diff options
author | Kees Cook <keescook@chromium.org> | 2023-10-04 02:18:33 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2023-10-06 13:37:02 +0300 |
commit | 99474727d5d5b56f6d417ae6010d93407bbaaebb (patch) | |
tree | 661e55d90a2d919fd715aa3c683b24f0d9fca9d8 /include/net/flow_offload.h | |
parent | b3783e5efde4201b2cc7a2fee41791b413137f4c (diff) | |
download | linux-99474727d5d5b56f6d417ae6010d93407bbaaebb.tar.xz |
flow_offload: Annotate struct flow_action_entry with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct flow_action_entry.
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org
Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1]
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/flow_offload.h')
-rw-r--r-- | include/net/flow_offload.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h index 9efa9a59e81f..314087a5e181 100644 --- a/include/net/flow_offload.h +++ b/include/net/flow_offload.h @@ -333,7 +333,7 @@ struct flow_action_entry { struct flow_action { unsigned int num_entries; - struct flow_action_entry entries[]; + struct flow_action_entry entries[] __counted_by(num_entries); }; static inline bool flow_action_has_entries(const struct flow_action *action) |