 09, 2023 at 03:24:23PM -0600, Gustavo A. R. Silva wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > While there, use struct_size() and size_sub() helpers, instead of the > open-coded version, to calculate the size for the allocation of the > whole flexible structure, including of course, the flexible-array > member. > > This code was found with the help of Coccinelle, and audited and > fixed manually. > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > --- > sound/soc/codecs/sigmadsp.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/sound/soc/codecs/sigmadsp.c b/sound/soc/codecs/sigmadsp.c > index b93c078a8040..56546e2394ab 100644 > --- a/sound/soc/codecs/sigmadsp.c > +++ b/sound/soc/codecs/sigmadsp.c > @@ -43,7 +43,7 @@ struct sigmadsp_data { > uint32_t samplerates; > unsigned int addr; > unsigned int length; > - uint8_t data[]; > + uint8_t data[] __counted_by(length); > }; > > struct sigma_fw_chunk { > @@ -270,7 +270,7 @@ static int sigma_fw_load_data(struct sigmadsp *sigmadsp, > > length -= sizeof(*data_chunk); > > - data = kzalloc(sizeof(*data) + length, GFP_KERNEL); > + data = kzalloc(struct_size(data, data, length), GFP_KERNEL); > if (!data) > return -ENOMEM; > > @@ -413,7 +413,8 @@ static int process_sigma_action(struct sigmadsp *sigmadsp, > if (len < 3) > return -EINVAL; > > - data = kzalloc(sizeof(*data) + len - 2, GFP_KERNEL); > + data = kzalloc(struct_size(data, data, size_sub(len, 2)), > + GFP_KERNEL); Since len was just size-checked before the alloc, size_sub() is a bit of overkill, but it's not technically wrong. :P Reviewed-by: Kees Cook <keescook@chromium.org>
On 10/10/23 00:03, Kees Cook wrote: > On Mon, Oct 09, 2023 at 03:24:23PM -0600, Gustavo A. R. Silva wrote: >> Prepare for the coming implementation by GCC and Clang of the __counted_by >> attribute. Flexible array members annotated with __counted_by can have >> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for >> array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family >> functions). >> >> While there, use struct_size() and size_sub() helpers, instead of the >> open-coded version, to calculate the size for the allocation of the >> whole flexible structure, including of course, the flexible-array >> member. >> >> This code was found with the help of Coccinelle, and audited and >> fixed manually. >> >> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> >> --- >> sound/soc/codecs/sigmadsp.c | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) >> >> diff --git a/sound/soc/codecs/sigmadsp.c b/sound/soc/codecs/sigmadsp.c >> index b93c078a8040..56546e2394ab 100644 >> --- a/sound/soc/codecs/sigmadsp.c >> +++ b/sound/soc/codecs/sigmadsp.c >> @@ -43,7 +43,7 @@ struct sigmadsp_data { >> uint32_t samplerates; >> unsigned int addr; >> unsigned int length; >> - uint8_t data[]; >> + uint8_t data[] __counted_by(length); >> }; >> >> struct sigma_fw_chunk { >> @@ -270,7 +270,7 @@ static int sigma_fw_load_data(struct sigmadsp *sigmadsp, >> >> length -= sizeof(*data_chunk); >> >> - data = kzalloc(sizeof(*data) + length, GFP_KERNEL); >> + data = kzalloc(struct_size(data, data, length), GFP_KERNEL); >> if (!data) >> return -ENOMEM; >> >> @@ -413,7 +413,8 @@ static int process_sigma_action(struct sigmadsp *sigmadsp, >> if (len < 3) >> return -EINVAL; >> >> - data = kzalloc(sizeof(*data) + len - 2, GFP_KERNEL); >> + data = kzalloc(struct_size(data, data, size_sub(len, 2)), >> + GFP_KERNEL); > > Since len was just size-checked before the alloc, size_sub() is a bit of > overkill, but it's not technically wrong. :P Oops.. yep, you're right, I totally overlooked that check. > > Reviewed-by: Kees Cook <keescook@chromium.org> > Thanks! -- Gustavo
On Mon, 09 Oct 2023 15:24:23 -0600, Gustavo A. R. Silva wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > While there, use struct_size() and size_sub() helpers, instead of the > open-coded version, to calculate the size for the allocation of the > whole flexible structure, including of course, the flexible-array > member. > > [...] Applied to https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next Thanks! [1/1] ASoC: sigmadsp: Add __counted_by for struct sigmadsp_data and use struct_size() commit: 4f88c72b2479cca4a0d4de89b4cbb6f1b37ee96d All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark
diff --git a/sound/soc/codecs/sigmadsp.c b/sound/soc/codecs/sigmadsp.c index b93c078a8040..56546e2394ab 100644 --- a/sound/soc/codecs/sigmadsp.c +++ b/sound/soc/codecs/sigmadsp.c @@ -43,7 +43,7 @@ struct sigmadsp_data { uint32_t samplerates; unsigned int addr; unsigned int length; - uint8_t data[]; + uint8_t data[] __counted_by(length); }; struct sigma_fw_chunk { @@ -270,7 +270,7 @@ static int sigma_fw_load_data(struct sigmadsp *sigmadsp, length -= sizeof(*data_chunk); - data = kzalloc(sizeof(*data) + length, GFP_KERNEL); + data = kzalloc(struct_size(data, data, length), GFP_KERNEL); if (!data) return -ENOMEM; @@ -413,7 +413,8 @@ static int process_sigma_action(struct sigmadsp *sigmadsp, if (len < 3) return -EINVAL; - data = kzalloc(sizeof(*data) + len - 2, GFP_KERNEL); + data = kzalloc(struct_size(data, data, size_sub(len, 2)), + GFP_KERNEL); if (!data) return -ENOMEM;