From patchwork Thu Aug 17 23:58:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13357143 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F23CFECD626 for ; Fri, 18 Aug 2023 00:00:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1356393AbjHQX7k (ORCPT ); Thu, 17 Aug 2023 19:59:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356404AbjHQX7R (ORCPT ); Thu, 17 Aug 2023 19:59:17 -0400 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4416A3A87 for ; Thu, 17 Aug 2023 16:59:13 -0700 (PDT) Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1bdaeb0f29aso2832745ad.2 for ; Thu, 17 Aug 2023 16:59:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1692316753; x=1692921553; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Mk1SCmr54SByakeWUh6yowv1wkxM4Sng/sHbcFaXDNY=; b=Li42VoXYxopvcAosNllETb31bGBNqG1eav+/PT2XDAsWeF5EQR1O1xIIavffuSqGx6 NWMBk8BWHGBLra/nts8yKC0wrGWaj+ndVUkZOUp9IJz+HuHHCeUiM9weglzL3JUMtFNM e7LgNLfxXWTcCqxa7v3GQXhsxXl9sO2ZXMCpQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692316753; x=1692921553; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Mk1SCmr54SByakeWUh6yowv1wkxM4Sng/sHbcFaXDNY=; b=RJ1Z5fUnEwOdUkUodxNRUIAjrDH0vnUle4NLOYbCY7q4QlTA4ZZXYplwnN1xQ4aEVr e0lt9ddltwo1h8lIE5Ou9wDmt6Q9hXFL6Q81tcqT/Afkm8oH3EwRCsVnZUX0cvTvNLj0 osYwKXBP6K3lt7gnZD+Y2Uw0ryxFARPfbW1V0xnE9sLEG855NClIO+ZqCVjt/nyv4eaV jsZZgbyKd/kPm0+Itl1btlE2SWIctof/nF7ByLyKWyk0LECL7WOXfiThxkFfZjBsq6tA xHM95PTnS/4fNHwxVCjdEH3prfC4H0nDw32pFVd2b5wJPAJjfG4ItYhidMUouqnsYF2O OGag== X-Gm-Message-State: AOJu0Yx8oBBtfAGr4Yh50oFH8Di05h7wYH8O98FxXL0ldaWWRPX80evD Q0x2Xiski0a/MOkbJMWjX0abkA== X-Google-Smtp-Source: AGHT+IHuGCe3rbXfUgNLJKkSPXe8KKaQtbAMaaVfphgPjZsWlcb4US0F/FZRapuXz2PkIwNaTWVG8A== X-Received: by 2002:a17:902:8503:b0:1bb:1523:b311 with SMTP id bj3-20020a170902850300b001bb1523b311mr808869plb.41.1692316752793; Thu, 17 Aug 2023 16:59:12 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id d12-20020a170902cecc00b001b7f40a8959sm343232plg.76.2023.08.17.16.59.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Aug 2023 16:59:08 -0700 (PDT) From: Kees Cook To: Vinod Koul Cc: Kees Cook , Maxime Coquelin , Alexandre Torgue , dmaengine@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, Hector Martin , Sven Peter , Alyssa Rosenzweig , Ludovic Desroches , Tudor Ambarus , Lars-Peter Clausen , Zhou Wang , Jie Hai , Andy Gross , Bjorn Andersson , Konrad Dybcio , Green Wan , Orson Zhai , Baolin Wang , Chunyan Zhang , Patrice Chotard , Laxman Dewangan , Jon Hunter , Thierry Reding , Peter Ujfalusi , Kunihiko Hayashi , Masami Hiramatsu , Yu Kuai , Greg Kroah-Hartman , Jordy Zomer , Jernej Skrabec , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, asahi@lists.linux.dev, linux-arm-msm@vger.kernel.org, linux-tegra@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: [PATCH 14/21] dmaengine: stm32-mdma: Annotate struct stm32_mdma_device with __counted_by Date: Thu, 17 Aug 2023 16:58:51 -0700 Message-Id: <20230817235859.49846-14-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230817235428.never.111-kees@kernel.org> References: <20230817235428.never.111-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2025; i=keescook@chromium.org; h=from:subject; bh=pKTclpaZruv+pWk34ERm2W6zAMi5KXhuaV3hDpciGTg=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBk3rRB0Kp6SezIcvelRc5vIjA6L87F3Jxd807ZE TawptODXHaJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZN60QQAKCRCJcvTf3G3A JkowD/0bdDsHfBNlgVJ6IMXnkrBtd8nyV9tr34/9GAsGIx6iKvbcxPRfiAZB5usq35bGE6r9shD jsCa/mEq3Ml6mYiEWgLVgUaeVpGJk26dgwgXaWB0tgAj950FICdaGqIKKZfqwZGQXKuULpY4fof zFKMLeD63ek6gqBDfGWGy+4SWdU4R0Dn4JrysDFrucIju/vvHhFNhLbUR4oNUC9QXZaFrrG4xW9 Sn6OJTAFSqdYijRTfeMWXlACRcDVj/co8MnpctKLLcy6UlFT3x4GRQ2pS3jeOTS7T0BCvUnDNc1 L5ImfV0Z4r+BCfs6ZArg/5dtLt49JhzrT9YDVLnjZOSj21QxOMe6RY07KOnX2TQfalz/Y0MHVP7 9H5IXWPUdz45Df8wVJzaiYN860p90QvySYHNUARWv0yJ+kxOMjZccNG2dlSvXtJqHshg6NmusH+ Leote/t+f+LKtsRIXglKvDe9uZVG5tWlf8eJdxeOnS6x0LcYGSBUdNLH5nJdKcHBMADld97pyBU P1NLDFAuLqbJ+caaX0mVhjDLuic01Wl3YdnvLkF/D/tfsgNKsnb8NQuvzAsGtpmyq8jKWq7DyQ+ 6LXmQjlUQfooWKoKlL2KIyjRUmQxUq9xg9MmVYdTiK19xN3TKrTx8prWlmvSZ8bZVKZYIHGqhns kEJejcVzr2sYgJQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct stm32_mdma_device. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Vinod Koul Cc: Maxime Coquelin Cc: Alexandre Torgue Cc: dmaengine@vger.kernel.org Cc: linux-stm32@st-md-mailman.stormreply.com Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva --- drivers/dma/stm32-mdma.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma/stm32-mdma.c b/drivers/dma/stm32-mdma.c index 926d6ecf1274..0c7d2295856e 100644 --- a/drivers/dma/stm32-mdma.c +++ b/drivers/dma/stm32-mdma.c @@ -256,7 +256,7 @@ struct stm32_mdma_device { u32 nr_ahb_addr_masks; u32 chan_reserved; struct stm32_mdma_chan chan[STM32_MDMA_MAX_CHANNELS]; - u32 ahb_addr_masks[]; + u32 ahb_addr_masks[] __counted_by(nr_ahb_addr_masks); }; static struct stm32_mdma_device *stm32_mdma_get_dev( @@ -1611,13 +1611,13 @@ static int stm32_mdma_probe(struct platform_device *pdev) GFP_KERNEL); if (!dmadev) return -ENOMEM; + dmadev->nr_ahb_addr_masks = count; dmadev->nr_channels = nr_channels; dmadev->nr_requests = nr_requests; device_property_read_u32_array(&pdev->dev, "st,ahb-addr-masks", dmadev->ahb_addr_masks, count); - dmadev->nr_ahb_addr_masks = count; dmadev->base = devm_platform_ioremap_resource(pdev, 0); if (IS_ERR(dmadev->base))