lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d199c2af-06af-8a50-a6a1-00eefa0b67b4@prevas.dk>
Date:   Tue, 18 Oct 2022 12:09:30 +0200
From:   Rasmus Villemoes <rasmus.villemoes@...vas.dk>
To:     Kees Cook <keescook@...omium.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Jason Gunthorpe <jgg@...pe.ca>, Nishanth Menon <nm@...com>,
        Michael Kelley <mikelley@...rosoft.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Won Chung <wonchung@...gle.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] driver core: Add __alloc_size hint to devm allocators

On 18/10/2022 09.34, Kees Cook wrote:
> Mark the devm_*alloc()-family of allocations with appropriate
> __alloc_size() hints so the compiler can attempt to reason about buffer
> lengths from allocations.
> 

> @@ -226,7 +226,8 @@ static inline void *devm_kcalloc(struct device *dev,
>  void devm_kfree(struct device *dev, const void *p);
>  char *devm_kstrdup(struct device *dev, const char *s, gfp_t gfp) __malloc;
>  const char *devm_kstrdup_const(struct device *dev, const char *s, gfp_t gfp);
> -void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp);
> +void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp)
> +	__alloc_size(3);

I think it's wrong to apply the __malloc attribute to kmemdup() and
variants.

'malloc'
     This tells the compiler that a function is 'malloc'-like, i.e.,
     that the pointer P returned by the function cannot alias any other
     pointer valid when the function returns, and moreover no pointers
     to valid objects occur in any storage addressed by P.

See also commit d64e85d3e1c5, introducing __malloc in the first place.
Maybe worth lifting some of that to a comment somewhere.

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ