| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202511211525.05CB7E1AEC@keescook>
Date: Fri, 21 Nov 2025 16:30:43 -0800
From: Kees Cook <kees@...nel.org>
To: Bill Wendling <morbo@...gle.com>
Cc: linux-kernel@...r.kernel.org,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
Justin Stitt <justinstitt@...gle.com>,
Miguel Ojeda <ojeda@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Heiko Carstens <hca@...ux.ibm.com>,
Marc Herbert <Marc.Herbert@...ux.intel.com>,
Uros Bizjak <ubizjak@...il.com>, Tejun Heo <tj@...nel.org>,
Jeff Xu <jeffxu@...omium.org>,
Michal Koutný <mkoutny@...e.com>,
Shakeel Butt <shakeel.butt@...ux.dev>,
Thomas Weißschuh <thomas.weissschuh@...utronix.de>,
John Stultz <jstultz@...gle.com>,
Christian Brauner <brauner@...nel.org>,
Randy Dunlap <rdunlap@...radead.org>,
Brian Gerst <brgerst@...il.com>,
Masahiro Yamada <masahiroy@...nel.org>,
Mike Rapoport <rppt@...nel.org>, linux-mm@...ck.org,
linux-hardening@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH 2/2] memblock: annotate struct memblock_type with
__counted_by_ptr
On Fri, Nov 21, 2025 at 07:39:44PM +0000, Bill Wendling wrote:
> Add the '__counted_by_ptr' attribute to the 'regions' field of 'struct
> memblock_type'. The 'regions' field is an array of 'struct
> memblock_region' and its size is tracked by the 'max' field, which
> represents the total number of allocated regions.
As part of any counted_by annotation patch, there needs to be discussion
in the commit log about how it's been shown to be a safe annotation
to make. e.g. in this case, if all allocations of "regions" have a
corresponding "max" assignment, etc. If just "git grep" can't find them
all, using something like Coccinelle or CodeQL to search for struct
memblock_type::regions assignments can work.
Here's what I used in the past for flexible arrays, but it was slow
due to Coccinelle needing --recursive-includes to see the structs,
but should be adaptable for counted_by on pointers:
@flex_match@
identifier STRUCT, COUNTED, ARRAY;
type COUNTED_TYPE, ARRAY_TYPE;
attribute name __counted_by;
@@
struct STRUCT {
...
COUNTED_TYPE COUNTED;
...
ARRAY_TYPE ARRAY[] __counted_by(COUNTED);
};
@missed_counted_assignment@
identifier flex_match.STRUCT;
struct STRUCT *P;
identifier flex_match.COUNTED;
identifier flex_match.ARRAY;
identifier ALLOC =~ ".*alloc.*";
@@
P = ALLOC(...);
... when != P->COUNTED
* P->ARRAY
> This annotation allows the Kernel Address Sanitizer (KASAN) to detect
> out-of-bounds accesses to the 'regions' array.
I think you mean UBSan here (and CONFIG_FORTIFY_SOURCE)?
> ---
> include/linux/memblock.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/memblock.h b/include/linux/memblock.h
> index 221118b5a16e..ba7f7c999a45 100644
> --- a/include/linux/memblock.h
> +++ b/include/linux/memblock.h
> @@ -91,7 +91,7 @@ struct memblock_type {
> unsigned long cnt;
> unsigned long max;
> phys_addr_t total_size;
> - struct memblock_region *regions;
> + struct memblock_region *regions __counted_by_ptr(max);
> char *name;
> };
For the handful of places I spot checked, yeah, it looks like a nice
annotation.
-Kees
--
Kees Cook
Powered by blists - more mailing lists