| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251114095644.116a767d@gandalf.local.home>
Date: Fri, 14 Nov 2025 09:56:44 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: David Laight <david.laight.linux@...il.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>, Josh Poimboeuf
<jpoimboe@...nel.org>, Kees Cook <kees@...nel.org>, "Gustavo A. R. Silva"
<gustavoars@...nel.org>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH] unwind deferred: Annotate struct unwind_cache with
__counted_by
On Fri, 14 Nov 2025 14:31:04 +0000
David Laight <david.laight.linux@...il.com> wrote:
> On Fri, 14 Nov 2025 08:43:46 -0500
> Steven Rostedt <rostedt@...dmis.org> wrote:
>
> > On Fri, 14 Nov 2025 13:27:47 +0100
> > Thorsten Blum <thorsten.blum@...ux.dev> wrote:
> >
> > > Add the __counted_by() compiler attribute to the flexible array member
> > > 'entries' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > CONFIG_FORTIFY_SOURCE.
> > >
> > > Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> > > ---
> > > include/linux/unwind_deferred_types.h | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/include/linux/unwind_deferred_types.h b/include/linux/unwind_deferred_types.h
> > > index 33b62ac25c86..d4b67f0116f3 100644
> > > --- a/include/linux/unwind_deferred_types.h
> > > +++ b/include/linux/unwind_deferred_types.h
> > > @@ -5,7 +5,7 @@
> > > struct unwind_cache {
> > > unsigned long unwind_completed;
> > > unsigned int nr_entries;
> > > - unsigned long entries[];
> > > + unsigned long entries[] __counted_by(nr_entries);
> > > };
> > >
> > > /*
> >
> > Wrong!
> >
> > I need to add a comment here that entries is not bound by nr_entries.
> >
> > https://lore.kernel.org/all/20250730093249.4833be14@gandalf.local.home/
> >
> > Maybe this?:
> >
> > diff --git a/include/linux/unwind_deferred_types.h b/include/linux/unwind_deferred_types.h
> > index 33b62ac25c86..d05409bb14fa 100644
> > --- a/include/linux/unwind_deferred_types.h
> > +++ b/include/linux/unwind_deferred_types.h
> > @@ -5,7 +5,7 @@
> > struct unwind_cache {
> > unsigned long unwind_completed;
>
> Does that need to be 'long' - 'int' would fit in the padding on 64bit.
We could make it 32 bit, then the number of tracers attached would be the
same as it would be on 32 bit archs (which would be 30). Maybe that's enough.
>
> > unsigned int nr_entries;
> > - unsigned long entries[];
> > + unsigned long entries[]; /* Fixed size, not bound by nr_entries */
> > };
>
> Perhaps it should be:
> unsigned long entries[ /* MAX_UNWIND_ENTRIES */ ];
Whatever would keep the coccinelle folks from sending more patches.
-- Steve
Powered by blists - more mailing lists