| Message ID | 20230817203501.never.279-kees@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | audit: Annotate struct audit_chunk with __counted_by | expand |
On 8/17/23 14:35, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct audit_chunk. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Paul Moore <paul@paul-moore.com> > Cc: Eric Paris <eparis@redhat.com> > Cc: audit@vger.kernel.org > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Thanks -- Gustavo > --- > kernel/audit_tree.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c > index e867c17d3f84..85a5b306733b 100644 > --- a/kernel/audit_tree.c > +++ b/kernel/audit_tree.c > @@ -34,7 +34,7 @@ struct audit_chunk { > struct list_head list; > struct audit_tree *owner; > unsigned index; /* index; upper bit indicates 'will prune' */ > - } owners[]; > + } owners[] __counted_by(count); > }; > > struct audit_tree_mark {
On Thu, Aug 17, 2023 at 4:35 PM Kees Cook <keescook@chromium.org> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct audit_chunk. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Paul Moore <paul@paul-moore.com> > Cc: Eric Paris <eparis@redhat.com> > Cc: audit@vger.kernel.org > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > kernel/audit_tree.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) This looks good to me, but considering we are currently at -rc6 I'd prefer to hold off until after the upcoming merge window. I'll send another note once it's been merged into audit/next. Thanks. > diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c > index e867c17d3f84..85a5b306733b 100644 > --- a/kernel/audit_tree.c > +++ b/kernel/audit_tree.c > @@ -34,7 +34,7 @@ struct audit_chunk { > struct list_head list; > struct audit_tree *owner; > unsigned index; /* index; upper bit indicates 'will prune' */ > - } owners[]; > + } owners[] __counted_by(count); > }; > > struct audit_tree_mark { > -- > 2.34.1
On Aug 17, 2023 Paul Moore <paul@paul-moore.com> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct audit_chunk. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Paul Moore <paul@paul-moore.com> > Cc: Eric Paris <eparis@redhat.com> > Cc: audit@vger.kernel.org > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > kernel/audit_tree.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into audit/next, thanks. -- paul-moore.com
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index e867c17d3f84..85a5b306733b 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -34,7 +34,7 @@ struct audit_chunk { struct list_head list; struct audit_tree *owner; unsigned index; /* index; upper bit indicates 'will prune' */ - } owners[]; + } owners[] __counted_by(count); }; struct audit_tree_mark {
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct audit_chunk. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Paul Moore <paul@paul-moore.com> Cc: Eric Paris <eparis@redhat.com> Cc: audit@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> --- kernel/audit_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)