[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bc2efc31d25e4f42a98f0a5d7a8ad88a@AcuMS.aculab.com>
Date: Wed, 4 May 2022 16:08:15 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Kees Cook' <keescook@...omium.org>,
Johannes Berg <johannes@...solutions.net>
CC: "Gustavo A . R . Silva" <gustavoars@...nel.org>,
Keith Packard <keithp@...thp.com>,
Francis Laniel <laniel_francis@...vacyrequired.com>,
Daniel Axtens <dja@...ens.net>,
Dan Williams <dan.j.williams@...el.com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
Guenter Roeck <linux@...ck-us.net>,
Daniel Vetter <daniel.vetter@...ll.ch>,
Tadeusz Struk <tadeusz.struk@...aro.org>,
Alexei Starovoitov <ast@...nel.org>,
"alsa-devel@...a-project.org" <alsa-devel@...a-project.org>,
Al Viro <viro@...iv.linux.org.uk>,
Andrew Gabbasov <andrew_gabbasov@...tor.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Gross <agross@...nel.org>,
Andy Lavr <andy.lavr@...il.com>,
Arend van Spriel <aspriel@...il.com>,
"Baowen Zheng" <baowen.zheng@...igine.com>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Bradley Grove <linuxdrivers@...otech.com>,
"brcm80211-dev-list.pdl@...adcom.com"
<brcm80211-dev-list.pdl@...adcom.com>,
Christian Brauner <brauner@...nel.org>,
Christian Göttsche <cgzones@...glemail.com>,
Christian Lamparter <chunkeey@...glemail.com>,
Chris Zankel <chris@...kel.net>,
Cong Wang <cong.wang@...edance.com>,
"David Gow" <davidgow@...gle.com>,
David Howells <dhowells@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Dennis Dalessandro <dennis.dalessandro@...nelisnetworks.com>,
"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
Dexuan Cui <decui@...rosoft.com>,
"Dmitry Kasatkin" <dmitry.kasatkin@...il.com>,
Eli Cohen <elic@...dia.com>,
"Eric Dumazet" <edumazet@...gle.com>,
Eric Paris <eparis@...isplace.org>,
"Eugeniu Rosca" <erosca@...adit-jv.com>,
Felipe Balbi <balbi@...nel.org>,
Frank Rowand <frowand.list@...il.com>,
Franky Lin <franky.lin@...adcom.com>,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
Gregory Greenman <gregory.greenman@...el.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
"Hante Meuleman" <hante.meuleman@...adcom.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Hulk Robot <hulkci@...wei.com>,
Jakub Kicinski <kuba@...nel.org>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
James Morris <jmorris@...ei.org>,
Jarkko Sakkinen <jarkko@...nel.org>,
Jaroslav Kysela <perex@...ex.cz>,
Jason Gunthorpe <jgg@...pe.ca>, Jens Axboe <axboe@...nel.dk>,
Johan Hedberg <johan.hedberg@...il.com>,
John Keeping <john@...anate.com>,
Juergen Gross <jgross@...e.com>, Kalle Valo <kvalo@...nel.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"kunit-dev@...glegroups.com" <kunit-dev@...glegroups.com>,
Kuniyuki Iwashima <kuniyu@...zon.co.jp>,
"K. Y. Srinivasan" <kys@...rosoft.com>,
"Lars-Peter Clausen" <lars@...afoo.de>,
Lee Jones <lee.jones@...aro.org>,
Leon Romanovsky <leon@...nel.org>,
Liam Girdwood <lgirdwood@...il.com>,
"linux1394-devel@...ts.sourceforge.net"
<linux1394-devel@...ts.sourceforge.net>,
"linux-afs@...ts.infradead.org" <linux-afs@...ts.infradead.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-arm-msm@...r.kernel.org" <linux-arm-msm@...r.kernel.org>,
"linux-bluetooth@...r.kernel.org" <linux-bluetooth@...r.kernel.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
"linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
"linux-xtensa@...ux-xtensa.org" <linux-xtensa@...ux-xtensa.org>,
"llvm@...ts.linux.dev" <llvm@...ts.linux.dev>,
Loic Poulain <loic.poulain@...aro.org>,
Louis Peens <louis.peens@...igine.com>,
Luca Coelho <luciano.coelho@...el.com>,
"Luiz Augusto von Dentz" <luiz.dentz@...il.com>,
Marc Dionne <marc.dionne@...istor.com>,
Marcel Holtmann <marcel@...tmann.org>,
Mark Brown <broonie@...nel.org>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
"Max Filippov" <jcmvbkbc@...il.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
Muchun Song <songmuchun@...edance.com>,
Nathan Chancellor <nathan@...nel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nuno Sá <nuno.sa@...log.com>,
Paolo Abeni <pabeni@...hat.com>,
Paul Moore <paul@...l-moore.com>,
"Rich Felker" <dalias@...ifal.cx>,
Rob Herring <robh+dt@...nel.org>,
Russell King <linux@...linux.org.uk>,
"selinux@...r.kernel.org" <selinux@...r.kernel.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
"SHA-cyfmac-dev-list@...ineon.com" <SHA-cyfmac-dev-list@...ineon.com>,
Simon Horman <simon.horman@...igine.com>,
Stefano Stabellini <sstabellini@...nel.org>,
Stefan Richter <stefanr@...6.in-berlin.de>,
Steffen Klassert <steffen.klassert@...unet.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Takashi Iwai <tiwai@...e.com>, Tom Rix <trix@...hat.com>,
Udipto Goswami <quic_ugoswami@...cinc.com>,
"wcn36xx@...ts.infradead.org" <wcn36xx@...ts.infradead.org>,
Wei Liu <wei.liu@...nel.org>,
"xen-devel@...ts.xenproject.org" <xen-devel@...ts.xenproject.org>,
Xiu Jianfeng <xiujianfeng@...wei.com>,
"Yang Yingliang" <yangyingliang@...wei.com>
Subject: RE: [PATCH 02/32] Introduce flexible array struct memcpy() helpers
From: Kees Cook
> Sent: 04 May 2022 16:38
...
> > > struct something *instance = NULL;
> > > int rc;
> > >
> > > rc = mem_to_flex_dup(&instance, byte_array, count, GFP_KERNEL);
> > > if (rc)
> > > return rc;
> >
> > This seems rather awkward, having to set it to NULL, then checking rc
> > (and possibly needing a separate variable for it), etc.
>
> I think the errno return is completely required. I had an earlier version
> of this that was much more like a drop-in replacement for memcpy that
> would just truncate or panic, and when I had it all together, I could
> just imagine hearing Linus telling me to start over because it was unsafe
> (truncation may be just as bad as overflow) and disruptive ("never BUG"),
> and that it should be recoverable. So, I rewrote it all to return a
> __must_check errno.
>
> Requiring instance to be NULL is debatable, but I feel pretty strongly
> about it because it does handle a class of mistakes (resource leaks),
> and it's not much of a burden to require a known-good starting state.
Why not make it look like malloc() since it seems to be malloc().
That gives a much better calling convention.
Passing pointers and integers by reference can generate horrid code.
(Mostly because it stops the compiler keeping values in registers.)
If you want the type information inside the 'function'
use a #define so that the use is:
mem_to_flex_dup(instance, byte_array, count, GFP_KERNEL);
if (!instance)
return ...
(or use ERR_PTR() etc).
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists