From: Gustavo A. R. Silva Date: Mon, 9 Oct 2023 18:24:27 +0000 (-0600) Subject: iommu/virtio: Add __counted_by for struct viommu_request and use struct_size() X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=9e13ec61de2a51195b122a79461431d8cb99d7b5;p=linux.git iommu/virtio: Add __counted_by for struct viommu_request and use struct_size() Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). While there, use struct_size() helper, instead of the open-coded version, to calculate the size for the allocation of the whole flexible structure, including of course, the flexible-array member. This code was found with the help of Coccinelle, and audited and fixed manually. Signed-off-by: Gustavo A. R. Silva Reviewed-by: Jean-Philippe Brucker Reviewed-by: Justin Stitt Link: https://lore.kernel.org/r/ZSRFW0yDlDo8+at3@work Signed-off-by: Joerg Roedel --- diff --git a/drivers/iommu/virtio-iommu.c b/drivers/iommu/virtio-iommu.c index 17dcd826f5c20..379ebe03efb6d 100644 --- a/drivers/iommu/virtio-iommu.c +++ b/drivers/iommu/virtio-iommu.c @@ -85,7 +85,7 @@ struct viommu_request { void *writeback; unsigned int write_offset; unsigned int len; - char buf[]; + char buf[] __counted_by(len); }; #define VIOMMU_FAULT_RESV_MASK 0xffffff00 @@ -230,7 +230,7 @@ static int __viommu_add_req(struct viommu_dev *viommu, void *buf, size_t len, if (write_offset <= 0) return -EINVAL; - req = kzalloc(sizeof(*req) + len, GFP_ATOMIC); + req = kzalloc(struct_size(req, buf, len), GFP_ATOMIC); if (!req) return -ENOMEM;