From patchwork Mon Jul 8 19:18:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13726981 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EA05C3271E for ; Mon, 8 Jul 2024 19:18:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DAF6A6B009D; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D2CA26B00A2; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ABE0F6B00A0; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 793CC6B009D for ; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 2533F1414EA for ; Mon, 8 Jul 2024 19:18:45 +0000 (UTC) X-FDA: 82317547410.30.FE7D010 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id 5D65F2001C for ; Mon, 8 Jul 2024 19:18:42 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qBzSORRQ; spf=pass (imf13.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720466293; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5V+aJfV9/dqK8pFaNzdwTIgoS/R65iSPO9x9GA0MCOw=; b=KTg8pRjQS8fViBDfX46w0RaptLGgRNOSoH7sp6sdqoe6Uf65wEbruMxypc4dJZ5TvhpWCs eFAusLEXadrCVjZrDzlA47nblv/1O8e541GdhkW8SNzCeiLiW5CFbzrTfvZnI+YtJVvHXp xKyGaragfk/p20mhuujMGkRuS5WGLKg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720466293; a=rsa-sha256; cv=none; b=5AV4WgjVokVZ8gjwUG+fE0SLkKd+Kpmrh1Z5RdnNDijCPX7IsQL1IR7tIjsPt1TBQ37tmM paWWXwL0VrTEWrLRrUGLyLhFQAbJwbRHWLox7czbbLoKE1jnxvZukUb4qhc9vYw2p5LLb3 cjteqG239cFIlPLMjhaUVminLaxlakU= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qBzSORRQ; spf=pass (imf13.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 7B0AB61087; Mon, 8 Jul 2024 19:18:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27D04C116B1; Mon, 8 Jul 2024 19:18:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1720466321; bh=O6uIF+RFb01/GkReF4c6yk0p7sEtVWsPKR+FVmZnPi8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qBzSORRQiLiff8Gt65xgdcsif3RTxeKz1s8jxuUpFcPqCg4GXqfeY60Bp5Sr6NDt6 sKm8ByWTr7nsPxBThcQ0eygZzbQTbpCYfSbOQ3Grh1Q1/B0cSm0bFBgb4YLLpLxNZe 7QtTgO0VXe5kn0ThiO9iDjja/Mt4+pBB9FoYcOUN/408klWc7JTeIJuOIfQdJGijVr FUGJlud2dIurrddrGyqjk1TGBu5yxqMJTZzOYpZLVTZRsk0uSbFD9m+4yS9QPJm7JY HbBiA53Tyrm+FS03p4QLenM8NH6KgwCPl/StdCn69LCQuH4t5Q5gwf6Q9ttbnovGPZ o3Ttn6Sviffag== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Nick Desaulniers , Miguel Ojeda , Marco Elver , Nathan Chancellor , Hao Luo , Przemek Kitszel , Jann Horn , Tony Luck , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, "Guilherme G. Piccoli" , Mark Rutland , Jakub Kicinski , Petr Pavlu , Alexander Lobakin , Tony Ambardar , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [RFC][PATCH 1/4] compiler_types: Add integral/pointer type helper macros Date: Mon, 8 Jul 2024 12:18:35 -0700 Message-Id: <20240708191840.335463-1-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240708190924.work.846-kees@kernel.org> References: <20240708190924.work.846-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3006; i=kees@kernel.org; h=from:subject; bh=O6uIF+RFb01/GkReF4c6yk0p7sEtVWsPKR+FVmZnPi8=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmjDuOeb7yBgPyjlDL1Ai4m2QU+GxeSGQAOayAT TMFTIpLqQ+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZow7jgAKCRCJcvTf3G3A JnhED/9Lhq1R3gm7NGEM0GLkbRQxXYQbYhq2A0e8dvTbqL1MASPu1YC5TcrbqV5beglnN39elKy 8h3QpI2J9XUnMTLYTBEg5lDLW+1z+31YXjNB25ZFCc+Ctpj+wcNCSlYnp9ANujR+cahpM0JckAj oOLtGwZ/Mx6+6qGV5Jz/BZPjL9YWUc9zLyp2s257xHqZLXH/84hL1l+i87K67lDi/EQwOTxqNGX /6QC/nozNZtNkJYrkMQpcF8AYxDlf/xCAU/ErY3CYau8FFJT+uWUpT/y/QhZhq0J4v1TWqNeySe MpPzuTkvCGc6XOLP1cu2vGfY5H5zrDvLX8CnGAQM22FrntYKLQ/XKOgULWZeO1Vb5vY9rULYjGL 4yYUDqpg2jeiYVUUyUIoLmMGtnIG+v0PqJiG5wTvdo7rTRjvKaoRyPWEvEX5wnFHyM9NldiATIQ j+cWxEy7WRl9Z3H6FGQv+UR21Ul3jIk1k8a4CQzxIE+uVMJastG3rPktpN8IpvYVJIfCPkljETR ZMhOUoc2JtV/UzFcSMe8G6dUx5ilIAuZmPNPMMYRYNx6XL7XtJGN1VpXifzym299nbhBmaUEHtG xuJ4YXvx0N7aHcyiK46IPzlAJRGalHwAm8hIfmUoBUbdZ1Ak6G0uCvYDOYTiBhB5L79fiI2Z6/y DSP5VB8ZDjqsgZA= = X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Queue-Id: 5D65F2001C X-Stat-Signature: gnbnp3ysxmwkgzpaaigcewwyhumcgthk X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1720466322-198230 X-HE-Meta: U2FsdGVkX18shgDc1gXGuc4tt4s7jLsgUwYbj4wCS9FoFYyuFUnEZU4/IM0Zx6oNEtKUmbpRvZmcctQrLFkU8F5RoEXVBux88NGYtVaCHoto2f9QWTvzpFQqD948SxluQBD8IlOIYtCFmNzYsQv2oOUBw2DwBS7slH0q4eE9fxNIDGvvBttlrMFfhWuGVJWLrrlyIWlKoH0lJT6h7ePdqcGe4X4wgetizIjVsT+sIXe/xA4W2yC/Uh3n1EBCNyJHI0BxlTgJKh2dA1yolYW27w72yrqt3IVFj777jkb4Ujm1RoAysl73heO9q3BxaEvAlvHhekJTRPgjZNH4FBb4pngvOzLYbjLZQJrw80mG3zrJIse7vrIxk8LIo/aEHxLjB9VWWcG1aX/y7UAI3/AVgQc84EGNRR75/kypixmHOtoDX7Td39JkHUxs45tiOaGzQIQAghK6cKzGgoWz6bQSNNdyGjS2M01T5iPUvCg0kRS8uNJPL+kg//lrxVQE2jqEsLnXUGqdnjN+cS2arer22JUYKyIkRZWtpA9lxvyK8HaQiWHlC1KYbujlg449Qp241834h/Jl4Lj5X1kHkKbyvF0S6SnYI5M2vE3uKiEFOvpRJNTgUYdJHYQ6IgPLALomNfz6HLGkOAU4E4A9PHkApfUrL4tAYgsmW/OwUcorNORfner48BPN69SvMU57voZ5Lejw1xX8Y7iPLvX+TAfjCSd/bT11l2dM8mGg277ALat1wnxp1ZiUOwxad/2sU4ovaUBrxZN9jn1xyTvm2J4Ue8Qv+aKTRvwvwrPeBvcsCP6sXzWjHmj8v4echKOvzGXMlysNDH2087vU8q/rfXHKHg8Ured2wX3kHg7tZSjDYPvzOCIk93jorx1SzuTzG6GWsagIcZq0FjS1kcwqMVvXGlUZmUBKXEWSrR/9oNY+bQ++mw1LnROUI1lZvrwASQ+peeQtACVxR5xVr5Angjb TDA7ej4X xzMpvtVKMoJHm6uRUo63USW3id/mM4/iTcPi6Zf7ZOAYuV+eyVnsqwpJxKm9FOCxgzzxy9DvLgCaJzAvqomUV9yjzqtAlEL451chFst++goNrOsZ93nJE4yKHHBzXDTw/2MdCdyAcXh/Nu8Eozj+iXC9FQFNre9UYx/YWemgT9DPd8Yqi1vweiC8p7fLuUMGHipNmPDJkip5VsaIH1CAa962WAgAJh5C4RjR8kCYZaGh9PdZB1l2vqopXq6uqDx//nX9NvHhvslqGJ/JVTW6zQRuFi0gs/41FkYWpS9LrnPIaD4C0Kb18QjzvkdigKRDBWUujX1HrHwY4LPi6MO9cEkAcWLc17iP+Wg8mHtK1KamLm3RVYvTu/zGQ1d9M82mZwCu8s5DK5vlUtAIov+xUFVaZ8Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000109, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Many compiler builtins (e.g. _Generic, __builtin_choose_expr) perform integral vs pointer argument type evaluation on outputs before evaluating the input expression. This means that all outputs must be syntactically valid for all inputs, even if the output would be otherwise filtering the types. For example, this will fail to build: #define handle_int_or_ptr(x) \ _Generic((x), \ int: handle_int(x), \ int *: handle_ptr(x)) ... handle_int_or_ptr(7); error: passing argument 1 of 'handle_ptr' makes pointer from integer without a cast [-Wint-conversion] 108 | handle_int_or_ptr(x); | ^ | | | int To deal with this, provide helpers that force expressions into the desired type, where the mismatched cases are syntactically value, but will never actually happen: #define handle_int_or_ptr(x) \ _Generic((x), \ int: handle_int(__force_integral_expr(x)), \ int *: handle_ptr(__force_ptr_expr(x))) Now handle_int() only ever sees an int, and handle_ptr() only ever sees a pointer, regardless of the input type. Signed-off-by: Kees Cook --- Cc: Nick Desaulniers Cc: Miguel Ojeda Cc: Marco Elver Cc: Nathan Chancellor Cc: Hao Luo Cc: Przemek Kitszel --- include/linux/compiler_types.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index f14c275950b5..7754f3b6a91f 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -450,6 +450,29 @@ struct ftrace_likely_data { /* Are two types/vars the same type (ignoring qualifiers)? */ #define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) +/* Is the variable addressable? */ +#define __is_ptr_or_array(p) \ + (__builtin_classify_type(p) == __builtin_classify_type(NULL)) + +/* Return an array decayed to a pointer. */ +#define __decay(p) \ + (&*__builtin_choose_expr(__is_ptr_or_array(p), p, NULL)) + +/* Report if variable is a pointer type. */ +#define __is_ptr(p) __same_type(p, __decay(p)) + +/* Always produce an integral expression, with specific type/vale fallback. */ +#define ___force_integral_expr(x, type, val) \ + __builtin_choose_expr(!__is_ptr(x), (x), (type)val) +#define __force_integral_expr(x) \ + ___force_integral_expr(x, int, 0) + +/* Always produce a pointer expression, with specific type/value fallback. */ +#define ___force_ptr_expr(x, type, value) \ + __builtin_choose_expr(__is_ptr(x), (x), &(type){ value }) +#define __force_ptr_expr(x) \ + __builtin_choose_expr(__is_ptr(x), (x), NULL) + /* * __unqual_scalar_typeof(x) - Declare an unqualified scalar type, leaving * non-scalar types unchanged. From patchwork Mon Jul 8 19:18:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13726979 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05A4FC3271E for ; Mon, 8 Jul 2024 19:18:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 60CE86B009E; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4FE496B00A1; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 343406B00A0; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 14CA76B009D for ; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B83B7A153C for ; Mon, 8 Jul 2024 19:18:44 +0000 (UTC) X-FDA: 82317547368.11.07BED26 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id BFF441C0027 for ; Mon, 8 Jul 2024 19:18:42 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ut65n4tt; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720466300; a=rsa-sha256; cv=none; b=hDFWtolJmjBMxcGby+doS3DISYy1nqm84774ukCyt4wddz7rFkybVxdvADcr930WDeeqMr o6NCreE2OTc24Zu9USn0oZx9P4UgZ7CVlloXl+HWMLea0/e8AB2g2eg/qBII15xWL0cyG+ OqYuz5R+rSahY5EQDHjbAGwcYQdEYEM= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ut65n4tt; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720466300; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Vs8RFIeEUuAKX9ton37zGp8nOc77+yzF+ZjMttSf9k0=; b=Qv1O1bb/Rto7nJfwMYZCajNNoYOMliz3gw/FS7JHbdGZOFsg1neIICEGXjoqtgjg+HJD1N UlvxcFUmoUEBF0u3NqEYZbLFRZuWEQC/N8qeag/FQVp0CyN/vBW+FuTuG3oO9CuWdi08f2 z6lVBiQwxFwfRq+u7srVolHwU9bwnaM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id F284F610A0; Mon, 8 Jul 2024 19:18:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37087C3277B; Mon, 8 Jul 2024 19:18:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1720466321; bh=uANC145QcD7DtmOmXpWRLhF0n/zqG8SYT4uWyFnv9BY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ut65n4ttGog05ECx2J7Ldhpidc1j6a0Kg5kWfNkx5hEy2XKc4T74clrOBRyrT2GJ2 CSQZtSl9G+pY2KfI2kLVU3EYynPPP960w63i+RsXCwZVSlnAzmExTguHq/jE0knrMM X7Z9+ZkzVzNMI7DgFbeHkR5RLzQVMYQKvka2ssC0ulRh9HdvY14lvLjnROkAPejfqa i3tcAgr/1wTJrgxGXnR+m3TngfcUKH9xaqrqOIC9WSVBimd+A0+lEv7nalw1ELiJ9j PInNsXUs9wMhgis609Ppl5l4djbXdb9B2flDlTDLjDaaETeJ5l72a6Wi1oM6t7XTFM uJMg0bR3VpwEQ== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, Jann Horn , Tony Luck , Nick Desaulniers , Miguel Ojeda , Marco Elver , Nathan Chancellor , Hao Luo , Przemek Kitszel , "Guilherme G. Piccoli" , Mark Rutland , Jakub Kicinski , Petr Pavlu , Alexander Lobakin , Tony Ambardar , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [RFC][PATCH 2/4] slab: Detect negative size values and saturate Date: Mon, 8 Jul 2024 12:18:36 -0700 Message-Id: <20240708191840.335463-2-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240708190924.work.846-kees@kernel.org> References: <20240708190924.work.846-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2917; i=kees@kernel.org; h=from:subject; bh=uANC145QcD7DtmOmXpWRLhF0n/zqG8SYT4uWyFnv9BY=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmjDuONss2HaGaoXnvMw6YATx2x2Smf4BEOjQW7 uHB+UwHbbiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZow7jgAKCRCJcvTf3G3A JpNWEACsSqZxKHvZ7EzYarhtHgRtezUJVoSb5d0p/QDZ1pIlQRudtH/v5C446CA6MwZGgOnK+Fe gvW+lh4/Nse3mJwCt6zIp5Hmszca534ybfPGJ1f2lmqP8WC187ToIlZ18g1VuZi1YMdWUbgVHmz 1v+MGEZd7jTPa3dxhAhy0jdXamCYtyf2x3vXuPOUCtpvg5KBn1xYEQgOyOC+uD6xJumWNebym1m 23l2UgNPi43g5bg1ji+gjrMcSpiCU9vKIRqD14K/m9xaYJinwUbaJDri8UWItePlAe3/TimtaZa 9sGERC9xqNHHzmBo009EyLRyvkp635+FCCSpy1kAJVE72UTuh6v0wY6373ZpVGkeAfrAbnyrOji teF56Y//AEWe+GeeIaz+3p8pW73CyBuYf+PS0R47/zvCdzB7K5GhsvRGpEZin1Iv0BS2F9Z3dz2 XloogfHgtO+Z6ayNcm0tRMZ4napyGwOq+VUlCx15GM0Kont3N+v5gx8BJaTOIV8cvey81K3F0OE vuJtxGTSwjOjw0269OcMQHdZOQAYYZUIOjumwVkN6OnG3N8PPiiEGx/dB4ROz71ZMz+N+lqXHIb zpT7z7g4b8mnD3XnkBb9Dp+HSiqVQ747eJjuHjVjIzJ1RVf0+bMXUJwXSrHysPt7GWU7z1zaOb4 k+QYgVvnbVehHqA= = X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Queue-Id: BFF441C0027 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 5crm9k9wyenpfiqqqhxznxynnnxo1gu5 X-HE-Tag: 1720466322-654412 X-HE-Meta: U2FsdGVkX1/bQvNcidw0ullquW26wWsa4WO0e3Jog7DaTRQs05Opw+B6y1KAZIPybMo+pK+FSb8IV8Z4/urHN684qP/fY3LQzlZQSvXZApHjvm9F6IOkpUNxe2cCpmdogcqc0jCxOyVzlGUTh5nNo+iwFHs4XQgSayfPfi4MMonHZbZn0O1PqyDuPFVQOz044Nro/rWnhSiGxivzakLwv+jefOIHjpnL+EwvbzaDiOm/SThlDMJU6W3gkKVJCuJo/9tgcnNw2CnDmPcuroCrH4GKYebBHR4oGPa0m2EyVJZj4XzK2w//ZlCaIsDlVoBzyGIqcA551uLghCyvsrxR9UaVZlI47phc7jvkVN2TSDoBsDLp5QktBePEqHLtl6MzQPXcJLgyDyWR28jHXEmTBc8lbK4CA5Xn2D8RLl4Z0bh04DTsR4wGHx8mIEtefIUTD1KDcG/ZX7dh60CLrDFkPrGZLNU1X4NOiyUcuwmeL7TtSiBIuJhytDBlH1T0rpdn/WxS+7AZAexaogxHaX8Pq285N8pTJpv5VZ2B5gBVSuQsjnAENBCeN2kK/YD14mqAudKHgggo5SnBThmMM6XB6yAMkP9tg5Ico246RPFOMnkNVodICGf6b7I1UH+FvMUZhH3MyRDeYvNAR1u4K7VvcVKzNtRYS0/6ykQSJWyhMV0nQmluOi6vHGU3V6FaMtg8EuQO58ajqvT1mKPogGfGEmsFopTFlUrU0dPXJ7biM1clj+YAigvjwalDjrhiLrRZXssr3872J6ypSIFxrUIqbIiiYUJsMj360bK/3PZPaSSsURhNF/Zdec8B0joZ6vwAEr76J9P8ypx3lOUhsoa9v4c3QcKH1Z2r3ftcgjBL3PuPzmnC6dno5LepoVz3FgzVa4hQ9k5KdNPyWVHv7vijZfE1xcdqRFdIN0b00Xx0ImDIsaAugOBSnBP8sAw9dDg3Rfvm1vbIXyzt/GAfFHr Li3HUvtm YBYNmDdCARCuqz7SEcX2rurUjZyqyAirpArnccQ1IE48CafxYeZPuLulF7VQlZ8n27pL/8r9SKJpCZPtmzjthNWBmH80d3wE3bAEgRt4ufrNRYV8lPrs+6N6iYp/9hOr+x8qZm41FfkHy9iwBKa0/fD/r7QIEizNUKGVTed5MxGtrs99fMVZDaI1Vk32nWZlBpAujJJjDO6QOfpaNcyA/Lgsnxvje1otm7WwQE6VJBLPJWUHKeaJgKF2h3X5lzlpy3cBrPF21YJTy6JoVASH6/CHUmOyOQ0OA5w6L4UZLhxMPWchi1HOSnkZ3lzONf3rxCrScWSEImxEJYDNgnIk7tOhH/3tt4Yd1PQFriL6RrQMc62c92YB36QAb3ooCB+BoQeC0PYtSMQ/ZfAOw0mMNPd85AAHlk/ok1Fjxfvr8xQhMqDPkvB/Bt8XcbbJ4+JdUZbDIE5tgKCuAlwGk8f/qkGUFNjQAQNSTQtmwmTHjp6zCBvp33Y4CQEBKGjm4dODRc4sS1zdP2lpp2w//k3aIJOvxSqLLJP2n9NNHrX4eENuTJ2Xuurv3YVsbYO2nI5H52tRHE+vrcIYrejfzj0zVuynHmg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The allocator will already reject giant sizes seen from negative size arguments, so this commit mainly services as an example for initial type-based filtering. The size argument is checked for negative values in signed arguments, saturating any if found instead of passing them on. For example, now the size is checked: Before: /* %rdi unchecked */ 1eb: be c0 0c 00 00 mov $0xcc0,%esi 1f0: e8 00 00 00 00 call 1f5 1f1: R_X86_64_PLT32 __kmalloc_noprof-0x4 After: 6d0: 48 63 c7 movslq %edi,%rax 6d3: 85 ff test %edi,%edi 6d5: be c0 0c 00 00 mov $0xcc0,%esi 6da: 48 c7 c2 ff ff ff ff mov $0xffffffffffffffff,%rdx 6e1: 48 0f 49 d0 cmovns %rax,%rdx 6e5: 48 89 d7 mov %rdx,%rdi 6e8: e8 00 00 00 00 call 6ed 6e9: R_X86_64_PLT32 __kmalloc_noprof-0x4 Signed-off-by: Kees Cook --- Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Vlastimil Babka Cc: Roman Gushchin Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: linux-mm@kvack.org --- include/linux/slab.h | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index d99afce36098..7353756cbec6 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -684,7 +684,24 @@ static __always_inline __alloc_size(1) void *kmalloc_noprof(size_t size, gfp_t f } return __kmalloc_noprof(size, flags); } -#define kmalloc(...) alloc_hooks(kmalloc_noprof(__VA_ARGS__)) +#define kmalloc_sized(...) alloc_hooks(kmalloc_noprof(__VA_ARGS__)) + +#define __size_force_positive(x) \ + ({ \ + typeof(__force_integral_expr(x)) __forced_val = \ + __force_integral_expr(x); \ + __forced_val < 0 ? SIZE_MAX : __forced_val; \ + }) + +#define kmalloc(p, gfp) _Generic((p), \ + unsigned char: kmalloc_sized(__force_integral_expr(p), gfp), \ + unsigned short: kmalloc_sized(__force_integral_expr(p), gfp), \ + unsigned int: kmalloc_sized(__force_integral_expr(p), gfp), \ + unsigned long: kmalloc_sized(__force_integral_expr(p), gfp), \ + signed char: kmalloc_sized(__size_force_positive(p), gfp), \ + signed short: kmalloc_sized(__size_force_positive(p), gfp), \ + signed int: kmalloc_sized(__size_force_positive(p), gfp), \ + signed long: kmalloc_sized(__size_force_positive(p), gfp)) #define kmem_buckets_alloc(_b, _size, _flags) \ alloc_hooks(__kmalloc_node_noprof(PASS_BUCKET_PARAMS(_size, _b), _flags, NUMA_NO_NODE)) From patchwork Mon Jul 8 19:18:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13726980 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F970C3DA41 for ; Mon, 8 Jul 2024 19:18:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AC0AB6B00A3; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A4A596B00A1; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 764BB6B00A2; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 420C66B009D for ; Mon, 8 Jul 2024 15:18:45 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id EF770A13F7 for ; Mon, 8 Jul 2024 19:18:44 +0000 (UTC) X-FDA: 82317547368.17.F947CAC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf18.hostedemail.com (Postfix) with ESMTP id 278531C0002 for ; Mon, 8 Jul 2024 19:18:42 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gfAubh4v; spf=pass (imf18.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720466300; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=g29uBA4Aihr80hlQRZhk1dGMqRUfvnyJOm71zecTvqA=; b=1w7++avKG73luwdMzt4EV6e3XxsB53gY/Dj/AzxfgkKfR4kF4uJ7qlaiMib9QZBs/TcBhO dSrmhQkjmKCNZMv51CVDO6m+KVkDTRQ2jr4Z4Oe3amLF1rcrDZJbDAzy/fURzo+1TYRHbY 6jS/UYkHi1joDWSt4jw4sz5gel2nHzA= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gfAubh4v; spf=pass (imf18.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720466300; a=rsa-sha256; cv=none; b=dOUl3CCSiW7RN5o+wjWqWWzsFlsPMuRwVdzIRn/aPLcNaEoYBZ19/4hBr+d3H5FeXZqFpW X1JQSseblJfbYKC+hEby8mbl0cTtpVSYYDpxuwIi/QKtJuHsOB1rMTKVixRkmBQtT/vhbx SEOULHd75+X8EWUIv1PW8BtAdfgZVwY= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3C02E6110F; Mon, 8 Jul 2024 19:18:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4DAEDC4AF17; Mon, 8 Jul 2024 19:18:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1720466321; bh=fvRlIwowaF9/LBzfEGVnkRN2BeFqeZ8hAGZLXhTB0Rk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gfAubh4vdFbZlhDJOkduJGAqtq4TRKB8ZZxx7chKka/17RGOfga2LdRJPnigStdgh aqSD1mvdHlQqjsXnKH0lMRKL1O1re3Jhnol8lNR9YLyzZVXbE9NQ5kLZ4X37DQh8F/ KosUIK5QKo63xy9213Pq1FOZ+SC+Qfs3Sy/iuSNU6Z8PopCvsGEpAtAH1WR0a2BLpF lEbEReGdJ2aai8mgey5MSf1XlyKHHsduE7kPsOj72eUSM3y7eHfzeyH9IYY0KFrlIJ rIdfaUlYSw+WMXmtO5GNJ6LQ+NCAygm3NHCFbKChlkh+papvqh+3tTjcKNHL4NfAkr 1o0EbCNw6xKYQ== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Tony Luck , "Guilherme G. Piccoli" , linux-hardening@vger.kernel.org, Jann Horn , Nick Desaulniers , Miguel Ojeda , Marco Elver , Nathan Chancellor , Hao Luo , Przemek Kitszel , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Mark Rutland , Jakub Kicinski , Petr Pavlu , Alexander Lobakin , Tony Ambardar , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: [RFC][PATCH 4/4] pstore: Replace classic kmalloc code pattern with typed argument Date: Mon, 8 Jul 2024 12:18:38 -0700 Message-Id: <20240708191840.335463-4-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240708190924.work.846-kees@kernel.org> References: <20240708190924.work.846-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3200; i=kees@kernel.org; h=from:subject; bh=fvRlIwowaF9/LBzfEGVnkRN2BeFqeZ8hAGZLXhTB0Rk=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmjDuOIMJSOfezmI7F7aWAtc3Jd3uJ1pxI/qwE2 X/jjfpapACJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZow7jgAKCRCJcvTf3G3A Ju/pD/9jE2sUjkU0LDQMn2KwGX2yZsbWJ5NO7+g3aGS+vs2V//QT/bnGfFzfd1De6giGp0M2kHm P0ODwqfZv69aT5o0x9p7Hb393ZH1Bbq/3ATW79p6VHI85Blp6qLckXX9HkdcdAMCBsQo2Xuj7Wd IX634YZ1O8v+G8u7LZvqYndpeVOeCa9oPw9S5XCCHQ0xv+ViQ8cip0Bk/ctV/zeEyHX0eWjGtJF 8dcGd2uslfUqdLlyHhJFrHJxQx1MsSOKWygJ5m0lnD25WD5V7jmoRJBW6O05+R1rrRnXDYbSKPm rdnkT0OnLjJQQq9sLSBIlqYDGE4Df9H9H2L+atoDC/NXyB0T7ovyJUomc1xqB8SwuV0MpGF+YYv Z5U8TN5M4I0yojNTfsQXnLl3xNbIKvL2/3YWgUIBgNKiAMF+PW7OhsAOf7DffaT/Rrt2lEPCkRN R3mwvksK9PqYinrloTlRfVGth1VEUmAwk1HJP7AsLvierItqfSxtTMjFQOipLcrZOJM2fZ8KXQH oQS0dWvgNmyT70TKWTtW4mevrcJg7FBIinAI4QUch3X/b8ZrnBTlTVaNwHLjZusj/a/2VU+TjY+ dy6GwLfOgm71EQqo+Pt/X9+FaWC2Q6mNvKmpnxFYR6DvBelFg+qFu3/7iz7wLW4yyXq58WazK1N 26/45pC7RBdRDmQ= = X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Stat-Signature: dib3dn1xhe83yg9n8kmbaz9itwujuxz3 X-Rspam-User: X-Rspamd-Queue-Id: 278531C0002 X-Rspamd-Server: rspam02 X-HE-Tag: 1720466322-773431 X-HE-Meta: U2FsdGVkX1/rRASAHEM8Rj1nNxeEnwrc9jMA31MYfIJLhj7NEsbkRajFlKYc8J7Mx2aBLMlAgmaV3m5QgaOyLKWC5hno0xw4H0gPXu48HuXJGwEosVPcQaY7E3nawvDsH6+Y+mXbZ1ITqrdblKjRvcRVVoNLdqXI0MvFe3VFciTpgoTJwYVnqY/Vmy/L6xa+gBjjaWRk3cjSwKzVyec5O+N4aULrAor7qpikZhFHF8lg+X7c0AHgZNxfPL6acwWgEd8Ja9137TX3me/UyVJkHlG7Zyd9Cuw4b7FC0nzpTeMn6ytqoDJV8tl5cUhA5yiNvvdxEt0g0BzDUhvZas4rhglKqjti7o5YvFEGpi5vz0YS02xEOBYSxr+CDwx2AW4SHKaO0Cwi2v22Tl5aKMnjbwheea4v061NYj9z4NuDn5SO455MubRUbT2+ShOM0SUKijhZgR1nz7C9cUJeLAR88s6cz7O1q5jLPyUQNsR/ae6jnR6oidN9dfRv8O4kxZzOQKyZgZ3GvXCbtCRAOm2aaXDx0cxltAqIj+023YNHDwhq4J5u19AidvSFNxf9nNEpu4vY8LDQvkNgtMUtZXvy25mz6fpJidajczIUMVhvisKiUroAdD8VSUOb7SCA7BKl0uoJYab7g7zDE6cuheR2vERamHuzAIxxXBu8Yvifyv8fijnCjI7M2Lfc85QNn5zjMWUIh8gJ6bZ+6qjyzNT+JRBTFdZ5pK4TReHOd9XzR5k5cv74Rh4GADRConGmaWnrrZk+OgqwRjb2tRk1UqV5SUwHkZJBdHljBzcffoxMIAtL23u8QFdmKATygzL5Ktj/LVZjEWiNqyo/dks+uWq5Ml2+4IKkMaeFFCbSTe+s/Nqwhh0P19vb46X7WMhKQhzBZIEMgDwozubcBo8UxSQtqBtJP0UA3UeVIUP8hnbtcB26sOp9LEhTAnk6S09bt6DwOny5PX190pIZ6z5yIA1 VIX7TZUW qUilqiHVLxRhidPO4x/RjDTFc+v8573/3AmL7MuHA7qDJIVKvsr4/NuGzyU0aYp8+eLLeVXyMrivCJkB0Hu388GB0sXVPUEocY+SGogHd9q7De8PU/69KcrzCY37a5VgTJHn6l/SnxYS5TD86uCOKp6rLgloN1PIUvX5P+8MZknrwmkXU94ugmLQL4fQ7IdLlLp2s/5IX6VOF1Lf9qQk/KVpmWVJeJ9FP0q7y0WKWP6c+SBlfqJ7Hs/U4TuFq0QvxxbRrjZpj6gU7sl53FxaX62qqCEst+8nXXvVWXx5rJS3k3mCQv7WAdTcHPbDy1wM22rRc/FM5IPFdXnBiRYIWAXIyqj+xPWkpO1QQQzC4/aMG0yIfR0o78y/l3abQMeBVdjCIOvZL4WvBbYc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Using a short Coccinelle script, it is possible to replace the classic kmalloc code patterns with the typed information: @alloc@ type TYPE; TYPE *P; expression GFP; identifier ALLOC =~ "k[mz]alloc"; @@ P = ALLOC( - \(sizeof(*P)\|sizeof(TYPE)\), GFP) + P, GFP) Show this just for kmalloc/kzalloc usage in fs/pstore as an example. Doing this for all allocator calls in the kernel touches much more: 11941 files changed, 22459 insertions(+), 22345 deletions(-) And obviously requires some more wrappers for kv*alloc, devm_*alloc, etc. Signed-off-by: Kees Cook --- Cc: Tony Luck Cc: "Guilherme G. Piccoli" Cc: linux-hardening@vger.kernel.org --- fs/pstore/blk.c | 2 +- fs/pstore/platform.c | 2 +- fs/pstore/ram.c | 3 +-- fs/pstore/ram_core.c | 2 +- fs/pstore/zone.c | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/fs/pstore/blk.c b/fs/pstore/blk.c index de8cf5d75f34..7bb9cacb380f 100644 --- a/fs/pstore/blk.c +++ b/fs/pstore/blk.c @@ -297,7 +297,7 @@ static int __init __best_effort_init(void) return -EINVAL; } - best_effort_dev = kzalloc(sizeof(*best_effort_dev), GFP_KERNEL); + best_effort_dev = kzalloc(best_effort_dev, GFP_KERNEL); if (!best_effort_dev) return -ENOMEM; diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c index 03425928d2fb..4e527c3ea530 100644 --- a/fs/pstore/platform.c +++ b/fs/pstore/platform.c @@ -682,7 +682,7 @@ void pstore_get_backend_records(struct pstore_info *psi, struct pstore_record *record; int rc; - record = kzalloc(sizeof(*record), GFP_KERNEL); + record = kzalloc(record, GFP_KERNEL); if (!record) { pr_err("out of memory creating record\n"); break; diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c index b1a455f42e93..a0665a98b135 100644 --- a/fs/pstore/ram.c +++ b/fs/pstore/ram.c @@ -228,8 +228,7 @@ static ssize_t ramoops_pstore_read(struct pstore_record *record) */ struct persistent_ram_zone *tmp_prz, *prz_next; - tmp_prz = kzalloc(sizeof(struct persistent_ram_zone), - GFP_KERNEL); + tmp_prz = kzalloc(tmp_prz, GFP_KERNEL); if (!tmp_prz) return -ENOMEM; prz = tmp_prz; diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c index f1848cdd6d34..01ddf1be6c3a 100644 --- a/fs/pstore/ram_core.c +++ b/fs/pstore/ram_core.c @@ -588,7 +588,7 @@ struct persistent_ram_zone *persistent_ram_new(phys_addr_t start, size_t size, struct persistent_ram_zone *prz; int ret = -ENOMEM; - prz = kzalloc(sizeof(struct persistent_ram_zone), GFP_KERNEL); + prz = kzalloc(prz, GFP_KERNEL); if (!prz) { pr_err("failed to allocate persistent ram zone\n"); goto err; diff --git a/fs/pstore/zone.c b/fs/pstore/zone.c index 694db616663f..8df890bb4db9 100644 --- a/fs/pstore/zone.c +++ b/fs/pstore/zone.c @@ -1165,7 +1165,7 @@ static struct pstore_zone *psz_init_zone(enum pstore_type_id type, return ERR_PTR(-ENOMEM); } - zone = kzalloc(sizeof(struct pstore_zone), GFP_KERNEL); + zone = kzalloc(zone, GFP_KERNEL); if (!zone) return ERR_PTR(-ENOMEM);