On Tue, Aug 13, 2024 at 8:19 AM Thorsten Blum <thorsten.blum@xxxxxxxxxx> wrote:
>
> Add the __counted_by compiler attribute to the flexible array member
> cands to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> CONFIG_FORTIFY_SOURCE.
>
> Increment cnt before adding a new struct to the cands array.
why? What happens otherwise?
>
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxxx>
> ---
> kernel/bpf/btf.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 520f49f422fe..42bc70a56fcd 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -7240,7 +7240,7 @@ struct bpf_cand_cache {
> struct {
> const struct btf *btf;
> u32 id;
> - } cands[];
> + } cands[] __counted_by(cnt);
> };
>
> static DEFINE_MUTEX(cand_cache_mutex);
> @@ -8784,9 +8784,9 @@ bpf_core_add_cands(struct bpf_cand_cache *cands, const struct btf *targ_btf,
> memcpy(new_cands, cands, sizeof_cands(cands->cnt));
> bpf_free_cands(cands);
> cands = new_cands;
> - cands->cands[cands->cnt].btf = targ_btf;
> - cands->cands[cands->cnt].id = i;
> cands->cnt++;
> + cands->cands[cands->cnt - 1].btf = targ_btf;
> + cands->cands[cands->cnt - 1].id = i;
> }
> return cands;
> }
> --
> 2.46.0
>
