lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202403181635.46CBABD994@keescook>
Date: Mon, 18 Mar 2024 16:40:30 -0700
From: Kees Cook <keescook@...omium.org>
To: Erick Archer <erick.archer@....com>
Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Namhyung Kim <namhyung@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>,
	Adrian Hunter <adrian.hunter@...el.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>, x86@...nel.org,
	linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH] perf/x86/rapl: Prefer struct_size over open coded
 arithmetic

On Sun, Mar 17, 2024 at 05:44:42PM +0100, Erick Archer wrote:
> This is an effort to get rid of all multiplications from allocation
> functions in order to prevent integer overflows [1][2].
> 
> As the "rapl_pmus" variable is a pointer to "struct rapl_pmus" and
> this structure ends in a flexible array:
> 
> struct rapl_pmus {
> 	[...]
> 	struct rapl_pmu *pmus[] __counted_by(maxdie);
> };
> 
> the preferred way in the kernel is to use the struct_size() helper to
> do the arithmetic instead of the calculation "size + count * size" in
> the kzalloc() function.
> 
> This way, the code is more readable and safer.
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1]
> Link: https://github.com/KSPP/linux/issues/160 [2]
> Signed-off-by: Erick Archer <erick.archer@....com>

Thanks!

Reviewed-by: Kees Cook <keescook@...omium.org>

I was inspired to come up with a Coccinelle script to find this pattern.
This seems to do it, though it also removes the blank line. I'm not sure
how to stop it from doing that. I'm running this treewide to see if I
can find others...

// Options: --no-includes --include-headers

@allocation@
type SIZE_TYPE;
identifier SIZE;
type PTR_TYPE;
PTR_TYPE *PTR;
identifier ALLOC =~ "kmalloc|kzalloc|kmalloc_node|kzalloc_node|vmalloc|vzalloc|kvmalloc|kvzalloc";
@@

	SIZE_TYPE SIZE;
	...
	PTR = ALLOC(..., SIZE, ...)

@structure@
type allocation.PTR_TYPE;
type FLEX_TYPE;
identifier FLEX;
@@

	PTR_TYPE {
		...
 		FLEX_TYPE FLEX[];
		...
	};

@single_shot_sizing@
type allocation.SIZE_TYPE;
identifier allocation.SIZE;
type allocation.PTR_TYPE;
PTR_TYPE *allocation.PTR;
identifier allocation.ALLOC;
type structure.FLEX_TYPE;
identifier structure.FLEX;
expression COUNT;
@@

- 	SIZE_TYPE SIZE;
 	... when != SIZE
-	SIZE = (\(sizeof(*PTR)\|sizeof(PTR_TYPE)\) + ((COUNT) * \(sizeof(*PTR->FLEX)\|sizeof(PTR->FLEX[0])\|sizeof(FLEX_TYPE)\)));
 	... when != SIZE
 	PTR = ALLOC(...,
-			SIZE
+			struct_size(PTR, FLEX, COUNT)
 			, ...)
 	... when != SIZE

@reused_sizing@
type allocation.SIZE_TYPE;
identifier allocation.SIZE;
type allocation.PTR_TYPE;
PTR_TYPE *allocation.PTR;
identifier allocation.ALLOC;
type structure.FLEX_TYPE;
identifier structure.FLEX;
expression COUNT;
@@

  	SIZE_TYPE SIZE;
 	...
	SIZE =
-		(\(sizeof(*PTR)\|sizeof(PTR_TYPE)\) + ((COUNT) * \(sizeof(*PTR->FLEX)\|sizeof(PTR->FLEX[0])\|sizeof(FLEX_TYPE)\)))
+		struct_size(PTR, FLEX, COUNT)
	;
 	... when != SIZE
 	PTR = ALLOC(..., SIZE , ...)


-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ