[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d199c2af-06af-8a50-a6a1-00eefa0b67b4@prevas.dk>
Date: Tue, 18 Oct 2022 12:09:30 +0200
From: Rasmus Villemoes <rasmus.villemoes@...vas.dk>
To: Kees Cook <keescook@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Jason Gunthorpe <jgg@...pe.ca>, Nishanth Menon <nm@...com>,
Michael Kelley <mikelley@...rosoft.com>,
Dan Williams <dan.j.williams@...el.com>,
Won Chung <wonchung@...gle.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] driver core: Add __alloc_size hint to devm allocators
On 18/10/2022 09.34, Kees Cook wrote:
> Mark the devm_*alloc()-family of allocations with appropriate
> __alloc_size() hints so the compiler can attempt to reason about buffer
> lengths from allocations.
>
> @@ -226,7 +226,8 @@ static inline void *devm_kcalloc(struct device *dev,
> void devm_kfree(struct device *dev, const void *p);
> char *devm_kstrdup(struct device *dev, const char *s, gfp_t gfp) __malloc;
> const char *devm_kstrdup_const(struct device *dev, const char *s, gfp_t gfp);
> -void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp);
> +void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp)
> + __alloc_size(3);
I think it's wrong to apply the __malloc attribute to kmemdup() and
variants.
'malloc'
This tells the compiler that a function is 'malloc'-like, i.e.,
that the pointer P returned by the function cannot alias any other
pointer valid when the function returns, and moreover no pointers
to valid objects occur in any storage addressed by P.
See also commit d64e85d3e1c5, introducing __malloc in the first place.
Maybe worth lifting some of that to a comment somewhere.
Rasmus
Powered by blists - more mailing lists