| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aUf6xwicMCxL28Yp@devuan>
Date: Sun, 21 Dec 2025 15:07:14 +0100
From: Alejandro Colomar <alx@...nel.org>
To: Kees Cook <kees@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Christopher Bazley <chris.bazley.wg14@...il.com>, Rasmus Villemoes <linux@...musvillemoes.dk>,
Marco Elver <elver@...gle.com>, Michal Hocko <mhocko@...e.com>,
Linus Torvalds <torvalds@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk>,
Alexander Potapenko <glider@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>, Jann Horn <jannh@...gle.com>,
"Maciej W. Rozycki" <macro@...am.me.uk>
Subject: Re: [PATCH v5 4/4] mm: Use ARRAY_END() instead of open-coding it
Hi Kees, Andrew,
On Wed, Dec 10, 2025 at 05:37:13PM -0800, Kees Cook wrote:
> > > Are there other open-coded instances that could be replaced? This seems like a great task for a coccinelle script.
> >
> > There are many, but I wanted to keep them out of this initial patch set,
> > to make it easy to apply. When this one is applied, I could work on a
> > second round that replaces more of them with coccinelle. This is just
> > for showing that this is beneficial, and to make sure that you ask for
> > more. :)
> >
> > Also, it's easier if there are few maintainers that would block an
> > initial patch set. If restrict the patch set to a few files, I don't
> > have to deal with many of them. Once I get used to this, I'll deal with
> > all of them.
>
> Sounds good!
Now that the first patch set has been merged, I'm working on a second
round.
I've written a semantic patch:
$ cat src/spatch/array_end.sp
@@
expression a;
@@
- a + ARRAY_SIZE(a)
+ ARRAY_END(a)
@@
expression a;
@@
- ARRAY_SIZE(a) + a
+ ARRAY_END(a)
@@
expression a;
@@
- &a[0] + ARRAY_SIZE(a)
+ ARRAY_END(a)
@@
expression a;
@@
- ARRAY_SIZE(a) + &a[0]
+ ARRAY_END(a)
@@
expression a;
@@
- &a[ARRAY_SIZE(a)]
+ ARRAY_END(a)
Apart from the cases covered by this semantic patch, I've found one case
which needs manual intervention (I don't know if a semantic patch can
handle this case):
diff --git i/fs/proc/base.c w/fs/proc/base.c
index c5114e9a0323..e99c8cad49c3 100644
--- i/fs/proc/base.c
+++ w/fs/proc/base.c
@@ -2876,7 +2876,7 @@ static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \
{ \
return proc_pident_lookup(dir, dentry, \
LSM##_attr_dir_stuff, \
- LSM##_attr_dir_stuff + ARRAY_SIZE(LSM##_attr_dir_stuff)); \
+ ARRAY_END(LSM##_attr_dir_stuff)); \
} \
\
static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \
Anyway, I made sure there's only one of these. There are no similar
cases in the kernel.
Here's a summary of what the semantic patch finds:
arch/arm/kernel/hibernate.c | 2 +-
arch/arm/kernel/reboot.c | 2 +-
arch/arm/mach-omap1/clock_data.c | 2 +-
arch/arm64/kvm/sys_regs.c | 2 +-
arch/mips/fw/sni/sniprom.c | 2 +-
arch/mips/include/asm/sgiarcs.h | 2 +-
arch/riscv/purgatory/purgatory.c | 2 +-
arch/s390/purgatory/purgatory.c | 2 +-
arch/x86/kernel/cpu/hypervisor.c | 2 +-
arch/x86/purgatory/purgatory.c | 2 +-
block/bio.c | 2 +-
crypto/adiantum.c | 2 +-
drivers/base/regmap/regmap-spi-avmm.c | 2 +-
drivers/cpufreq/sa1110-cpufreq.c | 2 +-
drivers/firmware/efi/libstub/vsprintf.c | 2 +-
drivers/gpu/drm/i915/selftests/i915_vma.c | 2 +-
drivers/gpu/drm/xe/xe_guc_ads.c | 2 +-
drivers/md/bcache/btree.c | 6 +++---
drivers/md/bcache/util.h | 2 +-
drivers/md/dm-raid.c | 6 +++---
drivers/mtd/devices/mtd_dataflash.c | 2 +-
drivers/net/ethernet/marvell/mvneta.c | 2 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 +-
drivers/net/ethernet/sfc/falcon/nic.c | 8 ++++----
drivers/net/ethernet/sfc/nic.c | 8 ++++----
drivers/net/ethernet/sfc/siena/nic.c | 8 ++++----
drivers/net/wireless/intel/iwlwifi/mei/net.c | 4 ++--
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 3 +--
drivers/tty/serial/msm_serial.c | 2 +-
fs/erofs/zdata.c | 4 ++--
fs/proc/base.c | 6 +++---
fs/proc/namespaces.c | 2 +-
kernel/bpf/log.c | 2 +-
lib/crypto/tests/hash-test-template.h | 4 ++--
mm/kmemleak.c | 2 +-
mm/memcontrol-v1.c | 4 ++--
net/ipv4/tcp_input.c | 4 ++--
tools/bpf/bpftool/tracelog.c | 2 +-
tools/testing/selftests/bpf/prog_tests/select_reuseport.c | 4 ++--
tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 8 ++++----
tools/testing/selftests/bpf/prog_tests/sockmap_listen.c | 8 ++++----
tools/testing/selftests/bpf/prog_tests/sockmap_redir.c | 8 ++++----
42 files changed, 72 insertions(+), 73 deletions(-)
I applied the semantic patch as
$ time find * -type f \
| grep '\.[ch]$' \
| xargs grep -l ARRAY_SIZE \
| xargs grep -L '^#define ARRAY_END' \
| xargs grep -l \
-e '+ *ARRAY_SIZE' \
-e 'ARRAY_SIZE(.*) *+' \
-e '&.*ARRAY_SIZE' \
| xargs spatch --sp-file ~/src/spatch/array_end.sp --in-place;
How should I proceed with this? Should I send separate patches for each
subtree? Or should I just send the semantic patch and let maintainers
run it? Or should I senda big patch?
Also, I don't know if all of those files are able to use
include/linux/array_size.h. Do tools/ need a separate definition?
Have a lovely day!
Alex
--
<https://www.alejandro-colomar.es>
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists