On Tue, Oct 3, 2023 at 4:17 PM Kees Cook <[email protected]> wrote:
>
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct mlx5_flow_handle.
>
> Cc: Saeed Mahameed <[email protected]>
> Cc: Leon Romanovsky <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Eric Dumazet <[email protected]>
> Cc: Jakub Kicinski <[email protected]>
> Cc: Paolo Abeni <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Link:
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
> [1]
> Signed-off-by: Kees Cook <[email protected]>
> ---
> drivers/net/ethernet/mellanox/mlx5/core/fs_core.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> index 4aed1768b85f..78eb6b7097e1 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
> @@ -181,7 +181,7 @@ struct mlx5_flow_rule {
>
> struct mlx5_flow_handle {
> int num_rules;
> - struct mlx5_flow_rule *rule[];
> + struct mlx5_flow_rule *rule[] __counted_by(num_rules);
> };
Great patch!
handle->num_rules is properly assigned to before handle->rule
has any accesses.
handle = alloc_handle((dest_num) ? dest_num : 1);
then
static struct mlx5_flow_handle *alloc_handle(int num_rules) {
...
handle->num_rules = num_rules;
then
handle->rule[i] = rule;
Reviewed-by: Justin Stitt <[email protected]>
>
> /* Type of children is mlx5_flow_group */
> --
> 2.34.1
>
>
Thanks
Justin
