| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aSTKLsRNiEKtDqPI@casper.infradead.org> Date: Mon, 24 Nov 2025 21:12:14 +0000 From: Matthew Wilcox <willy@...radead.org> To: Kees Cook <kees@...nel.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Vlastimil Babka <vbabka@...e.cz>, Christoph Lameter <cl@...ux.com>, Pekka Enberg <penberg@...nel.org>, David Rientjes <rientjes@...gle.com>, Joonsoo Kim <iamjoonsoo.kim@....com>, Andrew Morton <akpm@...ux-foundation.org>, Roman Gushchin <roman.gushchin@...ux.dev>, Hyeonggon Yoo <42.hyeyoo@...il.com>, "Gustavo A . R . Silva" <gustavoars@...nel.org>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, Jann Horn <jannh@...gle.com>, Przemek Kitszel <przemyslaw.kitszel@...el.com>, Marco Elver <elver@...gle.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Sasha Levin <sashal@...nel.org>, linux-mm@...ck.org, Randy Dunlap <rdunlap@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Vegard Nossum <vegard.nossum@...cle.com>, Harry Yoo <harry.yoo@...cle.com>, Nathan Chancellor <nathan@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Jonathan Corbet <corbet@....net>, Jakub Kicinski <kuba@...nel.org>, Yafang Shao <laoar.shao@...il.com>, Tony Ambardar <tony.ambardar@...il.com>, Alexander Lobakin <aleksander.lobakin@...el.com>, Jan Hendrik Farr <kernel@...rr.cc>, Alexander Potapenko <glider@...gle.com>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, linux-doc@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH v5 2/4] slab: Introduce kmalloc_obj() and family On Mon, Nov 24, 2025 at 12:38:57PM -0800, Kees Cook wrote: > For code like: > > u8 size; > ... > size = struct_size(ptr, flex_member, count); > ptr = kmalloc(size, gfp); > > While struct_size() is designed to deal with overflows beyond SIZE_MAX, > it can't do anything about truncation of its return value since it has > no visibility into the lvalue type. So this code pattern happily > truncates, allocates too little memory, and then usually does stuff like > runs a for-loop based on "count" instead of "size" and walks right off > the end of the heap allocation, clobbering whatever follows it. Have we investigated a compiler warning like -Wimplicit-arithmetic-truncation that would complain about this kind of thing and could be shut up by an explicit cast: size = (u8)struct_size(ptr, flex_member, count); or arithmetic that can be proven to not overflow: size = struct_size(ptr, flex_member, count) & 0xff; Maybe such a warning already exists and it's just too noisy to even start thinking about turning it on?
Powered by blists - more mailing lists