From: David Laight <david.laight.linux@gmail.com>
To: Kees Cook <kees@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>,
Christoph Lameter <cl@linux.com>, Miguel Ojeda <ojeda@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Marco Elver <elver@google.com>,
Nick Desaulniers <ndesaulniers@google.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Roman Gushchin <roman.gushchin@linux.dev>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH 1/5] treewide: Replace kfree() casts with union members
Date: Sun, 23 Mar 2025 10:26:04 +0000 [thread overview]
Message-ID: <20250323102604.5103c649@pumpkin> (raw)
In-Reply-To: <20250321204105.1898507-1-kees@kernel.org>
On Fri, 21 Mar 2025 13:40:57 -0700
Kees Cook <kees@kernel.org> wrote:
> As a prerequisite to being able to optionally take the address of any
> lvalues used in a call to kfree(), replace casts to the kfree() argument
> with unions to include an actual pointer.
Having different names for the argument to kfree() and other uses
of the data is just brain-dead and will make reading code harder
and writing code that access data after it is freed so much easier.
David
>
> This is an example subset. There are another handful remaining:
>
> $ git grep '\bkfree((void \*)'
> arch/mips/alchemy/common/dbdma.c: kfree((void *)ctp->cdb_membase);
> arch/s390/kernel/crash_dump.c: kfree((void *)(unsigned long)addr);
> drivers/crypto/atmel-sha204a.c: kfree((void *)i2c_priv->hwrng.priv);
> drivers/infiniband/hw/cxgb4/mem.c: kfree((void *) (unsigned long) mhp->kva);
> drivers/isdn/mISDN/fsm.c: kfree((void *) fsm->jumpmatrix);
> drivers/misc/altera-stapl/altera.c: kfree((void *)vars[variable_id]);
> drivers/misc/altera-stapl/altera.c: kfree((void *)vars[i]);
> drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h: kfree((void *)x); \
> drivers/net/ethernet/qlogic/qed/qed_main.c: kfree((void *)cdev);
> drivers/net/usb/cx82310_eth.c: kfree((void *)dev->partial_data);
> drivers/net/usb/cx82310_eth.c: kfree((void *)dev->partial_data);
> drivers/scsi/snic/snic_io.c: kfree((void *)rqi->sge_va);
> drivers/scsi/snic/snic_io.c: kfree((void *)rqi->sge_va);
> drivers/staging/rtl8723bs/os_dep/os_intfs.c: /* kfree((void *)padapter); */
> drivers/video/fbdev/grvga.c: kfree((void *)virtual_start);
> drivers/video/fbdev/grvga.c: kfree((void *)info->screen_base);
> drivers/xen/grant-table.c: kfree((void *)page_private(pages[i]));
> net/ieee802154/nl802154.c: kfree((void *)cb->args[0]);
> net/sched/em_ipset.c: kfree((void *) em->data);
> net/sched/em_meta.c: kfree((void *) v->val);
>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> include/linux/netlink.h | 1 +
> include/net/pkt_cls.h | 5 ++++-
> net/sched/ematch.c | 2 +-
> net/wireless/nl80211.c | 2 +-
> 4 files changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/netlink.h b/include/linux/netlink.h
> index c3ae84a77e16..26eb9eea8a74 100644
> --- a/include/linux/netlink.h
> +++ b/include/linux/netlink.h
> @@ -295,6 +295,7 @@ struct netlink_callback {
> bool strict_check;
> union {
> u8 ctx[NETLINK_CTX_SIZE];
> + void * ptr;
>
> /* args is deprecated. Cast a struct over ctx instead
> * for proper type safety.
> diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
> index c64fd896b1f9..4faf8d6eed1d 100644
> --- a/include/net/pkt_cls.h
> +++ b/include/net/pkt_cls.h
> @@ -403,7 +403,10 @@ struct tcf_ematch_ops;
> */
> struct tcf_ematch {
> struct tcf_ematch_ops * ops;
> - unsigned long data;
> + union {
> + unsigned long data;
> + void * ptr;
> + };
> unsigned int datalen;
> u16 matchid;
> u16 flags;
> diff --git a/net/sched/ematch.c b/net/sched/ematch.c
> index 5c1235e6076a..f4b00e7aca6a 100644
> --- a/net/sched/ematch.c
> +++ b/net/sched/ematch.c
> @@ -411,7 +411,7 @@ void tcf_em_tree_destroy(struct tcf_ematch_tree *tree)
> if (em->ops->destroy)
> em->ops->destroy(em);
> else if (!tcf_em_is_simple(em))
> - kfree((void *) em->data);
> + kfree(em->ptr);
> module_put(em->ops->owner);
> }
> }
> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
> index d7d3da0f6833..b5a3ae07d84c 100644
> --- a/net/wireless/nl80211.c
> +++ b/net/wireless/nl80211.c
> @@ -3270,7 +3270,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
>
> static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
> {
> - kfree((void *)cb->args[0]);
> + kfree(cb->ptr);
> return 0;
> }
>
next prev parent reply other threads:[~2025-03-23 10:26 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-21 20:40 [RFC 0/5] slab: Set freed variables to NULL by default Kees Cook
2025-03-21 20:40 ` [PATCH 1/5] treewide: Replace kfree() casts with union members Kees Cook
2025-03-23 10:26 ` David Laight [this message]
2025-03-21 20:40 ` [PATCH 2/5] treewide: Prepare for kfree() to __kfree() rename Kees Cook
2025-03-21 20:40 ` [PATCH 3/5] compiler_types: Introduce __is_lvalue() Kees Cook
2025-03-22 3:38 ` Jann Horn
2025-03-22 7:03 ` Kees Cook
2025-03-21 20:41 ` [PATCH 4/5] slab: Set freed variables to NULL by default Kees Cook
2025-03-22 1:50 ` Jann Horn
2025-03-22 7:18 ` Kees Cook
2025-03-27 19:23 ` Jann Horn
2025-03-27 19:42 ` Matthew Wilcox
2025-03-21 20:41 ` [PATCH 5/5] [DEBUG] slab: Report number of NULLings Kees Cook
2025-03-24 16:16 ` Christoph Lameter (Ampere)
2025-03-25 19:45 ` Kees Cook
2025-03-27 13:00 ` [RFC 0/5] slab: Set freed variables to NULL by default Harry Yoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250323102604.5103c649@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=elver@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=penberg@kernel.org \
--cc=przemyslaw.kitszel@intel.com \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.