Re: [PATCH] HID: uhid: refactor deprecated strncpy
Hi
On Fri, Sep 15, 2023, at 7:13 AM, Kees Cook wrote:
>> -/* @hid is zero-initialized, strncpy() is correct, strlcpy() not */
>> -len = min(sizeof(hid->name), sizeof(ev->u.create2.name)) - 1;
>> -strncpy(hid->name, ev->u.create2.name, len);
>> -len = min(sizeof(hid->phys), sizeof(ev->u.create2.phys)) - 1;
>> -strncpy(hid->phys, ev->u.create2.phys, len);
>> -len = min(sizeof(hid->uniq), sizeof(ev->u.create2.uniq)) - 1;
>> -strncpy(hid->uniq, ev->u.create2.uniq, len);
>
> ev->u.create2 is:
> struct uhid_create2_req {
> __u8 name[128];
> __u8 phys[64];
> __u8 uniq[64];
> ...
>
> hid is:
> struct hid_device { /* device report descriptor */
> ...
> char name[128]; /* Device name */
> char phys[64]; /* Device physical location */
> char uniq[64]; /* Device unique identifier (serial #) */
>
> So these "min" calls are redundant -- it wants to copy at most 1 less so
> it can be %NUL terminated. Which is what strscpy() already does. And
> source and dest are the same size, so we can't over-read source if it
> weren't terminated (since strscpy won't overread like strlcpy).
I *really* think we should keep the `min` calls. The compiler should already
optimize them away, as both arguments are compile-time constants. There is no
inherent reason why source and target are equal in size. Yes, it is unlikely to
change, but I don't understand why we would want to implicitly rely on it,
rather than make the compiler verify it for us. And `struct hid_device` is very
much allowed to change in the future.
As an alternative, you can use BUILD_BUG_ON() and verify both are equal in
length.
Thanks
David
[PATCH] printk: add cpu id information to printk() output
From: Enlin Mu
Sometimes we want to print cpu id of printk() messages to consoles
Signed-off-by: Enlin Mu
---
include/linux/threads.h | 3 +++
kernel/printk/printk.c | 18 +-
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/include/linux/threads.h b/include/linux/threads.h
index c34173e6c5f1..6700bd9a174f 100644
--- a/include/linux/threads.h
+++ b/include/linux/threads.h
@@ -34,6 +34,9 @@
#define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \
(sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT))
+#define CPU_ID_SHIFT 23
+#define CPU_ID_MASK 0xff80
+
/*
* Define a minimum number of pids per cpu. Heuristically based
* on original pid max of 32k for 32 cpus. Also, increase the
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 7e0b4dd02398..f3f3ca89b251 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -629,8 +629,12 @@ static ssize_t info_print_ext_header(char *buf, size_t
size,
#ifdef CONFIG_PRINTK_CALLER
u32 id = info->caller_id;
- snprintf(caller, sizeof(caller), ",caller=%c%u",
-id & 0x8000 ? 'C' : 'T', id & ~0x8000);
+ if (id&0x8000)
+ snprintf(caller, sizeof(caller), ",caller=C%u",
+ id & ~0x8000);
+ else
+ snprintf(caller, sizeof(caller), ",caller=T%uC%u",
+ id & ~CPU_ID_MASK, id >> CPU_ID_SHIFT);
#else
caller[0] = '\0';
#endif
@@ -1333,8 +1337,12 @@ static size_t print_caller(u32 id, char *buf)
{
char caller[12];
- snprintf(caller, sizeof(caller), "%c%u",
-id & 0x8000 ? 'C' : 'T', id & ~0x8000);
+ if (id & 0x8000)
+ snprintf(caller, sizeof(caller), "C%u",
+ id & ~0x8000);
+ else
+ snprintf(caller, sizeof(caller), "T%uC%u",
+ id & ~CPU_ID_MASK, id >> CPU_ID_SHIFT);
return sprintf(buf, "[%6s]", caller);
}
#else
@@ -2069,7 +2077,7 @@ static inline void printk_delay(int level)
static inline u32 printk_caller_id(void)
{
- return in_task() ? task_pid_nr(current) :
+ return in_task() ? task_pid_nr(current) | (smp_processor_id() <<
CPU_ID_SHIFT) :
0x8000 + smp_processor_id();
}
--
2.25.1
Re: [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super
On Thu, Sep 14, 2023 at 08:23:31PM +0100, Al Viro wrote: > On Thu, Sep 14, 2023 at 05:58:05PM +0100, Al Viro wrote: > > > Incidentally, I'm going to add a (belated by 10 years) chunk in porting.rst > > re making sure that anything in superblock that might be needed by methods > > called in RCU mode should *not* be freed without an RCU delay... Should've > > done that back in 3.12 merge window when RCU'd vfsmounts went in; as it > > is, today we have several filesystems with exact same kind of breakage. > > hfsplus and affs breakage had been there in 3.13 (missed those two), exfat > > and ntfs3 - introduced later, by initial merges of filesystems in question. > > Missed on review... > > > > Hell knows - perhaps Documentation/filesystems/whack-a-mole might be a good > > idea... pitfalls.rst or common-bugs.rst or something like that. > > Actually, utf8 casefolding stuff also has the same problem, so ext4 and f2fs > with casefolding are also affected ;-/
Re: [ANNOUNCE and CfP] Live Patching MC at LPC 2023
Hello, On Fri, 11 Aug 2023, Miroslav Benes wrote: > Hi, > > On Wed, 14 Jun 2023, Miroslav Benes wrote: > > > Hello, > > > > the Live Patching Microconference for Linux Plumbers Conference 2023 has > > been accepted. > > > > It is possible to submit topic proposals and abstracts for the > > microconference through Indico system linked at [1]. I welcome you to do > > so. Submissions should then be published at [2]. > > > > The rest still remains to be sorted out. Joe and I will share information > > as it is available. > > > > The registration will open soon [3]. > > > > See you in Richmond! > > > > Miroslav > > > > [1] https://lpc.events/event/17/abstracts/ > > [2] https://lpc.events/event/17/contributions/1405/ > > [3] > > https://lpc.events/blog/current/index.php/2023/06/14/registration-for-lpc-2023-is-almost-here/ > > Live Patching MC CfP blog post was published at > https://lpc.events/blog/current/index.php/2023/08/09/live-patching-mc-cfp/ > > Let me use the opportunity to also encourage you to submit topics for the > MC as mentioned above. ...and this is the last call. If you still want to submit a topic for the MC, please do so as soon as possible. Thank you, Miroslav
Re: [PATCH] printk: add cpu id information to printk() output
On 2023-09-15, Enlin Mu wrote: > Sometimes we want to print cpu id of printk() messages to consoles > > diff --git a/include/linux/threads.h b/include/linux/threads.h > index c34173e6c5f1..6700bd9a174f 100644 > --- a/include/linux/threads.h > +++ b/include/linux/threads.h > @@ -34,6 +34,9 @@ > #define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \ > (sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT)) > > +#define CPU_ID_SHIFT 23 > +#define CPU_ID_MASK 0xff80 This only supports 256 CPUs. I think it doesn't make sense to try to squish CPU and Task IDs into 32 bits. What about introducing a caller_id option to always only print the CPU ID? Or do you really need Task _and_ CPU? John Ogness
Re: [PATCH] printk: add cpu id information to printk() output
John Ogness 于2023年9月15日周五 16:34写道: > > On 2023-09-15, Enlin Mu wrote: > > Sometimes we want to print cpu id of printk() messages to consoles > > > > diff --git a/include/linux/threads.h b/include/linux/threads.h > > index c34173e6c5f1..6700bd9a174f 100644 > > --- a/include/linux/threads.h > > +++ b/include/linux/threads.h > > @@ -34,6 +34,9 @@ > > #define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \ > > (sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT)) > > > > +#define CPU_ID_SHIFT 23 > > +#define CPU_ID_MASK 0xff80 > > This only supports 256 CPUs. I think it doesn't make sense to try to > squish CPU and Task IDs into 32 bits. Yes, it is not good way, > > What about introducing a caller_id option to always only print the CPU > ID? Or do you really need Task _and_ CPU? Yes, I need it.Because I need to know which CPU is printing the log, so that I can identify the current system operation, such as load situation and CPU busy/idle status > > John Ogness Thanks Enlin
Re: [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super
On Thu, Sep 14, 2023 at 05:58:05PM +0100, Al Viro wrote: > On Thu, Sep 14, 2023 at 04:02:25PM +0200, Christian Brauner wrote: > > > Yes, you're right that making the superblock and not the filesytem type > > the bd_holder changes the logic and we are aware of that of course. And > > it requires changes such as moving additional block device closing from > > where some callers currently do it. > > Details, please? Filesystems like xfs and ext4 that closed additional block devices (For example, the logdev= mount option for xfs.) in put_super() could go through stuff like: blkdev_put() -> bdev->bd_disk->fops->release() == lo_release() -> __loop_clr_fd() -> disk_force_media_change() -> __invalidate_device() -> get_super() which wouldn't have been a problem before because get_super() matched on sb->s_bdev which obviously doesn't work because a log device or rt device or whatever isn't the main block device. So we couldn't have deadlocked. But the fact that it is called in that manner from that place in the first place is wildly adventurous especially considering that there isn't __a single comment__ in that code why that is safe. So good luck figuring this all out. Now that we don't have to do that s_bdev matching thing anymore because we directly associate the superblock with the block device we can go straight from block device to superblock. But now calling blkdev_put() under put_super() which holds s_umount could deadlock. So it's moved to kill_sb where it should've always been called. Even without the potential deadlock in the new scheme that's cleaner and easier to understand imho and it just works for any block device. > Note that Christoph's series has mashed (2) and (3) together, resulting > in UAF in a bunch of places. And I'm dead serious about Yes, that I did fix as far as I'm aware. If the rules would've been written down where when something was freed we would've had an easier time figuring this out though. But they weren't so we missed it. > Documentation/filesystems/porting being the right place; any development Yes, agreed. I'll write a document for Christoph's next version. I know that what you're saying is roughly that we shouldn't make the same mistake as were done before but the fact that the old lifetime rules weren't documented in any meaningful way and now we get grumbled at in turn makes me grumble a bit. :) But overall point duly taken. > tree of any filesystem (in-tree one or not) will have to go through the > changes and figure out WTF to do with their existing code. We are > going to play whack-a-mole for at least several years as development > branches get rebased and merged. Let me write something up. > > Incidentally, I'm going to add a (belated by 10 years) chunk in porting.rst > re making sure that anything in superblock that might be needed by methods > called in RCU mode should *not* be freed without an RCU delay... Should've > done that back in 3.12 merge window when RCU'd vfsmounts went in; as it > is, today we have several filesystems with exact same kind of breakage. > hfsplus and affs breakage had been there in 3.13 (missed those two), exfat > and ntfs3 - introduced later, by initial merges of filesystems in question. > Missed on review... Cool, thanks for adding that.
Re: [PATCH] printk: add cpu id information to printk() output
On Fri, Sep 15, 2023 at 03:40:34PM +0800, Enlin Mu wrote: > From: Enlin Mu > > Sometimes we want to print cpu id of printk() messages to consoles This is rejected every few years. What has changes from the previous times this was sent? And why can't you use trace_printk()? thanks, greg k-h
Re: [PATCH] printk: add cpu id information to printk() output
On Fri, Sep 15, 2023 at 04:46:02PM +0800, Enlin Mu wrote: > John Ogness 于2023年9月15日周五 16:34写道: > > > > On 2023-09-15, Enlin Mu wrote: > > > Sometimes we want to print cpu id of printk() messages to consoles > > > > > > diff --git a/include/linux/threads.h b/include/linux/threads.h > > > index c34173e6c5f1..6700bd9a174f 100644 > > > --- a/include/linux/threads.h > > > +++ b/include/linux/threads.h > > > @@ -34,6 +34,9 @@ > > > #define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \ > > > (sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT)) > > > > > > +#define CPU_ID_SHIFT 23 > > > +#define CPU_ID_MASK 0xff80 > > > > This only supports 256 CPUs. I think it doesn't make sense to try to > > squish CPU and Task IDs into 32 bits. > Yes, it is not good way, > > > > What about introducing a caller_id option to always only print the CPU > > ID? Or do you really need Task _and_ CPU? >Yes, I need it.Because I need to know which CPU is printing the > log, so that I can identify the current system operation, such as load > situation and CPU busy/idle status The cpu that is printing the log isn't the one that added the log message, so I think you will have incorrect data here, right? thanks, greg k-h
Re: [PATCH] tracing/synthetic: Print out u64 values properly
Hi Masami,
On 15/09/2023 09:01, Masami Hiramatsu (Google) wrote:
Hi Tero,
On Mon, 11 Sep 2023 17:17:04 +0300
Tero Kristo wrote:
The synth traces incorrectly print pointer to the synthetic event values
instead of the actual value when using u64 type. Fix by addressing the
contents of the union properly.
Thanks for pointing it out.
But I would like to see a new "case 8:" print code instead of changing
"default". Can you keep the default as it is and add "case 8:" case there?
Are you sure about that? I think keeping the default as is would just
print out a useless pointer value to the synth event itself (which is
what happened with u64 type.)
Anyways, that requires a new patch to be created on top as this has hit
the mainline as a fix already.
-Tero
Thanks,
Fixes: ddeea494a16f ("tracing/synthetic: Use union instead of casts")
Cc: sta...@vger.kernel.org
Signed-off-by: Tero Kristo
---
kernel/trace/trace_events_synth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/trace_events_synth.c
b/kernel/trace/trace_events_synth.c
index 7fff8235075f..070365959c0a 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -337,7 +337,7 @@ static void print_synth_event_num_val(struct trace_seq *s,
break;
default:
- trace_seq_printf(s, print_fmt, name, val, space);
+ trace_seq_printf(s, print_fmt, name, val->as_u64, space);
break;
}
}
--
2.40.1
Re: [PATCH] firmware: ti_sci: refactor deprecated strncpy
On 21:03-20230914, Kees Cook wrote: > On Wed, Sep 13, 2023 at 08:23:02PM +, Justin Stitt wrote: > > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > > > We should prefer more robust and less ambiguous string interfaces. > > > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > > NUL-termination on the destination buffer. > > > > It does not seem like `ver->firmware_description` requires NUL-padding > > (which is a behavior that strncpy provides) but if it does let's opt for > > `strscpy_pad()`. > > > > Link: > > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > > [1] > > Link: > > https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-harden...@vger.kernel.org > > Signed-off-by: Justin Stitt > > Looks right to me. > > Reviewed-by: Kees Cook Does this belong to stable as well? If so, please add appropriate stable process. -- Regards, Nishanth Menon Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3 1A34 DDB5 849D 1736 249D
[PATCH] tools/rtla: Do not stop user-space if a cpu is offline
If no CPU list is passed, timerlat in user-space will dispatch
one thread per sysconf(_SC_NPROCESSORS_CONF). However, not all
CPU might be available, for instance, if HT is disabled.
Currently, rtla timerlat is stopping the session if an user-space
thread cannot set affinity to a CPU, or if a running user-space
thread is killed. However, this is too restrictive.
So, reduce the error to a debug message, and rtla timerlat run as
long as there is at least one user-space thread alive.
Fixes: cdca4f4e5e8e ("rtla/timerlat_top: Add timerlat user-space support")
Signed-off-by: Daniel Bristot de Oliveira
---
tools/tracing/rtla/src/timerlat_u.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/tracing/rtla/src/timerlat_u.c
b/tools/tracing/rtla/src/timerlat_u.c
index 05e310696dd5..01dbf9a6b5a5 100644
--- a/tools/tracing/rtla/src/timerlat_u.c
+++ b/tools/tracing/rtla/src/timerlat_u.c
@@ -45,7 +45,7 @@ static int timerlat_u_main(int cpu, struct timerlat_u_params
*params)
retval = sched_setaffinity(gettid(), sizeof(set), &set);
if (retval == -1) {
- err_msg("Error setting user thread affinity\n");
+ debug_msg("Error setting user thread affinity %d, is the CPU
online?\n", cpu);
exit(1);
}
@@ -193,7 +193,9 @@ void *timerlat_u_dispatcher(void *data)
procs_count--;
}
}
- break;
+
+ if (!procs_count)
+ break;
}
sleep(1);
--
2.38.1
Re: [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super
> > tree of any filesystem (in-tree one or not) will have to go through the > > changes and figure out WTF to do with their existing code. We are > > going to play whack-a-mole for at least several years as development > > branches get rebased and merged. > > Let me write something up. So here I've written two porting.rst patches that aim to reflect the current state of things (They do _not_ reflect what's in Christoph's series here as that'ss again pretty separate and will require additional spelling out.). I'm adding explanation for both the old and new logic fwiw. I hope to upstream these docs soon so we all have something to point to. >From 200666901f53db74edf309d48e3c74fd275a822a Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 15 Sep 2023 16:01:02 +0200 Subject: [PATCH 1/2] porting: document new block device opening order Signed-off-by: Christian Brauner --- Documentation/filesystems/porting.rst | 24 1 file changed, 24 insertions(+) diff --git a/Documentation/filesystems/porting.rst b/Documentation/filesystems/porting.rst index deac4e973ddc..f436b64b77bf 100644 --- a/Documentation/filesystems/porting.rst +++ b/Documentation/filesystems/porting.rst @@ -949,3 +949,27 @@ mmap_lock held. All in-tree users have been audited and do not seem to depend on the mmap_lock being held, but out of tree users should verify for themselves. If they do need it, they can return VM_FAULT_RETRY to be called with the mmap_lock held. + +--- + +**mandatory** + +The order of opening block devices and matching or creating superblocks has +changed. + +The old logic opened block devices first and then tried to find a +suitable superblock to reuse based on the block device pointer. + +The new logic finds or creates a superblock first, opening block devices +afterwards. Since opening block devices cannot happen under s_umount because of +lock ordering requirements s_umount is now dropped while opening block +devices and reacquired before calling fill_super(). + +In the old logic concurrent mounters would find the superblock on the list of +active superblock for the filesystem type. Since the first opener of the block +device would hold s_umount they would wait until the superblock became either +born or died prematurely due to initialization failure. + +Since the new logic drops s_umount concurrent mounters could grab s_umount and +would spin. Instead they are now made to wait using an explicit wait-wake +mechanism without having to hold s_umount. -- 2.34.1 >From 1f09898322b4402219d8d3219d399c9e56a76bae Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 15 Sep 2023 16:01:40 +0200 Subject: [PATCH 2/2] porting: document superblock as block device holder Signed-off-by: Christian Brauner --- Documentation/filesystems/porting.rst | 79 +++ 1 file changed, 79 insertions(+) diff --git a/Documentation/filesystems/porting.rst b/Documentation/filesystems/porting.rst index f436b64b77bf..fefefaf289b4 100644 --- a/Documentation/filesystems/porting.rst +++ b/Documentation/filesystems/porting.rst @@ -973,3 +973,82 @@ born or died prematurely due to initialization failure. Since the new logic drops s_umount concurrent mounters could grab s_umount and would spin. Instead they are now made to wait using an explicit wait-wake mechanism without having to hold s_umount. + +--- + +**mandatory** + +The holder of a block device is now the superblock. + +The holder of a block device used to be the file_system_type which wasn't +particularly useful. It wasn't possible to go from block device to owning +superblock without matching on the device pointer stored in the superblock. +This mechanism would only work for a single device so the block layer couldn't +find the owning superblock associated with additional devices. + +In the old mechanism reusing or creating a superblock for racing mount(2) and +umount(2) relied on the file_system_type as the holder. This was severly +underdocumented however: + +(1) If the concurrent mount(2) managed to grab an active reference before the +umount(2) dropped the last active reference in deactivate_locked_super() +the mounter would simply reuse the existing superblock. + +(2) If the mounter came after deactivate_locked_super() but before +the superblock had been removed from the list of superblocks of the +filesystem type the mounter would wait until the superblock was shutdown +and allocated a new superblock. + +(3) If the mounter came after deactivate_locked_super() and after +the superblock had been removed from the list of superblocks of the +filesystem type the mounter would allocate a new superblock. + +Because the holder of the block device was the filesystem type any concurrent +mounter could open the block device without risking seeing EBUSY because the +block device was still in use. + +Making the superblock the owner of the block device changes this as the holder +is now a unique superb
Re: [PATCH] tracing/synthetic: Print out u64 values properly
Hi Tero,
On Fri, 15 Sep 2023 13:46:45 +0300
Tero Kristo wrote:
> Hi Masami,
>
> On 15/09/2023 09:01, Masami Hiramatsu (Google) wrote:
> > Hi Tero,
> >
> > On Mon, 11 Sep 2023 17:17:04 +0300
> > Tero Kristo wrote:
> >
> >> The synth traces incorrectly print pointer to the synthetic event values
> >> instead of the actual value when using u64 type. Fix by addressing the
> >> contents of the union properly.
> > Thanks for pointing it out.
> > But I would like to see a new "case 8:" print code instead of changing
> > "default". Can you keep the default as it is and add "case 8:" case there?
>
> Are you sure about that? I think keeping the default as is would just
> print out a useless pointer value to the synth event itself (which is
> what happened with u64 type.)
Yeah, I think the "default" here means no correct way to show the value
in it. So anyway, if we know the size is 8 and there is val->as_u64,
there should be "case 8:".
>
> Anyways, that requires a new patch to be created on top as this has hit
> the mainline as a fix already.
Oops, I missed that.
Thank you!
>
> -Tero
>
>
> >
> > Thanks,
> >
> >> Fixes: ddeea494a16f ("tracing/synthetic: Use union instead of casts")
> >> Cc: sta...@vger.kernel.org
> >> Signed-off-by: Tero Kristo
> >> ---
> >> kernel/trace/trace_events_synth.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/kernel/trace/trace_events_synth.c
> >> b/kernel/trace/trace_events_synth.c
> >> index 7fff8235075f..070365959c0a 100644
> >> --- a/kernel/trace/trace_events_synth.c
> >> +++ b/kernel/trace/trace_events_synth.c
> >> @@ -337,7 +337,7 @@ static void print_synth_event_num_val(struct trace_seq
> >> *s,
> >>break;
> >>
> >>default:
> >> - trace_seq_printf(s, print_fmt, name, val, space);
> >> + trace_seq_printf(s, print_fmt, name, val->as_u64, space);
> >>break;
> >>}
> >> }
> >> --
> >> 2.40.1
> >>
> >
--
Masami Hiramatsu (Google)
Re: [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super
On Fri, Sep 15, 2023 at 04:12:07PM +0200, Christian Brauner wrote:
> + static void some_fs_kill_sb(struct super_block *sb)
> + {
> + struct some_fs_info *info = sb->s_fs_info;
> +
> + kill_*_super(sb);
> + kfree(info);
> + }
> +
> +It's best practice to never deviate from this pattern.
The last part is flat-out incorrect. If e.g. fatfs or cifs ever switches
to that pattern, you'll get UAF - they need freeing of ->s_fs_info
of anything that ever had been mounted done with RCU delay; moreover,
unload_nls() in fatfs needs to be behind the same.
Lifetime rules for fs-private parts of superblock are really private to
filesystem; their use by sget/sget_fc callbacks might impose restrictions
on those, but that again is none of the VFS business.
Re: [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super
On Fri, Sep 15, 2023 at 03:28:14PM +0100, Al Viro wrote:
> On Fri, Sep 15, 2023 at 04:12:07PM +0200, Christian Brauner wrote:
> > + static void some_fs_kill_sb(struct super_block *sb)
> > + {
> > + struct some_fs_info *info = sb->s_fs_info;
> > +
> > + kill_*_super(sb);
> > + kfree(info);
> > + }
> > +
> > +It's best practice to never deviate from this pattern.
>
> The last part is flat-out incorrect. If e.g. fatfs or cifs ever switches
> to that pattern, you'll get UAF - they need freeing of ->s_fs_info
> of anything that ever had been mounted done with RCU delay; moreover,
> unload_nls() in fatfs needs to be behind the same.
>
> Lifetime rules for fs-private parts of superblock are really private to
> filesystem; their use by sget/sget_fc callbacks might impose restrictions
> on those, but that again is none of the VFS business.
PS: and no, we don't want to impose such RCU delay on every filesystem
out there; what's more, there's nothing to prohibit e.g. having ->s_fs_info
pointing to a refcounted fs-private object (possibly shared by various
superblocks), so freeing might very well be "drop the reference and destroy
if refcount has reached 0".
Re: [PATCH] tracing/synthetic: Print out u64 values properly
On Fri, 15 Sep 2023 23:16:13 +0900 Masami Hiramatsu (Google) wrote: > > Anyways, that requires a new patch to be created on top as this has hit > > the mainline as a fix already. > > Oops, I missed that. Yeah, I took that because it matched the original case, which was it being u64. -- Steve
Re: [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super
> Lifetime rules for fs-private parts of superblock are really private to Fine, I'll drop that. It's still correct that a filesystem needs to take care when it frees sb->s_fs_info. See the RCU fun you just encountered.
[PATCH] tracing/timerlat: Hotplug support for the user-space interface
The osnoise/per_cpu/CPU$/timerlat_fd is create for each possible
CPU, but it might create confusion if the CPU is not online.
Create the file only for online CPUs, also follow hotplug by
creating and deleting as CPUs come and go.
Fixes: e88ed227f639 ("tracing/timerlat: Add user-space interface")
Signed-off-by: Daniel Bristot de Oliveira
---
kernel/trace/trace_osnoise.c | 101 ++-
1 file changed, 77 insertions(+), 24 deletions(-)
diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c
index bd0d01d00fb9..1af01eec3e36 100644
--- a/kernel/trace/trace_osnoise.c
+++ b/kernel/trace/trace_osnoise.c
@@ -229,6 +229,19 @@ static inline struct osnoise_variables
*this_cpu_osn_var(void)
}
#ifdef CONFIG_TIMERLAT_TRACER
+
+/*
+ * osnoise/per_cpu dir
+ */
+static struct dentry *osnoise_per_cpu_fd;
+
+struct osnoise_per_cpu_dir {
+ struct dentry *root;
+ struct dentry *timerlat_fd;
+};
+
+static DEFINE_PER_CPU(struct osnoise_per_cpu_dir, osnoise_per_cpu_dir);
+
/*
* Runtime information for the timer mode.
*/
@@ -2000,6 +2013,9 @@ static int start_kthread(unsigned int cpu)
char comm[24];
if (timerlat_enabled()) {
+ if (!test_bit(OSN_WORKLOAD, &osnoise_options))
+ return 0;
+
snprintf(comm, 24, "timerlat/%d", cpu);
main = timerlat_main;
} else {
@@ -2065,19 +2081,64 @@ static int start_per_cpu_kthreads(void)
return retval;
}
+#ifdef CONFIG_TIMERLAT_TRACER
+static const struct file_operations timerlat_fd_fops;
+static int timerlat_add_per_cpu_interface(long cpu)
+{
+ struct dentry *timerlat_fd, *cpu_dir_fd;
+ char cpu_str[30]; /* see trace.c: tracing_init_tracefs_percpu() */
+
+ if (!osnoise_per_cpu_fd)
+ return 0;
+
+ snprintf(cpu_str, 30, "cpu%ld", cpu);
+ cpu_dir_fd = tracefs_create_dir(cpu_str, osnoise_per_cpu_fd);
+
+ if (cpu_dir_fd) {
+ timerlat_fd = trace_create_file("timerlat_fd", TRACE_MODE_READ,
+ cpu_dir_fd, NULL,
&timerlat_fd_fops);
+ WARN_ON_ONCE(!timerlat_fd);
+ per_cpu_ptr(&osnoise_per_cpu_dir, cpu)->root = cpu_dir_fd;
+ per_cpu_ptr(&osnoise_per_cpu_dir, cpu)->timerlat_fd =
timerlat_fd;
+
+ /* Record the CPU */
+ d_inode(timerlat_fd)->i_cdev = (void *)(cpu);
+
+ return 0;
+ }
+
+ return -ENOMEM;
+}
+
+static void timerlat_rm_per_cpu_interface(long cpu)
+{
+ struct dentry *cpu_dir = per_cpu_ptr(&osnoise_per_cpu_dir, cpu)->root;
+
+ if (cpu_dir) {
+ tracefs_remove(cpu_dir);
+ per_cpu_ptr(&osnoise_per_cpu_dir, cpu)->root = NULL;
+ per_cpu_ptr(&osnoise_per_cpu_dir, cpu)->timerlat_fd = NULL;
+ }
+}
+#else
+static int timerlat_add_per_cpu_interface(long cpu) { return 0; };
+static void timerlat_rm_per_cpu_interface(long cpu) {};
+#endif
+
#ifdef CONFIG_HOTPLUG_CPU
static void osnoise_hotplug_workfn(struct work_struct *dummy)
{
unsigned int cpu = smp_processor_id();
mutex_lock(&trace_types_lock);
-
- if (!osnoise_has_registered_instances())
- goto out_unlock_trace;
-
mutex_lock(&interface_lock);
cpus_read_lock();
+ timerlat_add_per_cpu_interface(cpu);
+
+ if (!osnoise_has_registered_instances())
+ goto out_unlock;
+
if (!cpumask_test_cpu(cpu, &osnoise_cpumask))
goto out_unlock;
@@ -2086,7 +2147,6 @@ static void osnoise_hotplug_workfn(struct work_struct
*dummy)
out_unlock:
cpus_read_unlock();
mutex_unlock(&interface_lock);
-out_unlock_trace:
mutex_unlock(&trace_types_lock);
}
@@ -2106,6 +2166,7 @@ static int osnoise_cpu_init(unsigned int cpu)
*/
static int osnoise_cpu_die(unsigned int cpu)
{
+ timerlat_rm_per_cpu_interface(cpu);
stop_kthread(cpu);
return 0;
}
@@ -2708,10 +2769,7 @@ static int init_timerlat_stack_tracefs(struct dentry
*top_dir)
static int osnoise_create_cpu_timerlat_fd(struct dentry *top_dir)
{
- struct dentry *timerlat_fd;
- struct dentry *per_cpu;
- struct dentry *cpu_dir;
- char cpu_str[30]; /* see trace.c: tracing_init_tracefs_percpu() */
+ int retval;
long cpu;
/*
@@ -2720,29 +2778,24 @@ static int osnoise_create_cpu_timerlat_fd(struct dentry
*top_dir)
* Because osnoise/timerlat have a single workload, having
* multiple files like these are wast of memory.
*/
- per_cpu = tracefs_create_dir("per_cpu", top_dir);
- if (!per_cpu)
+ osnoise_per_cpu_fd = tracefs_create_dir("per_cpu", top_dir);
+ if (!osnoise_per_cpu_fd)
return -ENOMEM;
- for_each_possible_cpu(cpu) {
- snprintf(cpu_str, 30, "cpu%ld", cpu);
- cpu_dir = tracefs_create_dir(c
Re: [PATCH v2 1/2] ACPI: NFIT: Fix incorrect calculation of idt size
Yu Liao wrote:
> acpi_nfit_interleave's field 'line_offset' is switched to flexible array [1],
> but sizeof_idt() still calculates the size in the form of 1-element array.
>
> Therefore, fix incorrect calculation in sizeof_idt().
>
> [1] https://lore.kernel.org/lkml/2652195.BddDVKsqQX@kreacher/
>
> Fixes: 2a5ab99847bd ("ACPICA: struct acpi_nfit_interleave: Replace 1-element
> array with flexible array")
> Cc: sta...@vger.kernel.org # v6.4+
> Signed-off-by: Yu Liao
> Reviewed-by: Dave Jiang
Reviewed-by: Ira Weiny
> ---
> v1 -> v2: add Dave's review tag and cc nvd...@lists.linux.dev
> ---
> drivers/acpi/nfit/core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
> index 07204d482968..305f590c54a8 100644
> --- a/drivers/acpi/nfit/core.c
> +++ b/drivers/acpi/nfit/core.c
> @@ -855,7 +855,7 @@ static size_t sizeof_idt(struct acpi_nfit_interleave *idt)
> {
> if (idt->header.length < sizeof(*idt))
> return 0;
> - return sizeof(*idt) + sizeof(u32) * (idt->line_count - 1);
> + return sizeof(*idt) + sizeof(u32) * idt->line_count;
> }
>
> static bool add_idt(struct acpi_nfit_desc *acpi_desc,
> --
> 2.25.1
>
Re: [PATCH v2 2/2] ACPI: NFIT: use struct_size() helper
Yu Liao wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worst scenario, could lead to heap overflows.
>
> Signed-off-by: Yu Liao
> Reviewed-by: Dave Jiang
Reviewed-by: Ira Weiny
> ---
> drivers/acpi/nfit/core.c | 10 --
> 1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
> index 305f590c54a8..2f7217600307 100644
> --- a/drivers/acpi/nfit/core.c
> +++ b/drivers/acpi/nfit/core.c
> @@ -712,8 +712,7 @@ static bool add_spa(struct acpi_nfit_desc *acpi_desc,
> }
> }
>
> - nfit_spa = devm_kzalloc(dev, sizeof(*nfit_spa) + sizeof_spa(spa),
> - GFP_KERNEL);
> + nfit_spa = devm_kzalloc(dev, struct_size(nfit_spa, spa, 1), GFP_KERNEL);
> if (!nfit_spa)
> return false;
> INIT_LIST_HEAD(&nfit_spa->list);
> @@ -741,7 +740,7 @@ static bool add_memdev(struct acpi_nfit_desc *acpi_desc,
> return true;
> }
>
> - nfit_memdev = devm_kzalloc(dev, sizeof(*nfit_memdev) + sizeof(*memdev),
> + nfit_memdev = devm_kzalloc(dev, struct_size(nfit_memdev, memdev, 1),
> GFP_KERNEL);
> if (!nfit_memdev)
> return false;
> @@ -812,8 +811,7 @@ static bool add_dcr(struct acpi_nfit_desc *acpi_desc,
> return true;
> }
>
> - nfit_dcr = devm_kzalloc(dev, sizeof(*nfit_dcr) + sizeof(*dcr),
> - GFP_KERNEL);
> + nfit_dcr = devm_kzalloc(dev, struct_size(nfit_dcr, dcr, 1), GFP_KERNEL);
> if (!nfit_dcr)
> return false;
> INIT_LIST_HEAD(&nfit_dcr->list);
> @@ -855,7 +853,7 @@ static size_t sizeof_idt(struct acpi_nfit_interleave *idt)
> {
> if (idt->header.length < sizeof(*idt))
> return 0;
> - return sizeof(*idt) + sizeof(u32) * idt->line_count;
> + return struct_size(idt, line_offset, idt->line_count);
> }
>
> static bool add_idt(struct acpi_nfit_desc *acpi_desc,
> --
> 2.25.1
>
Re: [PATCH v4 03/18] x86/sgx: Add sgx_epc_lru_lists to encapsulate LRU lists
On Thu, 14 Sep 2023 05:31:30 -0500, Huang, Kai wrote: Some non-technical staff: On Tue, 2023-09-12 at 21:06 -0700, Haitao Huang wrote: From: Kristen Carlson Accardi The patch was from Kristen, but ... Introduce a data structure to wrap the existing reclaimable list and its spinlock. Each cgroup later will have one instance of this structure to track EPC pages allocated for processes associated with the same cgroup. Just like the global SGX reclaimer (ksgxd), an EPC cgroup reclaims pages from the reclaimable list in this structure when its usage reaches near its limit. Currently, ksgxd does not track the VA, SECS pages. They are considered as 'unreclaimable' pages that are only deallocated when their respective owning enclaves are destroyed and all associated resources released. When an EPC cgroup can not reclaim any more reclaimable EPC pages to reduce its usage below its limit, the cgroup must also reclaim those unreclaimables by killing their owning enclaves. The VA and SECS pages later are also tracked in an 'unreclaimable' list added to this structure to support this OOM killing of enclaves. Signed-off-by: Sean Christopherson Signed-off-by: Kristen Carlson Accardi ... it was firstly signed by Sean and then Kristen, which doesn't sound right. If the patch was from Kristen, then either Sean's SoB should come after Kristen's (which means Sean took Kristen's patch and signed it), or you need to have a Co-developed-by tag for Sean right before his SoB (which indicates Sean participated in the development of the patch but likely he wasn't the main developer). But I _guess_ the patch was just from Sean. From what I see: In v1 kristen included a "From" tsg for Sean. In v2 she split the original patch into two and added some wrappers/ At that time, she removed the "From" tag for both patches but kept the SOB and CC. @Kristen, could you confirm? I only removed the wrappers from v2 based on Dave's comments. So if confirmed by Kristen, should we add "From" tag for Sean? I'll double check the other patches. Thanks Haitao
RE: [PATCH] printk: add cpu id information to printk() output
> + return in_task() ? task_pid_nr(current) | (smp_processor_id() << > CPU_ID_SHIFT) : There are contexts and CONFIG options around pre-emption where smp_processor_id() will throw a warning. Use raw_smp_processor_id(). -Tony
Re: [PATCH] printk: add cpu id information to printk() output
On Fri 2023-09-15 11:53:13, Greg KH wrote:
> On Fri, Sep 15, 2023 at 04:46:02PM +0800, Enlin Mu wrote:
> > John Ogness 于2023年9月15日周五 16:34写道:
> > >
> > > On 2023-09-15, Enlin Mu wrote:
> > > > Sometimes we want to print cpu id of printk() messages to consoles
> > > >
> > > > diff --git a/include/linux/threads.h b/include/linux/threads.h
> > > > index c34173e6c5f1..6700bd9a174f 100644
> > > > --- a/include/linux/threads.h
> > > > +++ b/include/linux/threads.h
> > > > @@ -34,6 +34,9 @@
> > > > #define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \
> > > > (sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT))
> > > >
> > > > +#define CPU_ID_SHIFT 23
> > > > +#define CPU_ID_MASK 0xff80
> > >
> > > This only supports 256 CPUs. I think it doesn't make sense to try to
> > > squish CPU and Task IDs into 32 bits.
> > Yes, it is not good way,
> > >
> > > What about introducing a caller_id option to always only print the CPU
> > > ID? Or do you really need Task _and_ CPU?
> >Yes, I need it.Because I need to know which CPU is printing the
> > log, so that I can identify the current system operation, such as load
> > situation and CPU busy/idle status
>
> The cpu that is printing the log isn't the one that added the log
> message, so I think you will have incorrect data here, right?
We already store some metadata about the caller:
* All fields are set by the printk code except for @seq, which is
* set by the ringbuffer code.
*/
struct printk_info {
u64 seq;/* sequence number */
u64 ts_nsec;/* timestamp in nanoseconds */
u16 text_len; /* length of text message */
u8 facility; /* syslog facility */
u8 flags:5;/* internal record flags */
u8 level:3;/* syslog level */
u32 caller_id; /* thread id or processor id */
struct dev_printk_info dev_info;
};
The 32-bit caller ID is generated using:
static inline u32 printk_caller_id(void)
{
return in_task() ? task_pid_nr(current) :
0x8000 + smp_processor_id();
}
We could add more metadata and always store the CPU ID and something
like:
[CTXT][ Tpid][ Ccpu]
for example
[TASK][ T234][C4]
[ IRQ][ T4567][ C17]
[SIRQ][T5][C0]
[ NMI][ T356][ C128]
The biggest problem is that it would change the format of the
ringbuffer so that it would require updating external tools,
working with crashdump, especially crash but there are also
alternative python extensions for gdb.
See below POC of the kernel part. It is not even compile tested. The size
of the buffers is updated by a guess. Comments are not updated, ...
diff --git a/kernel/printk/internal.h b/kernel/printk/internal.h
index 7d4979d5c3ce..e3e0a9fdc0cf 100644
--- a/kernel/printk/internal.h
+++ b/kernel/printk/internal.h
@@ -15,7 +15,7 @@ int devkmsg_sysctl_set_loglvl(struct ctl_table *table, int
write,
#ifdef CONFIG_PRINTK
#ifdef CONFIG_PRINTK_CALLER
-#define PRINTK_PREFIX_MAX 48
+#define PRINTK_PREFIX_MAX 64
#else
#define PRINTK_PREFIX_MAX 32
#endif
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 7e0b4dd02398..bb393ccbd5e9 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -621,16 +621,20 @@ static void append_char(char **pp, char *e, char c)
*(*pp)++ = c;
}
+char printk_caller_ctxt_txt[][] = { "TSK", "IRQ", "SIRQ", "NMI"' };
+
static ssize_t info_print_ext_header(char *buf, size_t size,
struct printk_info *info)
{
u64 ts_usec = info->ts_nsec;
- char caller[20];
+ char caller[40];
#ifdef CONFIG_PRINTK_CALLER
- u32 id = info->caller_id;
+ struct printk_caller_info *ci = info->caller_info;
- snprintf(caller, sizeof(caller), ",caller=%c%u",
-id & 0x8000 ? 'C' : 'T', id & ~0x8000);
+ snprintf(caller, sizeof(caller),
+",caller.ctxt=%s,caller.pid=%d,caller.cpu=%d",
+printk_caller_ctxt_txt[ci->ctxt],
+ci->pid,ci->cpu);
#else
caller[0] = '\0';
#endif
@@ -996,11 +1000,16 @@ void log_buf_vmcoreinfo_setup(void)
VMCOREINFO_OFFSET(prb_data_blk_lpos, begin);
VMCOREINFO_OFFSET(prb_data_blk_lpos, next);
+ VMCOREINFO_STRUCT_SIZE(printk_caller_info);
+ VMCOREINFO_OFFSET(printk_caller_info, ctxt);
+ VMCOREINFO_OFFSET(printk_caller_info, cpu);
+ VMCOREINFO_OFFSET(printk_caller_info, pid);
+
VMCOREINFO_STRUCT_SIZE(printk_info);
VMCOREINFO_OFFSET(printk_info, seq);
VMCOREINFO_OFFSET(printk_info, ts_nsec);
VMCOREINFO_OFFSET(printk_info, text_len);
- VMCOREINFO_OFFSET(printk_info, caller_id);
+ VMCOREINFO_OFFSET(printk_info, caller_info);
VMCOREINFO_OFFSET(printk_info, dev_info);
VMCOREINFO_STRUCT_SIZE(dev_printk_info);
@@ -,7 +1120,7 @@ static unsigned int __init a
Re: [PATCH v3] libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value
Chen Ni wrote:
> Use devm_kstrdup() instead of kstrdup() and check its return value to
> avoid memory leak.
>
> Fixes: 49bddc73d15c ("libnvdimm/of_pmem: Provide a unique name for bus
> provider")
> Signed-off-by: Chen Ni
Reviewed-by: Ira Weiny
> ---
> Changelog:
>
> v2 -> v3:
>
> 1. Use devm_kstrdup() instead of kstrdup()
>
> v1 -> v2:
>
> 1. Add a fixes tag.
> 2. Update commit message.
> ---
> drivers/nvdimm/of_pmem.c | 8 +++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvdimm/of_pmem.c b/drivers/nvdimm/of_pmem.c
> index 1b9f5b8a6167..5765674b36f2 100644
> --- a/drivers/nvdimm/of_pmem.c
> +++ b/drivers/nvdimm/of_pmem.c
> @@ -30,7 +30,13 @@ static int of_pmem_region_probe(struct platform_device
> *pdev)
> if (!priv)
> return -ENOMEM;
>
> - priv->bus_desc.provider_name = kstrdup(pdev->name, GFP_KERNEL);
> + priv->bus_desc.provider_name = devm_kstrdup(&pdev->dev, pdev->name,
> + GFP_KERNEL);
> + if (!priv->bus_desc.provider_name) {
> + kfree(priv);
> + return -ENOMEM;
> + }
> +
> priv->bus_desc.module = THIS_MODULE;
> priv->bus_desc.of_node = np;
>
> --
> 2.25.1
>
Re: [PATCH] firmware: ti_sci: refactor deprecated strncpy
On Fri, Sep 15, 2023 at 07:40:38AM -0500, Nishanth Menon wrote: > On 21:03-20230914, Kees Cook wrote: > > On Wed, Sep 13, 2023 at 08:23:02PM +, Justin Stitt wrote: > > > `strncpy` is deprecated for use on NUL-terminated destination strings [1]. > > > > > > We should prefer more robust and less ambiguous string interfaces. > > > > > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > > > NUL-termination on the destination buffer. > > > > > > It does not seem like `ver->firmware_description` requires NUL-padding > > > (which is a behavior that strncpy provides) but if it does let's opt for > > > `strscpy_pad()`. > > > > > > Link: > > > https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings > > > [1] > > > Link: > > > https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] > > > Link: https://github.com/KSPP/linux/issues/90 > > > Cc: linux-harden...@vger.kernel.org > > > Signed-off-by: Justin Stitt > > > > Looks right to me. > > > > Reviewed-by: Kees Cook > > Does this belong to stable as well? If so, please add appropriate stable > process. No need. This is a refactoring only. :) -- Kees Cook
Re: [PATCH v4 01/18] cgroup/misc: Add per resource callbacks for CSS events
On Tue, Sep 12, 2023 at 09:06:18PM -0700, Haitao Huang wrote:
> @@ -37,6 +37,11 @@ struct misc_res {
> u64 max;
> atomic64_t usage;
> atomic64_t events;
> +
> + /* per resource callback ops */
> + int (*misc_cg_alloc)(struct misc_cg *cg);
> + void (*misc_cg_free)(struct misc_cg *cg);
> + void (*misc_cg_max_write)(struct misc_cg *cg);
A nit about naming. These are already in misc_res and cgroup_ and cgrp_
prefixes are a lot more common. So, maybe go for sth like cgrp_alloc?
Thanks.
--
tejun
Re: [PATCH v4 01/18] cgroup/misc: Add per resource callbacks for CSS events
On Fri, Sep 15, 2023 at 07:55:45AM -1000, Tejun Heo wrote:
> On Tue, Sep 12, 2023 at 09:06:18PM -0700, Haitao Huang wrote:
> > @@ -37,6 +37,11 @@ struct misc_res {
> > u64 max;
> > atomic64_t usage;
> > atomic64_t events;
> > +
> > + /* per resource callback ops */
> > + int (*misc_cg_alloc)(struct misc_cg *cg);
> > + void (*misc_cg_free)(struct misc_cg *cg);
> > + void (*misc_cg_max_write)(struct misc_cg *cg);
>
> A nit about naming. These are already in misc_res and cgroup_ and cgrp_
> prefixes are a lot more common. So, maybe go for sth like cgrp_alloc?
Ah, never mind about the prefix part. misc is using cg_ prefix widely
already.
Thanks.
--
tejun
Re: [PATCH v2][next] RDMA/core: Use size_{add,mul}() in calls to struct_size()
On 9/14/23 21:29, Kees Cook wrote:
On Mon, Sep 11, 2023 at 05:27:59PM -0600, Gustavo A. R. Silva wrote:
Harden calls to struct_size() with size_add() and size_mul().
Specifically, make sure that open-coded arithmetic cannot cause an
overflow/wraparound. (i.e. it will stay saturated at SIZE_MAX.)
Yep; I have another patch where I explain this in similar terms.
I'll send it, shortly.
Fixes: 467f432a521a ("RDMA/core: Split port and device counter sysfs
attributes")
Fixes: a4676388e2e2 ("RDMA/core: Simplify how the gid_attrs sysfs is created")
Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
Thanks!
--
Gustavo
-Kees
---
Changes in v2:
- Update changelog text: remove the part about binary differences (it
was added by mistake).
drivers/infiniband/core/sysfs.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/core/sysfs.c b/drivers/infiniband/core/sysfs.c
index ee59d7391568..ec5efdc16660 100644
--- a/drivers/infiniband/core/sysfs.c
+++ b/drivers/infiniband/core/sysfs.c
@@ -903,7 +903,7 @@ alloc_hw_stats_device(struct ib_device *ibdev)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1009,7 +1009,7 @@ alloc_hw_stats_port(struct ib_port *port, struct
attribute_group *group)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1140,7 +1140,7 @@ static int setup_gid_attrs(struct ib_port *port,
int ret;
gid_attr_group = kzalloc(struct_size(gid_attr_group, attrs_list,
-attr->gid_tbl_len * 2),
+size_mul(attr->gid_tbl_len, 2)),
GFP_KERNEL);
if (!gid_attr_group)
return -ENOMEM;
@@ -1205,8 +1205,8 @@ static struct ib_port *setup_port(struct ib_core_device
*coredev, int port_num,
int ret;
p = kvzalloc(struct_size(p, attrs_list,
- attr->gid_tbl_len + attr->pkey_tbl_len),
- GFP_KERNEL);
+ size_add(attr->gid_tbl_len,
attr->pkey_tbl_len)),
+GFP_KERNEL);
if (!p)
return ERR_PTR(-ENOMEM);
p->ibdev = device;
--
2.34.1
[PATCH][next] gve: Use size_add() in call to struct_size()
If, for any reason, `tx_stats_num + rx_stats_num` wraps around, the
protection that struct_size() adds against potential integer overflows
is defeated. Fix this by hardening call to struct_size() with size_add().
Fixes: 691f4077d560 ("gve: Replace zero-length array with flexible-array
member")
Signed-off-by: Gustavo A. R. Silva
---
drivers/net/ethernet/google/gve/gve_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/google/gve/gve_main.c
b/drivers/net/ethernet/google/gve/gve_main.c
index 5704b5f57cd0..83b09dcfafc4 100644
--- a/drivers/net/ethernet/google/gve/gve_main.c
+++ b/drivers/net/ethernet/google/gve/gve_main.c
@@ -190,7 +190,7 @@ static int gve_alloc_stats_report(struct gve_priv *priv)
rx_stats_num = (GVE_RX_STATS_REPORT_NUM + NIC_RX_STATS_REPORT_NUM) *
priv->rx_cfg.num_queues;
priv->stats_report_len = struct_size(priv->stats_report, stats,
-tx_stats_num + rx_stats_num);
+size_add(tx_stats_num,
rx_stats_num));
priv->stats_report =
dma_alloc_coherent(&priv->pdev->dev, priv->stats_report_len,
&priv->stats_report_bus, GFP_KERNEL);
--
2.34.1
Re: [PATCH v4 00/18] Add Cgroup support for SGX EPC memory
On Tue, Sep 12, 2023 at 09:06:17PM -0700, Haitao Huang wrote: > SGX EPC memory allocations are separate from normal RAM allocations, and > are managed solely by the SGX subsystem. The existing cgroup memory > controller cannot be used to limit or account for SGX EPC memory, which is > a desirable feature in some environments, e.g., support for pod level > control in a Kubernates cluster on a VM or baremetal host [1,2]. > > This patchset implements the support for sgx_epc memory within the misc > cgroup controller. The user can use the misc cgroup controller to set and > enforce a max limit on total EPC usage per cgroup. The implementation > reports current usage and events of reaching the limit per cgroup as well > as the total system capacity. Minor nit aside, it looks fine from cgroup side. Thanks. -- tejun
Re: [PATCH][next] gve: Use size_add() in call to struct_size()
On Fri, Sep 15, 2023 at 12:17:49PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, `tx_stats_num + rx_stats_num` wraps around, the
> protection that struct_size() adds against potential integer overflows
> is defeated. Fix this by hardening call to struct_size() with size_add().
>
> Fixes: 691f4077d560 ("gve: Replace zero-length array with flexible-array
> member")
> Signed-off-by: Gustavo A. R. Silva
Thanks, yes, this will maintain SIZE_MAX saturation if it happens.
Reviewed-by: Kees Cook
--
Kees Cook
[PATCH][next] mlxsw: Use size_mul() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound, the
protection that `struct_size()` adds against potential integer overflows
is defeated. Fix this by hardening call to `struct_size()` with `size_mul()`.
Fixes: 2285ec872d9d ("mlxsw: spectrum_acl_bloom_filter: use struct_size() in
kzalloc()")
Signed-off-by: Gustavo A. R. Silva
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
index e2aced7ab454..95f63fcf4ba1 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
@@ -496,7 +496,7 @@ mlxsw_sp_acl_bf_init(struct mlxsw_sp *mlxsw_sp, unsigned
int num_erp_banks)
* is 2^ACL_MAX_BF_LOG
*/
bf_bank_size = 1 << MLXSW_CORE_RES_GET(mlxsw_sp->core, ACL_MAX_BF_LOG);
- bf = kzalloc(struct_size(bf, refcnt, bf_bank_size * num_erp_banks),
+ bf = kzalloc(struct_size(bf, refcnt, size_mul(bf_bank_size,
num_erp_banks)),
GFP_KERNEL);
if (!bf)
return ERR_PTR(-ENOMEM);
--
2.34.1
[PATCH][next] ASoC: SOF: ipc4-topology: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: f9efae954905 ("ASoC: SOF: ipc4-topology: Add support for base config
extension")
Signed-off-by: Gustavo A. R. Silva
---
sound/soc/sof/ipc4-topology.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c
index f2a30cd31378..2a19dd022aaf 100644
--- a/sound/soc/sof/ipc4-topology.c
+++ b/sound/soc/sof/ipc4-topology.c
@@ -895,7 +895,8 @@ static int sof_ipc4_widget_setup_comp_process(struct
snd_sof_widget *swidget)
if (process->init_config ==
SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT) {
struct sof_ipc4_base_module_cfg_ext *base_cfg_ext;
u32 ext_size = struct_size(base_cfg_ext, pin_formats,
- swidget->num_input_pins +
swidget->num_output_pins);
+ size_add(swidget->num_input_pins,
+ swidget->num_output_pins));
base_cfg_ext = kzalloc(ext_size, GFP_KERNEL);
if (!base_cfg_ext) {
--
2.34.1
[PATCH][next] tls: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: b89fec54fd61 ("tls: rx: wrap decrypt params in a struct")
Signed-off-by: Gustavo A. R. Silva
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d1fc295b83b5..270712b8d391 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1487,7 +1487,7 @@ static int tls_decrypt_sg(struct sock *sk, struct
iov_iter *out_iov,
*/
aead_size = sizeof(*aead_req) + crypto_aead_reqsize(ctx->aead_recv);
aead_size = ALIGN(aead_size, __alignof__(*dctx));
- mem = kmalloc(aead_size + struct_size(dctx, sg, n_sgin + n_sgout),
+ mem = kmalloc(aead_size + struct_size(dctx, sg, size_add(n_sgin,
n_sgout)),
sk->sk_allocation);
if (!mem) {
err = -ENOMEM;
--
2.34.1
Re: [PATCH v3 1/2] uapi: fix __DECLARE_FLEX_ARRAY for C++
On Tue, Sep 12, 2023 at 07:22:24PM +0300, Alexey Dobriyan wrote:
> __DECLARE_FLEX_ARRAY(T, member) macro expands to
>
> struct {
> struct {} __empty_member;
> T member[];
> };
>
> which is subtly wrong in C++ because sizeof(struct{}) is 1 not 0,
> changing UAPI structures layouts.
Looking at this again just now, what about using a 0-length array
instead of an anonymous struct?
https://godbolt.org/z/rGaxPWjef
Then we don't need an #ifdef at all...
struct {
int __empty_member[0];
T member[];
};
-Kees
--
Kees Cook
Re: [PATCH][next] ASoC: SOF: ipc4-topology: Use size_add() in call to struct_size()
On Fri, Sep 15, 2023 at 01:09:11PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, the open-coded arithmetic causes a wraparound,
> the protection that `struct_size()` adds against potential integer
> overflows is defeated. Fix this by hardening call to `struct_size()`
> with `size_add()`.
>
> Fixes: f9efae954905 ("ASoC: SOF: ipc4-topology: Add support for base config
> extension")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
[PATCH][next] tipc: Use size_add() in calls to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: e034c6d23bc4 ("tipc: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva
---
net/tipc/link.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index e33b4f29f77c..d0143823658d 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1446,7 +1446,7 @@ u16 tipc_get_gap_ack_blks(struct tipc_gap_ack_blks **ga,
struct tipc_link *l,
p = (struct tipc_gap_ack_blks *)msg_data(hdr);
sz = ntohs(p->len);
/* Sanity check */
- if (sz == struct_size(p, gacks, p->ugack_cnt + p->bgack_cnt)) {
+ if (sz == struct_size(p, gacks, size_add(p->ugack_cnt,
p->bgack_cnt))) {
/* Good, check if the desired type exists */
if ((uc && p->ugack_cnt) || (!uc && p->bgack_cnt))
goto ok;
@@ -1533,7 +1533,7 @@ static u16 tipc_build_gap_ack_blks(struct tipc_link *l,
struct tipc_msg *hdr)
__tipc_build_gap_ack_blks(ga, l, ga->bgack_cnt) : 0;
/* Total len */
- len = struct_size(ga, gacks, ga->bgack_cnt + ga->ugack_cnt);
+ len = struct_size(ga, gacks, size_add(ga->bgack_cnt, ga->ugack_cnt));
ga->len = htons(len);
return len;
}
--
2.34.1
[PATCH][next] usb: atm: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: b626871a7cda ("usb: atm: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva
---
drivers/usb/atm/usbatm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
index 1cdb8758ae01..2da6615fbb6f 100644
--- a/drivers/usb/atm/usbatm.c
+++ b/drivers/usb/atm/usbatm.c
@@ -1018,7 +1018,8 @@ int usbatm_usb_probe(struct usb_interface *intf, const
struct usb_device_id *id,
size_t size;
/* instance init */
- size = struct_size(instance, urbs, num_rcv_urbs + num_snd_urbs);
+ size = struct_size(instance, urbs,
+ size_add(num_rcv_urbs, num_snd_urbs));
instance = kzalloc(size, GFP_KERNEL);
if (!instance)
return -ENOMEM;
--
2.34.1
[PATCH][next] net: spider_net: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: 3f1071ec39f7 ("net: spider_net: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva
---
drivers/net/ethernet/toshiba/spider_net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/toshiba/spider_net.c
b/drivers/net/ethernet/toshiba/spider_net.c
index 50d7eacfec58..87e67121477c 100644
--- a/drivers/net/ethernet/toshiba/spider_net.c
+++ b/drivers/net/ethernet/toshiba/spider_net.c
@@ -2332,7 +2332,7 @@ spider_net_alloc_card(void)
struct spider_net_card *card;
netdev = alloc_etherdev(struct_size(card, darray,
- tx_descriptors + rx_descriptors));
+ size_add(tx_descriptors,
rx_descriptors)));
if (!netdev)
return NULL;
--
2.34.1
Re: [PATCH][next] mlxsw: Use size_mul() in call to struct_size()
On Fri, Sep 15, 2023 at 01:01:23PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, the open-coded arithmetic causes a wraparound, the
> protection that `struct_size()` adds against potential integer overflows
> is defeated. Fix this by hardening call to `struct_size()` with `size_mul()`.
>
> Fixes: 2285ec872d9d ("mlxsw: spectrum_acl_bloom_filter: use struct_size() in
> kzalloc()")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
Re: [PATCH][next] tls: Use size_add() in call to struct_size()
On Fri, Sep 15, 2023 at 01:12:38PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, the open-coded arithmetic causes a wraparound,
> the protection that `struct_size()` adds against potential integer
> overflows is defeated. Fix this by hardening call to `struct_size()`
> with `size_add()`.
>
> Fixes: b89fec54fd61 ("tls: rx: wrap decrypt params in a struct")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
Re: [PATCH][next] tipc: Use size_add() in calls to struct_size()
On Fri, Sep 15, 2023 at 01:16:26PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, the open-coded arithmetic causes a wraparound,
> the protection that `struct_size()` adds against potential integer
> overflows is defeated. Fix this by hardening call to `struct_size()`
> with `size_add()`.
>
> Fixes: e034c6d23bc4 ("tipc: Use struct_size() helper")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
Re: [PATCH][next] usb: atm: Use size_add() in call to struct_size()
On Fri, Sep 15, 2023 at 01:20:14PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, the open-coded arithmetic causes a wraparound,
> the protection that `struct_size()` adds against potential integer
> overflows is defeated. Fix this by hardening call to `struct_size()`
> with `size_add()`.
>
> Fixes: b626871a7cda ("usb: atm: Use struct_size() helper")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
Re: [PATCH][next] net: spider_net: Use size_add() in call to struct_size()
On Fri, Sep 15, 2023 at 01:25:36PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, the open-coded arithmetic causes a wraparound,
> the protection that `struct_size()` adds against potential integer
> overflows is defeated. Fix this by hardening call to `struct_size()`
> with `size_add()`.
>
> Fixes: 3f1071ec39f7 ("net: spider_net: Use struct_size() helper")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
[PATCH] usb: Annotate struct urb_priv with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct urb_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Alan Stern
Cc: Greg Kroah-Hartman
Cc: Mathias Nyman
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/usb/host/ohci.h | 2 +-
drivers/usb/host/xhci.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/host/ohci.h b/drivers/usb/host/ohci.h
index aac6285b37f8..1aba22784e05 100644
--- a/drivers/usb/host/ohci.h
+++ b/drivers/usb/host/ohci.h
@@ -337,7 +337,7 @@ typedef struct urb_priv {
u16 length; // # tds in this request
u16 td_cnt; // tds already serviced
struct list_headpending;
- struct td *td[]; // all TDs in this request
+ struct td *td[] __counted_by(length); // all TDs in this
request
} urb_priv_t;
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index 7e282b4522c0..2f21c3a8565c 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1666,7 +1666,7 @@ struct xhci_scratchpad {
struct urb_priv {
int num_tds;
int num_tds_done;
- struct xhci_td td[];
+ struct xhci_td td[] __counted_by(num_tds);
};
/*
--
2.34.1
[PATCH] usb: gadget: f_fs: Annotate struct ffs_buffer with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ffs_buffer.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Greg Kroah-Hartman
Cc: John Keeping
Cc: Udipto Goswami
Cc: Linyu Yuan
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/usb/gadget/function/f_fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_fs.c
b/drivers/usb/gadget/function/f_fs.c
index 6e9ef35a43a7..af400d083777 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -202,7 +202,7 @@ struct ffs_epfile {
struct ffs_buffer {
size_t length;
char *data;
- char storage[];
+ char storage[] __counted_by(length);
};
/* ffs_io_data structure ***/
--
2.34.1
[PATCH] usb: gadget: f_midi: Annotate struct f_midi with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct f_midi.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Greg Kroah-Hartman
Cc: John Keeping
Cc: Peter Chen
Cc: Hulk Robot
Cc: Allen Pais
Cc: Will McVicker
Cc: Davidlohr Bueso
Cc: Zhang Qilong
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/usb/gadget/function/f_midi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_midi.c
b/drivers/usb/gadget/function/f_midi.c
index 2d02f25f9597..033e347554db 100644
--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -99,7 +99,7 @@ struct f_midi {
unsigned int in_last_port;
unsigned char free_ref;
- struct gmidi_in_portin_ports_array[/* in_ports */];
+ struct gmidi_in_portin_ports_array[] __counted_by(in_ports);
};
static inline struct f_midi *func_to_midi(struct usb_function *f)
@@ -1349,6 +1349,7 @@ static struct usb_function *f_midi_alloc(struct
usb_function_instance *fi)
status = -ENOMEM;
goto setup_fail;
}
+ midi->in_ports = opts->in_ports;
for (i = 0; i < opts->in_ports; i++)
midi->in_ports_array[i].cable = i;
@@ -1359,7 +1360,6 @@ static struct usb_function *f_midi_alloc(struct
usb_function_instance *fi)
status = -ENOMEM;
goto midi_free;
}
- midi->in_ports = opts->in_ports;
midi->out_ports = opts->out_ports;
midi->index = opts->index;
midi->buflen = opts->buflen;
--
2.34.1
[PATCH] md/md-linear: Annotate struct linear_conf with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct linear_conf. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Song Liu Cc: linux-r...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/md/md-linear.c | 26 +- drivers/md/md-linear.h | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/md/md-linear.c b/drivers/md/md-linear.c index 71ac99646827..ae2826e9645b 100644 --- a/drivers/md/md-linear.c +++ b/drivers/md/md-linear.c @@ -69,6 +69,19 @@ static struct linear_conf *linear_conf(struct mddev *mddev, int raid_disks) if (!conf) return NULL; + /* +* conf->raid_disks is copy of mddev->raid_disks. The reason to +* keep a copy of mddev->raid_disks in struct linear_conf is, +* mddev->raid_disks may not be consistent with pointers number of +* conf->disks[] when it is updated in linear_add() and used to +* iterate old conf->disks[] earray in linear_congested(). +* Here conf->raid_disks is always consitent with number of +* pointers in conf->disks[] array, and mddev->private is updated +* with rcu_assign_pointer() in linear_addr(), such race can be +* avoided. +*/ + conf->raid_disks = raid_disks; + cnt = 0; conf->array_sectors = 0; @@ -112,19 +125,6 @@ static struct linear_conf *linear_conf(struct mddev *mddev, int raid_disks) conf->disks[i-1].end_sector + conf->disks[i].rdev->sectors; - /* -* conf->raid_disks is copy of mddev->raid_disks. The reason to -* keep a copy of mddev->raid_disks in struct linear_conf is, -* mddev->raid_disks may not be consistent with pointers number of -* conf->disks[] when it is updated in linear_add() and used to -* iterate old conf->disks[] earray in linear_congested(). -* Here conf->raid_disks is always consitent with number of -* pointers in conf->disks[] array, and mddev->private is updated -* with rcu_assign_pointer() in linear_addr(), such race can be -* avoided. -*/ - conf->raid_disks = raid_disks; - return conf; out: diff --git a/drivers/md/md-linear.h b/drivers/md/md-linear.h index 24e97db50ebb..5587eeedb882 100644 --- a/drivers/md/md-linear.h +++ b/drivers/md/md-linear.h @@ -12,6 +12,6 @@ struct linear_conf struct rcu_head rcu; sector_tarray_sectors; int raid_disks; /* a copy of mddev->raid_disks */ - struct dev_info disks[]; + struct dev_info disks[] __counted_by(raid_disks); }; #endif -- 2.34.1
[PATCH] wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct wcn36xx_hal_ind_msg.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Loic Poulain
Cc: Kalle Valo
Cc: wcn3...@lists.infradead.org
Cc: linux-wirel...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/net/wireless/ath/wcn36xx/smd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/smd.h
b/drivers/net/wireless/ath/wcn36xx/smd.h
index cf15cde2a364..2c1ed9e570bf 100644
--- a/drivers/net/wireless/ath/wcn36xx/smd.h
+++ b/drivers/net/wireless/ath/wcn36xx/smd.h
@@ -47,7 +47,7 @@ struct wcn36xx_fw_msg_status_rsp {
struct wcn36xx_hal_ind_msg {
struct list_head list;
size_t msg_len;
- u8 msg[];
+ u8 msg[] __counted_by(msg_len);
};
struct wcn36xx;
--
2.34.1
[PATCH] wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_gscan_config.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel
Cc: Franky Lin
Cc: Hante Meuleman
Cc: Kalle Valo
Cc: "Gustavo A. R. Silva"
Cc: Hector Martin
Cc: Ryohei Kondo
Cc: Hans de Goede
Cc: linux-wirel...@vger.kernel.org
Cc: brcm80211-dev-list@broadcom.com
Cc: sha-cyfmac-dev-l...@infineon.com
Signed-off-by: Kees Cook
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
index bece26741d3a..6eef6bc430e2 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
@@ -1209,7 +1209,7 @@ struct brcmf_gscan_config {
u8 count_of_channel_buckets;
u8 retry_threshold;
__le16 lost_ap_window;
- struct brcmf_gscan_bucket_config bucket[];
+ struct brcmf_gscan_bucket_config bucket[]
__counted_by(count_of_channel_buckets);
};
/**
--
2.34.1
[PATCH] wifi: ipw2x00: Annotate struct libipw_txb with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct libipw_txb.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Stanislav Yakovlev
Cc: Kalle Valo
Cc: linux-wirel...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/net/wireless/intel/ipw2x00/libipw.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/ipw2x00/libipw.h
b/drivers/net/wireless/intel/ipw2x00/libipw.h
index bec7bc273748..9065ca5b0208 100644
--- a/drivers/net/wireless/intel/ipw2x00/libipw.h
+++ b/drivers/net/wireless/intel/ipw2x00/libipw.h
@@ -488,7 +488,7 @@ struct libipw_txb {
u8 reserved;
u16 frag_size;
u16 payload_size;
- struct sk_buff *fragments[];
+ struct sk_buff *fragments[] __counted_by(nr_frags);
};
/* SWEEP TABLE ENTRIES NUMBER */
--
2.34.1
[PATCH] wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_fw_request.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel
Cc: Franky Lin
Cc: Hante Meuleman
Cc: Kalle Valo
Cc: Matthias Brugger
Cc: Hector Martin
Cc: "Alvin Šipraga"
Cc: Hans de Goede
Cc: linux-wirel...@vger.kernel.org
Cc: brcm80211-dev-list@broadcom.com
Cc: sha-cyfmac-dev-l...@infineon.com
Signed-off-by: Kees Cook
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
index 1266cbaee072..4002d326fd21 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
@@ -69,7 +69,7 @@ struct brcmf_fw_request {
u16 bus_nr;
u32 n_items;
const char *board_types[BRCMF_FW_MAX_BOARD_TYPES];
- struct brcmf_fw_item items[];
+ struct brcmf_fw_item items[] __counted_by(n_items);
};
struct brcmf_fw_name {
--
2.34.1
[PATCH] wifi: mt76: Annotate struct mt76_rx_tid with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt76_rx_tid.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Felix Fietkau
Cc: Lorenzo Bianconi
Cc: Ryder Lee
Cc: Shayne Chen
Cc: Sean Wang
Cc: Kalle Valo
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: linux-wirel...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/net/wireless/mediatek/mt76/mt76.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h
b/drivers/net/wireless/mediatek/mt76/mt76.h
index e8757865a3d0..03ef617b1527 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -376,7 +376,7 @@ struct mt76_rx_tid {
u8 started:1, stopped:1, timer_pending:1;
- struct sk_buff *reorder_buf[];
+ struct sk_buff *reorder_buf[] __counted_by(size);
};
#define MT_TX_CB_DMA_DONE BIT(0)
--
2.34.1
Re: [PATCH 00/21] dmaengine: Annotate with __counted_by
Hi,
Just a ping on the series... how do these look to you, Vinod?
If you want I can carry them in my tree. Please let me know.
Thanks!
-Kees
On Thu, Aug 17, 2023 at 04:58:37PM -0700, Kees Cook wrote:
> Hi,
>
> This annotates several structures with the coming __counted_by attribute
> for bounds checking of flexible arrays at run-time. For more details, see
> commit dd06e72e68bc ("Compiler Attributes: Add __counted_by macro").
>
> Thanks!
>
> -Kees
>
> Kees Cook (21):
> dmaengine: apple-admac: Annotate struct admac_data with __counted_by
> dmaengine: at_hdmac: Annotate struct at_desc with __counted_by
> dmaengine: axi-dmac: Annotate struct axi_dmac_desc with __counted_by
> dmaengine: fsl-edma: Annotate struct fsl_edma_desc with __counted_by
> dmaengine: hisilicon: Annotate struct hisi_dma_dev with __counted_by
> dmaengine: moxart-dma: Annotate struct moxart_desc with __counted_by
> dmaengine: qcom: bam_dma: Annotate struct bam_async_desc with
> __counted_by
> dmaengine: sa11x0: Annotate struct sa11x0_dma_desc with __counted_by
> dmaengine: sf-pdma: Annotate struct sf_pdma with __counted_by
> dmaengine: sprd: Annotate struct sprd_dma_dev with __counted_by
> dmaengine: st_fdma: Annotate struct st_fdma_desc with __counted_by
> dmaengine: stm32-dma: Annotate struct stm32_dma_desc with __counted_by
> dmaengine: stm32-mdma: Annotate struct stm32_mdma_desc with
> __counted_by
> dmaengine: stm32-mdma: Annotate struct stm32_mdma_device with
> __counted_by
> dmaengine: tegra: Annotate struct tegra_dma_desc with __counted_by
> dmaengine: tegra210-adma: Annotate struct tegra_adma with __counted_by
> dmaengine: ti: edma: Annotate struct edma_desc with __counted_by
> dmaengine: ti: omap-dma: Annotate struct omap_desc with __counted_by
> dmaengine: uniphier-xdmac: Annotate struct uniphier_xdmac_desc with
> __counted_by
> dmaengine: uniphier-xdmac: Annotate struct uniphier_xdmac_device with
> __counted_by
> dmaengine: usb-dmac: Annotate struct usb_dmac_desc with __counted_by
>
> drivers/dma/apple-admac.c | 2 +-
> drivers/dma/at_hdmac.c | 2 +-
> drivers/dma/dma-axi-dmac.c | 5 ++---
> drivers/dma/fsl-edma-common.h | 2 +-
> drivers/dma/hisi_dma.c | 2 +-
> drivers/dma/moxart-dma.c | 5 ++---
> drivers/dma/qcom/bam_dma.c | 2 +-
> drivers/dma/sa11x0-dma.c | 6 +++---
> drivers/dma/sf-pdma/sf-pdma.h | 2 +-
> drivers/dma/sh/usb-dmac.c | 2 +-
> drivers/dma/sprd-dma.c | 2 +-
> drivers/dma/st_fdma.h | 2 +-
> drivers/dma/stm32-dma.c| 11 ---
> drivers/dma/stm32-mdma.c | 9 -
> drivers/dma/tegra186-gpc-dma.c | 2 +-
> drivers/dma/tegra210-adma.c| 2 +-
> drivers/dma/ti/edma.c | 2 +-
> drivers/dma/ti/omap-dma.c | 5 ++---
> drivers/dma/uniphier-xdmac.c | 8
> 19 files changed, 33 insertions(+), 40 deletions(-)
>
> --
> 2.34.1
>
--
Kees Cook
[PATCH] leds: gpio: Annotate struct gpio_leds_priv with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct gpio_leds_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/leds/leds-gpio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-gpio.c b/drivers/leds/leds-gpio.c
index 7bfe40a6bfdd..a6597f0f3eb4 100644
--- a/drivers/leds/leds-gpio.c
+++ b/drivers/leds/leds-gpio.c
@@ -142,7 +142,7 @@ static int create_gpio_led(const struct gpio_led *template,
struct gpio_leds_priv {
int num_leds;
- struct gpio_led_data leds[];
+ struct gpio_led_data leds[] __counted_by(num_leds);
};
static struct gpio_leds_priv *gpio_leds_create(struct platform_device *pdev)
--
2.34.1
[PATCH] leds: el15203000: Annotate struct el15203000 with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct el15203000.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/leds/leds-el15203000.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-el15203000.c b/drivers/leds/leds-el15203000.c
index 7e7b617bcd56..d40194a3029f 100644
--- a/drivers/leds/leds-el15203000.c
+++ b/drivers/leds/leds-el15203000.c
@@ -80,7 +80,7 @@ struct el15203000 {
struct spi_device *spi;
unsigned long delay;
size_t count;
- struct el15203000_led leds[];
+ struct el15203000_led leds[] __counted_by(count);
};
#define to_el15203000_led(d) container_of(d, struct el15203000_led, ldev)
--
2.34.1
[PATCH] leds: cr0014114: Annotate struct cr0014114 with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct cr0014114.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/leds/leds-cr0014114.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-cr0014114.c b/drivers/leds/leds-cr0014114.c
index b33bca397ea6..c9914fc51f20 100644
--- a/drivers/leds/leds-cr0014114.c
+++ b/drivers/leds/leds-cr0014114.c
@@ -56,7 +56,7 @@ struct cr0014114 {
struct spi_device *spi;
u8 *buf;
unsigned long delay;
- struct cr0014114_ledleds[];
+ struct cr0014114_ledleds[] __counted_by(count);
};
static void cr0014114_calc_crc(u8 *buf, const size_t len)
--
2.34.1
[PATCH] leds: aw200xx: Annotate struct aw200xx with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct aw200xx.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/leds/leds-aw200xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-aw200xx.c b/drivers/leds/leds-aw200xx.c
index 691a743cc9b0..4d517cace3e7 100644
--- a/drivers/leds/leds-aw200xx.c
+++ b/drivers/leds/leds-aw200xx.c
@@ -112,7 +112,7 @@ struct aw200xx {
struct mutex mutex;
u32 num_leds;
u32 display_rows;
- struct aw200xx_led leds[];
+ struct aw200xx_led leds[] __counted_by(num_leds);
};
static ssize_t dim_show(struct device *dev, struct device_attribute *devattr,
--
2.34.1
[PATCH] leds: lm3697: Annotate struct lm3697 with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lm3697.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/leds/leds-lm3697.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-lm3697.c b/drivers/leds/leds-lm3697.c
index cfb8ac220db6..380d17a58fe9 100644
--- a/drivers/leds/leds-lm3697.c
+++ b/drivers/leds/leds-lm3697.c
@@ -89,7 +89,7 @@ struct lm3697 {
int bank_cfg;
int num_banks;
- struct lm3697_led leds[];
+ struct lm3697_led leds[] __counted_by(num_banks);
};
static const struct reg_default lm3697_reg_defs[] = {
--
2.34.1
[PATCH] leds: mt6360: Annotate struct mt6360_priv with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt6360_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: Gene Chen
Cc: Jacek Anaszewski
Cc: Andy Shevchenko
Cc: linux-l...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/leds/flash/leds-mt6360.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/flash/leds-mt6360.c b/drivers/leds/flash/leds-mt6360.c
index 1af6c5898343..b70dc689b33f 100644
--- a/drivers/leds/flash/leds-mt6360.c
+++ b/drivers/leds/flash/leds-mt6360.c
@@ -91,7 +91,7 @@ struct mt6360_priv {
unsigned int fled_torch_used;
unsigned int leds_active;
unsigned int leds_count;
- struct mt6360_led leds[];
+ struct mt6360_led leds[] __counted_by(leds_count);
};
static int mt6360_mc_brightness_set(struct led_classdev *lcdev,
--
2.34.1
[PATCH] leds: qcom-lpg: Annotate struct lpg_led with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lpg_led.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Bjorn Andersson
Cc: "Uwe Kleine-König"
Cc: Douglas Anderson
Cc: Anjelique Melendez
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/leds/rgb/leds-qcom-lpg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/rgb/leds-qcom-lpg.c b/drivers/leds/rgb/leds-qcom-lpg.c
index df469aaa7e6e..7d93e02a030a 100644
--- a/drivers/leds/rgb/leds-qcom-lpg.c
+++ b/drivers/leds/rgb/leds-qcom-lpg.c
@@ -173,7 +173,7 @@ struct lpg_led {
struct led_classdev_mc mcdev;
unsigned int num_channels;
- struct lpg_channel *channels[];
+ struct lpg_channel *channels[] __counted_by(num_channels);
};
/**
--
2.34.1
[PATCH] leds: mt6370: Annotate struct mt6370_priv with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt6370_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: Alice Chen
Cc: Jacek Anaszewski
Cc: ChiYuan Huang
Cc: ChiaEn Wu
Cc: kernel test robot
Cc: linux-l...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/leds/flash/leds-mt6370-flash.c | 2 +-
drivers/leds/rgb/leds-mt6370-rgb.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/flash/leds-mt6370-flash.c
b/drivers/leds/flash/leds-mt6370-flash.c
index 931067c8a75f..912d9d622320 100644
--- a/drivers/leds/flash/leds-mt6370-flash.c
+++ b/drivers/leds/flash/leds-mt6370-flash.c
@@ -81,7 +81,7 @@ struct mt6370_priv {
unsigned int fled_torch_used;
unsigned int leds_active;
unsigned int leds_count;
- struct mt6370_led leds[];
+ struct mt6370_led leds[] __counted_by(leds_count);
};
static int mt6370_torch_brightness_set(struct led_classdev *lcdev, enum
led_brightness level)
diff --git a/drivers/leds/rgb/leds-mt6370-rgb.c
b/drivers/leds/rgb/leds-mt6370-rgb.c
index bb62431efe83..448d0da11848 100644
--- a/drivers/leds/rgb/leds-mt6370-rgb.c
+++ b/drivers/leds/rgb/leds-mt6370-rgb.c
@@ -153,7 +153,7 @@ struct mt6370_priv {
const struct mt6370_pdata *pdata;
unsigned int leds_count;
unsigned int leds_active;
- struct mt6370_led leds[];
+ struct mt6370_led leds[] __counted_by(leds_count);
};
static const struct reg_field common_reg_fields[F_MAX_FIELDS] = {
--
2.34.1
[PATCH] mtd: Annotate struct lpddr_private with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lpddr_private.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
include/linux/mtd/qinfo.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/mtd/qinfo.h b/include/linux/mtd/qinfo.h
index 2e3f43788d48..0421f12156b5 100644
--- a/include/linux/mtd/qinfo.h
+++ b/include/linux/mtd/qinfo.h
@@ -24,7 +24,7 @@ struct lpddr_private {
struct qinfo_chip *qinfo;
int numchips;
unsigned long chipshift;
- struct flchip chips[];
+ struct flchip chips[] __counted_by(numchips);
};
/* qinfo_query_info structure contains request information for
--
2.34.1
[PATCH] mtd: rawnand: atmel: Annotate struct atmel_nand with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct atmel_nand.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Tudor Ambarus
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: Nicolas Ferre
Cc: Alexandre Belloni
Cc: Claudiu Beznea
Cc: linux-...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c
b/drivers/mtd/nand/raw/atmel/nand-controller.c
index 3f494f7c7ecb..4cb478bbee4a 100644
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -165,7 +165,7 @@ struct atmel_nand {
struct atmel_pmecc_user *pmecc;
struct gpio_desc *cdgpio;
int numcs;
- struct atmel_nand_cs cs[];
+ struct atmel_nand_cs cs[] __counted_by(numcs);
};
static inline struct atmel_nand *to_atmel_nand(struct nand_chip *chip)
--
2.34.1
[PATCH] mtd: rawnand: denali: Annotate struct denali_chip with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct denali_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/mtd/nand/raw/denali.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/denali.h b/drivers/mtd/nand/raw/denali.h
index ac46eb7956ce..5f2fab022fc5 100644
--- a/drivers/mtd/nand/raw/denali.h
+++ b/drivers/mtd/nand/raw/denali.h
@@ -328,7 +328,7 @@ struct denali_chip {
struct nand_chip chip;
struct list_head node;
unsigned int nsels;
- struct denali_chip_sel sels[];
+ struct denali_chip_sel sels[] __counted_by(nsels);
};
/**
--
2.34.1
[PATCH] mtd: rawnand: marvell: Annotate struct marvell_nand_chip with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct marvell_nand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/mtd/nand/raw/marvell_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/marvell_nand.c
b/drivers/mtd/nand/raw/marvell_nand.c
index b841a81cb128..a46698744850 100644
--- a/drivers/mtd/nand/raw/marvell_nand.c
+++ b/drivers/mtd/nand/raw/marvell_nand.c
@@ -348,7 +348,7 @@ struct marvell_nand_chip {
int addr_cyc;
int selected_die;
unsigned int nsels;
- struct marvell_nand_chip_sel sels[];
+ struct marvell_nand_chip_sel sels[] __counted_by(nsels);
};
static inline struct marvell_nand_chip *to_marvell_nand(struct nand_chip *chip)
--
2.34.1
[PATCH] mtd: cfi: Annotate struct cfi_private with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct cfi_private.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
include/linux/mtd/cfi.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/mtd/cfi.h b/include/linux/mtd/cfi.h
index d88bb56c18e2..947410faf9e2 100644
--- a/include/linux/mtd/cfi.h
+++ b/include/linux/mtd/cfi.h
@@ -287,7 +287,7 @@ struct cfi_private {
unsigned long chipshift; /* Because they're of the same type */
const char *im_name; /* inter_module name for cmdset_setup */
unsigned long quirks;
- struct flchip chips[]; /* per-chip data structure for each chip */
+ struct flchip chips[] __counted_by(numchips); /* per-chip data
structure for each chip */
};
uint32_t cfi_build_cmd_addr(uint32_t cmd_ofs,
--
2.34.1
[PATCH] mtd: rawnand: meson: Annotate struct meson_nfc_nand_chip with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct meson_nfc_nand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Liang Yang
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: Neil Armstrong
Cc: Kevin Hilman
Cc: Jerome Brunet
Cc: Martin Blumenstingl
Cc: linux-...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-amlo...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/mtd/nand/raw/meson_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/meson_nand.c
b/drivers/mtd/nand/raw/meson_nand.c
index 25e3c1cb605e..378f28ce6a74 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -128,7 +128,7 @@ struct meson_nfc_nand_chip {
u8 *data_buf;
__le64 *info_buf;
u32 nsels;
- u8 sels[];
+ u8 sels[] __counted_by(nsels);
};
struct meson_nand_ecc {
--
2.34.1
[PATCH] mtd: rawnand: renesas: Annotate struct rnand_chip with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct rnand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Cc: linux-renesas-...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/mtd/nand/raw/renesas-nand-controller.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/renesas-nand-controller.c
b/drivers/mtd/nand/raw/renesas-nand-controller.c
index 589021ea9eb2..c9a01feff8df 100644
--- a/drivers/mtd/nand/raw/renesas-nand-controller.c
+++ b/drivers/mtd/nand/raw/renesas-nand-controller.c
@@ -210,7 +210,7 @@ struct rnand_chip {
u32 tim_gen_seq1;
u32 tim_gen_seq2;
u32 tim_gen_seq3;
- struct rnand_chip_sel sels[];
+ struct rnand_chip_sel sels[] __counted_by(nsels);
};
struct rnandc {
--
2.34.1
[PATCH] mtd: rawnand: sunxi: Annotate struct sunxi_nand_chip with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct sunxi_nand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: Chen-Yu Tsai
Cc: Jernej Skrabec
Cc: Samuel Holland
Cc: Manuel Dipolt
Cc: linux-...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-su...@lists.linux.dev
Signed-off-by: Kees Cook
---
drivers/mtd/nand/raw/sunxi_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/sunxi_nand.c
b/drivers/mtd/nand/raw/sunxi_nand.c
index 9abf38049d35..4ec17c8bce5a 100644
--- a/drivers/mtd/nand/raw/sunxi_nand.c
+++ b/drivers/mtd/nand/raw/sunxi_nand.c
@@ -197,7 +197,7 @@ struct sunxi_nand_chip {
u32 timing_cfg;
u32 timing_ctl;
int nsels;
- struct sunxi_nand_chip_sel sels[];
+ struct sunxi_nand_chip_sel sels[] __counted_by(nsels);
};
static inline struct sunxi_nand_chip *to_sunxi_nand(struct nand_chip *nand)
--
2.34.1
[PATCH] mtd: rawnand: ingenic: Annotate struct ingenic_nfc with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ingenic_nfc.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Paul Cercueil
Cc: Harvey Hunt
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-m...@vger.kernel.org
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
b/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
index 6748226b8bd1..ce9ef4e65597 100644
--- a/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
+++ b/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
@@ -46,7 +46,7 @@ struct ingenic_nfc {
struct nand_controller controller;
unsigned int num_banks;
struct list_head chips;
- struct ingenic_nand_cs cs[];
+ struct ingenic_nand_cs cs[] __counted_by(num_banks);
};
struct ingenic_nand {
--
2.34.1
[PATCH] udf: Annotate struct udf_bitmap with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct udf_bitmap.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Jan Kara
Signed-off-by: Kees Cook
---
fs/udf/udf_sb.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/udf/udf_sb.h b/fs/udf/udf_sb.h
index 9af6ff7f9747..f9a60bc1abcf 100644
--- a/fs/udf/udf_sb.h
+++ b/fs/udf/udf_sb.h
@@ -86,7 +86,7 @@ struct udf_virtual_data {
struct udf_bitmap {
__u32 s_extPosition;
int s_nr_groups;
- struct buffer_head *s_block_bitmap[];
+ struct buffer_head *s_block_bitmap[] __counted_by(s_nr_groups);
};
struct udf_part_map {
--
2.34.1
[PATCH] aio: Annotate struct kioctx_table with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct kioctx_table.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Benjamin LaHaise
Cc: Alexander Viro
Cc: Christian Brauner
Cc: linux-...@kvack.org
Cc: linux-fsde...@vger.kernel.org
Signed-off-by: Kees Cook
---
fs/aio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/aio.c b/fs/aio.c
index a4c2a6bac72c..f8589caef9c1 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -80,7 +80,7 @@ struct aio_ring {
struct kioctx_table {
struct rcu_head rcu;
unsignednr;
- struct kioctx __rcu *table[];
+ struct kioctx __rcu *table[] __counted_by(nr);
};
struct kioctx_cpu {
--
2.34.1
[PATCH] nfs41: Annotate struct nfs4_file_layout_dsaddr with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct
nfs4_file_layout_dsaddr.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Trond Myklebust
Cc: Anna Schumaker
Cc: "Gustavo A. R. Silva"
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
fs/nfs/filelayout/filelayout.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/filelayout/filelayout.h b/fs/nfs/filelayout/filelayout.h
index aed0748fd6ec..c7bb5da93307 100644
--- a/fs/nfs/filelayout/filelayout.h
+++ b/fs/nfs/filelayout/filelayout.h
@@ -51,7 +51,7 @@ struct nfs4_file_layout_dsaddr {
u32 stripe_count;
u8 *stripe_indices;
u32 ds_num;
- struct nfs4_pnfs_ds *ds_list[];
+ struct nfs4_pnfs_ds *ds_list[] __counted_by(ds_num);
};
struct nfs4_filelayout_segment {
--
2.34.1
[PATCH] NFS/flexfiles: Annotate struct nfs4_ff_layout_segment with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct nfs4_ff_layout_segment.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Trond Myklebust
Cc: Anna Schumaker
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
fs/nfs/flexfilelayout/flexfilelayout.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/flexfilelayout/flexfilelayout.h
b/fs/nfs/flexfilelayout/flexfilelayout.h
index 354a031c69b1..f84b3fb0 100644
--- a/fs/nfs/flexfilelayout/flexfilelayout.h
+++ b/fs/nfs/flexfilelayout/flexfilelayout.h
@@ -99,7 +99,7 @@ struct nfs4_ff_layout_segment {
u64 stripe_unit;
u32 flags;
u32 mirror_array_cnt;
- struct nfs4_ff_layout_mirror*mirror_array[];
+ struct nfs4_ff_layout_mirror*mirror_array[]
__counted_by(mirror_array_cnt);
};
struct nfs4_flexfile_layout {
--
2.34.1
[PATCH] afs: Annotate struct afs_addr_list with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct afs_addr_list.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: David Howells
Cc: Marc Dionne
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
fs/afs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/afs/internal.h b/fs/afs/internal.h
index da73b97e19a9..07433a5349ca 100644
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -87,7 +87,7 @@ struct afs_addr_list {
enum dns_lookup_status status:8;
unsigned long failed; /* Mask of addrs that failed
locally/ICMP */
unsigned long responded; /* Mask of addrs that responded
*/
- struct sockaddr_rxrpc addrs[];
+ struct sockaddr_rxrpc addrs[] __counted_by(max_addrs);
#define AFS_MAX_ADDRESSES ((unsigned int)(sizeof(unsigned long) * 8))
};
--
2.34.1
[PATCH] ceph: Annotate struct ceph_osd_request with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ceph_osd_request.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Ilya Dryomov
Cc: Xiubo Li
Cc: Jeff Layton
Cc: ceph-de...@vger.kernel.org
Signed-off-by: Kees Cook
---
include/linux/ceph/osd_client.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/ceph/osd_client.h b/include/linux/ceph/osd_client.h
index bf9823956758..b8610e9d2471 100644
--- a/include/linux/ceph/osd_client.h
+++ b/include/linux/ceph/osd_client.h
@@ -278,7 +278,7 @@ struct ceph_osd_request {
int r_attempts;
u32 r_map_dne_bound;
- struct ceph_osd_req_op r_ops[];
+ struct ceph_osd_req_op r_ops[] __counted_by(r_num_ops);
};
struct ceph_request_redirect {
--
2.34.1
[PATCH] afs: Annotate struct afs_permits with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct afs_permits.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: David Howells
Cc: Marc Dionne
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
fs/afs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/afs/internal.h b/fs/afs/internal.h
index 07433a5349ca..469a717467a4 100644
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -705,7 +705,7 @@ struct afs_permits {
refcount_t usage;
unsigned short nr_permits; /* Number of records */
boolinvalidated;/* Invalidated due to key
change */
- struct afs_permit permits[]; /* List of permits sorted by
key pointer */
+ struct afs_permit permits[] __counted_by(nr_permits); /* List
of permits sorted by key pointer */
};
/*
--
2.34.1
[PATCH] ceph: Annotate struct ceph_monmap with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ceph_monmap.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Ilya Dryomov
Cc: Xiubo Li
Cc: Jeff Layton
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: ceph-de...@vger.kernel.org
Cc: net...@vger.kernel.org
Signed-off-by: Kees Cook
---
include/linux/ceph/mon_client.h | 2 +-
net/ceph/mon_client.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/ceph/mon_client.h b/include/linux/ceph/mon_client.h
index b658961156a0..7a9a40163c0f 100644
--- a/include/linux/ceph/mon_client.h
+++ b/include/linux/ceph/mon_client.h
@@ -19,7 +19,7 @@ struct ceph_monmap {
struct ceph_fsid fsid;
u32 epoch;
u32 num_mon;
- struct ceph_entity_inst mon_inst[];
+ struct ceph_entity_inst mon_inst[] __counted_by(num_mon);
};
struct ceph_mon_client;
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
index faabad6603db..f263f7e91a21 100644
--- a/net/ceph/mon_client.c
+++ b/net/ceph/mon_client.c
@@ -1136,6 +1136,7 @@ static int build_initial_monmap(struct ceph_mon_client
*monc)
GFP_KERNEL);
if (!monc->monmap)
return -ENOMEM;
+ monc->monmap->num_mon = num_mon;
for (i = 0; i < num_mon; i++) {
struct ceph_entity_inst *inst = &monc->monmap->mon_inst[i];
@@ -1147,7 +1148,6 @@ static int build_initial_monmap(struct ceph_mon_client
*monc)
inst->name.type = CEPH_ENTITY_TYPE_MON;
inst->name.num = cpu_to_le64(i);
}
- monc->monmap->num_mon = num_mon;
return 0;
}
--
2.34.1
[PATCH] ocfs2: Annotate struct ocfs2_slot_info with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ocfs2_slot_info.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Mark Fasheh
Cc: Joel Becker
Cc: Joseph Qi
Cc: ocfs2-de...@lists.linux.dev
Signed-off-by: Kees Cook
---
fs/ocfs2/slot_map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index da7718cef735..e544c704b583 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -37,7 +37,7 @@ struct ocfs2_slot_info {
unsigned int si_blocks;
struct buffer_head **si_bh;
unsigned int si_num_slots;
- struct ocfs2_slot si_slots[];
+ struct ocfs2_slot si_slots[] __counted_by(si_num_slots);
};
--
2.34.1
Re: [PATCH] wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by
On 9/15/23 14:05, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_gscan_config.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel
Cc: Franky Lin
Cc: Hante Meuleman
Cc: Kalle Valo
Cc: "Gustavo A. R. Silva"
Cc: Hector Martin
Cc: Ryohei Kondo
Cc: Hans de Goede
Cc: linux-wirel...@vger.kernel.org
Cc: brcm80211-dev-list@broadcom.com
Cc: sha-cyfmac-dev-l...@infineon.com
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
index bece26741d3a..6eef6bc430e2 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
@@ -1209,7 +1209,7 @@ struct brcmf_gscan_config {
u8 count_of_channel_buckets;
u8 retry_threshold;
__le16 lost_ap_window;
- struct brcmf_gscan_bucket_config bucket[];
+ struct brcmf_gscan_bucket_config bucket[]
__counted_by(count_of_channel_buckets);
};
/**
Re: [PATCH] usb: gadget: f_fs: Annotate struct ffs_buffer with __counted_by
On 9/15/23 13:58, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ffs_buffer.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Greg Kroah-Hartman
Cc: John Keeping
Cc: Udipto Goswami
Cc: Linyu Yuan
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/usb/gadget/function/f_fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_fs.c
b/drivers/usb/gadget/function/f_fs.c
index 6e9ef35a43a7..af400d083777 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -202,7 +202,7 @@ struct ffs_epfile {
struct ffs_buffer {
size_t length;
char *data;
- char storage[];
+ char storage[] __counted_by(length);
};
/* ffs_io_data structure ***/
Re: [PATCH] usb: gadget: f_midi: Annotate struct f_midi with __counted_by
On 9/15/23 13:59, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct f_midi.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Greg Kroah-Hartman
Cc: John Keeping
Cc: Peter Chen
Cc: Hulk Robot
Cc: Allen Pais
Cc: Will McVicker
Cc: Davidlohr Bueso
Cc: Zhang Qilong
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/usb/gadget/function/f_midi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_midi.c
b/drivers/usb/gadget/function/f_midi.c
index 2d02f25f9597..033e347554db 100644
--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -99,7 +99,7 @@ struct f_midi {
unsigned int in_last_port;
unsigned char free_ref;
- struct gmidi_in_port in_ports_array[/* in_ports */];
+ struct gmidi_in_portin_ports_array[] __counted_by(in_ports);
};
static inline struct f_midi *func_to_midi(struct usb_function *f)
@@ -1349,6 +1349,7 @@ static struct usb_function *f_midi_alloc(struct
usb_function_instance *fi)
status = -ENOMEM;
goto setup_fail;
}
+ midi->in_ports = opts->in_ports;
for (i = 0; i < opts->in_ports; i++)
midi->in_ports_array[i].cable = i;
@@ -1359,7 +1360,6 @@ static struct usb_function *f_midi_alloc(struct
usb_function_instance *fi)
status = -ENOMEM;
goto midi_free;
}
- midi->in_ports = opts->in_ports;
midi->out_ports = opts->out_ports;
midi->index = opts->index;
midi->buflen = opts->buflen;
Re: [PATCH] md/md-linear: Annotate struct linear_conf with __counted_by
On 9/15/23 14:03, Kees Cook wrote: Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct linear_conf. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Song Liu Cc: linux-r...@vger.kernel.org Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva Thanks -- Gustavo --- drivers/md/md-linear.c | 26 +- drivers/md/md-linear.h | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/md/md-linear.c b/drivers/md/md-linear.c index 71ac99646827..ae2826e9645b 100644 --- a/drivers/md/md-linear.c +++ b/drivers/md/md-linear.c @@ -69,6 +69,19 @@ static struct linear_conf *linear_conf(struct mddev *mddev, int raid_disks) if (!conf) return NULL; + /* +* conf->raid_disks is copy of mddev->raid_disks. The reason to +* keep a copy of mddev->raid_disks in struct linear_conf is, +* mddev->raid_disks may not be consistent with pointers number of +* conf->disks[] when it is updated in linear_add() and used to +* iterate old conf->disks[] earray in linear_congested(). +* Here conf->raid_disks is always consitent with number of +* pointers in conf->disks[] array, and mddev->private is updated +* with rcu_assign_pointer() in linear_addr(), such race can be +* avoided. +*/ + conf->raid_disks = raid_disks; + cnt = 0; conf->array_sectors = 0; @@ -112,19 +125,6 @@ static struct linear_conf *linear_conf(struct mddev *mddev, int raid_disks) conf->disks[i-1].end_sector + conf->disks[i].rdev->sectors; - /* -* conf->raid_disks is copy of mddev->raid_disks. The reason to -* keep a copy of mddev->raid_disks in struct linear_conf is, -* mddev->raid_disks may not be consistent with pointers number of -* conf->disks[] when it is updated in linear_add() and used to -* iterate old conf->disks[] earray in linear_congested(). -* Here conf->raid_disks is always consitent with number of -* pointers in conf->disks[] array, and mddev->private is updated -* with rcu_assign_pointer() in linear_addr(), such race can be -* avoided. -*/ - conf->raid_disks = raid_disks; - return conf; out: diff --git a/drivers/md/md-linear.h b/drivers/md/md-linear.h index 24e97db50ebb..5587eeedb882 100644 --- a/drivers/md/md-linear.h +++ b/drivers/md/md-linear.h @@ -12,6 +12,6 @@ struct linear_conf struct rcu_head rcu; sector_tarray_sectors; int raid_disks; /* a copy of mddev->raid_disks */ - struct dev_info disks[]; + struct dev_info disks[] __counted_by(raid_disks); }; #endif
Re: [PATCH] wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by
On 9/15/23 14:05, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_fw_request.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel
Cc: Franky Lin
Cc: Hante Meuleman
Cc: Kalle Valo
Cc: Matthias Brugger
Cc: Hector Martin
Cc: "Alvin Šipraga"
Cc: Hans de Goede
Cc: linux-wirel...@vger.kernel.org
Cc: brcm80211-dev-list@broadcom.com
Cc: sha-cyfmac-dev-l...@infineon.com
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
index 1266cbaee072..4002d326fd21 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
@@ -69,7 +69,7 @@ struct brcmf_fw_request {
u16 bus_nr;
u32 n_items;
const char *board_types[BRCMF_FW_MAX_BOARD_TYPES];
- struct brcmf_fw_item items[];
+ struct brcmf_fw_item items[] __counted_by(n_items);
};
struct brcmf_fw_name {
Re: [PATCH] wifi: ipw2x00: Annotate struct libipw_txb with __counted_by
On 9/15/23 14:06, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct libipw_txb.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Stanislav Yakovlev
Cc: Kalle Valo
Cc: linux-wirel...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/intel/ipw2x00/libipw.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/ipw2x00/libipw.h
b/drivers/net/wireless/intel/ipw2x00/libipw.h
index bec7bc273748..9065ca5b0208 100644
--- a/drivers/net/wireless/intel/ipw2x00/libipw.h
+++ b/drivers/net/wireless/intel/ipw2x00/libipw.h
@@ -488,7 +488,7 @@ struct libipw_txb {
u8 reserved;
u16 frag_size;
u16 payload_size;
- struct sk_buff *fragments[];
+ struct sk_buff *fragments[] __counted_by(nr_frags);
};
/* SWEEP TABLE ENTRIES NUMBER */
Re: [PATCH] wifi: mt76: Annotate struct mt76_rx_tid with __counted_by
On 9/15/23 14:06, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt76_rx_tid.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Felix Fietkau
Cc: Lorenzo Bianconi
Cc: Ryder Lee
Cc: Shayne Chen
Cc: Sean Wang
Cc: Kalle Valo
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: linux-wirel...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/mediatek/mt76/mt76.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h
b/drivers/net/wireless/mediatek/mt76/mt76.h
index e8757865a3d0..03ef617b1527 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -376,7 +376,7 @@ struct mt76_rx_tid {
u8 started:1, stopped:1, timer_pending:1;
- struct sk_buff *reorder_buf[];
+ struct sk_buff *reorder_buf[] __counted_by(size);
};
#define MT_TX_CB_DMA_DONE BIT(0)
Re: [PATCH] wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by
On 9/15/23 14:06, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct wcn36xx_hal_ind_msg.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Loic Poulain
Cc: Kalle Valo
Cc: wcn3...@lists.infradead.org
Cc: linux-wirel...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/ath/wcn36xx/smd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/smd.h
b/drivers/net/wireless/ath/wcn36xx/smd.h
index cf15cde2a364..2c1ed9e570bf 100644
--- a/drivers/net/wireless/ath/wcn36xx/smd.h
+++ b/drivers/net/wireless/ath/wcn36xx/smd.h
@@ -47,7 +47,7 @@ struct wcn36xx_fw_msg_status_rsp {
struct wcn36xx_hal_ind_msg {
struct list_head list;
size_t msg_len;
- u8 msg[];
+ u8 msg[] __counted_by(msg_len);
};
struct wcn36xx;
Re: [PATCH] leds: aw200xx: Annotate struct aw200xx with __counted_by
On 9/15/23 14:09, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct aw200xx.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-aw200xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-aw200xx.c b/drivers/leds/leds-aw200xx.c
index 691a743cc9b0..4d517cace3e7 100644
--- a/drivers/leds/leds-aw200xx.c
+++ b/drivers/leds/leds-aw200xx.c
@@ -112,7 +112,7 @@ struct aw200xx {
struct mutex mutex;
u32 num_leds;
u32 display_rows;
- struct aw200xx_led leds[];
+ struct aw200xx_led leds[] __counted_by(num_leds);
};
static ssize_t dim_show(struct device *dev, struct device_attribute *devattr,
Re: [PATCH] leds: cr0014114: Annotate struct cr0014114 with __counted_by
On 9/15/23 14:09, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct cr0014114.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-cr0014114.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-cr0014114.c b/drivers/leds/leds-cr0014114.c
index b33bca397ea6..c9914fc51f20 100644
--- a/drivers/leds/leds-cr0014114.c
+++ b/drivers/leds/leds-cr0014114.c
@@ -56,7 +56,7 @@ struct cr0014114 {
struct spi_device *spi;
u8 *buf;
unsigned long delay;
- struct cr0014114_ledleds[];
+ struct cr0014114_ledleds[] __counted_by(count);
};
static void cr0014114_calc_crc(u8 *buf, const size_t len)
Re: [PATCH] leds: el15203000: Annotate struct el15203000 with __counted_by
On 9/15/23 14:09, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct el15203000.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-el15203000.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-el15203000.c b/drivers/leds/leds-el15203000.c
index 7e7b617bcd56..d40194a3029f 100644
--- a/drivers/leds/leds-el15203000.c
+++ b/drivers/leds/leds-el15203000.c
@@ -80,7 +80,7 @@ struct el15203000 {
struct spi_device *spi;
unsigned long delay;
size_t count;
- struct el15203000_led leds[];
+ struct el15203000_led leds[] __counted_by(count);
};
#define to_el15203000_led(d) container_of(d, struct el15203000_led, ldev)
Re: [PATCH] leds: lm3697: Annotate struct lm3697 with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lm3697.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-lm3697.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-lm3697.c b/drivers/leds/leds-lm3697.c
index cfb8ac220db6..380d17a58fe9 100644
--- a/drivers/leds/leds-lm3697.c
+++ b/drivers/leds/leds-lm3697.c
@@ -89,7 +89,7 @@ struct lm3697 {
int bank_cfg;
int num_banks;
- struct lm3697_led leds[];
+ struct lm3697_led leds[] __counted_by(num_banks);
};
static const struct reg_default lm3697_reg_defs[] = {
Re: [PATCH] leds: gpio: Annotate struct gpio_leds_priv with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct gpio_leds_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-gpio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-gpio.c b/drivers/leds/leds-gpio.c
index 7bfe40a6bfdd..a6597f0f3eb4 100644
--- a/drivers/leds/leds-gpio.c
+++ b/drivers/leds/leds-gpio.c
@@ -142,7 +142,7 @@ static int create_gpio_led(const struct gpio_led *template,
struct gpio_leds_priv {
int num_leds;
- struct gpio_led_data leds[];
+ struct gpio_led_data leds[] __counted_by(num_leds);
};
static struct gpio_leds_priv *gpio_leds_create(struct platform_device *pdev)
Re: [PATCH] leds: mt6360: Annotate struct mt6360_priv with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt6360_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: Gene Chen
Cc: Jacek Anaszewski
Cc: Andy Shevchenko
Cc: linux-l...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/flash/leds-mt6360.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/flash/leds-mt6360.c b/drivers/leds/flash/leds-mt6360.c
index 1af6c5898343..b70dc689b33f 100644
--- a/drivers/leds/flash/leds-mt6360.c
+++ b/drivers/leds/flash/leds-mt6360.c
@@ -91,7 +91,7 @@ struct mt6360_priv {
unsigned int fled_torch_used;
unsigned int leds_active;
unsigned int leds_count;
- struct mt6360_led leds[];
+ struct mt6360_led leds[] __counted_by(leds_count);
};
static int mt6360_mc_brightness_set(struct led_classdev *lcdev,
Re: [PATCH] leds: mt6370: Annotate struct mt6370_priv with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt6370_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: Alice Chen
Cc: Jacek Anaszewski
Cc: ChiYuan Huang
Cc: ChiaEn Wu
Cc: kernel test robot
Cc: linux-l...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/flash/leds-mt6370-flash.c | 2 +-
drivers/leds/rgb/leds-mt6370-rgb.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/flash/leds-mt6370-flash.c
b/drivers/leds/flash/leds-mt6370-flash.c
index 931067c8a75f..912d9d622320 100644
--- a/drivers/leds/flash/leds-mt6370-flash.c
+++ b/drivers/leds/flash/leds-mt6370-flash.c
@@ -81,7 +81,7 @@ struct mt6370_priv {
unsigned int fled_torch_used;
unsigned int leds_active;
unsigned int leds_count;
- struct mt6370_led leds[];
+ struct mt6370_led leds[] __counted_by(leds_count);
};
static int mt6370_torch_brightness_set(struct led_classdev *lcdev, enum led_brightness level)
diff --git a/drivers/leds/rgb/leds-mt6370-rgb.c
b/drivers/leds/rgb/leds-mt6370-rgb.c
index bb62431efe83..448d0da11848 100644
--- a/drivers/leds/rgb/leds-mt6370-rgb.c
+++ b/drivers/leds/rgb/leds-mt6370-rgb.c
@@ -153,7 +153,7 @@ struct mt6370_priv {
const struct mt6370_pdata *pdata;
unsigned int leds_count;
unsigned int leds_active;
- struct mt6370_led leds[];
+ struct mt6370_led leds[] __counted_by(leds_count);
};
static const struct reg_field common_reg_fields[F_MAX_FIELDS] = {
Re: [PATCH] mtd: Annotate struct lpddr_private with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lpddr_private.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
include/linux/mtd/qinfo.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/mtd/qinfo.h b/include/linux/mtd/qinfo.h
index 2e3f43788d48..0421f12156b5 100644
--- a/include/linux/mtd/qinfo.h
+++ b/include/linux/mtd/qinfo.h
@@ -24,7 +24,7 @@ struct lpddr_private {
struct qinfo_chip *qinfo;
int numchips;
unsigned long chipshift;
- struct flchip chips[];
+ struct flchip chips[] __counted_by(numchips);
};
/* qinfo_query_info structure contains request information for
Re: [PATCH] leds: qcom-lpg: Annotate struct lpg_led with __counted_by
On 9/15/23 14:11, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lpg_led.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Bjorn Andersson
Cc: "Uwe Kleine-König"
Cc: Douglas Anderson
Cc: Anjelique Melendez
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/rgb/leds-qcom-lpg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/rgb/leds-qcom-lpg.c b/drivers/leds/rgb/leds-qcom-lpg.c
index df469aaa7e6e..7d93e02a030a 100644
--- a/drivers/leds/rgb/leds-qcom-lpg.c
+++ b/drivers/leds/rgb/leds-qcom-lpg.c
@@ -173,7 +173,7 @@ struct lpg_led {
struct led_classdev_mc mcdev;
unsigned int num_channels;
- struct lpg_channel *channels[];
+ struct lpg_channel *channels[] __counted_by(num_channels);
};
/**
Re: [PATCH] mtd: cfi: Annotate struct cfi_private with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct cfi_private.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
include/linux/mtd/cfi.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/mtd/cfi.h b/include/linux/mtd/cfi.h
index d88bb56c18e2..947410faf9e2 100644
--- a/include/linux/mtd/cfi.h
+++ b/include/linux/mtd/cfi.h
@@ -287,7 +287,7 @@ struct cfi_private {
unsigned long chipshift; /* Because they're of the same type */
const char *im_name; /* inter_module name for cmdset_setup */
unsigned long quirks;
- struct flchip chips[]; /* per-chip data structure for each chip */
+ struct flchip chips[] __counted_by(numchips); /* per-chip data
structure for each chip */
};
uint32_t cfi_build_cmd_addr(uint32_t cmd_ofs,
Re: [PATCH] mtd: rawnand: atmel: Annotate struct atmel_nand with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct atmel_nand.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Tudor Ambarus
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: Nicolas Ferre
Cc: Alexandre Belloni
Cc: Claudiu Beznea
Cc: linux-...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c
b/drivers/mtd/nand/raw/atmel/nand-controller.c
index 3f494f7c7ecb..4cb478bbee4a 100644
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -165,7 +165,7 @@ struct atmel_nand {
struct atmel_pmecc_user *pmecc;
struct gpio_desc *cdgpio;
int numcs;
- struct atmel_nand_cs cs[];
+ struct atmel_nand_cs cs[] __counted_by(numcs);
};
static inline struct atmel_nand *to_atmel_nand(struct nand_chip *chip)
