Jean-Philippe Brucker
2023-Oct-10 13:36 UTC
[PATCH][next] iommu/virtio: Add __counted_by for struct viommu_request and use struct_size()
On Mon, Oct 09, 2023 at 12:24:27PM -0600, Gustavo A. R. Silva wrote:> Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > While there, use struct_size() helper, instead of the open-coded > version, to calculate the size for the allocation of the whole > flexible structure, including of course, the flexible-array member. > > This code was found with the help of Coccinelle, and audited and > fixed manually. > > Signed-off-by: Gustavo A. R. Silva <gustavoars at kernel.org>Reviewed-by: Jean-Philippe Brucker <jean-philippe at linaro.org>> --- > drivers/iommu/virtio-iommu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/iommu/virtio-iommu.c b/drivers/iommu/virtio-iommu.c > index 17dcd826f5c2..379ebe03efb6 100644 > --- a/drivers/iommu/virtio-iommu.c > +++ b/drivers/iommu/virtio-iommu.c > @@ -85,7 +85,7 @@ struct viommu_request { > void *writeback; > unsigned int write_offset; > unsigned int len; > - char buf[]; > + char buf[] __counted_by(len); > }; > > #define VIOMMU_FAULT_RESV_MASK 0xffffff00 > @@ -230,7 +230,7 @@ static int __viommu_add_req(struct viommu_dev *viommu, void *buf, size_t len, > if (write_offset <= 0) > return -EINVAL; > > - req = kzalloc(sizeof(*req) + len, GFP_ATOMIC); > + req = kzalloc(struct_size(req, buf, len), GFP_ATOMIC); > if (!req) > return -ENOMEM; > > -- > 2.34.1 >