Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1010686rwd; Thu, 8 Jun 2023 10:39:58 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4Yl8KR1+mFnM7IZlI5A1COJmd/WNU9cG9UZxONWOtbdAr+er28aOoqak+bFUB8qFVMGKMG X-Received: by 2002:a05:6a20:9596:b0:117:d81d:f170 with SMTP id iu22-20020a056a20959600b00117d81df170mr4465801pzb.28.1686245997831; Thu, 08 Jun 2023 10:39:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686245997; cv=none; d=google.com; s=arc-20160816; b=oUE+YlI5rtsWqa7RM6vZMSX0T5a0pvy8zGH2mnmN1/Ipj1TZcO10kAaICfLDE7vs5e gpzjQNtrTF7bmv8O53DeIVNNir5KRED3u0pu+zr5+R30I0PqChUNrT6707zcEXwq6Jgp c8X+oEpxDVocVc4SLFZhVClMXt88Aw23nR6BXsHaY5OsX7EOwetyaxAl5BJnm+BB5vL+ IFHBRS+OsFZkOYIITWGDOzy5AVBxlqAs6P0fIxaaPY4XAzGkoCzRWxNVHR2T8vckX1FG J9Gdf8bupT9eWE/Y06/1rXT+MGFm+vuWCND5uBOV6T8Bi1w3Xoh8pGA+HBSpavSM/287 DAXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=OiUMOSXxnadMdfH5BZI/Bps6B5NzwsmxH9J17vehVTE=; b=DTBGdL7NnEndsRr8AAcQLkbiLFjcOPhzWyeXrnldImlevNg2iN8upAGCLX0fCpPtgb BokOis1dn86hgvtR5FmqNdRwRR7l7G6dX3PGf1688QQ0ovQkglJAw2S98mvLHUFv9gsB ojIsY3qbG3Z+9hrn706K+6XaPyGLVIOkrsDcFOHAATGH1/nLk8uFrFvfNK3+ikTHc5Xx clmgP1dhVxdo7vLmrT8EwzYqaG3gERcGDEiFOWx+OF53qN4etpu8WfJ58aoq6JwGzoJk ssiC3hX1etNJXlfX32oOj2X/1Z15QNCG0WLOhqSjnj6nzfS5BqdPhYevt95kZUsDhVZX ZIzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=1+GMzsnK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 207-20020a6218d8000000b0064580409a12si1046917pfy.320.2023.06.08.10.39.35; Thu, 08 Jun 2023 10:39:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=1+GMzsnK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237014AbjFHRUt (ORCPT + 99 others); Thu, 8 Jun 2023 13:20:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45826 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236934AbjFHRUo (ORCPT ); Thu, 8 Jun 2023 13:20:44 -0400 Received: from mail-qv1-xf30.google.com (mail-qv1-xf30.google.com [IPv6:2607:f8b0:4864:20::f30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C834A269A for ; Thu, 8 Jun 2023 10:20:31 -0700 (PDT) Received: by mail-qv1-xf30.google.com with SMTP id 6a1803df08f44-62b68ce199bso7410306d6.0 for ; Thu, 08 Jun 2023 10:20:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1686244831; x=1688836831; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OiUMOSXxnadMdfH5BZI/Bps6B5NzwsmxH9J17vehVTE=; b=1+GMzsnKpHf0vQ3fPKZx4WPB+4os+5xcHmhLWVm3v8FuxxZu8czvUh4SY3vOHtL5a6 0XZVmDN79H2aYBmz82g5qFPNYWEmcFjTtAeY9G5iRHnMk2mZQgfc5kh4mnd2QC+O5T5o B0IFu6b3CLpTL1u1FaCRxoP00WLXDOJPVf6HTOfdsfzWTRwjxU/ZXojqlOPjVk/UPdOR 8bnnRgQLFj67Z2mKKJRT2No5NoL64BTz9CclusyWSfmx/HWMqax9OHwOfGWg8lSUqTLo u3pdiRvJB1p2AluXcOVfy36pncX+UOCMK1MO/JHyFQ2h27huT37Y/rq3ceLKa65G9yTt 9wXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686244831; x=1688836831; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OiUMOSXxnadMdfH5BZI/Bps6B5NzwsmxH9J17vehVTE=; b=iuRG4IIkUgTafGaOOueYg8CPCnaFQIpmyxBE1KkwQ+PHb0ht2ZxtY/IJ6l1jx+1o0y lqs3IpA+4avZMIRpXrycw4Ga6GiLU+s00yZgNlbmp9C1bodo6zmwoB9Er3vEvzKB8+oo ocKxzuX5iYY+xc63/k73/ehAJiumGPfA7sd4XUnosXwHbozIf5yolw6NBlKOs4+s3gwd ieGTkHn28/I9SjeWSlkEtFKN1/Q2+r+UbX6/mYI8gXaeA4tVJWIUT4lLI3onqy3GNdrA 6dziGEVNeCkcI35FTO2mQOMWy1fakSYxcz3EbcMH1QSb/yOjO6bYtPC3a3blwiWlfOAV tKyw== X-Gm-Message-State: AC+VfDxqxCPsqWmFNHEidz21cBUi0D7dViOrzXzr+h6LhKJAo3t8TjTj 0onOaJ5pW5nzj+ravjmrkFzD9e/ofl/KUgcvpBDWsg== X-Received: by 2002:ad4:5c6a:0:b0:626:2bd8:b67a with SMTP id i10-20020ad45c6a000000b006262bd8b67amr2965328qvh.21.1686244830829; Thu, 08 Jun 2023 10:20:30 -0700 (PDT) MIME-Version: 1.0 References: <20230530092342.GA149947@hirez.programming.kicks-ass.net> <20230606094251.GA907347@hirez.programming.kicks-ass.net> <20230606134005.GE905437@hirez.programming.kicks-ass.net> <20230606180806.GA942082@hirez.programming.kicks-ass.net> <20230607094101.GA964354@hirez.programming.kicks-ass.net> <20230608085248.GA1002251@hirez.programming.kicks-ass.net> <202306080917.C0B16C8@keescook> In-Reply-To: <202306080917.C0B16C8@keescook> From: Nick Desaulniers Date: Thu, 8 Jun 2023 10:20:19 -0700 Message-ID: Subject: Re: [PATCH v2 0/2] Lock and Pointer guards To: Kees Cook , Linus Torvalds Cc: Peter Zijlstra , gregkh@linuxfoundation.org, pbonzini@redhat.com, linux-kernel@vger.kernel.org, ojeda@kernel.org, mingo@redhat.com, will@kernel.org, longman@redhat.com, boqun.feng@gmail.com, juri.lelli@redhat.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, bristot@redhat.com, vschneid@redhat.com, paulmck@kernel.org, frederic@kernel.org, quic_neeraju@quicinc.com, joel@joelfernandes.org, josh@joshtriplett.org, mathieu.desnoyers@efficios.com, jiangshanlai@gmail.com, rcu@vger.kernel.org, tj@kernel.org, tglx@linutronix.de, linux-toolchains@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 8, 2023 at 9:47=E2=80=AFAM Kees Cook wr= ote: > > On Thu, Jun 08, 2023 at 08:45:53AM -0700, Linus Torvalds wrote: > > So for convenient automatic pointer freeing, you want an interface > > much more akin to > > > > struct whatever *ptr __automatic_kfree =3D kmalloc(...); > > > > which is much more legible, doesn't have any type mis-use issues, and > > is also just trivially dealt with by a > > > > static inline void automatic_kfree_wrapper(void *pp) > > { void *p =3D *(void **)pp; if (p) kfree(p); } > > #define __automatic_kfree \ > > __attribute__((__cleanup__(automatic_kfree_wrapper))) > > #define no_free_ptr(p) \ > > ({ __auto_type __ptr =3D (p); (p) =3D NULL; __ptr; }) > > > > which I just tested generates the sane code even for the "set the ptr > > to NULL and return success" case. > > > > The above allows you to trivially do things like > > > > struct whatever *p __automatic_kfree =3D kmalloc(..); > > > > if (!do_something(p)) > > return -ENOENT; > > > > return no_free_ptr(p); > > I am a little worried about how (any version so far of) this API could go > wrong, e.g. if someone uses this and does "return p" instead of "return > no_free_ptr(p)", it'll return a freed pointer. Presumably, one could simply just not use RAII(/SBRM someone else corrected me about this recently coincidentally; I taught them my fun C++ acronym IDGAF) when working with a value that conditionally "escapes" the local scope. --=20 Thanks, ~Nick Desaulniers