lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 18 Oct 2022 03:15:36 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Rasmus Villemoes <rasmus.villemoes@...vas.dk>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Jason Gunthorpe <jgg@...pe.ca>, Nishanth Menon <nm@...com>,
        Michael Kelley <mikelley@...rosoft.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Won Chung <wonchung@...gle.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] driver core: Add __alloc_size hint to devm allocators

On Tue, Oct 18, 2022 at 12:09:30PM +0200, Rasmus Villemoes wrote:
> On 18/10/2022 09.34, Kees Cook wrote:
> > Mark the devm_*alloc()-family of allocations with appropriate
> > __alloc_size() hints so the compiler can attempt to reason about buffer
> > lengths from allocations.
> > 
> 
> > @@ -226,7 +226,8 @@ static inline void *devm_kcalloc(struct device *dev,
> >  void devm_kfree(struct device *dev, const void *p);
> >  char *devm_kstrdup(struct device *dev, const char *s, gfp_t gfp) __malloc;
> >  const char *devm_kstrdup_const(struct device *dev, const char *s, gfp_t gfp);
> > -void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp);
> > +void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp)
> > +	__alloc_size(3);
> 
> I think it's wrong to apply the __malloc attribute to kmemdup() and
> variants.
>
> 'malloc'
>      This tells the compiler that a function is 'malloc'-like, i.e.,
>      that the pointer P returned by the function cannot alias any other
>      pointer valid when the function returns, and moreover no pointers
>      to valid objects occur in any storage addressed by P.

Oh, ew, it defines rules about _contents_ as well. Thank you for
pointing that out!

I suppose we can use __realloc_size for these cases then?

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ