Re: [PATCH 07/21] dmaengine: qcom: bam_dma: Annotate struct bam_async_desc with __counted_by
From: Gustavo A. R. Silva
Date: Thu Aug 17 2023 - 21:25:32 EST
On 8/17/23 17:58, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct bam_async_desc.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Vinod Koul <vkoul@xxxxxxxxxx>
Cc: Andy Gross <agross@xxxxxxxxxx>
Cc: Bjorn Andersson <andersson@xxxxxxxxxx>
Cc: Konrad Dybcio <konrad.dybcio@xxxxxxxxxx>
Cc: linux-arm-msm@xxxxxxxxxxxxxxx
Cc: dmaengine@xxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
Thanks
--
Gustavo
---
drivers/dma/qcom/bam_dma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma/qcom/bam_dma.c b/drivers/dma/qcom/bam_dma.c
index 4c3eb972039d..65b89bb7a56b 100644
--- a/drivers/dma/qcom/bam_dma.c
+++ b/drivers/dma/qcom/bam_dma.c
@@ -74,7 +74,7 @@ struct bam_async_desc {
struct list_head desc_node;
enum dma_transfer_direction dir;
size_t length;
- struct bam_desc_hw desc[];
+ struct bam_desc_hw desc[] __counted_by(num_desc);
};
enum bam_reg {