lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240703191641.i5okrz22exrt3mgk@pali>
Date: Wed, 3 Jul 2024 21:16:41 +0200
From: Pali Rohár <pali@...nel.org>
To: Guenter Roeck <linux@...ck-us.net>
Cc: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
	Jean Delvare <jdelvare@...e.com>, linux-hwmon@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] hwmon: (dell-smm) Simplify with cleanup.h

On Wednesday 03 July 2024 11:52:14 Guenter Roeck wrote:
> On 7/3/24 01:31, Krzysztof Kozlowski wrote:
> > Allocate memory, which is being freed at end of the scope, to make the
> > code a bit simpler.
> > 
> > Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
> > ---
> >   drivers/hwmon/dell-smm-hwmon.c | 7 +++----
> >   1 file changed, 3 insertions(+), 4 deletions(-)
> > 
> > diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c
> > index 0362a13f6525..e72e26db6e10 100644
> > --- a/drivers/hwmon/dell-smm-hwmon.c
> > +++ b/drivers/hwmon/dell-smm-hwmon.c
> > @@ -14,6 +14,7 @@
> >   #include <linux/acpi.h>
> >   #include <linux/capability.h>
> > +#include <linux/cleanup.h>
> >   #include <linux/cpu.h>
> >   #include <linux/ctype.h>
> >   #include <linux/delay.h>
> > @@ -1095,9 +1096,9 @@ static int dell_smm_init_cdev(struct device *dev, u8 fan_num)
> >   	struct thermal_cooling_device *cdev;
> >   	struct dell_smm_cooling_data *cdata;
> >   	int ret = 0;
> > -	char *name;
> > -	name = kasprintf(GFP_KERNEL, "dell-smm-fan%u", fan_num + 1);
> > +	char *name __free(kfree) = kasprintf(GFP_KERNEL, "dell-smm-fan%u",
> > +					     fan_num + 1);
> >   	if (!name)
> >   		return -ENOMEM;
> > @@ -1115,8 +1116,6 @@ static int dell_smm_init_cdev(struct device *dev, u8 fan_num)
> >   		ret = -ENOMEM;
> >   	}
> > -	kfree(name);
> > -
> >   	return ret;
> >   }
> 
> If you really want to clean this up, just use
> 	char name[32];
> 	...
> 	snprintf(name, sizeof(name), "dell-smm-fan%u", fan_num + 1);
> 
> I don't see the point of all this complexity.
> 
> Guenter
> 

Lets first ask a question: And what the problem we are solving there?
I do not see any memory leak here, it is neither mentioned in the commit
message. So I think that there is no real problem, and code has just
clear and explicit alloc/free pattern.

On the other hand proposed change with __free does not make it simpler.
It has still same complexity, plus magic around.

snprintf with stack allocation at the first glance looks simpler.

But has a problem that if in future the device name will change then it
would be required also check (and maybe modify) size of stack buffer. In
its usage you are specifying pair <sizeof(name), "dell-smm-fan%u"> which
has size not related to the string. But something more common sense
would be to specify pair <32,"dell-smm-fan%u"> which could say that it
is always maximally 32 (and you can easily check if the string is not
going to be larger). So for long term maintenance this is maybe worse.


What could be the real cleanup (if some is really needed) is to use
kasprintf variant which allocates buffer on the stack. But I do not know
if such printf-alloca function variant is available for us.

E.g.: const char *name = alloca_snprintf(32, "dell-smm-fan%u", fan_num + 1);

Or maybe just alloca_snprintf("dell-smm-fan%u", fan_num + 1) and some
sanitizer can calculate that the function never allocates more than some
sane size (because there is fixed string of few chars and %u which needs
maximally 10 bytes).


And anyway, explicit specification of the buffer size is lot of times
reason for overflows (because is specified incorrectly). Why cannot
compiler / library / etc... in year 2024 compute the correct required
buffer size of us automatically? Ah :-(

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ