From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Heiko Stuebner <heiko@sntech.de>,
Kees Cook <keescook@chromium.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
linux-mtd@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org,
linux-hardening@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH] mtd: rawnand: rockchip: Use struct_size()
Date: Sun, 1 Oct 2023 09:44:04 +0200 [thread overview]
Message-ID: <481721c2c7fe570b4027dbe231d523961c953d5a.1696146232.git.christophe.jaillet@wanadoo.fr> (raw)
Use struct_size() instead of hand writing it.
This is less verbose and more robust.
While at it, prepare for the coming implementation by GCC and Clang of the
__counted_by attribute. Flexible array members annotated with __counted_by
can have their accesses bounds-checked at run-time checking via
CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
strcpy/memcpy-family functions).
Also remove a useless comment about the position of a flex-array in a
structure.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
This patch is part of a work done in parallel of what is currently worked
on by Kees Cook.
My patches are only related to corner cases that do NOT match the
semantic of his Coccinelle script[1].
In this case, struct_size() was not used to compute the size needed for the
structure and its flex array.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
---
drivers/mtd/nand/raw/rockchip-nand-controller.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
index 5bc90ffa721f..596cf9a78274 100644
--- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
+++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
@@ -158,8 +158,7 @@ struct rk_nfc_nand_chip {
u32 timing;
u8 nsels;
- u8 sels[];
- /* Nothing after this field. */
+ u8 sels[] __counted_by(nsels);
};
struct rk_nfc {
@@ -1119,7 +1118,7 @@ static int rk_nfc_nand_chip_init(struct device *dev, struct rk_nfc *nfc,
return -EINVAL;
}
- rknand = devm_kzalloc(dev, sizeof(*rknand) + nsels * sizeof(u8),
+ rknand = devm_kzalloc(dev, struct_size(rknand, sels, nsels),
GFP_KERNEL);
if (!rknand)
return -ENOMEM;
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Heiko Stuebner <heiko@sntech.de>,
Kees Cook <keescook@chromium.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
linux-mtd@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org,
linux-hardening@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH] mtd: rawnand: rockchip: Use struct_size()
Date: Sun, 1 Oct 2023 09:44:04 +0200 [thread overview]
Message-ID: <481721c2c7fe570b4027dbe231d523961c953d5a.1696146232.git.christophe.jaillet@wanadoo.fr> (raw)
Use struct_size() instead of hand writing it.
This is less verbose and more robust.
While at it, prepare for the coming implementation by GCC and Clang of the
__counted_by attribute. Flexible array members annotated with __counted_by
can have their accesses bounds-checked at run-time checking via
CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
strcpy/memcpy-family functions).
Also remove a useless comment about the position of a flex-array in a
structure.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
This patch is part of a work done in parallel of what is currently worked
on by Kees Cook.
My patches are only related to corner cases that do NOT match the
semantic of his Coccinelle script[1].
In this case, struct_size() was not used to compute the size needed for the
structure and its flex array.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
---
drivers/mtd/nand/raw/rockchip-nand-controller.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
index 5bc90ffa721f..596cf9a78274 100644
--- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
+++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
@@ -158,8 +158,7 @@ struct rk_nfc_nand_chip {
u32 timing;
u8 nsels;
- u8 sels[];
- /* Nothing after this field. */
+ u8 sels[] __counted_by(nsels);
};
struct rk_nfc {
@@ -1119,7 +1118,7 @@ static int rk_nfc_nand_chip_init(struct device *dev, struct rk_nfc *nfc,
return -EINVAL;
}
- rknand = devm_kzalloc(dev, sizeof(*rknand) + nsels * sizeof(u8),
+ rknand = devm_kzalloc(dev, struct_size(rknand, sels, nsels),
GFP_KERNEL);
if (!rknand)
return -ENOMEM;
--
2.34.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
WARNING: multiple messages have this Message-ID (diff)
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Heiko Stuebner <heiko@sntech.de>,
Kees Cook <keescook@chromium.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
linux-mtd@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org,
linux-hardening@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH] mtd: rawnand: rockchip: Use struct_size()
Date: Sun, 1 Oct 2023 09:44:04 +0200 [thread overview]
Message-ID: <481721c2c7fe570b4027dbe231d523961c953d5a.1696146232.git.christophe.jaillet@wanadoo.fr> (raw)
Use struct_size() instead of hand writing it.
This is less verbose and more robust.
While at it, prepare for the coming implementation by GCC and Clang of the
__counted_by attribute. Flexible array members annotated with __counted_by
can have their accesses bounds-checked at run-time checking via
CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
strcpy/memcpy-family functions).
Also remove a useless comment about the position of a flex-array in a
structure.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
This patch is part of a work done in parallel of what is currently worked
on by Kees Cook.
My patches are only related to corner cases that do NOT match the
semantic of his Coccinelle script[1].
In this case, struct_size() was not used to compute the size needed for the
structure and its flex array.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
---
drivers/mtd/nand/raw/rockchip-nand-controller.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
index 5bc90ffa721f..596cf9a78274 100644
--- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
+++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
@@ -158,8 +158,7 @@ struct rk_nfc_nand_chip {
u32 timing;
u8 nsels;
- u8 sels[];
- /* Nothing after this field. */
+ u8 sels[] __counted_by(nsels);
};
struct rk_nfc {
@@ -1119,7 +1118,7 @@ static int rk_nfc_nand_chip_init(struct device *dev, struct rk_nfc *nfc,
return -EINVAL;
}
- rknand = devm_kzalloc(dev, sizeof(*rknand) + nsels * sizeof(u8),
+ rknand = devm_kzalloc(dev, struct_size(rknand, sels, nsels),
GFP_KERNEL);
if (!rknand)
return -ENOMEM;
--
2.34.1
_______________________________________________
Linux-rockchip mailing list
Linux-rockchip@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-rockchip
WARNING: multiple messages have this Message-ID (diff)
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Heiko Stuebner <heiko@sntech.de>,
Kees Cook <keescook@chromium.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
linux-mtd@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org,
linux-hardening@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH] mtd: rawnand: rockchip: Use struct_size()
Date: Sun, 1 Oct 2023 09:44:04 +0200 [thread overview]
Message-ID: <481721c2c7fe570b4027dbe231d523961c953d5a.1696146232.git.christophe.jaillet@wanadoo.fr> (raw)
Use struct_size() instead of hand writing it.
This is less verbose and more robust.
While at it, prepare for the coming implementation by GCC and Clang of the
__counted_by attribute. Flexible array members annotated with __counted_by
can have their accesses bounds-checked at run-time checking via
CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for
strcpy/memcpy-family functions).
Also remove a useless comment about the position of a flex-array in a
structure.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
This patch is part of a work done in parallel of what is currently worked
on by Kees Cook.
My patches are only related to corner cases that do NOT match the
semantic of his Coccinelle script[1].
In this case, struct_size() was not used to compute the size needed for the
structure and its flex array.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
---
drivers/mtd/nand/raw/rockchip-nand-controller.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
index 5bc90ffa721f..596cf9a78274 100644
--- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
+++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
@@ -158,8 +158,7 @@ struct rk_nfc_nand_chip {
u32 timing;
u8 nsels;
- u8 sels[];
- /* Nothing after this field. */
+ u8 sels[] __counted_by(nsels);
};
struct rk_nfc {
@@ -1119,7 +1118,7 @@ static int rk_nfc_nand_chip_init(struct device *dev, struct rk_nfc *nfc,
return -EINVAL;
}
- rknand = devm_kzalloc(dev, sizeof(*rknand) + nsels * sizeof(u8),
+ rknand = devm_kzalloc(dev, struct_size(rknand, sels, nsels),
GFP_KERNEL);
if (!rknand)
return -ENOMEM;
--
2.34.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2023-10-01 8:14 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-01 7:44 Christophe JAILLET [this message]
2023-10-01 7:44 ` [PATCH] mtd: rawnand: rockchip: Use struct_size() Christophe JAILLET
2023-10-01 7:44 ` Christophe JAILLET
2023-10-01 7:44 ` Christophe JAILLET
2023-10-01 7:49 ` Gustavo A. R. Silva
2023-10-01 7:49 ` Gustavo A. R. Silva
2023-10-01 7:49 ` Gustavo A. R. Silva
2023-10-01 7:49 ` Gustavo A. R. Silva
2023-10-09 19:59 ` Kees Cook
2023-10-09 19:59 ` Kees Cook
2023-10-09 19:59 ` Kees Cook
2023-10-09 19:59 ` Kees Cook
2023-10-09 20:18 ` Heiko Stuebner
2023-10-09 20:18 ` Heiko Stuebner
2023-10-09 20:18 ` Heiko Stuebner
2023-10-09 20:18 ` Heiko Stuebner
2023-10-16 9:29 ` Miquel Raynal
2023-10-16 9:29 ` Miquel Raynal
2023-10-16 9:29 ` Miquel Raynal
2023-10-16 9:29 ` Miquel Raynal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=481721c2c7fe570b4027dbe231d523961c953d5a.1696146232.git.christophe.jaillet@wanadoo.fr \
--to=christophe.jaillet@wanadoo.fr \
--cc=gustavoars@kernel.org \
--cc=heiko@sntech.de \
--cc=keescook@chromium.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=miquel.raynal@bootlin.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=richard@nod.at \
--cc=trix@redhat.com \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.