Re: [ovs-dev] [PATCH 03/14] ipv6: Annotate struct ip6_sf_socklist with __counted_by
On 9/22/23 11:28, Kees Cook wrote: Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct ip6_sf_socklist. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: net...@vger.kernel.org Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva Thanks -- Gustavo --- include/net/if_inet6.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h index c8490729b4ae..3e454c4d7ba6 100644 --- a/include/net/if_inet6.h +++ b/include/net/if_inet6.h @@ -89,7 +89,7 @@ struct ip6_sf_socklist { unsigned intsl_max; unsigned intsl_count; struct rcu_head rcu; - struct in6_addr sl_addr[]; + struct in6_addr sl_addr[] __counted_by(sl_max); }; #define IP6_SFBLOCK 10 /* allocate this many at once */ ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 03/14] ipv6: Annotate struct ip6_sf_socklist with __counted_by
Bleep bloop. Greetings Kees Cook, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. Patch skipped due to previous failure. Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 03/14] ipv6: Annotate struct ip6_sf_socklist with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct ip6_sf_socklist. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/if_inet6.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h index c8490729b4ae..3e454c4d7ba6 100644 --- a/include/net/if_inet6.h +++ b/include/net/if_inet6.h @@ -89,7 +89,7 @@ struct ip6_sf_socklist { unsigned intsl_max; unsigned intsl_count; struct rcu_head rcu; - struct in6_addr sl_addr[]; + struct in6_addr sl_addr[] __counted_by(sl_max); }; #define IP6_SFBLOCK10 /* allocate this many at once */ -- 2.34.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev