lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <47bbcacc-32be-4a64-9ce6-9b441622e84e@linaro.org>
Date: Thu, 19 Feb 2026 13:20:09 +0200
From: Tudor Ambarus <tudor.ambarus@...aro.org>
To: Krzysztof Kozlowski <krzysztof.kozlowski@....qualcomm.com>,
 Krzysztof Kozlowski <krzk@...nel.org>, Alim Akhtar
 <alim.akhtar@...sung.com>, Kees Cook <kees@...nel.org>,
 "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Nathan Chancellor <nathan@...nel.org>,
 Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
 Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>
Cc: linux-kernel@...r.kernel.org, linux-samsung-soc@...r.kernel.org,
 linux-arm-kernel@...ts.infradead.org, linux-hardening@...r.kernel.org,
 llvm@...ts.linux.dev
Subject: Re: [PATCH RFT 3/3] firmware: exynos-acpm: Count acpm_xfer buffers
 with __counted_by_ptr



On 2/14/26 2:39 PM, Krzysztof Kozlowski wrote:
> Use __counted_by_ptr() attribute on the acpm_xfer buffers so UBSAN will
> validate runtime that we do not pass over the buffer size, thus making
> code safer.
> 
> Usage of __counted_by_ptr() (or actually __counted_by()) requires that
> counter is initialized before counted array.
> 
> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@....qualcomm.com>
> 
> ---
> 
> __counted_by_ptr() actually maps to __counted_by() for clang v20.
> Alternatively we could introduce new __sized_by(), already supported by
> clang v20, but it is not available for GCC, AFAIU.
> 
> RFT, testing would need clang=20+ with COMNFIG_UBSAN and
> CONFIG_UBSAN_BOUNDS enabled.

Tested cpufreq (ACPM DVFS) with:
CONFIG_CLANG_VERSION=220100
CONFIG_UBSAN=y
CONFIG_UBSAN_BOUNDS=y

Tested-by: Tudor Ambarus <tudor.ambarus@...aro.org>
Reviewed-by: Tudor Ambarus <tudor.ambarus@...aro.org>

> ---
>  drivers/firmware/samsung/exynos-acpm-dvfs.c | 4 ++--
>  drivers/firmware/samsung/exynos-acpm.h      | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/firmware/samsung/exynos-acpm-dvfs.c b/drivers/firmware/samsung/exynos-acpm-dvfs.c
> index 55ec6ad9d87e..a4864973f65d 100644
> --- a/drivers/firmware/samsung/exynos-acpm-dvfs.c
> +++ b/drivers/firmware/samsung/exynos-acpm-dvfs.c
> @@ -24,12 +24,12 @@ static void acpm_dvfs_set_xfer(struct acpm_xfer *xfer, u32 *cmd, size_t cmdlen,
>  			       unsigned int acpm_chan_id, bool response)
>  {
>  	xfer->acpm_chan_id = acpm_chan_id;
> -	xfer->txd = cmd;
>  	xfer->txcnt = cmdlen;
> +	xfer->txd = cmd;
>  
>  	if (response) {
> -		xfer->rxd = cmd;
>  		xfer->rxcnt = cmdlen;
> +		xfer->rxd = cmd;
>  	}
>  }
>  
> diff --git a/drivers/firmware/samsung/exynos-acpm.h b/drivers/firmware/samsung/exynos-acpm.h
> index 422fbcac7284..8392fcb91f45 100644
> --- a/drivers/firmware/samsung/exynos-acpm.h
> +++ b/drivers/firmware/samsung/exynos-acpm.h
> @@ -8,8 +8,8 @@
>  #define __EXYNOS_ACPM_H__
>  
>  struct acpm_xfer {
> -	const u32 *txd;
> -	u32 *rxd;
> +	const u32 *txd __counted_by_ptr(txcnt);
> +	u32 *rxd __counted_by_ptr(rxcnt);
>  	size_t txcnt;
>  	size_t rxcnt;
>  	unsigned int acpm_chan_id;
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ