From patchwork Thu Aug 17 23:58:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13357138 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D8C6C77B7F for ; Fri, 18 Aug 2023 00:00:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1356424AbjHQX7i (ORCPT ); Thu, 17 Aug 2023 19:59:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356375AbjHQX7N (ORCPT ); Thu, 17 Aug 2023 19:59:13 -0400 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 100383A9C for ; Thu, 17 Aug 2023 16:59:08 -0700 (PDT) Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1bdc243d62bso2838415ad.3 for ; Thu, 17 Aug 2023 16:59:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1692316747; x=1692921547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GBig4ojju35UeR5nYJdcskzCIyszltPP8aM7eZxhMAc=; b=CX+q3KLcZFLRq0HGaHxCoLa5L4myxQlB3+uLkExLgTIU/M13dAR+tuImGaMRsXlnIX 5EiwzNERqO941u1ZgpeILGDAjF+aAXTGTWftiTYrIx49flrdRuPcBwQo92heAoso26aV L2seXLXD2MlKm/ksaN6j4O9A14UF3zqIGgNCc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692316747; x=1692921547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GBig4ojju35UeR5nYJdcskzCIyszltPP8aM7eZxhMAc=; b=BV6x2ptn0L+7OPWk0nx2nf6eQWX8YVP2ZwVU+RLqdp+V5t+pfjEJ8D6xem0NuT9ie7 qzbrcNuz1+tFYrP7UWBGz75g1ivTqzKafg8eBRJ9ukfBa1DYpjjDRsY3221tP8jLpKvL j/idBpErCnUV0pL+j+muVc/xOkBuyMW/gL8Ye5kOAJNee/Os7d26erHmKRpOeaoGjtbN Ad6XTnl6q3TKrA55qut73u02h5xxB85F5m2wRfCUdmCHioHudn7jh7oaq5nAtnROPU69 +eV2026JGyy5NzdB7QRtWavWj8nZpfCK7MZVhB+TgXO8oIre+r3CXimFuj2gmQ8SjsfT NFrw== X-Gm-Message-State: AOJu0YwrSiOE52oQQd1d1tQPQTp0zTRfnr/XPsa7rnakJ8Vdmw+vfZrh G3KmDSIlg57PqTPxrt2Rm2kxxg== X-Google-Smtp-Source: AGHT+IFtTiKmPIDtGWpZKY6Src1ZWuKVRaDR2AR8ZYsjCDrDdceH4jjvLBuUX2egDZo9GWTtP8NFrw== X-Received: by 2002:a17:902:dacd:b0:1b8:adea:76d0 with SMTP id q13-20020a170902dacd00b001b8adea76d0mr1012481plx.31.1692316747494; Thu, 17 Aug 2023 16:59:07 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id u7-20020a170902e80700b001b9e9f191f2sm342824plg.15.2023.08.17.16.59.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Aug 2023 16:59:03 -0700 (PDT) From: Kees Cook To: Vinod Koul Cc: Kees Cook , dmaengine@vger.kernel.org, Hector Martin , Sven Peter , Alyssa Rosenzweig , Ludovic Desroches , Tudor Ambarus , Lars-Peter Clausen , Zhou Wang , Jie Hai , Andy Gross , Bjorn Andersson , Konrad Dybcio , Green Wan , Orson Zhai , Baolin Wang , Chunyan Zhang , Patrice Chotard , Maxime Coquelin , Alexandre Torgue , Laxman Dewangan , Jon Hunter , Thierry Reding , Peter Ujfalusi , Kunihiko Hayashi , Masami Hiramatsu , Yu Kuai , Greg Kroah-Hartman , Jordy Zomer , Jernej Skrabec , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, asahi@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-arm-msm@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-tegra@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: [PATCH 08/21] dmaengine: sa11x0: Annotate struct sa11x0_dma_desc with __counted_by Date: Thu, 17 Aug 2023 16:58:45 -0700 Message-Id: <20230817235859.49846-8-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230817235428.never.111-kees@kernel.org> References: <20230817235428.never.111-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2230; i=keescook@chromium.org; h=from:subject; bh=xRJQQKdAwogb4vqWXbK3omVk8LQ2U1Kgbhap9AYkMvo=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBk3rRAxAkVjLsoroU7aJkr1WgWWzRBzbsR+tdxD lgeTVdiQveJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZN60QAAKCRCJcvTf3G3A JspMD/9uCbBEkWVx4Whm0SjF91ZUEjFm+uw5va5kJYSQaUggli1PUAzEbtIfkqE0tHxpXylvHV6 MZAMbsTTMc4sB4m4xnYRc0EoTzuMdduuaXj7l/sncv7/LmFSoowcBNgOyqPORRYUM775TWDHeXO KeoIqOfRBA1pU2p6SABeK4PvYr9w3rZRX+aZiNFriijmZlDDlbGfeq8v9uQ2Im17NvWmo78uSnB OkH0/Si61oGt8YkSxwx3WwhmqB2o702deHwP3SlOa/ZeqfTijE2YZhDmMuKHYx7QeBfC/eMcUiR Z5Ir99EHJYfiOQtN+yLXwoR+0SaqDwlthzf36cY91M4+RIxRUpoV7xLXmq2q4GCAdnuZf61znzs M6Bidmh9xg6pqyHEGPynCNRRpn/UsrhseCWdJGYMQZLkXP2bP0VJzaHIlfivSURYMQVXc4KQwBd DRji9b/iiSnnLi3fSIhaQxYXT5+Ps4Au0oZl5ksmYDaMky5nRGOgwaH8K/PsnaL2g5HvZnClItG bdITH1ZZpfW22BCSxjF6WLtrNaQQQACl25/pjzcUllaIN1ntJsfEnFtqBBzeDv+cMihyO6Z99a5 Kmn4lAvlEhqg16rC1j3EkD7ZrTt+gPUQteXqDvYw1UUclntbSMql5Tik8DK4sYfnwMmbaR4qWIx Q6tm80uQco8mfqw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct sa11x0_dma_desc. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Vinod Koul Cc: dmaengine@vger.kernel.org Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva --- drivers/dma/sa11x0-dma.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/dma/sa11x0-dma.c b/drivers/dma/sa11x0-dma.c index a29c13cae716..e5849622f198 100644 --- a/drivers/dma/sa11x0-dma.c +++ b/drivers/dma/sa11x0-dma.c @@ -78,7 +78,7 @@ struct sa11x0_dma_desc { bool cyclic; unsigned sglen; - struct sa11x0_dma_sg sg[]; + struct sa11x0_dma_sg sg[] __counted_by(sglen); }; struct sa11x0_dma_phy; @@ -558,6 +558,7 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_slave_sg( dev_dbg(chan->device->dev, "vchan %p: kzalloc failed\n", &c->vc); return NULL; } + txd->sglen = j; j = 0; for_each_sg(sg, sgent, sglen, i) { @@ -593,7 +594,6 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_slave_sg( txd->ddar = c->ddar; txd->size = size; - txd->sglen = j; dev_dbg(chan->device->dev, "vchan %p: txd %p: size %zu nr %u\n", &c->vc, &txd->vd, txd->size, txd->sglen); @@ -628,6 +628,7 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_dma_cyclic( dev_dbg(chan->device->dev, "vchan %p: kzalloc failed\n", &c->vc); return NULL; } + txd->sglen = sglen; for (i = k = 0; i < size / period; i++) { size_t tlen, len = period; @@ -653,7 +654,6 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_dma_cyclic( txd->ddar = c->ddar; txd->size = size; - txd->sglen = sglen; txd->cyclic = 1; txd->period = sgperiod;