[PATCH] net: sched: Annotate struct tc_pedit with __counted_by

Fri, 16 Feb 2024 15:28:07 -0800 

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct tc_pedit.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.

Link: 
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
 [1]
Signed-off-by: Kees Cook <[email protected]>
---
Cc: Jakub Kicinski <[email protected]>
Cc: Jamal Hadi Salim <[email protected]>
Cc: Cong Wang <[email protected]>
Cc: Jiri Pirko <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: Eric Dumazet <[email protected]>
Cc: Paolo Abeni <[email protected]>
Cc: "Gustavo A. R. Silva" <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
 include/uapi/linux/tc_act/tc_pedit.h | 2 +-
 net/sched/act_pedit.c                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/uapi/linux/tc_act/tc_pedit.h 
b/include/uapi/linux/tc_act/tc_pedit.h
index f3e61b04fa01..f5cab7fc96ab 100644
--- a/include/uapi/linux/tc_act/tc_pedit.h
+++ b/include/uapi/linux/tc_act/tc_pedit.h
@@ -62,7 +62,7 @@ struct tc_pedit_sel {
        tc_gen;
        unsigned char           nkeys;
        unsigned char           flags;
-       struct tc_pedit_key     keys[0];
+       struct tc_pedit_key     keys[] __counted_by(nkeys);
 };
 
 #define tc_pedit tc_pedit_sel
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 2ef22969f274..21e863d2898c 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -515,11 +515,11 @@ static int tcf_pedit_dump(struct sk_buff *skb, struct 
tc_action *a,
                spin_unlock_bh(&p->tcf_lock);
                return -ENOBUFS;
        }
+       opt->nkeys = parms->tcfp_nkeys;
 
        memcpy(opt->keys, parms->tcfp_keys,
               flex_array_size(opt, keys, parms->tcfp_nkeys));
        opt->index = p->tcf_index;
-       opt->nkeys = parms->tcfp_nkeys;
        opt->flags = parms->tcfp_flags;
        opt->action = p->tcf_action;
        opt->refcnt = refcount_read(&p->tcf_refcnt) - ref;
-- 
2.34.1

Reply via email to