lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250321204105.1898507-2-kees@kernel.org>
Date: Fri, 21 Mar 2025 13:40:58 -0700
From: Kees Cook <kees@...nel.org>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Kees Cook <kees@...nel.org>,
	Christoph Lameter <cl@...ux.com>,
	Miguel Ojeda <ojeda@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Marco Elver <elver@...gle.com>,
	Nick Desaulniers <ndesaulniers@...gle.com>,
	Przemek Kitszel <przemyslaw.kitszel@...el.com>,
	Pekka Enberg <penberg@...nel.org>,
	David Rientjes <rientjes@...gle.com>,
	Joonsoo Kim <iamjoonsoo.kim@....com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Roman Gushchin <roman.gushchin@...ux.dev>,
	Hyeonggon Yoo <42.hyeyoo@...il.com>,
	linux-kernel@...r.kernel.org,
	linux-mm@...ck.org,
	linux-hardening@...r.kernel.org
Subject: [PATCH 2/5] treewide: Prepare for kfree() to __kfree() rename

In preparation for making kfree() a wrapper macro, replace address-taken
instances of kfree with __kfree so the future renaming of kfree to
__kfree will work correctly. (Or to avoid needing to create a union for
a cast.)

This is an example subset needed to build my bootable image. I'm sure
there are more, but they immediately throw build errors when encountered
so they cannot be silently missed.

Signed-off-by: Kees Cook <kees@...nel.org>
---
 arch/mips/alchemy/common/dbdma.c |  2 +-
 include/linux/slab.h             |  2 ++
 io_uring/futex.c                 |  2 +-
 io_uring/io_uring.c              | 12 ++++++------
 kernel/bpf/core.c                |  3 ++-
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/arch/mips/alchemy/common/dbdma.c b/arch/mips/alchemy/common/dbdma.c
index 6a3c890f7bbf..08548e5daead 100644
--- a/arch/mips/alchemy/common/dbdma.c
+++ b/arch/mips/alchemy/common/dbdma.c
@@ -422,7 +422,7 @@ u32 au1xxx_dbdma_ring_alloc(u32 chanid, int entries)
 		 * Lost....do it again, allocate extra, and round
 		 * the address base.
 		 */
-		kfree((const void *)desc_base);
+		__kfree((const void *)desc_base);
 		i = entries * sizeof(au1x_ddma_desc_t);
 		i += (sizeof(au1x_ddma_desc_t) - 1);
 		desc_base = (u32)kmalloc(i, GFP_KERNEL|GFP_DMA);
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 09eedaecf120..3e807ccc8583 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -469,6 +469,8 @@ void kfree(const void *objp);
 void kfree_sensitive(const void *objp);
 size_t __ksize(const void *objp);
 
+#define __kfree(x)	kfree(x)
+
 DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T))
 DEFINE_FREE(kfree_sensitive, void *, if (_T) kfree_sensitive(_T))
 
diff --git a/io_uring/futex.c b/io_uring/futex.c
index 43e2143255f5..e46a019fbd08 100644
--- a/io_uring/futex.c
+++ b/io_uring/futex.c
@@ -41,7 +41,7 @@ bool io_futex_cache_init(struct io_ring_ctx *ctx)
 
 void io_futex_cache_free(struct io_ring_ctx *ctx)
 {
-	io_alloc_cache_free(&ctx->futex_cache, kfree);
+	io_alloc_cache_free(&ctx->futex_cache, __kfree);
 }
 
 static void __io_futex_complete(struct io_kiocb *req, struct io_tw_state *ts)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index ceacf6230e34..0a41a3a981b1 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -360,11 +360,11 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p)
 free_ref:
 	percpu_ref_exit(&ctx->refs);
 err:
-	io_alloc_cache_free(&ctx->apoll_cache, kfree);
+	io_alloc_cache_free(&ctx->apoll_cache, __kfree);
 	io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free);
 	io_alloc_cache_free(&ctx->rw_cache, io_rw_cache_free);
-	io_alloc_cache_free(&ctx->uring_cache, kfree);
-	io_alloc_cache_free(&ctx->msg_cache, kfree);
+	io_alloc_cache_free(&ctx->uring_cache, __kfree);
+	io_alloc_cache_free(&ctx->msg_cache, __kfree);
 	io_futex_cache_free(ctx);
 	kvfree(ctx->cancel_table.hbs);
 	xa_destroy(&ctx->io_bl_xa);
@@ -2702,11 +2702,11 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx)
 	io_sqe_files_unregister(ctx);
 	io_cqring_overflow_kill(ctx);
 	io_eventfd_unregister(ctx);
-	io_alloc_cache_free(&ctx->apoll_cache, kfree);
+	io_alloc_cache_free(&ctx->apoll_cache, __kfree);
 	io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free);
 	io_alloc_cache_free(&ctx->rw_cache, io_rw_cache_free);
-	io_alloc_cache_free(&ctx->uring_cache, kfree);
-	io_alloc_cache_free(&ctx->msg_cache, kfree);
+	io_alloc_cache_free(&ctx->uring_cache, __kfree);
+	io_alloc_cache_free(&ctx->msg_cache, __kfree);
 	io_futex_cache_free(ctx);
 	io_destroy_buffers(ctx);
 	io_free_region(ctx, &ctx->param_region);
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index da729cbbaeb9..9d2721d24c40 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -280,7 +280,8 @@ void __bpf_prog_free(struct bpf_prog *fp)
 		mutex_destroy(&fp->aux->used_maps_mutex);
 		mutex_destroy(&fp->aux->dst_mutex);
 		kfree(fp->aux->poke_tab);
-		kfree(fp->aux);
+		/* "fp" may be in read-only memory */
+		__kfree(fp->aux);
 	}
 	free_percpu(fp->stats);
 	free_percpu(fp->active);
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ