| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202403181635.46CBABD994@keescook>
Date: Mon, 18 Mar 2024 16:40:30 -0700
From: Kees Cook <keescook@...omium.org>
To: Erick Archer <erick.archer@....com>
Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>,
Adrian Hunter <adrian.hunter@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>, x86@...nel.org,
linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH] perf/x86/rapl: Prefer struct_size over open coded
arithmetic
On Sun, Mar 17, 2024 at 05:44:42PM +0100, Erick Archer wrote:
> This is an effort to get rid of all multiplications from allocation
> functions in order to prevent integer overflows [1][2].
>
> As the "rapl_pmus" variable is a pointer to "struct rapl_pmus" and
> this structure ends in a flexible array:
>
> struct rapl_pmus {
> [...]
> struct rapl_pmu *pmus[] __counted_by(maxdie);
> };
>
> the preferred way in the kernel is to use the struct_size() helper to
> do the arithmetic instead of the calculation "size + count * size" in
> the kzalloc() function.
>
> This way, the code is more readable and safer.
>
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1]
> Link: https://github.com/KSPP/linux/issues/160 [2]
> Signed-off-by: Erick Archer <erick.archer@....com>
Thanks!
Reviewed-by: Kees Cook <keescook@...omium.org>
I was inspired to come up with a Coccinelle script to find this pattern.
This seems to do it, though it also removes the blank line. I'm not sure
how to stop it from doing that. I'm running this treewide to see if I
can find others...
// Options: --no-includes --include-headers
@allocation@
type SIZE_TYPE;
identifier SIZE;
type PTR_TYPE;
PTR_TYPE *PTR;
identifier ALLOC =~ "kmalloc|kzalloc|kmalloc_node|kzalloc_node|vmalloc|vzalloc|kvmalloc|kvzalloc";
@@
SIZE_TYPE SIZE;
...
PTR = ALLOC(..., SIZE, ...)
@structure@
type allocation.PTR_TYPE;
type FLEX_TYPE;
identifier FLEX;
@@
PTR_TYPE {
...
FLEX_TYPE FLEX[];
...
};
@single_shot_sizing@
type allocation.SIZE_TYPE;
identifier allocation.SIZE;
type allocation.PTR_TYPE;
PTR_TYPE *allocation.PTR;
identifier allocation.ALLOC;
type structure.FLEX_TYPE;
identifier structure.FLEX;
expression COUNT;
@@
- SIZE_TYPE SIZE;
... when != SIZE
- SIZE = (\(sizeof(*PTR)\|sizeof(PTR_TYPE)\) + ((COUNT) * \(sizeof(*PTR->FLEX)\|sizeof(PTR->FLEX[0])\|sizeof(FLEX_TYPE)\)));
... when != SIZE
PTR = ALLOC(...,
- SIZE
+ struct_size(PTR, FLEX, COUNT)
, ...)
... when != SIZE
@reused_sizing@
type allocation.SIZE_TYPE;
identifier allocation.SIZE;
type allocation.PTR_TYPE;
PTR_TYPE *allocation.PTR;
identifier allocation.ALLOC;
type structure.FLEX_TYPE;
identifier structure.FLEX;
expression COUNT;
@@
SIZE_TYPE SIZE;
...
SIZE =
- (\(sizeof(*PTR)\|sizeof(PTR_TYPE)\) + ((COUNT) * \(sizeof(*PTR->FLEX)\|sizeof(PTR->FLEX[0])\|sizeof(FLEX_TYPE)\)))
+ struct_size(PTR, FLEX, COUNT)
;
... when != SIZE
PTR = ALLOC(..., SIZE , ...)
--
Kees Cook
Powered by blists - more mailing lists