| Message ID | 20230915195849.never.275-kees@kernel.org |
|---|---|
| State | New |
| Headers | show |
| Series | usb: gadget: f_fs: Annotate struct ffs_buffer with __counted_by | expand |
On 9/15/23 13:58, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct ffs_buffer. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Cc: John Keeping <john@keeping.me.uk> > Cc: Udipto Goswami <quic_ugoswami@quicinc.com> > Cc: Linyu Yuan <quic_linyyuan@quicinc.com> > Cc: linux-usb@vger.kernel.org > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks
On Fri, 15 Sep 2023 12:58:49 -0700, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct ffs_buffer. > > [...] Applied to for-next/hardening, thanks! [1/1] usb: gadget: f_fs: Annotate struct ffs_buffer with __counted_by https://git.kernel.org/kees/c/84657a30a0c9 Take care,
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 6e9ef35a43a7..af400d083777 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -202,7 +202,7 @@ struct ffs_epfile { struct ffs_buffer { size_t length; char *data; - char storage[]; + char storage[] __counted_by(length); }; /* ffs_io_data structure ***************************************************/
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct ffs_buffer. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: John Keeping <john@keeping.me.uk> Cc: Udipto Goswami <quic_ugoswami@quicinc.com> Cc: Linyu Yuan <quic_linyyuan@quicinc.com> Cc: linux-usb@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/usb/gadget/function/f_fs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)