From: Kees Cook <keescook@chromium•org>
To: Jakub Kicinski <kuba@kernel•org>
Cc: Jamal Hadi Salim <jhs@mojatatu•com>,
Cong Wang <xiyou.wangcong@gmail•com>,
Jiri Pirko <jiri@resnulli•us>,
"David S. Miller" <davem@davemloft•net>,
Eric Dumazet <edumazet@google•com>,
Paolo Abeni <pabeni@redhat•com>,
netdev@vger•kernel.org, David Ahern <dsahern@kernel•org>,
Martin KaFai Lau <martin.lau@kernel•org>,
"Gustavo A. R. Silva" <gustavoars@kernel•org>,
Alexei Starovoitov <ast@kernel•org>,
Yisen Zhuang <yisen.zhuang@huawei•com>,
Salil Mehta <salil.mehta@huawei•com>,
Claudiu Manoil <claudiu.manoil@nxp•com>,
Vladimir Oltean <vladimir.oltean@nxp•com>,
"K. Y. Srinivasan" <kys@microsoft•com>,
Haiyang Zhang <haiyangz@microsoft•com>,
Wei Liu <wei.liu@kernel•org>, Dexuan Cui <decui@microsoft•com>,
Long Li <longli@microsoft•com>,
Ajay Sharma <sharmaajay@microsoft•com>,
Alex Elder <elder@kernel•org>, Pravin B Shelar <pshelar@ovn•org>,
Shaokun Zhang <zhangshaokun@hisilicon•com>,
Nathan Chancellor <nathan@kernel•org>,
Nick Desaulniers <ndesaulniers@google•com>,
Tom Rix <trix@redhat•com>, Simon Horman <horms@kernel•org>,
linux-kernel@vger•kernel.org, linux-hyperv@vger•kernel.org,
linux-rdma@vger•kernel.org, dev@openvswitch•org,
linux-parisc@vger•kernel.org, llvm@lists•linux.dev,
linux-hardening@vger•kernel.org
Subject: Re: [PATCH 14/14] net: sched: Annotate struct tc_pedit with __counted_by
Date: Fri, 22 Sep 2023 11:23:29 -0700 [thread overview]
Message-ID: <202309221122.74FA902A@keescook> (raw)
In-Reply-To: <20230922172858.3822653-14-keescook@chromium.org>
On Fri, Sep 22, 2023 at 10:28:56AM -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct tc_pedit.
> Additionally, since the element count member must be set before accessing
> the annotated flexible array member, move its initialization earlier.
>
> [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Jamal Hadi Salim <jhs@mojatatu•com>
> Cc: Cong Wang <xiyou.wangcong@gmail•com>
> Cc: Jiri Pirko <jiri@resnulli•us>
> Cc: "David S. Miller" <davem@davemloft•net>
> Cc: Eric Dumazet <edumazet@google•com>
> Cc: Jakub Kicinski <kuba@kernel•org>
> Cc: Paolo Abeni <pabeni@redhat•com>
> Cc: netdev@vger•kernel.org
> Signed-off-by: Kees Cook <keescook@chromium•org>
> ---
> net/sched/act_pedit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
> index 1ef8fcfa9997..77c407eff3b0 100644
> --- a/net/sched/act_pedit.c
> +++ b/net/sched/act_pedit.c
> @@ -515,11 +515,11 @@ static int tcf_pedit_dump(struct sk_buff *skb, struct tc_action *a,
> spin_unlock_bh(&p->tcf_lock);
> return -ENOBUFS;
> }
> + opt->nkeys = parms->tcfp_nkeys;
>
> memcpy(opt->keys, parms->tcfp_keys,
> flex_array_size(opt, keys, parms->tcfp_nkeys));
> opt->index = p->tcf_index;
> - opt->nkeys = parms->tcfp_nkeys;
> opt->flags = parms->tcfp_flags;
> opt->action = p->tcf_action;
> opt->refcnt = refcount_read(&p->tcf_refcnt) - ref;
> --
> 2.34.1
>
Coccinelle was not happy about the #define ...
struct tc_pedit_sel {
tc_gen;
unsigned char nkeys;
unsigned char flags;
struct tc_pedit_key keys[0];
};
#define tc_pedit tc_pedit_sel
Also, it's not been converted to a proper flexible array...
--
Kees Cook
next prev parent reply other threads:[~2023-09-22 18:23 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-22 17:28 [PATCH 00/14] Batch 1: Annotate structs with __counted_by Kees Cook
2023-09-22 17:28 ` [PATCH 01/14] ipv4: Annotate struct fib_info " Kees Cook
2023-09-23 1:43 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 02/14] ipv4/igmp: Annotate struct ip_sf_socklist " Kees Cook
2023-09-23 1:50 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 03/14] ipv6: Annotate struct ip6_sf_socklist " Kees Cook
2023-09-23 1:51 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 04/14] net: hns: Annotate struct ppe_common_cb " Kees Cook
2023-09-23 1:51 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 05/14] net: enetc: Annotate struct enetc_int_vector " Kees Cook
2023-09-23 1:52 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 06/14] net: hisilicon: Annotate struct rcb_common_cb " Kees Cook
2023-09-23 1:52 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 07/14] net: mana: Annotate struct mana_rxq " Kees Cook
2023-09-23 1:55 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 08/14] net: ipa: Annotate struct ipa_power " Kees Cook
2023-09-23 1:55 ` Gustavo A. R. Silva
2023-09-23 12:09 ` Alex Elder
2023-09-24 2:03 ` Kees Cook
2023-09-22 17:28 ` [PATCH 09/14] net: mana: Annotate struct hwc_dma_buf " Kees Cook
2023-09-23 1:56 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 10/14] net: openvswitch: Annotate struct dp_meter_instance " Kees Cook
2023-09-23 1:56 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 11/14] net: enetc: Annotate struct enetc_psfp_gate " Kees Cook
2023-09-23 1:56 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 12/14] net: openvswitch: Annotate struct dp_meter " Kees Cook
2023-09-23 1:57 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 13/14] net: tulip: Annotate struct mediatable " Kees Cook
2023-09-23 1:57 ` Gustavo A. R. Silva
2023-09-22 17:28 ` [PATCH 14/14] net: sched: Annotate struct tc_pedit " Kees Cook
2023-09-22 18:18 ` Kees Cook
2023-09-22 18:23 ` Kees Cook [this message]
2023-09-23 2:06 ` Gustavo A. R. Silva
2023-09-27 15:57 ` [PATCH 00/14] Batch 1: Annotate structs " Kees Cook
2023-10-02 18:26 ` Jakub Kicinski
2023-10-02 20:29 ` Kees Cook
2023-10-02 18:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202309221122.74FA902A@keescook \
--to=keescook@chromium$(echo .)org \
--cc=ast@kernel$(echo .)org \
--cc=claudiu.manoil@nxp$(echo .)com \
--cc=davem@davemloft$(echo .)net \
--cc=decui@microsoft$(echo .)com \
--cc=dev@openvswitch$(echo .)org \
--cc=dsahern@kernel$(echo .)org \
--cc=edumazet@google$(echo .)com \
--cc=elder@kernel$(echo .)org \
--cc=gustavoars@kernel$(echo .)org \
--cc=haiyangz@microsoft$(echo .)com \
--cc=horms@kernel$(echo .)org \
--cc=jhs@mojatatu$(echo .)com \
--cc=jiri@resnulli$(echo .)us \
--cc=kuba@kernel$(echo .)org \
--cc=kys@microsoft$(echo .)com \
--cc=linux-hardening@vger$(echo .)kernel.org \
--cc=linux-hyperv@vger$(echo .)kernel.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-parisc@vger$(echo .)kernel.org \
--cc=linux-rdma@vger$(echo .)kernel.org \
--cc=llvm@lists$(echo .)linux.dev \
--cc=longli@microsoft$(echo .)com \
--cc=martin.lau@kernel$(echo .)org \
--cc=nathan@kernel$(echo .)org \
--cc=ndesaulniers@google$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=pabeni@redhat$(echo .)com \
--cc=pshelar@ovn$(echo .)org \
--cc=salil.mehta@huawei$(echo .)com \
--cc=sharmaajay@microsoft$(echo .)com \
--cc=trix@redhat$(echo .)com \
--cc=vladimir.oltean@nxp$(echo .)com \
--cc=wei.liu@kernel$(echo .)org \
--cc=xiyou.wangcong@gmail$(echo .)com \
--cc=yisen.zhuang@huawei$(echo .)com \
--cc=zhangshaokun@hisilicon$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox