| Message ID | 20240710230728.work.977-kees@kernel.org |
|---|---|
| Headers | show |
| Series | media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt | expand |
On 10/07/24 17:09, Kees Cook wrote: > Replace the deprecated[1] use of a 1-element array in > struct hfi_session_release_buffer_pkt with a modern flexible array. > > No binary differences are present after this conversion. > > Link: https://github.com/KSPP/linux/issues/79 [1] > Signed-off-by: Kees Cook <kees@kernel.org> > --- > Cc: Stanimir Varbanov <stanimir.k.varbanov@gmail.com> > Cc: Vikash Garodia <quic_vgarodia@quicinc.com> > Cc: "Bryan O'Donoghue" <bryan.odonoghue@linaro.org> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: linux-media@vger.kernel.org > Cc: linux-arm-msm@vger.kernel.org > Cc: linux-hardening@vger.kernel.org Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks -- Gustavo > --- > drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/platform/qcom/venus/hfi_cmds.h b/drivers/media/platform/qcom/venus/hfi_cmds.h > index 20acd412ee7b..42825f07939d 100644 > --- a/drivers/media/platform/qcom/venus/hfi_cmds.h > +++ b/drivers/media/platform/qcom/venus/hfi_cmds.h > @@ -227,7 +227,7 @@ struct hfi_session_release_buffer_pkt { > u32 extradata_size; > u32 response_req; > u32 num_buffers; > - u32 buffer_info[1]; > + u32 buffer_info[]; > }; > > struct hfi_session_release_resources_pkt {
On 10/07/24 17:09, Kees Cook wrote: > The only direct user of struct hfi_session_release_buffer_pkt is > pkt_session_unset_buffers() which sets "num_buffers" before using it > as a loop counter for accessing "buffer_info". Add the __counted_by > annotation to reflect the relationship. > > Signed-off-by: Kees Cook <kees@kernel.org> > --- > Cc: Stanimir Varbanov <stanimir.k.varbanov@gmail.com> > Cc: Vikash Garodia <quic_vgarodia@quicinc.com> > Cc: "Bryan O'Donoghue" <bryan.odonoghue@linaro.org> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: linux-media@vger.kernel.org > Cc: linux-arm-msm@vger.kernel.org > Cc: linux-hardening@vger.kernel.org Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks -- Gustavo > --- > drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/platform/qcom/venus/hfi_cmds.h b/drivers/media/platform/qcom/venus/hfi_cmds.h > index 42825f07939d..1adf2d2ae5f2 100644 > --- a/drivers/media/platform/qcom/venus/hfi_cmds.h > +++ b/drivers/media/platform/qcom/venus/hfi_cmds.h > @@ -227,7 +227,7 @@ struct hfi_session_release_buffer_pkt { > u32 extradata_size; > u32 response_req; > u32 num_buffers; > - u32 buffer_info[]; > + u32 buffer_info[] __counted_by(num_buffers); > }; > > struct hfi_session_release_resources_pkt {
On 11/07/2024 00:09, Kees Cook wrote: > Replace the deprecated[1] use of a 1-element array in > struct hfi_session_release_buffer_pkt with a modern flexible array. > > No binary differences are present after this conversion. > > Link: https://github.com/KSPP/linux/issues/79 [1] > Signed-off-by: Kees Cook <kees@kernel.org> > --- > Cc: Stanimir Varbanov <stanimir.k.varbanov@gmail.com> > Cc: Vikash Garodia <quic_vgarodia@quicinc.com> > Cc: "Bryan O'Donoghue" <bryan.odonoghue@linaro.org> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: linux-media@vger.kernel.org > Cc: linux-arm-msm@vger.kernel.org > Cc: linux-hardening@vger.kernel.org > --- > drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/platform/qcom/venus/hfi_cmds.h b/drivers/media/platform/qcom/venus/hfi_cmds.h > index 20acd412ee7b..42825f07939d 100644 > --- a/drivers/media/platform/qcom/venus/hfi_cmds.h > +++ b/drivers/media/platform/qcom/venus/hfi_cmds.h > @@ -227,7 +227,7 @@ struct hfi_session_release_buffer_pkt { > u32 extradata_size; > u32 response_req; > u32 num_buffers; > - u32 buffer_info[1]; > + u32 buffer_info[]; > }; > > struct hfi_session_release_resources_pkt { Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
On 11/07/2024 00:09, Kees Cook wrote: > The only direct user of struct hfi_session_release_buffer_pkt is > pkt_session_unset_buffers() which sets "num_buffers" before using it > as a loop counter for accessing "buffer_info". Add the __counted_by > annotation to reflect the relationship. > > Signed-off-by: Kees Cook <kees@kernel.org> > --- > Cc: Stanimir Varbanov <stanimir.k.varbanov@gmail.com> > Cc: Vikash Garodia <quic_vgarodia@quicinc.com> > Cc: "Bryan O'Donoghue" <bryan.odonoghue@linaro.org> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: linux-media@vger.kernel.org > Cc: linux-arm-msm@vger.kernel.org > Cc: linux-hardening@vger.kernel.org > --- > drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/platform/qcom/venus/hfi_cmds.h b/drivers/media/platform/qcom/venus/hfi_cmds.h > index 42825f07939d..1adf2d2ae5f2 100644 > --- a/drivers/media/platform/qcom/venus/hfi_cmds.h > +++ b/drivers/media/platform/qcom/venus/hfi_cmds.h > @@ -227,7 +227,7 @@ struct hfi_session_release_buffer_pkt { > u32 extradata_size; > u32 response_req; > u32 num_buffers; > - u32 buffer_info[]; > + u32 buffer_info[] __counted_by(num_buffers); > }; > > struct hfi_session_release_resources_pkt { Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
On 7/11/2024 4:39 AM, Kees Cook wrote: > Replace the deprecated[1] use of a 1-element array in > struct hfi_session_release_buffer_pkt with a modern flexible array. > > No binary differences are present after this conversion. > > Link: https://github.com/KSPP/linux/issues/79 [1] > Signed-off-by: Kees Cook <kees@kernel.org> > --- > Cc: Stanimir Varbanov <stanimir.k.varbanov@gmail.com> > Cc: Vikash Garodia <quic_vgarodia@quicinc.com> > Cc: "Bryan O'Donoghue" <bryan.odonoghue@linaro.org> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: linux-media@vger.kernel.org > Cc: linux-arm-msm@vger.kernel.org > Cc: linux-hardening@vger.kernel.org > --- > drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/platform/qcom/venus/hfi_cmds.h b/drivers/media/platform/qcom/venus/hfi_cmds.h > index 20acd412ee7b..42825f07939d 100644 > --- a/drivers/media/platform/qcom/venus/hfi_cmds.h > +++ b/drivers/media/platform/qcom/venus/hfi_cmds.h > @@ -227,7 +227,7 @@ struct hfi_session_release_buffer_pkt { > u32 extradata_size; > u32 response_req; > u32 num_buffers; > - u32 buffer_info[1]; > + u32 buffer_info[]; > }; > > struct hfi_session_release_resources_pkt { Reviewed-by: Vikash Garodia <quic_vgarodia@quicinc.com> Regards, Vikash
On 7/11/2024 4:39 AM, Kees Cook wrote: > The only direct user of struct hfi_session_release_buffer_pkt is > pkt_session_unset_buffers() which sets "num_buffers" before using it > as a loop counter for accessing "buffer_info". Add the __counted_by > annotation to reflect the relationship. > > Signed-off-by: Kees Cook <kees@kernel.org> > --- > Cc: Stanimir Varbanov <stanimir.k.varbanov@gmail.com> > Cc: Vikash Garodia <quic_vgarodia@quicinc.com> > Cc: "Bryan O'Donoghue" <bryan.odonoghue@linaro.org> > Cc: Mauro Carvalho Chehab <mchehab@kernel.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: linux-media@vger.kernel.org > Cc: linux-arm-msm@vger.kernel.org > Cc: linux-hardening@vger.kernel.org > --- > drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/platform/qcom/venus/hfi_cmds.h b/drivers/media/platform/qcom/venus/hfi_cmds.h > index 42825f07939d..1adf2d2ae5f2 100644 > --- a/drivers/media/platform/qcom/venus/hfi_cmds.h > +++ b/drivers/media/platform/qcom/venus/hfi_cmds.h > @@ -227,7 +227,7 @@ struct hfi_session_release_buffer_pkt { > u32 extradata_size; > u32 response_req; > u32 num_buffers; > - u32 buffer_info[]; > + u32 buffer_info[] __counted_by(num_buffers); > }; > > struct hfi_session_release_resources_pkt { Reviewed-by: Vikash Garodia <quic_vgarodia@quicinc.com> Regards, Vikash
On Wed, 10 Jul 2024 16:09:11 -0700, Kees Cook wrote: > This replaces the 1-element "fake" flexible array in struct > hfi_session_release_buffer_pkt with a modern flexible array and adds > the __counted_by annotation that was identified during the analysis. > > Thanks! > > -Kees > > [...] Applied to for-next/hardening, thanks! [1/2] media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Replace 1-element array with flexible array https://git.kernel.org/kees/c/c93452777f53 [2/2] media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Add __counted_by annotation https://git.kernel.org/kees/c/32ef4b710cbe Take care,
Hi, This replaces the 1-element "fake" flexible array in struct hfi_session_release_buffer_pkt with a modern flexible array and adds the __counted_by annotation that was identified during the analysis. Thanks! -Kees Kees Cook (2): media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Replace 1-element array with flexible array media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Add __counted_by annotation drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)