From patchwork Fri Mar 21 20:40:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 14026038 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31039C36000 for ; Fri, 21 Mar 2025 20:41:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 38BA5280006; Fri, 21 Mar 2025 16:41:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E37BE280009; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7B008280005; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 03C3A280007 for ; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 7DF53120628 for ; Fri, 21 Mar 2025 20:41:12 +0000 (UTC) X-FDA: 83246727984.18.5957B1D Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id 5B761100007 for ; Fri, 21 Mar 2025 20:41:10 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gxz0E025; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742589670; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PPkUnrSTs7eBzxDj/wX7E0xKPwOUI4fwg7s+cY4+sq0=; b=HGEHzNmvbzNkm+owmK+IQ3gttql6RxG1eQZqRs19N0XZoIQvy92PBNZKDVtUk4ESkiLMJK R0E3bhUV+p6+hrtqi6ogkFtvLX+eC7zORcj6V7jlxW2KSaWhCKBhbEpL93++Qb35Pj+szP nmEuicX7yGmBj35saXQu3F42F7tNrEc= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gxz0E025; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742589670; a=rsa-sha256; cv=none; b=MnYHfxEIhCWxKWzaO5T4W3V0BoHUMJf6Wz1l6wBs1sBzf6VsnPtSeKskLUyuQop4HvCtKQ 5u0LW5oIibIddiXybi+pcnepfGHw0AayM5S0C9uOP0GbIdW+iKa+cUSbE7/OoTfP6MdDI6 2uMr1hYXTL/eFFgN0dvlsO+WPW7l56U= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 524945C6EB1; Fri, 21 Mar 2025 20:38:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8979C4CEE7; Fri, 21 Mar 2025 20:41:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742589669; bh=JVAu52DHGpijIKeMcuzb7s5YInM6xKk7XO0za9QqBbA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gxz0E025PiYrfenRJPrd1ufKEJqvcOTAsfkSMzPCpgltkP2SUgsQS12N2c8EljgSz zgiVI09srPYhEvOSSgXs5ROaeBYP6SZ7+Fw2YfxQY4i6Ba+7+YcK8mAt2c5d8HuHJ0 Tqh1R3CWTFRJqO4UmegO0hwzusA2xwrmzI9ZQw8roHcweLlbDqkvi+6xBnrniP2oAU BtFiZ+/kQKLLAtFQoGjWoycNyW6GcrT2YXFTX09LE9fFdBY5FGbtkTS5xP5QB8sNqK GMxxzC1y+w8ynUfTcHOa0OSGAo1vnpeMXTa4QG5mmenTP67xq+mJahEu6YMIhSoi2K J59rxHLdvxdcw== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Christoph Lameter , Miguel Ojeda , Nathan Chancellor , Marco Elver , Nick Desaulniers , Przemek Kitszel , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [PATCH 1/5] treewide: Replace kfree() casts with union members Date: Fri, 21 Mar 2025 13:40:57 -0700 Message-Id: <20250321204105.1898507-1-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250321202620.work.175-kees@kernel.org> References: <20250321202620.work.175-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3631; i=kees@kernel.org; h=from:subject; bh=JVAu52DHGpijIKeMcuzb7s5YInM6xKk7XO0za9QqBbA=; b=owGbwMvMwCVmps19z/KJym7G02pJDOl3z922vz9LcHfWgx0Ss1JsLgmpPp+5tXNXes5RydM5O qfcave4dpSyMIhxMciKKbIE2bnHuXi8bQ93n6sIM4eVCWQIAxenAEzkhC0jw/9bu8RStOIP8nvI Tuat5NF6IfXqVwb7L4WpryOU8ibcqGFkeFnXW3rnoek685fphrnRuqmihr3NCzmtNWMdb+wo3vG NFQA= X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Server: rspam01 X-Stat-Signature: u9ofkcen38fpytfyfe6wjn9tsjea7y1j X-Rspam-User: X-Rspamd-Queue-Id: 5B761100007 X-HE-Tag: 1742589670-792083 X-HE-Meta: U2FsdGVkX18U2FNLtHR6O6zWauaZqjVfUyoERHM6iBkHDV+mUy0nImaBghnVTzo6eeEbD+/fhVNMAayejfjEBV96Nqoj/Vkyeg3UdlwwL42XWXlh4BA5m9piGKyjGq6Q+ZAtHmldLUx3ENDzmlZYpFiE5edNJ1Otg2/kHnIWYDtNjN4T243WCMR1J8047PFCzUXUcLqhEfBkgWNyayfh0CGdXixfeH2g7et0/y+tsZapLj88UZ2fEzyT/HZE1oKugTyWbp5XSsUZPMozC5sw/HshlaDhJckz8WUrAdBRQZHTkqo/4n5ZvWK3HrfQ2jNYefC0jd1lrteNJphySDz0/3ZbB/LN6wBEoJsRAAz1J2mvHSgTAcAK1Tn4TtOPPtmlS8L3eeDwPiY89pXkkJErgkFLOVggZpuaLg5kre6n0CzC1OZSkl08x5XBnthS8nYwnRGOQVTS7wmgF5ozxfDp1/RryF9GlWt7vMfD9EpZqMaAws02FYRgl1MohThwLL6ORi6kPgi5wqlwBDcvDeeB6NCXzbgSpn2g9kMixDjSE2kuxzZJW2+691edx19mHOtlnExqiaYmyhUPYR0lLRGzQzWJysrLgsIeAOqgweRHd7GDZKsC8pWTkCGMOH5b7024YQVduXlA3gal1RZ/hYdPAdelSsYyw1NQZMdHznX/knBAfTVQOgBNLoAY9mr4r1lq+Mk/6C6DBAp53s0nFVXoTK0M012Nx0SJKUklbsijRtytu+D+zuQmnI9qoVqr5YH2mFxlt5zHJXaGr0XDI+3bIjmmu1ptQZ41KkVfi2OS6tE8yHSY+2sPN5XN3A1js0PxYH94a+ypq3qlz44wCvTonqKJ8KCXU0jKODo/j72/USSPNEYz2uP1jrMi7qIZNZwtLGCT0rO+oQq4RUjX+W3lk/Eackqkd5W+JPymtJ0mCjMdBQrjc5bZhAmeuXQ34lm/A1MoI+p6eqQshDPPsrq TvyZxENf BmKNbo6PhDHuOpBS8YlsopInBsmeZ8RcyAVW/4ee8pF9E2UWTqW3SEy6TbN4nmCW3h7vu5aOgGDjzcxzY3bL9gZgo8zuICdZ9GpRd6cM8fNEDHYdPibEU5kNnHLeopg6sTY5j2WWx5X3ftEmSMLTXG9fCUE/wiTkPOhju7i/QS7KA44iqlg0E456G1gS4lqh0SsiSNUFQz3bNCX2ImOzx4LFaYmciFc1Qwico8NQceDtPy7yxd4jJ5qc4n++TM8HpLSgFAWhh00jcVzX5ih0CrwJoF9n4RDhk3uu/upIEmN1E9IHsZFAlVRVPJg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: As a prerequisite to being able to optionally take the address of any lvalues used in a call to kfree(), replace casts to the kfree() argument with unions to include an actual pointer. This is an example subset. There are another handful remaining: $ git grep '\bkfree((void \*)' arch/mips/alchemy/common/dbdma.c: kfree((void *)ctp->cdb_membase); arch/s390/kernel/crash_dump.c: kfree((void *)(unsigned long)addr); drivers/crypto/atmel-sha204a.c: kfree((void *)i2c_priv->hwrng.priv); drivers/infiniband/hw/cxgb4/mem.c: kfree((void *) (unsigned long) mhp->kva); drivers/isdn/mISDN/fsm.c: kfree((void *) fsm->jumpmatrix); drivers/misc/altera-stapl/altera.c: kfree((void *)vars[variable_id]); drivers/misc/altera-stapl/altera.c: kfree((void *)vars[i]); drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h: kfree((void *)x); \ drivers/net/ethernet/qlogic/qed/qed_main.c: kfree((void *)cdev); drivers/net/usb/cx82310_eth.c: kfree((void *)dev->partial_data); drivers/net/usb/cx82310_eth.c: kfree((void *)dev->partial_data); drivers/scsi/snic/snic_io.c: kfree((void *)rqi->sge_va); drivers/scsi/snic/snic_io.c: kfree((void *)rqi->sge_va); drivers/staging/rtl8723bs/os_dep/os_intfs.c: /* kfree((void *)padapter); */ drivers/video/fbdev/grvga.c: kfree((void *)virtual_start); drivers/video/fbdev/grvga.c: kfree((void *)info->screen_base); drivers/xen/grant-table.c: kfree((void *)page_private(pages[i])); net/ieee802154/nl802154.c: kfree((void *)cb->args[0]); net/sched/em_ipset.c: kfree((void *) em->data); net/sched/em_meta.c: kfree((void *) v->val); Signed-off-by: Kees Cook --- include/linux/netlink.h | 1 + include/net/pkt_cls.h | 5 ++++- net/sched/ematch.c | 2 +- net/wireless/nl80211.c | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/include/linux/netlink.h b/include/linux/netlink.h index c3ae84a77e16..26eb9eea8a74 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h @@ -295,6 +295,7 @@ struct netlink_callback { bool strict_check; union { u8 ctx[NETLINK_CTX_SIZE]; + void * ptr; /* args is deprecated. Cast a struct over ctx instead * for proper type safety. diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h index c64fd896b1f9..4faf8d6eed1d 100644 --- a/include/net/pkt_cls.h +++ b/include/net/pkt_cls.h @@ -403,7 +403,10 @@ struct tcf_ematch_ops; */ struct tcf_ematch { struct tcf_ematch_ops * ops; - unsigned long data; + union { + unsigned long data; + void * ptr; + }; unsigned int datalen; u16 matchid; u16 flags; diff --git a/net/sched/ematch.c b/net/sched/ematch.c index 5c1235e6076a..f4b00e7aca6a 100644 --- a/net/sched/ematch.c +++ b/net/sched/ematch.c @@ -411,7 +411,7 @@ void tcf_em_tree_destroy(struct tcf_ematch_tree *tree) if (em->ops->destroy) em->ops->destroy(em); else if (!tcf_em_is_simple(em)) - kfree((void *) em->data); + kfree(em->ptr); module_put(em->ops->owner); } } diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d7d3da0f6833..b5a3ae07d84c 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3270,7 +3270,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) static int nl80211_dump_wiphy_done(struct netlink_callback *cb) { - kfree((void *)cb->args[0]); + kfree(cb->ptr); return 0; } From patchwork Fri Mar 21 20:40:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 14026034 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 473E9C36007 for ; Fri, 21 Mar 2025 20:41:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2F3B1280004; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 20740280008; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E2F3A280004; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A1C4D280004 for ; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 0F9041A06CA for ; Fri, 21 Mar 2025 20:41:12 +0000 (UTC) X-FDA: 83246727984.01.9801DE7 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf30.hostedemail.com (Postfix) with ESMTP id 45BB08000B for ; Fri, 21 Mar 2025 20:41:10 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="qgCd6kW/"; spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742589670; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pY5u90SRoVP23l/VY5i93H4+BEubuNaiYggAdY+P1dc=; b=hF4gcIckClr6aNw8KKX3PJzqPD52Wdcn+aeiK63tFBCzgZaKG+hGMINdHMN/uUVZPPZ9/q pRJLztod7W74v1Q2UVIi7k2Rq4UHAF3T78l2LYYmtDT96GgFVVFmpd94YRQxoYD1Vt69i0 ngjbPKJMg0CXip1RTUjMOmhvH/oHWSc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742589670; a=rsa-sha256; cv=none; b=GXaqwNuBgJOHG6yxR2vDvaos47ZHDP4s/Fe2tC3CmeOsKz3IIq0o3AYgDCrsj6p5I2z6tP 80rj8SJdj8CxbyhgglKxdShfu4Qq9JQrgnAY2uF38R6KJQq0rODqn01utZkw1HFhtAcOpv iJKZHD2uS3bb+On8vmW+emEmY+x+9JA= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="qgCd6kW/"; spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 4F0685C66B4; Fri, 21 Mar 2025 20:38:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E6729C4CEE3; Fri, 21 Mar 2025 20:41:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742589669; bh=LFQAzM70Y8/4bSi3hs970uFuPutGXlC4X01Ugec4ydw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qgCd6kW/4cf5U9VoXqzgie8/lOZnRnTBbNsmqaM8c9IgwSMdkh10zu+Gf4/x+4QMz F77o/Q6Xpu/bj0wUyHlY2hb8b6ENvPRFa2xUYnNmS3xYrXxVAsvnxUxvx+QqQ/Cy+H F9IVLpAqbwbjLZB0zrRPOYHj6MDmvqHfZEoc7f+s8w3u6sU7FfcgFOzXHfqc3JOL4e /3vykj1nDJIwjNY8EUKJzXbCSyUeq4FOTEerXoDOQHcK5jrzoRnfXfs0dUb4jq1HUF eg5XsILMLFaClPNQxQ/dWoZdN7XUndWFU+Ejv0mg4IdZ/UoVVixTOnlp2XbDCapAKS /TPIkUpZymQSg== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Christoph Lameter , Miguel Ojeda , Nathan Chancellor , Marco Elver , Nick Desaulniers , Przemek Kitszel , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [PATCH 2/5] treewide: Prepare for kfree() to __kfree() rename Date: Fri, 21 Mar 2025 13:40:58 -0700 Message-Id: <20250321204105.1898507-2-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250321202620.work.175-kees@kernel.org> References: <20250321202620.work.175-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4240; i=kees@kernel.org; h=from:subject; bh=LFQAzM70Y8/4bSi3hs970uFuPutGXlC4X01Ugec4ydw=; b=owGbwMvMwCVmps19z/KJym7G02pJDOl3z93unF6W+Z710Pvrd5tj3dhqnk3pnaPV9KjkmGxzj XnZ811qHaUsDGJcDLJiiixBdu5xLh5v28Pd5yrCzGFlAhnCwMUpABN5s5zhf6q2cNeSL3tOJdg3 tE7/WPyDx4DPcfLRlaFGdhP9S+8dMmNkeBv3dM7qAGEe+c/zVpsduXh00xmxq/ll6cnHcx2dfIw 1uAE= X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Stat-Signature: yb3rmascq9kgm3rwh7tubep7enmawfdc X-Rspam-User: X-Rspamd-Queue-Id: 45BB08000B X-Rspamd-Server: rspam08 X-HE-Tag: 1742589670-779693 X-HE-Meta: U2FsdGVkX18+Xuw2xM18yGDvVWsE1pHzMNpyy36trHdefnykhtADLTDW/rPbi8YhNjQeTmgrok73UBY6P7D+A7aGkhP8sUmDBru6HfdbK5gXHtMzBajkKpH+V0cmyRRMphzGsubwljigxftcs8BrVkyEHgTTCLJzk7CXKo5qXwhTcTeUE68r+ka7OlJpO3M21JpliS7CVGMedNElXkG2UZ5zQVuX00VVSmfidZNOQWzA/bVGGL0EOWGGNT+t6Bj090YK/hHQ4IVkob9C5a+hFazrdf0QIzXZFTzobxXPVXu03YuQZ+F7/loGwyRgg9FDtYyJ/4Oc7QVXSMHkZRfzUaVDzoIVBBb39ymjqocPZyxlH3jEY05mnnp0e7JAvmyadQxPL8HqEfSIIOXyu5ZE7S1xWpFI2B3CZ5biKoJJytPz2b0rIW8xu3pQLI62T4PIBUP8Ym0VswwHgQv1a2UhbhYo9ehPv0qQTE+OGEP43riipNiA7fy3Tl/3sk44pt+9UHCOj1u1aDd/84M9RqQOt8I+HQ1aSfs7NkNMv07nSU3XemvuIStHEndBqRuSIHTsYfZmIauxRG/GmRItAg4PSDsazOmAmp0dHtu6z5i5O7ja6Nyvv7KiocNqDRSnVazo6pMh5JoY/5cBO7sj+vHdAClwFRPQOZeV1TAOwfziUFbYugykPBR26ijlQKvjzKLHipgL9fe1TTMu2JIpjAUiHDXBWM9GbkGHIwk2K1Xa0RbB+ihTHJ+GRcLFsCsnpbKZqsm7akn0yztAc4kzyb4bFqF1TfYsxZ3QqXIKEfcfbAg2PZB5gm65x9od+A91nPZEJwKXt3314DqmMzLAcfdgZ6doEl6PH2pIhOwjp/z0yNbfG4pDAUYWZMAt1BeqBj3Ulz7UvBpZyeFcla9091yMaAxbbONHcUOp0BLQpwhhobJan7VOXMCzsB1M2qGo+addZaqsG6Y1VnsVveMSXYh UzLIywYt irpOehZuz3DjNn7TYYkoVrxJpVWquqTlLbs6Q1xzCWkE5hTbhYfoeJQbCSk5ZRokJ74X7pHES10sTK49MsxvucglOF22qPmxukGonFA6VwqQjIJFs65E0GVLfkFOeLm2oWF8tBtwHvn55/JMLjI9+sFR2ulNh1PZqfHK8vKZsoYgTz94di8gzwlf2iSjwcoG+kY2tpcskGhfyQi5iTzgqrNudM0HcaIpBo01Z5+k59ajGXbJLTj7V6CLY483OqAlEJ4cEXTnZjxTR0M8Mo6EqAKQzjVtvRrucMXcXa7kR1MsUmzw1M3uDAWiKRQkvMBf9/dzEXsVDCUlhhaKr13lnDJ0AnPgVBHSLNvkn X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for making kfree() a wrapper macro, replace address-taken instances of kfree with __kfree so the future renaming of kfree to __kfree will work correctly. (Or to avoid needing to create a union for a cast.) This is an example subset needed to build my bootable image. I'm sure there are more, but they immediately throw build errors when encountered so they cannot be silently missed. Signed-off-by: Kees Cook --- arch/mips/alchemy/common/dbdma.c | 2 +- include/linux/slab.h | 2 ++ io_uring/futex.c | 2 +- io_uring/io_uring.c | 12 ++++++------ kernel/bpf/core.c | 3 ++- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/arch/mips/alchemy/common/dbdma.c b/arch/mips/alchemy/common/dbdma.c index 6a3c890f7bbf..08548e5daead 100644 --- a/arch/mips/alchemy/common/dbdma.c +++ b/arch/mips/alchemy/common/dbdma.c @@ -422,7 +422,7 @@ u32 au1xxx_dbdma_ring_alloc(u32 chanid, int entries) * Lost....do it again, allocate extra, and round * the address base. */ - kfree((const void *)desc_base); + __kfree((const void *)desc_base); i = entries * sizeof(au1x_ddma_desc_t); i += (sizeof(au1x_ddma_desc_t) - 1); desc_base = (u32)kmalloc(i, GFP_KERNEL|GFP_DMA); diff --git a/include/linux/slab.h b/include/linux/slab.h index 09eedaecf120..3e807ccc8583 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -469,6 +469,8 @@ void kfree(const void *objp); void kfree_sensitive(const void *objp); size_t __ksize(const void *objp); +#define __kfree(x) kfree(x) + DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) DEFINE_FREE(kfree_sensitive, void *, if (_T) kfree_sensitive(_T)) diff --git a/io_uring/futex.c b/io_uring/futex.c index 43e2143255f5..e46a019fbd08 100644 --- a/io_uring/futex.c +++ b/io_uring/futex.c @@ -41,7 +41,7 @@ bool io_futex_cache_init(struct io_ring_ctx *ctx) void io_futex_cache_free(struct io_ring_ctx *ctx) { - io_alloc_cache_free(&ctx->futex_cache, kfree); + io_alloc_cache_free(&ctx->futex_cache, __kfree); } static void __io_futex_complete(struct io_kiocb *req, struct io_tw_state *ts) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index ceacf6230e34..0a41a3a981b1 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -360,11 +360,11 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p) free_ref: percpu_ref_exit(&ctx->refs); err: - io_alloc_cache_free(&ctx->apoll_cache, kfree); + io_alloc_cache_free(&ctx->apoll_cache, __kfree); io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free); io_alloc_cache_free(&ctx->rw_cache, io_rw_cache_free); - io_alloc_cache_free(&ctx->uring_cache, kfree); - io_alloc_cache_free(&ctx->msg_cache, kfree); + io_alloc_cache_free(&ctx->uring_cache, __kfree); + io_alloc_cache_free(&ctx->msg_cache, __kfree); io_futex_cache_free(ctx); kvfree(ctx->cancel_table.hbs); xa_destroy(&ctx->io_bl_xa); @@ -2702,11 +2702,11 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx) io_sqe_files_unregister(ctx); io_cqring_overflow_kill(ctx); io_eventfd_unregister(ctx); - io_alloc_cache_free(&ctx->apoll_cache, kfree); + io_alloc_cache_free(&ctx->apoll_cache, __kfree); io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free); io_alloc_cache_free(&ctx->rw_cache, io_rw_cache_free); - io_alloc_cache_free(&ctx->uring_cache, kfree); - io_alloc_cache_free(&ctx->msg_cache, kfree); + io_alloc_cache_free(&ctx->uring_cache, __kfree); + io_alloc_cache_free(&ctx->msg_cache, __kfree); io_futex_cache_free(ctx); io_destroy_buffers(ctx); io_free_region(ctx, &ctx->param_region); diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index da729cbbaeb9..9d2721d24c40 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -280,7 +280,8 @@ void __bpf_prog_free(struct bpf_prog *fp) mutex_destroy(&fp->aux->used_maps_mutex); mutex_destroy(&fp->aux->dst_mutex); kfree(fp->aux->poke_tab); - kfree(fp->aux); + /* "fp" may be in read-only memory */ + __kfree(fp->aux); } free_percpu(fp->stats); free_percpu(fp->active); From patchwork Fri Mar 21 20:40:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 14026035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 548DEC36002 for ; Fri, 21 Mar 2025 20:41:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9D048280007; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 909D5280001; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2F240280001; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D9E46280001 for ; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 59460C0704 for ; Fri, 21 Mar 2025 20:41:12 +0000 (UTC) X-FDA: 83246727984.13.5091607 Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf17.hostedemail.com (Postfix) with ESMTP id 85EB940004 for ; Fri, 21 Mar 2025 20:41:10 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Nq6FRsac; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742589670; a=rsa-sha256; cv=none; b=TjfXpHZRqdcnli90HXMiXpBNF/M3iPkNSavgJj86q0HxiGV6Ic4bddJtMqOABRrl6RofWj GVY64sjmCV7wFCzwWI9PwfJPfjGEmlhJ52vd5a5t2Lj3GrvuJ3I9VdvYdU3kjuxRrjfuW7 6p/mgT0kZwXBNeg5NyS5QT4BM2EdbTk= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Nq6FRsac; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742589670; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NwA0vpLHRswOrrUDEGyeJ9tjq/EbLER33ygPfPPt9WY=; b=Psa1phcj5VMnv6D0mVurBDYRn80e8HdPH/rmawF7g6reag63S5p3bTMKjVDxm6fz7kpIYO Wn4oVr9rbav6qXS4UUG4Yst0kUW0liOqBTWvWwIri7xXbSfQOb0pL97eCzooO71p91pG7D JVHyUh+zXV9nijKuo+k8gbHG5tE+sxg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id B3FE043799; Fri, 21 Mar 2025 20:41:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ED03EC4CEEC; Fri, 21 Mar 2025 20:41:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742589669; bh=pXkT7am0yPdv1f217KYbpZB7Vpb7nbz805ybospBIJs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Nq6FRsactxGBEYHtLF3Za33uutSX27PtxKislPtxAwTqwMQ+zcr2Pnher41Tvum6B 2MOaTtLPlzws2XoXhOa/xU/E4DXa+FKn/vGZc9vfUk+t8/h5lqpJ/eSOzKiT84fzPT vUpDmjlqWK5LNXSsjCZW3LOkMFBD7zzsWOlaTPS7uf0l8j1ELbatdPAbVIfI1egtjZ qa/src68Zz9yI10j3UmXT1QTSzgrxUohavaH8Y/7BrXUcMQaxGUojp/YqxfwUUa7Hf 0duFvny7lEZ26T+ZnseYRDDE6O3AYCqS0VE58E++i0Lonsc1J5jF6zzEEKCzVV1PgR yWliFNrMPyTww== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Miguel Ojeda , Nathan Chancellor , Marco Elver , Nick Desaulniers , Przemek Kitszel , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [PATCH 3/5] compiler_types: Introduce __is_lvalue() Date: Fri, 21 Mar 2025 13:40:59 -0700 Message-Id: <20250321204105.1898507-3-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250321202620.work.175-kees@kernel.org> References: <20250321202620.work.175-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1255; i=kees@kernel.org; h=from:subject; bh=pXkT7am0yPdv1f217KYbpZB7Vpb7nbz805ybospBIJs=; b=owGbwMvMwCVmps19z/KJym7G02pJDOl3z92xNW0r5P3/MeLSnvR0CZZtWdbr/5dHKHKuqdLay qwz5aNgRykLgxgXg6yYIkuQnXuci8fb9nD3uYowc1iZQIYwcHEKwEQmVTEyvPh086Doky/nYrhe V8tftL7GnKNle7gx7YFvQXqK9tPeDIb/Cdzvpq39JNZ6hde6yu7FQpEkxr8qZt3HYo7wXCvqzvv FBQA= X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 85EB940004 X-Stat-Signature: 9kxxdnhb51874jniwjutx667hatixw7r X-Rspam-User: X-HE-Tag: 1742589670-490518 X-HE-Meta: U2FsdGVkX1/14QNSmuCJDPwTEnP8+I1QGJUaZ6Rw7HsUku1YbwGVKJS03yNZTfFBV2pc/C8BGxGQSIIyacM5SfrTqsLxsxQqGWe09NaTeqFcCzaUzbJTDopk1/kpz2tG5rheoeJQHOL8MzPaXoIcId5gQcsD/SLGxP9wOAEj5YvGkYBiRXyn9MejQ+ipZOkHPOicOMKlD4D9tcksNpnuwDS8dHmC9TGUQnE15C6OxP6Pi/dhCgkvtud/5CBKLaLC6VSv7z56HBWQ2wfbsyHz3HG1zqpEsUGN9Y/GjZhDxbGZuGFdDAN0NGcRaqgeOPIABOQdDeRjqxczTNTNvHUnwVnjW6CAgKbqh87J/o0ka+JaP3s8C7dXAYxYNV7Ynuc/Sihoa//KjGt6ZaMnjoI9I7XXzdPt6xltOtlq3rY5gwhtjEnze3mXBK+s3HHWsPDbebhwE2g5WShMMFXYfTFMZc9QPUfAkxQ8hhJI1rSoYg77ImSkEW7O5xVM9YYjvcHiq0cwUxFSobup+kNFahrLuYgkXJOvFAe4rlQyJBmzRdSQ19IwSFGZ3P2NxW2E9JCGYsdJGMIkidV6RBSWGMYUOfeLObeOc5gQbmPT/AQm9sd0WAqFYnJHUOJg0ByPozkzhirXdXeP5k8Yz87PcIJkb4lhWHUvWx8/1C1hFY6fWzMa/H4V3OCp7fIsDrV2s3nR2ORQE3H39OXZ09bRaRiwwNhxdH3uAKu4CBrMI9xV9Ox/2cwQ7iWEHuY/EKAgKO/mIi4UP/fuJLIDFGcorfUqAFoggKUfQQzW2aGsrg5QuKVVkdww/Rx9FIEX3qM4XXoRy3Geh67/CfMbwb8FEtQkHqTzxFPLY4golh+AUcFOARrypZvmnhTpa76jL92uc8pnv2nsdImv/3nDe1CZGWa/lR5CHPc7K0gbLSVqivWKZtccnXD1KaAipuG4/xEb56tPYX6DDAlGMODnFFHyinb 9864TYxn aQU5T7xfWyYG0ZR0sTnu3Ag4oM5mDhgtkMjPCVD8YwOUDZS/vJYBr+2BjEKHt04zaltKCl0LuiNMpjAXeEUtwdBNpb7SBa2fM+fwj7JR7woj/NVotOUqguHOYfj25RcgC/g/aWht9V+RMFE9s5kMM5sLRyDwPoNvvDUI7nXV4neyQInVi20cmTxuqmJ/aiD8dqWLTo1aVXYP+E1O5t2qDmAze8NLTlc6VGMQwl7POyzQctNkGyxUxbnZxUD2va56Je4sAO4Fd/uA4/ggcF2S9eldvzMYW64edSUa302g4TIYDIlNOambnYzOXRDI0HjdjeMeUcetSJqvOp9eSdLFDGklFJWnN8XAcYDGMY9/ZHJkJ4ClqcYWjvI/G/4JNNR5TvIfpa9nkCNq7hHx7Lk2LgA0wI7i93M+2MTyOKVdA0TZAqkg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000004, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: If __builtin_is_lvalue() is available, use it with __is_lvalue(). There is patch to Clang to provide this builtin now[1]. Link: https://github.com/kees/llvm-project/commits/builtin_is_lvalue/ [1] Signed-off-by: Kees Cook --- Cc: Miguel Ojeda Cc: Nathan Chancellor Cc: Marco Elver Cc: Nick Desaulniers Cc: Przemek Kitszel --- include/linux/compiler_types.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index e09d323be845..eb016808dfa8 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -468,6 +468,16 @@ struct ftrace_likely_data { #define __annotated(var, attr) __builtin_has_attribute(var, attr) #endif +/* + * Determine if a given expression is an lvalue for potential + * assignment. Without the builtin, report nothing is an lvalue. + */ +#if __has_builtin(__builtin_is_lvalue) +#define __is_lvalue(expr) __builtin_is_lvalue(expr) +#else +#define __is_lvalue(expr) false +#endif + /* * Some versions of gcc do not mark 'asm goto' volatile: * From patchwork Fri Mar 21 20:41:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 14026037 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1306C36007 for ; Fri, 21 Mar 2025 20:41:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0B95D280005; Fri, 21 Mar 2025 16:41:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B0695280008; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 58D79280009; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id DA067280005 for ; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 587661601F2 for ; Fri, 21 Mar 2025 20:41:12 +0000 (UTC) X-FDA: 83246727984.11.E09186A Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf20.hostedemail.com (Postfix) with ESMTP id 754941C0011 for ; Fri, 21 Mar 2025 20:41:10 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=WtJq8S47; spf=pass (imf20.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742589670; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VbKWtK+NrfMUzgaefAJgL3246DTAiQjDK5yAvA0Y/sc=; b=clV4PhNw07BPVOAN83NpBb4Er502PZ1BT4lqDeODFdzy7n6Codf9ELkGOpqOOt16jz34Yi vQPo/x41bNvQenrmTl72wkh9zlVQ+CMjoMhbFCwMvOGsekZasQefyoJ3CgpThsJEMNxigL +NzbgaX1Dg6hbW9uf/nwAqyRxyVxFKA= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=WtJq8S47; spf=pass (imf20.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742589670; a=rsa-sha256; cv=none; b=Fz4B+/n09BMckoFRNZW2fnbHit/jKm2EERh2G5ao3uYAsXSzSyzeBwVcA8z7ErQ+BlTMzS dWY7UfOSdPplqkyCYu7WaNZvd8drNYhkqzckKnQ230Av/agPRPK8gZeW5M8D13paqucQJc NGY0bJ/SLXvgnZ0qSVDLXVuSLyXCl2o= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id DB04544118; Fri, 21 Mar 2025 20:41:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF32AC4CEEE; Fri, 21 Mar 2025 20:41:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742589669; bh=8jN+LgPc4pYO7xP8Ft4KTlabcnXZcFpxZy0ZLjzDlJ8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WtJq8S47J/UuWqIAzy9TuEJGFQk4HJuLRbH8atr4DkckIW8aXz4mhZhyDvxpREsHs pRz/myqOcZP8kBIQkxj93QtnE+NoL+cAe8pFBq7KoEgOYgT+S7+YVyC1kTj3K2YKxn u6pcn5daWnjtIktg8f1Da/vbZCLSx2+f4TSuTkwxby6VkAodokz6T/fhVvsL6TTcVS mb2Nxlku8Sm528ibouXmGEjQAMLBewdMwBIsPBZCtlgJirx5gvUM+2GbM62VL/ZHb0 8UXSomC4QEcbKaDad86AheREhHoY/DmO1oSa06aS177vok6kSNQbvGm0zpCEybBQGT ls9yw8rB8S+vg== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, Miguel Ojeda , Nathan Chancellor , Marco Elver , Nick Desaulniers , Przemek Kitszel , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 4/5] slab: Set freed variables to NULL by default Date: Fri, 21 Mar 2025 13:41:00 -0700 Message-Id: <20250321204105.1898507-4-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250321202620.work.175-kees@kernel.org> References: <20250321202620.work.175-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4269; i=kees@kernel.org; h=from:subject; bh=8jN+LgPc4pYO7xP8Ft4KTlabcnXZcFpxZy0ZLjzDlJ8=; b=owGbwMvMwCVmps19z/KJym7G02pJDOl3z92p+u+64HJA29I5My3e3+V+YpHjosRV7hSQWLmb7 2rYS9nOjlIWBjEuBlkxRZYgO/c4F4+37eHucxVh5rAygQxh4OIUgIm0zWX4Kymo1fzu4dItS5lN L54sOBR8f4ZR2IcXrw5xa11VYq+TyGFkuH5kVZ9nvsOsv+6xv36efM6lFZbqfmciZ4tSmPrNljf ubAA= X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Queue-Id: 754941C0011 X-Rspamd-Server: rspam05 X-Rspam-User: X-Stat-Signature: x7i3duos5rogusdnt5hazxpt67qrtxoz X-HE-Tag: 1742589670-964968 X-HE-Meta: U2FsdGVkX1/MvXktD2u7UY6dvfYFzE0/59c6k2OLpBeA5D2ZrXD5//Ro11EMcmmOmezizeDwV+m8O0N1hXkl234wCh/lm7rsXaXtLtMYwkbVzbu29j4M73m/g+7HESGWEa7voycM5SgGGhx9siGVkFRoRmgEW1c4nfwoCoG/HZvvNywxEPjgFu38syOevt1pR9yC2ttZW/qEvLgY/gv99NM3cQuoV+K/JU//d9GvtmqS7tsRAicwqHUsCXfVay27LXp+vY+BWXjyGvcewlawGve+aRknRoLL5BbQcH4dgxhNLUJjrCy1QPiDXkmMOTPiQB/eScmHXKIb/Vl4N1R7KPE3Or4mUx91alEe1nl0gCX+XQyiJkL6ZrWyu89Cqc1tVvfRXtzwMJDOH/LQssBtZyy7QvsEERQXZnIMo1/uqzNsru2Q8FNSWQcJxCKmd/BbjRb8HZIu0vURJlYuFUBjOdvCSyqzsj7InbJ4wvpVErsK83go5gBzAt9Aw2CbV655BBpKEORYAc2FBB4da60ub54nJgp/hz+88/A8NtHaC+di9CmJQNYq97P//LnaCi5uzbeEE2Qf/T8cXlaXXV+1UTflFVSpHRx6AvWtOG0hYqLIs5K9wVzlbOy8lwCBDh2n8gKlfGdMm/rYKaxJWP/XWeUevUhGKwohZpgzSS4HYtr1EOzUJA5Yj9Hn45fBMa/q4iXrQ8iaid78rIygDM9y8nFP+dEvjLG9ulLKzkLqdYP5C07dtlxuhwFU0ImRLvq7mcpicWdOLS3M87Iu8iyULzpkIvSKygWZFPsA7+IEhY60kQntDXuCr3egkaaQHIonk92Fgs6MR8XDTRAzBnvXo5fIU10sws9eI2lnXA6/eto+Kz37mugZyzP3A5itYoKe3B4btPBCfM07hcfrs/J+45YkKgPn4nTM2MbT6XTbWoRNkPlrgZeK7epjpXjenFbhL6TwBPoiNYekdSeKJuD +XGIMcpa tuEkhRU5P0pnwCZYaM0ppiP5/rra6Pj96nA/ogNka33IxjEmO2C3YysKaIKfWAK/kUV85gEWW8V9HywNxuwUVMUNVbRD6RGvaiU2KQo+u0+TDnn4EPvNPvNQm+VqYYDh5Zpb2WslnQ7QHx59uPYf0C83LIyHMMZ0vDxGilGNcULWnrDE5natXOE6jQpQIifJeLXgHT1ndHoC95Qw+cXg5TVXt23ywJEP/VoVaqE5GV8h4KoBZobzhbqq3S62pZp7sGjv3Z+dGpfXcpoLypUGv8b7jWHQa+NXiIhE1F8d9E6f5Ebb0q4SooX7rvCvHyg66+3pIJFWKFiu0NqhG67lcGTG0OKDiuu5w/2fjVNJNsPArXl/UNLHXqfTCzWXBusggzqiGsXPYF7AOetclM2DLKvqKAvJc2if/A/ypgMu/AAA4e8yT0jqz94Zw7Q4Dh5Wv7itRI6pURouIq36QbV+tEV1s2dwPyLmVPVnKdPmk/Tl/UZ4kMwbJIdI/rRXkuGTz+f0zqCR3RMUA8FmXP+A0KJ3ISLRliFFWR/kLOPB8afBTv9DLfawc89edKn4NjLvcZRaha2qX9fDIyM8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: To defang a subset of "dangling pointer" use-after-free flaws[1], take the address of any lvalues passed to kfree() and set them to NULL after freeing. To do this manually, kfree_and_null() (and the "sensitive" variant) are introduced. Link: https://github.com/KSPP/linux/issues/87 [1] Signed-off-by: Kees Cook --- Cc: Vlastimil Babka Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Roman Gushchin Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: linux-mm@kvack.org --- include/linux/slab.h | 30 +++++++++++++++++++++++++++--- mm/slab_common.c | 8 ++++---- mm/slub.c | 6 +++--- 3 files changed, 34 insertions(+), 10 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 3e807ccc8583..2717ad238fa2 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -465,11 +465,35 @@ void * __must_check krealloc_noprof(const void *objp, size_t new_size, gfp_t flags) __realloc_size(2); #define krealloc(...) alloc_hooks(krealloc_noprof(__VA_ARGS__)) -void kfree(const void *objp); -void kfree_sensitive(const void *objp); +void __kfree(const void *objp); +void __kfree_sensitive(const void *objp); size_t __ksize(const void *objp); -#define __kfree(x) kfree(x) +static inline void kfree_and_null(void **ptr) +{ + __kfree(*ptr); + *ptr = NULL; +} +static inline void kfree_sensitive_and_null(void **ptr) +{ + __kfree_sensitive(*ptr); + *ptr = NULL; +} + +#define __force_lvalue_expr(x) \ + __builtin_choose_expr(__is_lvalue(x), x, (void *){ NULL }) + +#define __free_and_null(__how, x) \ +({ \ + typeof(x) *__ptr = &(x); \ + __how ## _and_null((void **)__ptr); \ +}) +#define __free_and_maybe_null(__how, x) \ + __builtin_choose_expr(__is_lvalue(x), \ + __free_and_null(__how, __force_lvalue_expr(x)), \ + __kfree(x)) +#define kfree(x) __free_and_maybe_null(kfree, x) +#define kfree_sensitive(x) __free_and_maybe_null(kfree_sensitive, x) DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) DEFINE_FREE(kfree_sensitive, void *, if (_T) kfree_sensitive(_T)) diff --git a/mm/slab_common.c b/mm/slab_common.c index 4030907b6b7d..9a82952ec266 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1211,7 +1211,7 @@ module_init(slab_proc_init); #endif /* CONFIG_SLUB_DEBUG */ /** - * kfree_sensitive - Clear sensitive information in memory before freeing + * __kfree_sensitive - Clear sensitive information in memory before freeing * @p: object to free memory of * * The memory of the object @p points to is zeroed before freed. @@ -1221,7 +1221,7 @@ module_init(slab_proc_init); * deal bigger than the requested buffer size passed to kmalloc(). So be * careful when using this function in performance sensitive code. */ -void kfree_sensitive(const void *p) +void __kfree_sensitive(const void *p) { size_t ks; void *mem = (void *)p; @@ -1231,9 +1231,9 @@ void kfree_sensitive(const void *p) kasan_unpoison_range(mem, ks); memzero_explicit(mem, ks); } - kfree(mem); + __kfree(mem); } -EXPORT_SYMBOL(kfree_sensitive); +EXPORT_SYMBOL(__kfree_sensitive); size_t ksize(const void *objp) { diff --git a/mm/slub.c b/mm/slub.c index 1f50129dcfb3..38dd898667bf 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -4729,12 +4729,12 @@ static void free_large_kmalloc(struct folio *folio, void *object) } /** - * kfree - free previously allocated memory + * __kfree - free previously allocated memory * @object: pointer returned by kmalloc() or kmem_cache_alloc() * * If @object is NULL, no operation is performed. */ -void kfree(const void *object) +void __kfree(const void *object) { struct folio *folio; struct slab *slab; @@ -4756,7 +4756,7 @@ void kfree(const void *object) s = slab->slab_cache; slab_free(s, slab, x, _RET_IP_); } -EXPORT_SYMBOL(kfree); +EXPORT_SYMBOL(__kfree); static __always_inline __realloc_size(2) void * __do_krealloc(const void *p, size_t new_size, gfp_t flags) From patchwork Fri Mar 21 20:41:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 14026036 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F270CC36002 for ; Fri, 21 Mar 2025 20:41:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CE640280001; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9CD3A280006; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3671F280006; Fri, 21 Mar 2025 16:41:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id E4959280006 for ; Fri, 21 Mar 2025 16:41:10 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 7380CAA8DB for ; Fri, 21 Mar 2025 20:41:12 +0000 (UTC) X-FDA: 83246727984.24.3970AA4 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf11.hostedemail.com (Postfix) with ESMTP id CBE7F40006 for ; Fri, 21 Mar 2025 20:41:10 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CYzyp0aL; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of kees@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742589670; a=rsa-sha256; cv=none; b=lsxD3HYmiunWxCHLZZDsg0qK0A/dLfO7cwXJ/e4NNABqjUrY7t4ZHHZHIa1Nd6iZ5OK2Ey LmDqaPry6oqAF228JtXx0JBFDBdyKkCaSAm2ylU50W7fcT2Hum8cCuqM6P2JPJFQdIjdB2 M2+0XWsB03QDFZPTVd3XOBg6joNE1B8= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CYzyp0aL; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of kees@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742589670; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TEUAucJvJj7Eg6WEQwDflDtkEvhO9C1WOkhyR5Lk4C0=; b=vaDw0wm1yJjkD6qmIwNF4SEP97rPIxQjIC8VIDXBtnh3avqnJy8Wo9zd7FBezh2HDKnc2l O9yR+4HQZeo8hFZJzNdf/LO8/w+95FCk7B+968aaem0pg9sMTu/uegwkWnmitrJ2ETPwa3 k/PKNlX4n9oGb7wzwhMckBdyNHYMrxU= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id BF00AA495D3; Fri, 21 Mar 2025 20:35:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1762C4CEE3; Fri, 21 Mar 2025 20:41:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742589669; bh=wsCETj06SFFwh38K8EPA2OIG7ZSdRNghUF4foeMZKA0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CYzyp0aLWgDl0chozGbeMXfTMMhk/SOYcfZdkjm35EMrTm3VeBv90LidlrwxCiInT namgg0O/WeBJmRe/N4ulBNHbUwZ8VjE6cjPYe7sBRXlz7qVGFp5eSGKmWw6y2cpxSe qA/8qqMlwf/C1+n12LCV/XaOphvs2/5TPUWIlDSqyiF/hu3aUu+SoMzuqFYYNSxcs4 2MwBQCaqAvzjWPyCkgd95sfobXgphcIaJ9e+cTdtmnpjmBN12zZf2MzS8OAJWd81ty YZj7useSYKYdXG4Par3lBSq4ANcAPOEYyVGD6gPk24uWmvZcKP9HlEu4GBGDm6OkyZ KMUavJYMseCxw== From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, Miguel Ojeda , Nathan Chancellor , Marco Elver , Nick Desaulniers , Przemek Kitszel , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 5/5] [DEBUG] slab: Report number of NULLings Date: Fri, 21 Mar 2025 13:41:01 -0700 Message-Id: <20250321204105.1898507-5-kees@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250321202620.work.175-kees@kernel.org> References: <20250321202620.work.175-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2271; i=kees@kernel.org; h=from:subject; bh=wsCETj06SFFwh38K8EPA2OIG7ZSdRNghUF4foeMZKA0=; b=owGbwMvMwCVmps19z/KJym7G02pJDOl3z91590rZfsX3/KkRkz2Tr3/lvxS3c+Frkbx/J5+sf qA7OS3+QEcpC4MYF4OsmCJLkJ17nIvH2/Zw97mKMHNYmUCGMHBxCsBEbE0Z/unwiAjKzpU2NTzO nvHlE8OVdfGafqJGd9xSlqZW9TqXOjD8zyla8nTDqfSFWhVxl4Ne67d/+yrb8F3pns91jnMnnb+ 95AcA X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Queue-Id: CBE7F40006 X-Stat-Signature: j3ri433xwsban639rsu4i18qnwyjiu93 X-Rspam-User: X-Rspamd-Server: rspam06 X-HE-Tag: 1742589670-230193 X-HE-Meta: U2FsdGVkX19JDyEQFHjf5vnv8w5DQxZM2On7WaZKXTZe04SaAhMUOVyyL0uLbVZns0/+ylfE8RLbnXz4f6S2M99tasiQ27Zy67h8gXLLuh9hVsOFoNroD2U9MddbAI/wMMGy4IawMWZFgagsPVrnhx9siFjTpsssXfp2ik35q+2EyB1c8GtSDsO1Y7bsHU5ayF6Z3d34adLXi5qoQIIMRFWvEonRKcBUBcYMEzKD2nLaXjsOtVz5wAzxv9xU0+8q/AGr4MwmsX8lIch2c2fK+xLxStK44msyeHuexjESo28PYaIFuvpRWFlmTxGJkv4lK8W57sBtSAojwcYffTKAEA1jfcyAVh+s+rz0d106dBt5jg48KzBMd6NUWEDE+U0VkcUmLgNWq3wthngWMk3yBTv+IAjv1jZxT/N3kq9ef9ALIBvBZU2RngCyCYzAYVoWQqh5pPDXydGzil7v+XyKMRUXRstMbdWqU2IXCuY+PhvTmTUt4K/uSacVLSJNQJPOwCEI84VxBPfTUDdlAjIijOcgU0HM0cDd7fEyme/6KXnh90apUjE6fKmDWdjmGNLUhA9O0nntQdEJ3eIKCK7HDltWjfr76oeaPWv/kids55buuPEyqCo28H70L+JdoKaq5/tVbK5TMg9/nIi6QQN4MwFQbxKtHJZ5FiclEI4sVgvO4vll0bs9YhOXG3jLecAfQdsmbwSTnlIBtlkz/OghZ2cJ6sgdUwCZPZe7NX5q4L3h6Z/VuIUh2Vw4Fj1d7ASdAGrOlm5Tf/1NJ2FumhTxTDPRMmDtPISriVVbtuDQcTWqKferX2uLyMpptxe3qOK/MuSb7NU7Nly2lBGAwEAQ6F51128c07GlbTp/AkG/8XobdfijKjOFoxduYP4XSEK+ceUHMMoTxP0MHQEOAfmhh7tkb+q8A7VmlgkhEqPcO0JyWATPQ2+d+weiA0fOdu7GahdzsXtrWsd0EgwocRR yubs/RMa /+ey8rBayJCqhZJSXFv5v6PoSZm2wRdxzC5/XTZlATUgs/lk/V6LGHDlSEhj/HtYaA5Are9x1dIP/83eIDEp0KEqCY6flvtx+FmN4fOHhTexdWr/Ot9q7WBi02xJqpc5NXUCzLxT6C+p8fgV1yA3SkZAd9FdnKPdDoAia6ocHmNOHFGawrFieew0uJkh1DIUz7CLUYM7BivG+u7T2/VA209f55dIJT9gKYRDpwPAEwc3T+bN+QmPK8gZjvKId9TdHQMDtFiasEeTFtqVpTCxL47jMEsEAUMeBVKx+LN/+PucfTyWX+Vk/ttBd2R2KXhsGzZt0gSTPbIxgrDvnUcP1q7lwdO03tTpdQp+wcisZY4gOAr6OvVtgM3ylNDdg76QV5wxYDzhjg8Sgnw56kKZht54lzgUcJ+ADevis3/rQVVig/yozCALz0GRKQkz1YJhuWBhGLc3ZSL3NZ6/u1pGvDzVQo4VVXY7agyZuag3wkptwRIy9OIg/3A8WqkHsyU6kG6k8UMH0iM42pFCWbinvjgEUaowCJA5RKFelltlmXO26CCM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Just to get a sense of what's happening, report the number of NULL assignments that have been done. After booting an otherwise standard Ubuntu image, this shows about 240,000 NULLifications have been performed. Signed-off-by: Kees Cook --- Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Vlastimil Babka Cc: Roman Gushchin Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: linux-mm@kvack.org --- include/linux/slab.h | 3 +++ mm/slab_common.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/include/linux/slab.h b/include/linux/slab.h index 2717ad238fa2..a4740c8b6ccb 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -469,6 +469,8 @@ void __kfree(const void *objp); void __kfree_sensitive(const void *objp); size_t __ksize(const void *objp); +extern atomic_t count_nulled; + static inline void kfree_and_null(void **ptr) { __kfree(*ptr); @@ -487,6 +489,7 @@ static inline void kfree_sensitive_and_null(void **ptr) ({ \ typeof(x) *__ptr = &(x); \ __how ## _and_null((void **)__ptr); \ + atomic_inc(&count_nulled); \ }) #define __free_and_maybe_null(__how, x) \ __builtin_choose_expr(__is_lvalue(x), \ diff --git a/mm/slab_common.c b/mm/slab_common.c index 9a82952ec266..0412cbab81f9 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -42,6 +42,9 @@ LIST_HEAD(slab_caches); DEFINE_MUTEX(slab_mutex); struct kmem_cache *kmem_cache; +atomic_t count_nulled = ATOMIC_INIT(0); +EXPORT_SYMBOL(count_nulled); + /* * Set of flags that will prevent slab merging */ @@ -1084,6 +1087,7 @@ static void print_slabinfo_header(struct seq_file *m) * without _too_ many complaints. */ seq_puts(m, "slabinfo - version: 2.1\n"); + seq_printf(m, "# nulled: %d\n", atomic_read(&count_nulled)); seq_puts(m, "# name "); seq_puts(m, " : tunables "); seq_puts(m, " : slabdata ");