From: Jann Horn <jannh@google.com>
To: Shyam Saini <mayhs11saini@gmail.com>
Cc: Linux-MM <linux-mm@kvack.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Matthew Wilcox <willy@infradead.org>,
Christopher Lameter <cl@linux.com>,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH] slab: Redefine ZERO_SIZE_PTR to include ERR_PTR range
Date: Sun, 20 Oct 2019 17:38:18 +0200 [thread overview]
Message-ID: <CAG48ez05QVn6_gQ2TBrRa1a_DWQoaSSYubUsu5YMWxx-gqMijQ@mail.gmail.com> (raw)
In-Reply-To: <20191010103151.7708-1-mayhs11saini@gmail.com>
On Thu, Oct 10, 2019 at 12:32 PM Shyam Saini <mayhs11saini@gmail.com> wrote:
> Currently kfree does not accept ERR_PTR range so redefine ZERO_SIZE_PTR
> to include this and also change ZERO_OR_NULL_PTR macro to check this new
> range. With this change kfree will skip and behave as no-ops when ERR_PTR
> is passed.
>
> This will help error related to ERR_PTR stand out better.
What do you mean by "stand out better"? To me it sounds like before,
the kernel would probably blow up in some way if you passed an error
pointer into kfree(), and with this change, it will silently ignore it
instead, right? If you actually wanted this kind of error to stand
out, wouldn't it make more sense to add something like "if
(WARN_ON(IS_ERR(x))) return;" to the implementations of kfree()?
I would prefer that, since "kfree(<error pointer>)" probably indicates
that someone messed up their error handling jumps.
> After this, we don't need to reset any ERR_PTR variable to NULL before
> being passed to any kfree or related wrappers calls, as everything would
> be handled by ZERO_SIZE_PTR itself.
With the caveat that you still can't do it in code that might be
stable-backported, otherwise it will blow up occasionally in the rare
case where the error path is hit?
[...]
> +#define ZERO_SIZE_PTR \
> +({ \
> + BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\
> + (void *)(-MAX_ERRNO-1L); \
> +})
> +
> +#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= \
> + (unsigned long)ZERO_SIZE_PTR - 1)
If you do go through with this change, you'll probably want to adjust
the message in check_bogus_address() - "null address" really isn't an
appropriate error message for an address near the end of the address
space.
prev parent reply other threads:[~2019-10-20 15:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-10 10:31 [PATCH] slab: Redefine ZERO_SIZE_PTR to include ERR_PTR range Shyam Saini
2019-10-10 14:22 ` Christopher Lameter
2019-10-10 17:44 ` Matthew Wilcox
2019-10-10 18:35 ` Christopher Lameter
2019-10-20 6:06 ` Shyam Saini
2019-10-20 15:38 ` Jann Horn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAG48ez05QVn6_gQ2TBrRa1a_DWQoaSSYubUsu5YMWxx-gqMijQ@mail.gmail.com \
--to=jannh@google.com \
--cc=cl@linux.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-mm@kvack.org \
--cc=mayhs11saini@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).