Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1601091lqa; Mon, 29 Apr 2024 13:15:12 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWwt+kfi+LzTLeBIG4NEYEXWklaHLRHzUQeEWxp8vJJ3bpmJnuo6Oe54ZYMpn/Fx0dsK5SUGTXtmbkUW77uHDWuSB3xe9OzfzTR3yW7sw== X-Google-Smtp-Source: AGHT+IEixO5O6Jbkm2t3jgor1wbmHwOwe8zYlS7uVxk7jMySkpNy0uyJtzFNFY6iDXqOepJvIydh X-Received: by 2002:a05:6a20:c6cd:b0:1aa:a3e0:ef5f with SMTP id gw13-20020a056a20c6cd00b001aaa3e0ef5fmr817633pzb.1.1714421712009; Mon, 29 Apr 2024 13:15:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714421711; cv=pass; d=google.com; s=arc-20160816; b=w63QnqqTfNkQTBszJue96SURv3PujpMNUUhlVyjxOl2tWo9jf7j6luSuLn6uei7C72 lau/HTD5nZrGtCpJHyahtKPw8/nDD950owJlHp9sMO59eyPIRYDqs9gU0GjYumOp3zDZ +BJJM85rCBVM/R57FY1N5QJvCMwL36qvPcgxUuZ8jFN+w8hP63KR4MvrM9pi6osbi2nx p5YhIiufrp6kYssmpCOYOSSndyDauxIErCalbvn97FYmVUrWARAo4RwR6PZHsvPGdHZh q5hU+Gwu3SfxnonbC4phfY5NkBVv+/pOkDAt9yMXhy3xGhAV+DWGRUjmBglvwjAvl+Z5 be3g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=BXjzsh/nfrNV74+/Eg/rT8Fya+BcYBRXBPB+VYkGIr8=; fh=sEmxMK/bUYW74kIHbIhwE8rF/qc8kgNBAkwAP1HKpWI=; b=PmljBOPJeikG25upnUvdAXK4lAo8/9S3VSMcVvjGeil1u5pQ3ss1bCRQydLsfyzQ4F yWsvxaMe8eIDNpLHT46aCaSrXwa3Ip20pfxNXAdNs/qkdXMV35p3sOsxGDGjZ6tkT6aW GYQXAOgE5OGJc0KWIxAzln6s+fp3zR7TBFOxe/puqNl7ePoMbzH7Hecz0JglofggbCw7 ULzQQiiS+ulaWAOpaB3mgXXJTF678l8nacOAn4Mv5IqDGIDezBlL0N9c1ojYKHW9AO92 40fq1t36r/2lRvcm9HEwRch/JIjRQD9eP+LGi6173Txqj9W060DnPrdLDNvesfvHvHNO Cjyg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=OhPo1yH+; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-163006-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163006-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id z3-20020aa79e43000000b006f27545c78dsi8134269pfq.4.2024.04.29.13.15.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 13:15:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-163006-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=OhPo1yH+; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-163006-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163006-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 6218FB23191 for ; Mon, 29 Apr 2024 20:13:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6ED131411D3; Mon, 29 Apr 2024 20:13:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="OhPo1yH+" Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D5F614039D for ; Mon, 29 Apr 2024 20:13:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714421604; cv=none; b=qtwkl312pK4rX+kPB76tSO/+zlE04wB5U4i1+Ofd08nsfbjafBwISxve381ePs07A9sSQ9pAfVKmXDNhVYTiGzrdP8meBK/iXtkwEkSABUlg3Xrw94jsH3XdxtoRJ7pGXGEvu1R6/EDdfuyhubUWQsOpRGVf+NCBLmAbROy3XOY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714421604; c=relaxed/simple; bh=Wpz9boe/w8KT9hr5B4n4S8JECxM9pa+bGQT6Fr8iw4g=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=aguFmXNuY/tumTRSD3kt9TJgGJAW8nQO3ofi0xiAZnU++usbiAtTfu1ARlYnk1y+zG2kDfKLsi1AY9ZuzE1Q0E8myEdSnhBSsj/5KbaCtDVso0+Btidv8Cyl001dtDeLsk+BqSWVLMyikDFm0Q9NioOXrUQi8yL/mWWm5qh+8OM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=OhPo1yH+; arc=none smtp.client-ip=209.85.210.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-6ecf05fd12fso4410003b3a.2 for ; Mon, 29 Apr 2024 13:13:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1714421603; x=1715026403; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=BXjzsh/nfrNV74+/Eg/rT8Fya+BcYBRXBPB+VYkGIr8=; b=OhPo1yH+CQsaHtevEsQPziFBtmiv7UnZc8xCKssikeC82GIEG5U0OnktR/nMyi9mP1 QeGKdnSrzfuRLR2homs1QDJQDu6Suuopgl6LgeCU6Wjfe/M8xVshT0p5mI2ItIDqPZRS bTDvZnGG1pylYyK2NhR8QH4qqmGY3ZQAhk8Pg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714421603; x=1715026403; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BXjzsh/nfrNV74+/Eg/rT8Fya+BcYBRXBPB+VYkGIr8=; b=WxTQEsDtEiYjtoEggh53j8WAdqbkxAJARCSXfiIDiNcoFkXMNrPnfMaIHotnamLiN5 hMRvNZ41tgyhWyp2NyvGZSldwTFHgZY6+ZYISYf0q0GiyK/KVj32F2EIMjs7b7DCkYCu ffGmLzc+mAoirftvrzyg4xx2fWoQERHddQxMtSzQ7gDk3BBD0pfBkkwBadZiV0/50uVI /yaywOpwDJiRU6+0MyfhY2PLlg8WS4DVH+BfzESF1SYbnPvDClRzMhZEkF96LDNY8NYl 85f0Vur0ew2Q3BQCS7JJguzk0zpLnJC6p90Xdg+SnYCIcNofxe640KGODgOsrwLUPUaQ 8yug== X-Forwarded-Encrypted: i=1; AJvYcCUMDRWf2wzd4gB6ckURSoDG7iCbIrG1flg6LuaTKLNvghAvrOyyg56lmM3dngvuYpfgaIGRHCKdNE1OgTEVL0Elc0QPkOaYuvmXtYIr X-Gm-Message-State: AOJu0YwHHynksw8osLSguvT+rgipLMUEY0G8sT9tMeI/N9MXuDJgiNhC EEuHxrKePbT6PgNmZZhQLPTaSId9stJj+L4oSWyqBL+H2raTz1ygnk2/QvxbZg== X-Received: by 2002:a05:6a20:43ab:b0:1af:597f:ffa4 with SMTP id i43-20020a056a2043ab00b001af597fffa4mr620907pzl.14.1714421602751; Mon, 29 Apr 2024 13:13:22 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id b8-20020a170902d50800b001eab473021fsm6336073plg.168.2024.04.29.13.13.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 13:13:22 -0700 (PDT) Date: Mon, 29 Apr 2024 13:13:21 -0700 From: Kees Cook To: "Martin K. Petersen" Cc: Erick Archer , "James E.J. Bottomley" , Bjorn Helgaas , Justin Stitt , "Gustavo A. R. Silva" , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v3] scsi: csiostor: Use kcalloc() instead of kzalloc() Message-ID: <202404291259.3A8EE11@keescook> References: <202404291019.5AC903A@keescook> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Apr 29, 2024 at 02:31:19PM -0400, Martin K. Petersen wrote: > > Kees, > > >> This patch seems to be lost. Gustavo reviewed it on January 15, 2024 > >> but the patch has not been applied since. > > > > This looks correct to me. I can pick this up if no one else snags it? > > I guess my original reply didn't make it out, I don't see it in the > archives. > > My objections were: > > 1. The original code is more readable to me than the proposed > replacement. I guess this is a style preference. I find the proposed easier to read. It also removes lines while doing it. :) > 2. The original code has worked since introduced in 2012. Nobody has > touched it since, presumably it's fine. The code itself is fine unless you have a 32-bit system with a malicious card, so yeah, near zero risk. > 3. I don't have the hardware and thus no way of validating the proposed > changes. This is kind of an ongoing tension we have between driver code and refactoring efforts. And this isn't a case where we can show identical binary output, since this actively adds overflow checking via kcalloc() internals. > So what is the benefit of me accepting this patch? We have had several > regressions in these conversions. Had one just last week, almost > identical in nature to the one at hand. People are working through large piles of known "weak code patterns" with the goal of reaching 0 instances in the kernel. Usually this is for ongoing greater compiler flag coverage, but this particular one is harder for the compiler to warn on, so it's from Coccinelle patterns. > I am all for fixing code which is undergoing active use and development. > But I really don't see the benefit of updating a legacy driver which > hasn't seen updates in ages. Why risk introducing a regression? I see a common pattern where "why risk introducing a regression?" gets paired with "we can't test this code". I'm really not sure what to do about this given how much the kernel is changing all the time. In this particular case, I guess all I can say is that it is a trivially correct change that uses a more robust API and more idiomatic allocation sizeof()s (i.e. use the sizeof() of what is being allocated, not a potentially disconnected struct name). -Kees -- Kees Cook