Re: [PATCH] unwind deferred: Annotate struct unwind_cache with __counted_by

Fri, 14 Nov 2025 07:25:58 -0800 

On Fri, 14 Nov 2025 14:31:04 +0000
David Laight <[email protected]> wrote:

> On Fri, 14 Nov 2025 08:43:46 -0500
> Steven Rostedt <[email protected]> wrote:
> 
> > On Fri, 14 Nov 2025 13:27:47 +0100
> > Thorsten Blum <[email protected]> wrote:
> >   
> > > Add the __counted_by() compiler attribute to the flexible array member
> > > 'entries' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > CONFIG_FORTIFY_SOURCE.
> > > 
> > > Signed-off-by: Thorsten Blum <[email protected]>
> > > ---
> > >  include/linux/unwind_deferred_types.h | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/include/linux/unwind_deferred_types.h 
> > > b/include/linux/unwind_deferred_types.h
> > > index 33b62ac25c86..d4b67f0116f3 100644
> > > --- a/include/linux/unwind_deferred_types.h
> > > +++ b/include/linux/unwind_deferred_types.h
> > > @@ -5,7 +5,7 @@
> > >  struct unwind_cache {
> > >   unsigned long           unwind_completed;
> > >   unsigned int            nr_entries;
> > > - unsigned long           entries[];
> > > + unsigned long           entries[] __counted_by(nr_entries);
> > >  };
> > >  
> > >  /*    
> > 
> > Wrong!
> > 
> > I need to add a comment here that entries is not bound by nr_entries.
> > 
> >    https://lore.kernel.org/all/[email protected]/
> > 
> > Maybe this?:
> > 
> > diff --git a/include/linux/unwind_deferred_types.h 
> > b/include/linux/unwind_deferred_types.h
> > index 33b62ac25c86..d05409bb14fa 100644
> > --- a/include/linux/unwind_deferred_types.h
> > +++ b/include/linux/unwind_deferred_types.h
> > @@ -5,7 +5,7 @@
> >  struct unwind_cache {
> >     unsigned long           unwind_completed;  
> 
> Does that need to be 'long' - 'int' would fit in the padding on 64bit.

We could make it 32 bit, then the number of tracers attached would be the
same as it would be on 32 bit archs (which would be 30). Maybe that's enough.

> 
> >     unsigned int            nr_entries;
> > -   unsigned long           entries[];
> > +   unsigned long           entries[]; /* Fixed size, not bound by 
> > nr_entries */
> >  };  
> 
> Perhaps it should be:
>       unsigned long entries[ /* MAX_UNWIND_ENTRIES */ ];

Whatever would keep the coccinelle folks from sending more patches.

-- Steve

Reply via email to