| Message ID | 20230915201219.never.352-kees@kernel.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | mtd: rawnand: atmel: Annotate struct atmel_nand with __counted_by | expand |
On 9/15/23 14:12, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct atmel_nand. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Tudor Ambarus <tudor.ambarus@linaro.org> > Cc: Miquel Raynal <miquel.raynal@bootlin.com> > Cc: Richard Weinberger <richard@nod.at> > Cc: Vignesh Raghavendra <vigneshr@ti.com> > Cc: Nicolas Ferre <nicolas.ferre@microchip.com> > Cc: Alexandre Belloni <alexandre.belloni@bootlin.com> > Cc: Claudiu Beznea <claudiu.beznea@tuxon.dev> > Cc: linux-mtd@lists.infradead.org > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks
On 15.09.2023 23:12, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct atmel_nand. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Tudor Ambarus <tudor.ambarus@linaro.org> > Cc: Miquel Raynal <miquel.raynal@bootlin.com> > Cc: Richard Weinberger <richard@nod.at> > Cc: Vignesh Raghavendra <vigneshr@ti.com> > Cc: Nicolas Ferre <nicolas.ferre@microchip.com> > Cc: Alexandre Belloni <alexandre.belloni@bootlin.com> > Cc: Claudiu Beznea <claudiu.beznea@tuxon.dev> > Cc: linux-mtd@lists.infradead.org > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org> > --- > drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c > index 3f494f7c7ecb..4cb478bbee4a 100644 > --- a/drivers/mtd/nand/raw/atmel/nand-controller.c > +++ b/drivers/mtd/nand/raw/atmel/nand-controller.c > @@ -165,7 +165,7 @@ struct atmel_nand { > struct atmel_pmecc_user *pmecc; > struct gpio_desc *cdgpio; > int numcs; > - struct atmel_nand_cs cs[]; > + struct atmel_nand_cs cs[] __counted_by(numcs); > }; > > static inline struct atmel_nand *to_atmel_nand(struct nand_chip *chip)
On Fri, 2023-09-15 at 20:12:20 UTC, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct atmel_nand. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Tudor Ambarus <tudor.ambarus@linaro.org> > Cc: Miquel Raynal <miquel.raynal@bootlin.com> > Cc: Richard Weinberger <richard@nod.at> > Cc: Vignesh Raghavendra <vigneshr@ti.com> > Cc: Nicolas Ferre <nicolas.ferre@microchip.com> > Cc: Alexandre Belloni <alexandre.belloni@bootlin.com> > Cc: Claudiu Beznea <claudiu.beznea@tuxon.dev> > Cc: linux-mtd@lists.infradead.org > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> > Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> > Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org> Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git mtd/next, thanks. Miquel
diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c index 3f494f7c7ecb..4cb478bbee4a 100644 --- a/drivers/mtd/nand/raw/atmel/nand-controller.c +++ b/drivers/mtd/nand/raw/atmel/nand-controller.c @@ -165,7 +165,7 @@ struct atmel_nand { struct atmel_pmecc_user *pmecc; struct gpio_desc *cdgpio; int numcs; - struct atmel_nand_cs cs[]; + struct atmel_nand_cs cs[] __counted_by(numcs); }; static inline struct atmel_nand *to_atmel_nand(struct nand_chip *chip)
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct atmel_nand. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Tudor Ambarus <tudor.ambarus@linaro.org> Cc: Miquel Raynal <miquel.raynal@bootlin.com> Cc: Richard Weinberger <richard@nod.at> Cc: Vignesh Raghavendra <vigneshr@ti.com> Cc: Nicolas Ferre <nicolas.ferre@microchip.com> Cc: Alexandre Belloni <alexandre.belloni@bootlin.com> Cc: Claudiu Beznea <claudiu.beznea@tuxon.dev> Cc: linux-mtd@lists.infradead.org Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)