From patchwork Fri Mar 21 20:40:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 14026033 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 355A6C36000 for ; Fri, 21 Mar 2025 20:41:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9389C280003; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8C151280001; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 73CD5280003; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 55A75280001 for ; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id CD4AA1206D8 for ; Fri, 21 Mar 2025 20:41:11 +0000 (UTC) X-FDA: 83246727942.18.75A30C8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 49FE820009 for ; Fri, 21 Mar 2025 20:41:10 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XavDrsD+; spf=pass (imf03.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742589670; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=J3folGRkEF1ffK9jQtEsrSbomgAy8i/k4I3u34uBOco=; b=FFN9BbfqTk6NXHYrx3j3ldLo6jIX0kd2NMEWJxhblny+dYWACt7SzDNrjQmxCU+eww/7NN UzWtdWB5DYZCAGyCM4qlhuWyNKckyUjGj0SQ3+AgnTGg04cuZVj7T+X2ZMKwoIbDGr2FgQ edoIHA+NcGu/DbTe4IVRIEUK7egJ/h8= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XavDrsD+; spf=pass (imf03.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742589670; a=rsa-sha256; cv=none; b=bJRoKIF7ugJut+Eug/X7G1WSac+JVHJAXBxJMjBIahT0tItdz8ax0hnDI6VySOGzojmvjn SmKLioMz9P9N4uKjPkxfG9z0/N8qPL7HFCJe6NvpkqcAzzo4L50dUsY2xnAqnIkuBqSQ3n FMXORlv24JSD+LrwPFU9LlZXeBI/AX0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 42C445C6EB0; Fri, 21 Mar 2025 20:38:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EAE91C4AF0B; Fri, 21 Mar 2025 20:41:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742589669; bh=M3xcYD/EBXFYH5zdC+1YVFNPZXTHXbETRb7Q0Fqz4VI=; h=From:To:Cc:Subject:Date:From; b=XavDrsD+7tYh4u1Qnj9BpWAgM/K9aoaPjrajpp5QZHhpUbF1UB23McDoxKSvK8gwk 0reVW5WWwoakFdypA/ubBNlr2jw6oK4b1M1/JKcfnGs13zH/k8gDkGpHQ8cItbrSnH EvppQc5cWFEMnBRrsp7LGO2/1sM4YRl3K2/TYalknHDnuMBLygVxVHBwMtJy/NC14a giy90UTXRB5oHBwJ1VB+RP0IfcIoUV8zmP2X3Zkv0D+zYWYY8S5iCRb5rO5vJWZV6B FPQmj/STn4M/h3IyQE9sh173m2zo2H0aY7s6C+RCVRCcP9y/RVFkIEDhtOo3+p9xUl jMFrPlzlfRTVA== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Christoph Lameter , Miguel Ojeda , Nathan Chancellor , Marco Elver , Nick Desaulniers , Przemek Kitszel , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [RFC 0/5] slab: Set freed variables to NULL by default Date: Fri, 21 Mar 2025 13:40:56 -0700 Message-Id: <20250321202620.work.175-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2040; i=kees@kernel.org; h=from:subject:message-id; bh=M3xcYD/EBXFYH5zdC+1YVFNPZXTHXbETRb7Q0Fqz4VI=; b=owGbwMvMwCVmps19z/KJym7G02pJDOl3z91+/y16T5StIrf0xtIb5som8geylT7VBi222G9p2 NZU/b2qo5SFQYyLQVZMkSXIzj3OxeNte7j7XEWYOaxMIEMYuDgFYCLCOxj+6TPOaDtmNyl5rcy9 qw3PnvuzsjRv+BAxYy7zQiXJpdHmXxj+KWTfOXmUZ1JAZfTOwrvJV0WbH2z7VbxNz6IicG3cFZv vTAA= X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 49FE820009 X-Stat-Signature: y15iubzwo3zct68nd15bo1146jxsom4d X-HE-Tag: 1742589670-865456 X-HE-Meta: U2FsdGVkX1/w+4rTC8h0rBbD6qPxx/37kZTN3KXi8Oun+kWakdyWFEks8TCY5CQ0dHVb1aW1ZMl3YLhtP+fMbnEAxozY7zUeKftDdN/fvKz4BPlETr1WiYNlywccO9b6W9i6nlUdA4BndLkui/94tN5Fap6yXaIcrdB5QMao7MlJC1cm+hS6wS5JZAMBx2y9XsUyJoZL62wtMOgNkiEIP1ELyZVtITA7nRNFHy7ZB26GzopdQy7dbHXz/z85pVDsh/2cv43iENu7mZMPZStyYal9XeCCjeJ/bltZsLngbIz5piD8u0LBR6+Hgx8/CdQBSUa2OkGXbd/2jnjjh4YoDmNNCP1fVM1QpwPECBE7W/jBCf6lMC2dxSrx2qwvCRuOjtbGb706s8nB9MfgViFfw8cNnCpdqZb9Pv/u0WtrrPaEtNnIbpFf1mZm4lVIwWzUJwtiKFrLPBQEaDrgXtGN/0mmLXY+9sB7yT81HLo//n6U9L7ESuPjMNqWIBP4Uf+DDvoeBOoa85kKmOWHtL69k3vc2o/BzZZQ06JKgX3lSWHKjBynPpZAbwtRwtJp+/2RvfGQDGTfJdbjvKALkcqCqZsE09v2rjslrM7aREtaDOQO6b4N06wpUnoyyqv0zcZmXdVi2PVJlrJoxnUvq1jMAQvIRXx6TlWLHwPuBWGznC93a+gloG2cvW06aZ1UCA3iKE/EhHorBoX5+KNHn2p7u5OWDq6LF4xPZWXu89SDEp99JlFKbmRSOBLMHzqMcj8Ou8766FC3vavlGl2e7BxHK9fUuSWFPG/Wgo+W4yc4h088oo/aIOQF2QWOPdL3nooVTP5MRx9lL7tjzMIUwrBQ+AlkKrumuwgDvpUS14Qc1qQJYnrKdhJPLtDdNLz7x1Ej4LyX2rmPgtlCaqhGXn4COZ4ia+Nrimt5DK7z7mmQwkjAqZxySO8XDDWhhv/zO/GyS/gN2DX26DKT5H9CNEi uqQcPWBs XTTyXlK0MdLzLHoSez+s+S1CQ9nIbbnGNqEPF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi! This is very much an RFC series, but I wanted to make sure it actually worked before I proposed it. This series seeks to give kfree() the side-effect of assigning NULL to the kfree() argument when possible. This would make a subset of "dangling pointer" flaws turn into NULL derefs instead of Use-After-Free[1]. It effectively turns: kfree(var); into: kfree(var); var = NULL; when "var" is actually addressable. (i.e. not "kfree(get_ptrs())" etc.) It depends on a builtin, __builtin_is_lvalue(), which is not landed in any compiler yet, but I do have it working in a Clang patch[2]. This should be essentially free (pardon the pun), so I think if folks can tolerate a little bit of renaming needed for when kfree is needed as a function and not a macro, it should be good. Please let me know what you think. Thanks! -Kees (Yes, I'm still working on the kmalloc_objs() series, but I needed to take a break from fixing all the allocation corner cases I've found there.) [1] https://github.com/KSPP/linux/issues/87 [2] https://github.com/kees/llvm-project/commits/builtin_is_lvalue/ Kees Cook (5): treewide: Replace kfree() casts with union members treewide: Prepare for kfree() to __kfree() rename compiler_types: Introduce __is_lvalue() slab: Set freed variables to NULL by default [DEBUG] slab: Report number of NULLings arch/mips/alchemy/common/dbdma.c | 2 +- include/linux/compiler_types.h | 10 ++++++++++ include/linux/netlink.h | 1 + include/linux/slab.h | 33 ++++++++++++++++++++++++++++++-- include/net/pkt_cls.h | 5 ++++- io_uring/futex.c | 2 +- io_uring/io_uring.c | 12 ++++++------ kernel/bpf/core.c | 3 ++- mm/slab_common.c | 12 ++++++++---- mm/slub.c | 6 +++--- net/sched/ematch.c | 2 +- net/wireless/nl80211.c | 2 +- 12 files changed, 69 insertions(+), 21 deletions(-)