Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1736481lqa; Mon, 29 Apr 2024 18:54:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV71p1LUM8GEg4U2AzSpUw4srxPNstCZ4RTq6TnBigi7LlzJtSBfFSaagwKqO4l5RsQ2gcmOciASLiey5X290k9YKtlAg+X6SUhbOXJDg== X-Google-Smtp-Source: AGHT+IFpP9tqJuOJJMR38YL482lFYq9Z/l1v0KcyRD6o4KBTn1gAXslcajZpFgBzIDix17boV07z X-Received: by 2002:a05:6358:d393:b0:186:235a:f32f with SMTP id mp19-20020a056358d39300b00186235af32fmr13995113rwb.30.1714442059946; Mon, 29 Apr 2024 18:54:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714442059; cv=pass; d=google.com; s=arc-20160816; b=BgTgUQIc/zIl4hB4AszkNGzgGy4y35pTK2P2FqqVEouhL1XUENvMeWpl/GIP2t1cgD 3fl7DIVe7NaW2dHaJsiwHDF2WmHgZhsyEf8cCnMb53YVqhX6liOParRb5imd0iSMHCMO cYP638aK0mjpqLsRwz38AuZi0/RKZvMv0QcjvSOrqH1kiQ6YuFdjn5Xwu+koD8Obte33 JBbuP3d7ZEt1mO35zSz4eNbQh6MYgX4cJPFeYAJHlAoGatVjTbTuDQZRf6bH+WfN42cK ro8WNCcIiuxGvPGD7nSLV+xFY2RYcSR5KerByOBLqkoY7b560lafGRWThuaOre6mgkxS OG9g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:in-reply-to:subject:cc:to:from:date :feedback-id:dkim-signature; bh=TvQfAezCIQpgNjRX/9FITqcxG7cypBbpvMsEhvlw3CI=; fh=P7dohcNZzzeh3hcWh1vmD/PKv+dP9+vLMzfubo6uZKU=; b=vLJyOTqLHpZ1aaZoNIRwtbVUjz4saz5L+OlVTECcwJcUB6W+PpVtO5RM58bJpxNfKe FesdaSAfWidTHafMHNJiesxfONLx7cyV7W7xUQMLfc3GD4o4PZ0uhuYCCUzVaZK79dcb OrmXZdKHZLw4107pd/8PWi6Nyh6K4Tcsqwul5XpgcLFoKMgz2GAjVGiXV5R99ZsFAPr9 iaCwsCyADaDzwrUkexhDkfn057U5G9lTqdEPHunYTGzAhfRxSELu279LWnpz39nwVcPe BuqJQayrKCAN0Ya4Ithwy+8szotkRkEsLHZfm6hgfd8ySJRsJst0xcOSyrZD9hOack1x xjUw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=R+FcX0ZK; arc=pass (i=1 dkim=pass dkdomain=messagingengine.com); spf=pass (google.com: domain of linux-kernel+bounces-163252-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163252-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id k11-20020a636f0b000000b005f803b18ef5si18046527pgc.513.2024.04.29.18.54.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 18:54:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-163252-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=R+FcX0ZK; arc=pass (i=1 dkim=pass dkdomain=messagingengine.com); spf=pass (google.com: domain of linux-kernel+bounces-163252-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163252-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 86AB9284584 for ; Tue, 30 Apr 2024 01:54:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 926D08BF1; Tue, 30 Apr 2024 01:54:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="R+FcX0ZK" Received: from wfout4-smtp.messagingengine.com (wfout4-smtp.messagingengine.com [64.147.123.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E089579DC; Tue, 30 Apr 2024 01:54:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=64.147.123.147 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714442049; cv=none; b=Gg03QtywyCsxU2q+0MLxeGw3z3nrgO7LN22yKX4cy1jHVBPe1Nzk0PF9pJS9zPOy8SYpy9yqdDvpJvvLLVOrXGA5FxpMniQUiQZAlWiLVuG6Yal5Vn/it6o9w/NLupXq0ZkEocLt1q6MERh2uPtJ4pew8QnQWSvX4PwL7rM2cCQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714442049; c=relaxed/simple; bh=/pKumPOlfhaWlo9dOCFEE/29YIst6MSj0NpY1zurQuI=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=W1+5Al46JqYdUq6DVKcZ/JPDkU4tpklu2DFCniDa5hsjo32KjGWAAG55BGyVymteaqiSMmIioifZcDylwW31HAZZnsUJ8BbEau4gljGzN/Gx0w97c6Vri9daQUwL0hjjsu8hg+s2/CAKUgyJofxoSr4yGKWGQJoV3SAdHA1O5f4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org; spf=none smtp.mailfrom=linux-m68k.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=R+FcX0ZK; arc=none smtp.client-ip=64.147.123.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux-m68k.org Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.west.internal (Postfix) with ESMTP id 4D9D51C00171; Mon, 29 Apr 2024 21:54:05 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Mon, 29 Apr 2024 21:54:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1714442044; x=1714528444; bh=TvQfAezCIQpgNjRX/9FITqcxG7cy pBbpvMsEhvlw3CI=; b=R+FcX0ZKSCBWt1V2G4IvUL2lxCHIzkfDskXzqeUbMs1e ybgch9ILFtGGF0T+KN64ac/LAC/KCaR++MwBCTpWpf2kUJi0Drc8DLLTqGVlVxyp IISN/vYnjUEilbbMICs/0kcKnSUi1xp5L1ZTimSDzNIRlh22D5A/wnJ7yBn22gX0 B01V4CMPmJ5OaScZE3XFyEZI8kK8XssgaYBzu/PsTToJRbEOBKRN+/TuzxknyZtN fh30/Wo/JglVY3BTrzGRAW4A5uzZXyMkLrDFm1b6kGtwv7uQFHqgpw03R7Gybgje QuF2+amjMi0AY53qA/WE62m2RJr3zzm8BFBqvlYenA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdduvddghedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevufgjkfhfgggtsehttdertddttddvnecuhfhrohhmpefhihhnnhcu vfhhrghinhcuoehfthhhrghinheslhhinhhugidqmheikehkrdhorhhgqeenucggtffrrg htthgvrhhnpeelueehleehkefgueevtdevteejkefhffekfeffffdtgfejveekgeefvdeu heeuleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hfthhhrghinheslhhinhhugidqmheikehkrdhorhhg X-ME-Proxy: Feedback-ID: i58a146ae:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 29 Apr 2024 21:54:01 -0400 (EDT) Date: Tue, 30 Apr 2024 11:54:27 +1000 (AEST) From: Finn Thain To: Kees Cook cc: "Martin K. Petersen" , Erick Archer , "James E.J. Bottomley" , Bjorn Helgaas , Justin Stitt , "Gustavo A. R. Silva" , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v3] scsi: csiostor: Use kcalloc() instead of kzalloc() In-Reply-To: <202404291259.3A8EE11@keescook> Message-ID: <070eccee-25c1-05ae-0ae8-7c6fe2eff82f@linux-m68k.org> References: <202404291019.5AC903A@keescook> <202404291259.3A8EE11@keescook> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII On Mon, 29 Apr 2024, Kees Cook wrote: > this isn't a case where we can show identical binary output, since this > actively adds overflow checking via kcalloc() internals. > > ... > > it is a trivially correct change that uses a more robust API and more > idiomatic allocation sizeof()s If a change is "trivially correct" then the proof is trivial too. Based only on what you wrote above, omitting the overflow check would give binary equivalence. That validates the driver change (for hardware you lack). But, since a build without the overflow check must contain a second change, you must validate that change too by showing that kcalloc() internals still work for every other caller. (You do this using hardware you have.)