On 09/22/23 at 10:52am, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct crash_mem. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Eric Biederman <ebiederm@xxxxxxxxxxxx> > Cc: kexec@xxxxxxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > include/linux/crash_core.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h > index 3426f6eef60b..5126a4fecb44 100644 > --- a/include/linux/crash_core.h > +++ b/include/linux/crash_core.h > @@ -131,7 +131,7 @@ static inline void __init reserve_crashkernel_generic(char *cmdline, > struct crash_mem { > unsigned int max_nr_ranges; > unsigned int nr_ranges; > - struct range ranges[]; > + struct range ranges[] __counted_by(max_nr_ranges); This __counted_by() only makes sense when there's a obvious upper boundary, max_nr_ranges in this case. This heavily depends and isn't much in kernel? E.g struct swap_info_struct->avail_lists[]. Just curious, not related to this patch though. > }; > > extern int crash_exclude_mem_range(struct crash_mem *mem, > -- > 2.34.1 > _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec
