On Tue, Oct 3, 2023 at 4:17 PM Kees Cook <keesc...@chromium.org> wrote:
>
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct mlx5_flow_handle.
>
> Cc: Saeed Mahameed <sae...@nvidia.com>
> Cc: Leon Romanovsky <l...@kernel.org>
> Cc: "David S. Miller" <da...@davemloft.net>
> Cc: Eric Dumazet <eduma...@google.com>
> Cc: Jakub Kicinski <k...@kernel.org>
> Cc: Paolo Abeni <pab...@redhat.com>
> Cc: net...@vger.kernel.org
> Cc: linux-r...@vger.kernel.org
> Link:
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> [1]
> Signed-off-by: Kees Cook <keesc...@chromium.org>
> ---
> drivers/net/ethernet/mellanox/mlx5/core/fs_core.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> index 4aed1768b85f..78eb6b7097e1 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> @@ -181,7 +181,7 @@ struct mlx5_flow_rule {
>
> struct mlx5_flow_handle {
> int num_rules;
> - struct mlx5_flow_rule *rule[];
> + struct mlx5_flow_rule *rule[] __counted_by(num_rules);
> };
Great patch!
handle->num_rules is properly assigned to before handle->rule
has any accesses.
handle = alloc_handle((dest_num) ? dest_num : 1);
then
static struct mlx5_flow_handle *alloc_handle(int num_rules) {
...
handle->num_rules = num_rules;
then
handle->rule[i] = rule;
Reviewed-by: Justin Stitt <justinst...@google.com>
>
> /* Type of children is mlx5_flow_group */
> --
> 2.34.1
>
>
Thanks
Justin
