lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFhGd8obPWF5469BwFAXmZ7czOB6f68gdOGqCPFL+dbs5KzDyw@mail.gmail.com> Date: Mon, 9 Oct 2023 16:48:55 -0700 From: Justin Stitt <justinstitt@...gle.com> To: "Gustavo A. R. Silva" <gustavoars@...nel.org> Cc: Jean-Philippe Brucker <jean-philippe@...aro.org>, Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>, virtualization@...ts.linux-foundation.org, iommu@...ts.linux.dev, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH][next] iommu/virtio: Add __counted_by for struct viommu_request and use struct_size() On Mon, Oct 9, 2023 at 11:24 AM Gustavo A. R. Silva <gustavoars@...nel.org> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > While there, use struct_size() helper, instead of the open-coded > version, to calculate the size for the allocation of the whole > flexible structure, including of course, the flexible-array member. > > This code was found with the help of Coccinelle, and audited and > fixed manually. > > Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org> > --- > drivers/iommu/virtio-iommu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/iommu/virtio-iommu.c b/drivers/iommu/virtio-iommu.c > index 17dcd826f5c2..379ebe03efb6 100644 > --- a/drivers/iommu/virtio-iommu.c > +++ b/drivers/iommu/virtio-iommu.c > @@ -85,7 +85,7 @@ struct viommu_request { > void *writeback; > unsigned int write_offset; > unsigned int len; > - char buf[]; > + char buf[] __counted_by(len); > }; > > #define VIOMMU_FAULT_RESV_MASK 0xffffff00 > @@ -230,7 +230,7 @@ static int __viommu_add_req(struct viommu_dev *viommu, void *buf, size_t len, > if (write_offset <= 0) > return -EINVAL; > > - req = kzalloc(sizeof(*req) + len, GFP_ATOMIC); > + req = kzalloc(struct_size(req, buf, len), GFP_ATOMIC); > if (!req) > return -ENOMEM; > > -- > 2.34.1 > > The __counted_by annotation and the usage of struct_size look right! Reviewed-by: Justin Stitt <justinstitt@...gle.com>
Powered by blists - more mailing lists