lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bc2efc31d25e4f42a98f0a5d7a8ad88a@AcuMS.aculab.com>
Date:   Wed, 4 May 2022 16:08:15 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Kees Cook' <keescook@...omium.org>,
        Johannes Berg <johannes@...solutions.net>
CC:     "Gustavo A . R . Silva" <gustavoars@...nel.org>,
        Keith Packard <keithp@...thp.com>,
        Francis Laniel <laniel_francis@...vacyrequired.com>,
        Daniel Axtens <dja@...ens.net>,
        Dan Williams <dan.j.williams@...el.com>,
        Vincenzo Frascino <vincenzo.frascino@....com>,
        Guenter Roeck <linux@...ck-us.net>,
        Daniel Vetter <daniel.vetter@...ll.ch>,
        Tadeusz Struk <tadeusz.struk@...aro.org>,
        Alexei Starovoitov <ast@...nel.org>,
        "alsa-devel@...a-project.org" <alsa-devel@...a-project.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Andrew Gabbasov <andrew_gabbasov@...tor.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andy Gross <agross@...nel.org>,
        Andy Lavr <andy.lavr@...il.com>,
        Arend van Spriel <aspriel@...il.com>,
        "Baowen Zheng" <baowen.zheng@...igine.com>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Bradley Grove <linuxdrivers@...otech.com>,
        "brcm80211-dev-list.pdl@...adcom.com" 
        <brcm80211-dev-list.pdl@...adcom.com>,
        Christian Brauner <brauner@...nel.org>,
        Christian Göttsche <cgzones@...glemail.com>,
        Christian Lamparter <chunkeey@...glemail.com>,
        Chris Zankel <chris@...kel.net>,
        Cong Wang <cong.wang@...edance.com>,
        "David Gow" <davidgow@...gle.com>,
        David Howells <dhowells@...hat.com>,
        "David S. Miller" <davem@...emloft.net>,
        Dennis Dalessandro <dennis.dalessandro@...nelisnetworks.com>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        Dexuan Cui <decui@...rosoft.com>,
        "Dmitry Kasatkin" <dmitry.kasatkin@...il.com>,
        Eli Cohen <elic@...dia.com>,
        "Eric Dumazet" <edumazet@...gle.com>,
        Eric Paris <eparis@...isplace.org>,
        "Eugeniu Rosca" <erosca@...adit-jv.com>,
        Felipe Balbi <balbi@...nel.org>,
        Frank Rowand <frowand.list@...il.com>,
        Franky Lin <franky.lin@...adcom.com>,
        "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
        Gregory Greenman <gregory.greenman@...el.com>,
        Haiyang Zhang <haiyangz@...rosoft.com>,
        "Hante Meuleman" <hante.meuleman@...adcom.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Hulk Robot <hulkci@...wei.com>,
        Jakub Kicinski <kuba@...nel.org>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        James Morris <jmorris@...ei.org>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        Jaroslav Kysela <perex@...ex.cz>,
        Jason Gunthorpe <jgg@...pe.ca>, Jens Axboe <axboe@...nel.dk>,
        Johan Hedberg <johan.hedberg@...il.com>,
        John Keeping <john@...anate.com>,
        Juergen Gross <jgross@...e.com>, Kalle Valo <kvalo@...nel.org>,
        "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
        "kunit-dev@...glegroups.com" <kunit-dev@...glegroups.com>,
        Kuniyuki Iwashima <kuniyu@...zon.co.jp>,
        "K. Y. Srinivasan" <kys@...rosoft.com>,
        "Lars-Peter Clausen" <lars@...afoo.de>,
        Lee Jones <lee.jones@...aro.org>,
        Leon Romanovsky <leon@...nel.org>,
        Liam Girdwood <lgirdwood@...il.com>,
        "linux1394-devel@...ts.sourceforge.net" 
        <linux1394-devel@...ts.sourceforge.net>,
        "linux-afs@...ts.infradead.org" <linux-afs@...ts.infradead.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-arm-msm@...r.kernel.org" <linux-arm-msm@...r.kernel.org>,
        "linux-bluetooth@...r.kernel.org" <linux-bluetooth@...r.kernel.org>,
        "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
        "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
        "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "linux-xtensa@...ux-xtensa.org" <linux-xtensa@...ux-xtensa.org>,
        "llvm@...ts.linux.dev" <llvm@...ts.linux.dev>,
        Loic Poulain <loic.poulain@...aro.org>,
        Louis Peens <louis.peens@...igine.com>,
        Luca Coelho <luciano.coelho@...el.com>,
        "Luiz Augusto von Dentz" <luiz.dentz@...il.com>,
        Marc Dionne <marc.dionne@...istor.com>,
        Marcel Holtmann <marcel@...tmann.org>,
        Mark Brown <broonie@...nel.org>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        "Max Filippov" <jcmvbkbc@...il.com>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Muchun Song <songmuchun@...edance.com>,
        Nathan Chancellor <nathan@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nuno Sá <nuno.sa@...log.com>,
        Paolo Abeni <pabeni@...hat.com>,
        Paul Moore <paul@...l-moore.com>,
        "Rich Felker" <dalias@...ifal.cx>,
        Rob Herring <robh+dt@...nel.org>,
        Russell King <linux@...linux.org.uk>,
        "selinux@...r.kernel.org" <selinux@...r.kernel.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        "SHA-cyfmac-dev-list@...ineon.com" <SHA-cyfmac-dev-list@...ineon.com>,
        Simon Horman <simon.horman@...igine.com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        Stefan Richter <stefanr@...6.in-berlin.de>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        Stephen Hemminger <sthemmin@...rosoft.com>,
        Stephen Smalley <stephen.smalley.work@...il.com>,
        Takashi Iwai <tiwai@...e.com>, Tom Rix <trix@...hat.com>,
        Udipto Goswami <quic_ugoswami@...cinc.com>,
        "wcn36xx@...ts.infradead.org" <wcn36xx@...ts.infradead.org>,
        Wei Liu <wei.liu@...nel.org>,
        "xen-devel@...ts.xenproject.org" <xen-devel@...ts.xenproject.org>,
        Xiu Jianfeng <xiujianfeng@...wei.com>,
        "Yang Yingliang" <yangyingliang@...wei.com>
Subject: RE: [PATCH 02/32] Introduce flexible array struct memcpy() helpers

From: Kees Cook
> Sent: 04 May 2022 16:38
...
> > >     struct something *instance = NULL;
> > >     int rc;
> > >
> > >     rc = mem_to_flex_dup(&instance, byte_array, count, GFP_KERNEL);
> > >     if (rc)
> > >         return rc;
> >
> > This seems rather awkward, having to set it to NULL, then checking rc
> > (and possibly needing a separate variable for it), etc.
> 
> I think the errno return is completely required. I had an earlier version
> of this that was much more like a drop-in replacement for memcpy that
> would just truncate or panic, and when I had it all together, I could
> just imagine hearing Linus telling me to start over because it was unsafe
> (truncation may be just as bad as overflow) and disruptive ("never BUG"),
> and that it should be recoverable. So, I rewrote it all to return a
> __must_check errno.
> 
> Requiring instance to be NULL is debatable, but I feel pretty strongly
> about it because it does handle a class of mistakes (resource leaks),
> and it's not much of a burden to require a known-good starting state.

Why not make it look like malloc() since it seems to be malloc().
That gives a much better calling convention.
Passing pointers and integers by reference can generate horrid code.
(Mostly because it stops the compiler keeping values in registers.)

If you want the type information inside the 'function'
use a #define so that the use is:

	mem_to_flex_dup(instance, byte_array, count, GFP_KERNEL);
	if (!instance)
		return ...
(or use ERR_PTR() etc).

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ