Received: by 10.223.185.116 with SMTP id b49csp1139861wrg;
        Wed, 14 Feb 2018 12:14:20 -0800 (PST)
X-Google-Smtp-Source: AH8x227elXx9TKlKrFU4oV5RzXiZ4lTZ/aOLwdLPXuogKkuhD9L64lCCVkS/y5VqBLa31tZgVfN+
X-Received: by 2002:a17:902:4683:: with SMTP id p3-v6mr194815pld.408.1518639260682;
        Wed, 14 Feb 2018 12:14:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518639260; cv=none;
        d=google.com; s=arc-20160816;
        b=bZ1yWgcohNPptxgiRmrQw+MwnrLP5eGRpZ6W9wChdhku9r3+ysHXoDfGlQC8u4pulJ
         sbquJ9K3CCw+VDwvtghDTHfFEkCzv/KBdQCnWuznzkbCN3iIR6wXVSGxBqAkLL12ZQoX
         +usVIXltN7/8mKhQiJsusmxHiEEEn+Y5mDUDj6Jkw59RoWeRkRG/ZPU9SBToFaKMNzYj
         wSxVyHfU8PECCAt8+MIEbsLwfPTxbNbfKVNus/WQUF77VJkWsZUtSvM5hGjC6PyGCha9
         f3MTKsVaxT4J31r2jUIgUDQbky3EzVfspxNlTNFdve010ZxAiPiG07cKHRlYMFkalTbC
         y0sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=IgulanZDsEA99FfN8NEA0YXsuDnNUPM5WDLk6Gy6yjQ=;
        b=BxbJnVcyV/Z1eT17868ZC2Nvb/ySUqsiUxy14p2gljog8yOA4u2rMqmICeNc99T3Kl
         G+L0897nmy2rSbmIurTIuQBQvRYKwwQt0YKyxslOhbnilCghrhXAkzBhGSFHujPWjYJf
         XHS63VEBlJxKD89EETDOcnq2cUSyG/FGiNHdWpSongH5TKEW7WfN/0kf3qrioMB3AIeS
         iAm3TXOgNROC9y9c2I+1iLfu+J6UgLcTviCF9Om3NZxlClghlJTazNFNoVnRMmGHetAy
         L8w/+xhwu0d9IxTSJwdFMYCtZmhgApouEhyOognKNP5VwL1gmGIortam2cSv1OTd8TdY
         sHwg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=Pj6ycxKa;
       dkim=fail header.i=@chromium.org header.s=google header.b=PaEoTkzy;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j6si7233576pfg.9.2018.02.14.12.14.05;
        Wed, 14 Feb 2018 12:14:20 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=Pj6ycxKa;
       dkim=fail header.i=@chromium.org header.s=google header.b=PaEoTkzy;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1162857AbeBNTXu (ORCPT <rfc822;hackukernel@gmail.com>
        + 99 others); Wed, 14 Feb 2018 14:23:50 -0500
Received: from mail-vk0-f68.google.com ([209.85.213.68]:42717 "EHLO
        mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1162787AbeBNTXt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Feb 2018 14:23:49 -0500
Received: by mail-vk0-f68.google.com with SMTP id b132so6621460vke.9
        for <linux-kernel@vger.kernel.org>; Wed, 14 Feb 2018 11:23:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=IgulanZDsEA99FfN8NEA0YXsuDnNUPM5WDLk6Gy6yjQ=;
        b=Pj6ycxKaDkcBWxSFjnRUQTvwFhBNHumvVVe2Kj/Xn/PLKq8ulI02RkpkEsojwBXDKu
         Jz4mBR4PzkowfyPQk5m86ko0ol6rcH3fYLjCvcIMzWEmspAcWEqyMiaWXWFqvfWmtzXO
         XzDOWNcpuTvRjNvrXGZX0xyHC7DejKH+WeRmYH/C/HkLe387fw85wZ3qISp7wr83/LLb
         /AriQRy/ILJkOZrm9zOeMyCZ0K9cXdn4OwRVqGSD4SBInn0KupUNn76KWrLEZ7O2ZlHh
         gIcT3RDd/ddTyfwzOpBv1jlWOT50hwSl2cvL7wGrMlgNrAzSQU4d2lOttOhQ/b3IM8pZ
         Mv7g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=IgulanZDsEA99FfN8NEA0YXsuDnNUPM5WDLk6Gy6yjQ=;
        b=PaEoTkzyiMBI5TwwHCFMKiptu/KrTKkq5syWp/FTMlrEcZoq2v6KaG2Pw+zcsyPlgB
         8p+z/N/HhTh/SUrnodvtjMavHuXzbIEk066ZkcQ4MRJ7CTQX5H4/7WGaNhQN952/5Rp4
         zWc5hwnpDRueWCQKMA20/HElKoZeKp0YsG0CM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=IgulanZDsEA99FfN8NEA0YXsuDnNUPM5WDLk6Gy6yjQ=;
        b=gFKNhKz/cl3R3DOZOCLUa4gW9JAjKYCxEkxL8p59+NN7b3gMXyPOlLdz5Re1JXKERu
         8zM/uTQd7Yh+w/A9ydYiergKn+ai02FOk519f2uMQnlXTLb5VPcKW6s48Y3ffifD9hSE
         Z8N/aB4L8R+PfHbW1z1rC93+hW2iFiAaEMqVWBDbSuAtU4J8IlTJy2TACjfOUaqHql9H
         bCqRSMbN0360GUeaO+2cYWbKO7hDIt0QIfk4qbUkHycqvnl2VEKCxmj12xcxFtSwoAXQ
         hD4JVfd+xX5lfmOiUWZaGaZUa0e4IHTZznCr3A+lRHuQaecTOljfGbfFhxGmCbzEy2xg
         PfUg==
X-Gm-Message-State: APf1xPAbTyRbken79aaMwhPwLKEXYA/TutNw70TMhK8n4rfriJdcGO9S
        ytzTidoZ0CMmlywkF2x6zln9TaaDt2dYrZEwufsXBQ==
X-Received: by 10.31.192.80 with SMTP id q77mr293953vkf.7.1518636228543; Wed,
 14 Feb 2018 11:23:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.56.87 with HTTP; Wed, 14 Feb 2018 11:23:47 -0800 (PST)
In-Reply-To: <1518634058.3678.15.camel@perches.com>
References: <20180214182618.14627-1-willy@infradead.org> <1518634058.3678.15.camel@perches.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Wed, 14 Feb 2018 11:23:47 -0800
X-Google-Sender-Auth: -UfuC153PMumUmvNOZQDodlAo1k
Message-ID: <CAGXu5jJdAJt3HK7FgaCyPRbXeFV-hJOrPodNnOkx=kCvSieK3w@mail.gmail.com>
Subject: Re: [PATCH 0/2] Add kvzalloc_struct to complement kvzalloc_array
To:     Joe Perches <joe@perches.com>
Cc:     Matthew Wilcox <willy@infradead.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        Linux-MM <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Feb 14, 2018 at 10:47 AM, Joe Perches <joe@perches.com> wrote:
> On Wed, 2018-02-14 at 10:26 -0800, Matthew Wilcox wrote:
>> From: Matthew Wilcox <mawilcox@microsoft.com>
>>
>> We all know the perils of multiplying a value provided from userspace
>> by a constant and then allocating the resulting number of bytes.  That's
>> why we have kvmalloc_array(), so we don't have to think about it.
>> This solves the same problem when we embed one of these arrays in a
>> struct like this:
>>
>> struct {
>>       int n;
>>       unsigned long array[];
>> };
>
> I think expanding the number of allocation functions
> is not necessary.

I think removing common mispatterns in favor of overflow-protected
allocation functions makes sense.

-Kees

-- 
Kees Cook
Pixel Security