Re: [PATCH 5/5] pstore: inode: Use cleanup.h for struct pstore_private

On Sat, Dec 02, 2023 at 01:22:15PM -0800, Kees Cook wrote: > static void *pstore_ftrace_seq_start(struct seq_file *s, loff_t *pos) > { > @@ -338,9 +339,8 @@ int pstore_mkfile(struct dentry *root, struct > pstore_record *record) > { > struct dentry *dentry; > struct inode

Re: [PATCH 3/5] fs: Add DEFINE_FREE for struct inode

On Sat, Dec 02, 2023 at 09:42:12PM +, Al Viro wrote: > I'll poke around and see what I can suggest; said that, one thing I have > spotted there on the quick look is that you are exposing hashed dentry > associated > with your inode before you set its ->i_private. ... and on the second look,

Re: [PATCH 3/5] fs: Add DEFINE_FREE for struct inode

On Sat, Dec 02, 2023 at 01:34:32PM -0800, Kees Cook wrote: > On Sat, Dec 02, 2023 at 09:28:46PM +, Al Viro wrote: > > On Sat, Dec 02, 2023 at 01:22:13PM -0800, Kees Cook wrote: > > > Allow __free(iput) markings for easier cleanup on inode allocations. > > > > NAK. That's a bloody awful idea f

Re: [PATCH 3/5] fs: Add DEFINE_FREE for struct inode

On Sat, Dec 02, 2023 at 09:28:46PM +, Al Viro wrote: > On Sat, Dec 02, 2023 at 01:22:13PM -0800, Kees Cook wrote: > > Allow __free(iput) markings for easier cleanup on inode allocations. > > NAK. That's a bloody awful idea for that particular data type, since > 1) ERR_PTR(...) is not un

Re: [PATCH 3/5] fs: Add DEFINE_FREE for struct inode

On Sat, Dec 02, 2023 at 01:22:13PM -0800, Kees Cook wrote: > Allow __free(iput) markings for easier cleanup on inode allocations. NAK. That's a bloody awful idea for that particular data type, since 1) ERR_PTR(...) is not uncommon and passing it to iput() is a bug. 2) the common p

Re: [PATCH][next] wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings

On Thu, Nov 16, 2023 at 02:57:24PM -0600, Gustavo A. R. Silva wrote: > Transform zero-length arrays `adm_stat` and `msdu_cnt` into proper > flexible-array members in anonymous union in `struct > mt7996_mcu_all_sta_info_event` via the DECLARE_FLEX_ARRAY() > helper; and fix multiple -Warray-bounds wa

[PATCH 5/5] pstore: inode: Use cleanup.h for struct pstore_private

Simplify error path when "private" needs to be freed. Cc: "Guilherme G. Piccoli" Cc: Tony Luck Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook --- fs/pstore/inode.c | 13 - 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/fs/pstore/inode.c b/fs/pstore/inod

[PATCH 1/5] pstore: inode: Convert kfree() usage to __free(kfree)

Mostly as an example to myself, replace a simple allocation pattern with the automatic kfree cleanup features now exposed by cleanup.h. Cc: "Guilherme G. Piccoli" Cc: Tony Luck Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook --- fs/pstore/inode.c | 10 -- 1 file changed, 4

[PATCH 2/5] pstore: inode: Convert mutex usage to guard(mutex)

Replace open-coded mutex handling with cleanup.h guard(mutex) and scoped_guard(mutex, ...). Cc: "Guilherme G. Piccoli" Cc: Tony Luck Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook --- fs/pstore/inode.c | 76 +++ 1 file changed, 31 inser

[PATCH 3/5] fs: Add DEFINE_FREE for struct inode

Allow __free(iput) markings for easier cleanup on inode allocations. Cc: Christian Brauner Cc: Peter Zijlstra (Intel) Cc: Alexander Viro Cc: linux-fsde...@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/fs.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/fs.h b

[PATCH 0/5] pstore: Initial use of cleanup.h

Hi, Mostly as practice for myself, I rewrote a bunch of the error handling paths in pstore to use the new cleanup.h routines. Notably, this meant adding a DEFINE_FREE() for struct inode. Notably, I'm enjoying this part: "44 insertions(+), 65 deletions(-)" It also passes basic testing. :) -Kees

[PATCH 4/5] pstore: inode: Use __free(iput) for inode allocations

Simplify error path for failures where "inode" needs to be freed. Cc: "Guilherme G. Piccoli" Cc: Tony Luck Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook --- fs/pstore/inode.c | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/fs/pstore/inode.c b/fs/pstor

Re: [PATCH] pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()

On Sun, 05 Nov 2023 23:29:36 +0300, Sergey Shtylyov wrote: > In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return > 64-bit value since persistent_ram_zone::buffer_size has type size_t which > is derived from the 64-bit *unsigned long*, while the ecc_blocks variable > this value

Re: [PATCH][next] atags_proc: Add __counted_by for struct buffer and use struct_size()

On Tue, 10 Oct 2023 06:46:50 -0600, Gustavo A. R. Silva wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array index

[PATCH v2] netlink: Return unsigned value for nla_len()

The return value from nla_len() is never expected to be negative, and can never be more than struct nlattr::nla_len (a u16). Adjust the prototype on the function. This will let GCC's value range optimization passes know that the return can never be negative, and can never be larger than u16. As rec