| Message ID | 20240823145931.107964-3-thorsten.blum@toblux.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] params: Annotate struct module_param_attrs with __counted_by() | expand |
On Fri, Aug 23, 2024 at 04:59:33PM +0200, Thorsten Blum wrote: > Add the __counted_by compiler attribute to the flexible array member > attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > CONFIG_FORTIFY_SOURCE. > > Increment num before adding a new param_attribute to the attrs array and > adjust the array index accordingly. Increment num immediately after the > first reallocation such that the reallocation for the NULL terminator > only needs to add 1 (instead of 2) to mk->mp->num. > > Use struct_size() instead of manually calculating the size for the > reallocation. > > Use krealloc_array() for the additional NULL terminator. What is / was the resolution on this change? It seems it either fell in cracks or being abandoned.
On 1. Nov 2024, at 13:26, Andy Shevchenko wrote: > On Fri, Aug 23, 2024 at 04:59:33PM +0200, Thorsten Blum wrote: >> Add the __counted_by compiler attribute to the flexible array member >> attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and >> CONFIG_FORTIFY_SOURCE. >> >> Increment num before adding a new param_attribute to the attrs array and >> adjust the array index accordingly. Increment num immediately after the >> first reallocation such that the reallocation for the NULL terminator >> only needs to add 1 (instead of 2) to mk->mp->num. >> >> Use struct_size() instead of manually calculating the size for the >> reallocation. >> >> Use krealloc_array() for the additional NULL terminator. > > What is / was the resolution on this change? It seems it either fell in cracks > or being abandoned. There was a false-positive Clang issue with this patch [1] (and other __counted_by() patches) that was mostly discussed here [2]. Clang has since made some changes and there is a patch for the kernel [3]. I'll probably resend this patch once [3] has been merged. Best, Thorsten [1] https://lore.kernel.org/r/20240913164630.GA4091534@thelio-3990X/ [2] https://lore.kernel.org/r/ZvV6X5FPBBW7CO1f@archlinux/ [3] https://lore.kernel.org/r/20241029140036.577804-1-kernel@jfarr.cc/
diff --git a/kernel/params.c b/kernel/params.c index 2e447f8ae183..5f6643676697 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -551,7 +551,7 @@ struct module_param_attrs { unsigned int num; struct attribute_group grp; - struct param_attribute attrs[]; + struct param_attribute attrs[] __counted_by(num); }; #ifdef CONFIG_SYSFS @@ -651,35 +651,32 @@ static __modinit int add_sysfs_param(struct module_kobject *mk, } /* Enlarge allocations. */ - new_mp = krealloc(mk->mp, - sizeof(*mk->mp) + - sizeof(mk->mp->attrs[0]) * (mk->mp->num + 1), + new_mp = krealloc(mk->mp, struct_size(mk->mp, attrs, mk->mp->num + 1), GFP_KERNEL); if (!new_mp) return -ENOMEM; mk->mp = new_mp; + mk->mp->num++; /* Extra pointer for NULL terminator */ - new_attrs = krealloc(mk->mp->grp.attrs, - sizeof(mk->mp->grp.attrs[0]) * (mk->mp->num + 2), - GFP_KERNEL); + new_attrs = krealloc_array(mk->mp->grp.attrs, mk->mp->num + 1, + sizeof(mk->mp->grp.attrs[0]), GFP_KERNEL); if (!new_attrs) return -ENOMEM; mk->mp->grp.attrs = new_attrs; /* Tack new one on the end. */ - memset(&mk->mp->attrs[mk->mp->num], 0, sizeof(mk->mp->attrs[0])); - sysfs_attr_init(&mk->mp->attrs[mk->mp->num].mattr.attr); - mk->mp->attrs[mk->mp->num].param = kp; - mk->mp->attrs[mk->mp->num].mattr.show = param_attr_show; + memset(&mk->mp->attrs[mk->mp->num - 1], 0, sizeof(mk->mp->attrs[0])); + sysfs_attr_init(&mk->mp->attrs[mk->mp->num - 1].mattr.attr); + mk->mp->attrs[mk->mp->num - 1].param = kp; + mk->mp->attrs[mk->mp->num - 1].mattr.show = param_attr_show; /* Do not allow runtime DAC changes to make param writable. */ if ((kp->perm & (S_IWUSR | S_IWGRP | S_IWOTH)) != 0) - mk->mp->attrs[mk->mp->num].mattr.store = param_attr_store; + mk->mp->attrs[mk->mp->num - 1].mattr.store = param_attr_store; else - mk->mp->attrs[mk->mp->num].mattr.store = NULL; - mk->mp->attrs[mk->mp->num].mattr.attr.name = (char *)name; - mk->mp->attrs[mk->mp->num].mattr.attr.mode = kp->perm; - mk->mp->num++; + mk->mp->attrs[mk->mp->num - 1].mattr.store = NULL; + mk->mp->attrs[mk->mp->num - 1].mattr.attr.name = (char *)name; + mk->mp->attrs[mk->mp->num - 1].mattr.attr.mode = kp->perm; /* Fix up all the pointers, since krealloc can move us */ for (i = 0; i < mk->mp->num; i++)
Add the __counted_by compiler attribute to the flexible array member attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Increment num before adding a new param_attribute to the attrs array and adjust the array index accordingly. Increment num immediately after the first reallocation such that the reallocation for the NULL terminator only needs to add 1 (instead of 2) to mk->mp->num. Use struct_size() instead of manually calculating the size for the reallocation. Use krealloc_array() for the additional NULL terminator. Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> --- Changes in v2: - Use krealloc_array() as suggested by Andy Shevchenko - Link to v1: https://lore.kernel.org/linux-kernel/20240823123300.37574-1-thorsten.blum@toblux.com/ --- kernel/params.c | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-)