On 8/23/24 01:13, Kees Cook wrote:
(...) For cases where the total size of the allocation is needed,
the kmalloc_obj_sz(), kmalloc_objs_sz(), and kmalloc_flex_sz() family
of macros can be used. For example:
info->size = struct_size(ptr, flex_member, count);
ptr = kmalloc(info->s
On 8/5/24 23:43, Kees Cook wrote:
GCC already checks for arguments that are marked with the "nonstring"[1]
attribute when used on standard C String API functions (e.g. strcpy). Gain
this compile-time checking also for the kernel's primary string copying
function, strscpy().
Note that Clang has n
On 7/10/24 01:28, Kees Cook wrote:
On Tue, Jul 09, 2024 at 11:02:55PM +0200, Marco Elver wrote:
On Tue, 9 Jul 2024 at 22:28, Kees Cook wrote:
On Tue, Jul 09, 2024 at 10:26:32AM -0700, Christoph Lameter (Ampere) wrote:
On Mon, 8 Jul 2024, Kees Cook wrote:
obj = kmalloc(obj, gfp
On 7/8/24 21:18, Kees Cook wrote:
Using a short Coccinelle script, it is possible to replace the classic
kmalloc code patterns with the typed information:
@alloc@
type TYPE;
TYPE *P;
expression GFP;
identifier ALLOC =~ "k[mz]alloc";
@@
P = ALLOC(
- \(sizeof(*P)\|sizeof(TYP
On 7/8/24 21:18, Kees Cook wrote:
The allocator will already reject giant sizes seen from negative size
arguments, so this commit mainly services as an example for initial
type-based filtering. The size argument is checked for negative values
in signed arguments, saturating any if found instead o
-
net/core/dev.c| 31 +++
net/core/net-sysfs.c | 2 +-
3 files changed, 15 insertions(+), 30 deletions(-)
Reviewed-by: Przemek Kitszel
aleksander.loba...@intel.com
[1]
https://lore.kernel.org/netdev/20240318130354.2713265-1-aleksander.loba...@intel.com
nice,
Reviewed-by: Przemek Kitszel
On 3/7/24 00:51, Kees Cook wrote:
The norm should be flexible array structures with __counted_by
annotations, so DEFINE_FLEX() is updated to expect that. Rename
the non-annotated version to DEFINE_RAW_FLEX(), and update the
few existing users.
Signed-off-by: Kees Cook
---
Cc: Przemek Kitszel
On 3/6/24 04:25, Gustavo A. R. Silva wrote:
On 05/03/24 19:07, Kees Cook wrote:
The norm should be flexible array structures with __counted_by
annotations, so DEFINE_FLEX() is updated to expect that. Rename
the non-annotated version to DEFINE_RAW_FLEX(), and update the few
existing users. Addi
On 1/30/24 23:06, Kees Cook wrote:
The check_add_overflow() helper is mostly a wrapper around
__builtin_add_overflow(), but GCC and Clang refuse to operate on pointer
arguments that would normally be allowed if the addition were open-coded.
For example, we have many places where pointer overflow
On 9/12/23 18:16, Kees Cook wrote:
On Tue, Sep 12, 2023 at 07:59:30AM -0400, Przemek Kitszel wrote:
Add DEFINE_FLEX() macro, that helps on-stack allocation of structures
with trailing flex array member.
Expose __struct_size() macro which reads size of data allocated
by DEFINE_FLEX().
Accompany
11 matches
Mail list logo