tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

misc: bcm-vk: Annotate struct bcm_vk_wkent with __counted_by

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct bcm_vk_wkent.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Scott Branden <scott.branden@broadcom.com>
Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list@broadcom.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20230922175057.work.558-kees@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Kees Cook and committed by
Greg Kroah-Hartman 3c69d52e 4d08c3d1

+2 -2
+1 -1
drivers/misc/bcm-vk/bcm_vk_msg.c
··· 703 703 entry = kzalloc(struct_size(entry, to_v_msg, 1), GFP_KERNEL); 704 704 if (!entry) 705 705 return -ENOMEM; 706 + entry->to_v_blks = 1; /* always 1 block */ 706 707 707 708 /* fill up necessary data */ 708 709 entry->to_v_msg[0].function_id = VK_FID_SHUTDOWN; 709 710 set_q_num(&entry->to_v_msg[0], q_num); 710 711 set_msg_id(&entry->to_v_msg[0], VK_SIMPLEX_MSG_ID); 711 - entry->to_v_blks = 1; /* always 1 block */ 712 712 713 713 entry->to_v_msg[0].cmd = shut_type; 714 714 entry->to_v_msg[0].arg = pid;
+1 -1
drivers/misc/bcm-vk/bcm_vk_msg.h
··· 116 116 u32 usr_msg_id; 117 117 u32 to_v_blks; 118 118 u32 seq_num; 119 - struct vk_msg_blk to_v_msg[]; 119 + struct vk_msg_blk to_v_msg[] __counted_by(to_v_blks); 120 120 }; 121 121 122 122 /* queue stats counters */