| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47bbcacc-32be-4a64-9ce6-9b441622e84e@linaro.org>
Date: Thu, 19 Feb 2026 13:20:09 +0200
From: Tudor Ambarus <tudor.ambarus@...aro.org>
To: Krzysztof Kozlowski <krzysztof.kozlowski@....qualcomm.com>,
Krzysztof Kozlowski <krzk@...nel.org>, Alim Akhtar
<alim.akhtar@...sung.com>, Kees Cook <kees@...nel.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>
Cc: linux-kernel@...r.kernel.org, linux-samsung-soc@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-hardening@...r.kernel.org,
llvm@...ts.linux.dev
Subject: Re: [PATCH RFT 3/3] firmware: exynos-acpm: Count acpm_xfer buffers
with __counted_by_ptr
On 2/14/26 2:39 PM, Krzysztof Kozlowski wrote:
> Use __counted_by_ptr() attribute on the acpm_xfer buffers so UBSAN will
> validate runtime that we do not pass over the buffer size, thus making
> code safer.
>
> Usage of __counted_by_ptr() (or actually __counted_by()) requires that
> counter is initialized before counted array.
>
> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@....qualcomm.com>
>
> ---
>
> __counted_by_ptr() actually maps to __counted_by() for clang v20.
> Alternatively we could introduce new __sized_by(), already supported by
> clang v20, but it is not available for GCC, AFAIU.
>
> RFT, testing would need clang=20+ with COMNFIG_UBSAN and
> CONFIG_UBSAN_BOUNDS enabled.
Tested cpufreq (ACPM DVFS) with:
CONFIG_CLANG_VERSION=220100
CONFIG_UBSAN=y
CONFIG_UBSAN_BOUNDS=y
Tested-by: Tudor Ambarus <tudor.ambarus@...aro.org>
Reviewed-by: Tudor Ambarus <tudor.ambarus@...aro.org>
> ---
> drivers/firmware/samsung/exynos-acpm-dvfs.c | 4 ++--
> drivers/firmware/samsung/exynos-acpm.h | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/firmware/samsung/exynos-acpm-dvfs.c b/drivers/firmware/samsung/exynos-acpm-dvfs.c
> index 55ec6ad9d87e..a4864973f65d 100644
> --- a/drivers/firmware/samsung/exynos-acpm-dvfs.c
> +++ b/drivers/firmware/samsung/exynos-acpm-dvfs.c
> @@ -24,12 +24,12 @@ static void acpm_dvfs_set_xfer(struct acpm_xfer *xfer, u32 *cmd, size_t cmdlen,
> unsigned int acpm_chan_id, bool response)
> {
> xfer->acpm_chan_id = acpm_chan_id;
> - xfer->txd = cmd;
> xfer->txcnt = cmdlen;
> + xfer->txd = cmd;
>
> if (response) {
> - xfer->rxd = cmd;
> xfer->rxcnt = cmdlen;
> + xfer->rxd = cmd;
> }
> }
>
> diff --git a/drivers/firmware/samsung/exynos-acpm.h b/drivers/firmware/samsung/exynos-acpm.h
> index 422fbcac7284..8392fcb91f45 100644
> --- a/drivers/firmware/samsung/exynos-acpm.h
> +++ b/drivers/firmware/samsung/exynos-acpm.h
> @@ -8,8 +8,8 @@
> #define __EXYNOS_ACPM_H__
>
> struct acpm_xfer {
> - const u32 *txd;
> - u32 *rxd;
> + const u32 *txd __counted_by_ptr(txcnt);
> + u32 *rxd __counted_by_ptr(rxcnt);
> size_t txcnt;
> size_t rxcnt;
> unsigned int acpm_chan_id;
>
Powered by blists - more mailing lists