Re: [PATCH] wifi: rtw89: coex: Annotate struct rtw89_btc_btf_set_slot_table with __counted_by
From: Gustavo A. R. Silva
Date: Fri Oct 06 2023 - 19:03:13 EST
On 10/6/23 22:17, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct
rtw89_btc_btf_set_slot_table.
Cc: Ping-Ke Shih <pkshih@xxxxxxxxxxx>
Cc: Kalle Valo <kvalo@xxxxxxxxxx>
Cc: "Gustavo A. R. Silva" <gustavoars@xxxxxxxxxx>
Cc: linux-wireless@xxxxxxxxxxxxxxx
Cc: linux-hardening@xxxxxxxxxxxxxxx
Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1]
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
Thanks!
--
Gustavo
---
drivers/net/wireless/realtek/rtw89/coex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw89/coex.c b/drivers/net/wireless/realtek/rtw89/coex.c
index 4ba8b3df70ae..d66a1152c3f5 100644
--- a/drivers/net/wireless/realtek/rtw89/coex.c
+++ b/drivers/net/wireless/realtek/rtw89/coex.c
@@ -237,7 +237,7 @@ struct rtw89_btc_btf_set_report {
struct rtw89_btc_btf_set_slot_table {
u8 fver;
u8 tbl_num;
- u8 buf[];
+ u8 buf[] __counted_by(tbl_num);
} __packed;
struct rtw89_btc_btf_set_mon_reg {