Re: [PATCH RFT 3/3] firmware: exynos-acpm: Count acpm_xfer buffers with __counted_by_ptr

Thu, 19 Feb 2026 03:20:19 -0800 


On 2/14/26 2:39 PM, Krzysztof Kozlowski wrote:
> Use __counted_by_ptr() attribute on the acpm_xfer buffers so UBSAN will
> validate runtime that we do not pass over the buffer size, thus making
> code safer.
> 
> Usage of __counted_by_ptr() (or actually __counted_by()) requires that
> counter is initialized before counted array.
> 
> Signed-off-by: Krzysztof Kozlowski <[email protected]>
> 
> ---
> 
> __counted_by_ptr() actually maps to __counted_by() for clang v20.
> Alternatively we could introduce new __sized_by(), already supported by
> clang v20, but it is not available for GCC, AFAIU.
> 
> RFT, testing would need clang=20+ with COMNFIG_UBSAN and
> CONFIG_UBSAN_BOUNDS enabled.

Tested cpufreq (ACPM DVFS) with:
CONFIG_CLANG_VERSION=220100
CONFIG_UBSAN=y
CONFIG_UBSAN_BOUNDS=y

Tested-by: Tudor Ambarus <[email protected]>
Reviewed-by: Tudor Ambarus <[email protected]>

> ---
>  drivers/firmware/samsung/exynos-acpm-dvfs.c | 4 ++--
>  drivers/firmware/samsung/exynos-acpm.h      | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/firmware/samsung/exynos-acpm-dvfs.c 
> b/drivers/firmware/samsung/exynos-acpm-dvfs.c
> index 55ec6ad9d87e..a4864973f65d 100644
> --- a/drivers/firmware/samsung/exynos-acpm-dvfs.c
> +++ b/drivers/firmware/samsung/exynos-acpm-dvfs.c
> @@ -24,12 +24,12 @@ static void acpm_dvfs_set_xfer(struct acpm_xfer *xfer, 
> u32 *cmd, size_t cmdlen,
>                              unsigned int acpm_chan_id, bool response)
>  {
>       xfer->acpm_chan_id = acpm_chan_id;
> -     xfer->txd = cmd;
>       xfer->txcnt = cmdlen;
> +     xfer->txd = cmd;
>  
>       if (response) {
> -             xfer->rxd = cmd;
>               xfer->rxcnt = cmdlen;
> +             xfer->rxd = cmd;
>       }
>  }
>  
> diff --git a/drivers/firmware/samsung/exynos-acpm.h 
> b/drivers/firmware/samsung/exynos-acpm.h
> index 422fbcac7284..8392fcb91f45 100644
> --- a/drivers/firmware/samsung/exynos-acpm.h
> +++ b/drivers/firmware/samsung/exynos-acpm.h
> @@ -8,8 +8,8 @@
>  #define __EXYNOS_ACPM_H__
>  
>  struct acpm_xfer {
> -     const u32 *txd;
> -     u32 *rxd;
> +     const u32 *txd __counted_by_ptr(txcnt);
> +     u32 *rxd __counted_by_ptr(rxcnt);
>       size_t txcnt;
>       size_t rxcnt;
>       unsigned int acpm_chan_id;
> 
























					Reply via email to