Use __counted_by_ptr() attribute on the acpm_xfer buffers so UBSAN will validate runtime that we do not pass over the buffer size, thus making code safer.
Usage of __counted_by_ptr() (or actually __counted_by()) requires that counter is initialized before counted array. Tested-by: Tudor Ambarus <[email protected]> Reviewed-by: Tudor Ambarus <[email protected]> Signed-off-by: Krzysztof Kozlowski <[email protected]> --- __counted_by_ptr() actually maps to __counted_by() for clang v20. Alternatively we could introduce new __sized_by(), already supported by clang v20, but it is not available for GCC, AFAIU. RFT, testing would need clang=20+ with COMNFIG_UBSAN and CONFIG_UBSAN_BOUNDS enabled. --- drivers/firmware/samsung/exynos-acpm-dvfs.c | 4 ++-- drivers/firmware/samsung/exynos-acpm.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/samsung/exynos-acpm-dvfs.c b/drivers/firmware/samsung/exynos-acpm-dvfs.c index 485fc77ad4b1..17e7be7757b3 100644 --- a/drivers/firmware/samsung/exynos-acpm-dvfs.c +++ b/drivers/firmware/samsung/exynos-acpm-dvfs.c @@ -25,12 +25,12 @@ static void acpm_dvfs_set_xfer(struct acpm_xfer *xfer, u32 *cmd, size_t cmdlen, unsigned int acpm_chan_id, bool response) { xfer->acpm_chan_id = acpm_chan_id; - xfer->txd = cmd; xfer->txcnt = cmdlen; + xfer->txd = cmd; if (response) { - xfer->rxd = cmd; xfer->rxcnt = cmdlen; + xfer->rxd = cmd; } } diff --git a/drivers/firmware/samsung/exynos-acpm.h b/drivers/firmware/samsung/exynos-acpm.h index 422fbcac7284..8392fcb91f45 100644 --- a/drivers/firmware/samsung/exynos-acpm.h +++ b/drivers/firmware/samsung/exynos-acpm.h @@ -8,8 +8,8 @@ #define __EXYNOS_ACPM_H__ struct acpm_xfer { - const u32 *txd; - u32 *rxd; + const u32 *txd __counted_by_ptr(txcnt); + u32 *rxd __counted_by_ptr(rxcnt); size_t txcnt; size_t rxcnt; unsigned int acpm_chan_id; -- 2.51.0
