Received: by 2002:a05:6358:111d:b0:dc:6189:e246 with SMTP id f29csp3125148rwi; Tue, 1 Nov 2022 16:29:25 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4Q0px1ybLKoWvlYVKyU/04bhWdjV6K02hRLYCfH5yoWeUpfsdRCcOWnglnv9lfbSDzDAIl X-Received: by 2002:a17:90b:3b44:b0:213:34f7:facb with SMTP id ot4-20020a17090b3b4400b0021334f7facbmr40209818pjb.150.1667345365582; Tue, 01 Nov 2022 16:29:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667345365; cv=none; d=google.com; s=arc-20160816; b=KROS+K6GrRPNPu9arrAi0gYnrB8eUnIyf2U62kANqnNYFn8OVwHza9ZRMZ6f0HBTmE AJ8VaL8MJp3A8qm7bX2BrrdRb1hrCzd5W9+ubJl+O4Y815A56lH4Mjyt4YmMSlJIeTw5 y8tvuFDQnH7utQL5uo1vUK2DimJ9t6yNtwoZAxeu5mYsREfUMnXniaMNhHe6II9JRZJE tvgNoH1Q7WhpSDzvexDLRxCAmyloQI/dfQcw8UWy/hr6dVUZAypsjbcaRCNARgyyijYj A6WZvV5evIl+deNz6t6QqaSt6pQwGlns0/N/IhXMqWVNFz6doaYOY8HwPxnCTfolMxux ufvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eQzGoj4PWhL+YVsgQJ5z9+/Kih3t/rfTwXU0TvQKFM8=; b=aKTM0r7xRaShgvaACdQtBIbmyN+XUFuoHcB1KRX1pmm3okwss8F2RUU2cz/oO24idf ack+0wJh/TPBgCWDlGn2/AuJrIAFAer/JR3rwTgR2XjbbohBkD4OnBrTLNWF3JQ0qbRB /+n/qs05UbCTMjuH5J18TBKPDX92ssrTT0nYxbyig5AVGoGmy9pLLEAmI9NR7WjQUN4D DeoLpG4Gmsq73BvIWxAmUlIgzUwQltWFdVW0CMoC4Js1duOYLhV+S7JIloTJ1L/BKDfj vGpZUKQ6JmvExrFt6+eNfxB12BpIPgshNyS8zlaR8rueS/kOwNa5FaGea+T2mRgWvePu rnAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Kzs1G6hQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p33-20020a635b21000000b0045a8b142a48si16099136pgb.657.2022.11.01.16.29.13; Tue, 01 Nov 2022 16:29:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Kzs1G6hQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230093AbiKAWed (ORCPT + 96 others); Tue, 1 Nov 2022 18:34:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231191AbiKAWd1 (ORCPT ); Tue, 1 Nov 2022 18:33:27 -0400 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEECCFE9 for ; Tue, 1 Nov 2022 15:33:24 -0700 (PDT) Received: by mail-pj1-x1034.google.com with SMTP id v4-20020a17090a088400b00212cb0ed97eso274308pjc.5 for ; Tue, 01 Nov 2022 15:33:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eQzGoj4PWhL+YVsgQJ5z9+/Kih3t/rfTwXU0TvQKFM8=; b=Kzs1G6hQ0kuz+t6Hyj2luEYUctJSzYNjr/RiQSddlkXMvlC8WZSqxbKBR2GxuqenLf OQUaP6LafEUW9QQSk2N1CHCFrlEna5vrjPlqMt/MY6K5NPsabM+UDg7xhMpyYJBvp/TB Qhr391tCSEJAxfKc6RXWCg9m4yKOpz8jet1NI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eQzGoj4PWhL+YVsgQJ5z9+/Kih3t/rfTwXU0TvQKFM8=; b=vfgK1wstPB3zdNZNC1PLsaOudxBIV9Hf+6I1s36/5tiG5jqliin2ekTUT/sEqBlL3Y QpvjFgOeFJZZmiy8I78pAXZVy7I5A3XOwwMl7oYbvl1CaG/tIurBQsYiPo1STTRmYIkm 9qvA6xrxo/OkjssYcQ6KZRSK4DBlm0SoI2uUgUit8F0kBQUakvEvR51N1LJPHDkv9FRj KIZ/ON/nkrEP72jm1tdkGdXaJuJ2ElOiFy1RGI/oBee1HaImhbuipifyAV6dA1Uy5DrC QvTHf7j9NTpgGYIqAjad8XLBG/TP/6j/yv5GhyPLyWmODg88s7h1neW8TM8M87rL1IPg 0aow== X-Gm-Message-State: ACrzQf0FRLwKfTDG06hKm5vtwSlqLQ++tTHG4yQmA1XMavlnPAbNWOSP yet/oSTfp8clGAAXRy/6Fgr/Lf+8F/lBQA== X-Received: by 2002:a17:90a:c38a:b0:213:119e:ebce with SMTP id h10-20020a17090ac38a00b00213119eebcemr22669388pjt.159.1667342004156; Tue, 01 Nov 2022 15:33:24 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id g16-20020aa79dd0000000b0056cd54ac8a0sm6979590pfq.197.2022.11.01.15.33.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 15:33:22 -0700 (PDT) From: Kees Cook To: Vlastimil Babka Cc: Kees Cook , Rasmus Villemoes , Guenter Roeck , Andy Shevchenko , Paolo Abeni , Geert Uytterhoeven , David Gow , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: [PATCH 4/6] string: Add __realloc_size hint to kmemdup() Date: Tue, 1 Nov 2022 15:33:12 -0700 Message-Id: <20221101223321.1326815-4-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221101222520.never.109-kees@kernel.org> References: <20221101222520.never.109-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2029; h=from:subject; bh=66bqcDCKUcRos1t3IlFIPskpfbQxNO3VtEaxc728EbA=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjYZ6qbleitpvvOHVivxE2GM3C7WRtYicICVcezr+K bBy/ZYGJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY2GeqgAKCRCJcvTf3G3AJrxyD/ 0Sz5EBlX00TyOBKDue5S/TEPKu9FlK6tMshCI96Akt4QtwgM/FBaeIhUn5+WVlyWsSNnOkEiXOWNxf ymZEc2e4ip37GLLxvPOMgosfpIYt0RcwkaR7QQ9q+KHX2NzK3Nxk1DhkQAVNG7BC5wlkEBtUdWPK/b xdg34XDeb0ZVx1f1iL99s36MEkhWeztSoXoCLOVVT2v2r5dzGBa6j04E8oFt/2KV8VPZzsgvk59Wjo dZqvH0TOW5wKWLeN3AbHhRmhSArnFXiCvW7Gh7gwknSwVDGO6SQYWqUIvG8P26lPY504wXm6j7t08z xHujiAKshTjNBk4czRB5OEWIIZOquiBaCfcaWCKD3PPRU6YeAOv4RZ21DwgdjoVb9Pq9Dstq4lgy6W 9ue2fGR7chwod+xcu1qT4CUORf4DemZ2DfBaiUyrJZ2jq4pFoCJfLcfaRQO0iUCAuXWEc3ZC13q+oA kh0aDQbQMbsdRW2wcnl5gT8As3lVlFb7Sg7v/vbWHxtz5z9l3T035nWeFK0nf/PE1WY+gAfvSNGEX+ 5hcYyHvMmBj0lzQb2Ld+lBE9utZib3KNIy8hr+LNYpmVxxRpNJbcCr+SKpIbf2wSGg0ZZd0aGysEX0 L62xCGtjZMX4rSYWvhmXvBRca9taL7b603KSa7zEAwMFItsv7hzzN+y5tcyw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add __realloc_size() hint to kmemdup() so the compiler can reason about the length of the returned buffer. (These must not use __alloc_size, since those include __malloc which says the contents aren't defined[1]). [1] https://lore.kernel.org/linux-hardening/d199c2af-06af-8a50-a6a1-00eefa0b67b4@prevas.dk/ Cc: Rasmus Villemoes Cc: Guenter Roeck Cc: Andy Shevchenko Cc: Paolo Abeni Cc: Geert Uytterhoeven Signed-off-by: Kees Cook --- include/linux/fortify-string.h | 2 +- include/linux/string.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h index 9e2d96993c30..aa31f54f8b57 100644 --- a/include/linux/fortify-string.h +++ b/include/linux/fortify-string.h @@ -670,7 +670,7 @@ __FORTIFY_INLINE void *memchr_inv(const void * const POS0 p, int c, size_t size) } extern void *__real_kmemdup(const void *src, size_t len, gfp_t gfp) __RENAME(kmemdup) - __alloc_size(2); + __realloc_size(2); __FORTIFY_INLINE void *kmemdup(const void * const POS0 p, size_t size, gfp_t gfp) { size_t p_size = __struct_size(p); diff --git a/include/linux/string.h b/include/linux/string.h index af1d69e5610e..db28802ab0a6 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -176,7 +176,7 @@ extern void kfree_const(const void *x); extern char *kstrdup(const char *s, gfp_t gfp) __malloc; extern const char *kstrdup_const(const char *s, gfp_t gfp); extern char *kstrndup(const char *s, size_t len, gfp_t gfp); -extern void *kmemdup(const void *src, size_t len, gfp_t gfp) __alloc_size(2); +extern void *kmemdup(const void *src, size_t len, gfp_t gfp) __realloc_size(2); extern char *kmemdup_nul(const char *s, size_t len, gfp_t gfp); extern char **argv_split(gfp_t gfp, const char *str, int *argcp); -- 2.34.1