[PATCH] driver core: platform: Annotate struct irq_affinity_devres with __counted_by

* [PATCH] driver core: platform: Annotate struct irq_affinity_devres with __counted_by
@ 2023-10-06 20:17 Kees Cook
  2023-10-06 20:46 ` Gustavo A. R. Silva
  0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2023-10-06 20:17 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Kees Cook, Rafael J. Wysocki, Gustavo A. R. Silva,
	linux-hardening, Nathan Chancellor, Nick Desaulniers, Tom Rix,
	linux-kernel, llvm

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct
irq_affinity_devres.

Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: linux-hardening@vger.kernel.org
Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/base/platform.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/base/platform.c b/drivers/base/platform.c
index 76bfcba25003..07216889d3ba 100644
--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -291,7 +291,7 @@ EXPORT_SYMBOL_GPL(platform_irq_count);
 
 struct irq_affinity_devres {
 	unsigned int count;
-	unsigned int irq[];
+	unsigned int irq[] __counted_by(count);
 };
 
 static void platform_disable_acpi_irq(struct platform_device *pdev, int index)
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread