From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Raag Jadav <raag.jadav@intel.com>,
gregkh@linuxfoundation.org, linus.walleij@linaro.org,
mika.westerberg@linux.intel.com, broonie@kernel.org,
pierre-louis.bossart@linux.dev, linux-gpio@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-input@vger.kernel.org,
linux-sound@vger.kernel.org
Subject: Re: [PATCH v1 1/5] devres: Introduce devm_kmemdup_array()
Date: Mon, 25 Nov 2024 19:13:06 +0200 [thread overview]
Message-ID: <Z0SwIsmKPlqfRlMB@smile.fi.intel.com> (raw)
In-Reply-To: <Z0Sl1gmYc3y11riD@google.com>
On Mon, Nov 25, 2024 at 08:29:10AM -0800, Dmitry Torokhov wrote:
> On Mon, Nov 25, 2024 at 05:08:13PM +0200, Raag Jadav wrote:
> > On Mon, Nov 25, 2024 at 09:49:22AM +0200, Andy Shevchenko wrote:
> > > On Sun, Nov 24, 2024 at 07:03:36AM +0000, Dmitry Torokhov wrote:
> > > > On Sun, Nov 24, 2024 at 01:35:23AM +0530, Raag Jadav wrote:
...
> > > > > Introduce '_array' variant of devm_kmemdup() for the users which lack
> > > > > multiplication overflow check.
> > > >
> > > > I am not sure that this new helper is needed. Unlike allocators for
> > > > brand new objects, such as kmalloc_array(), devm_kmemdup() makes a copy
> > > > of already existing object, which is supposed to be a valid object and
> > > > therefore will have a reasonable size. So there should be no chance for
> > > > hitting this overflow unless the caller is completely confused and calls
> > > > devm_kmemdup() with random arguments (in which case all bets are off).
> > >
> > > Don't we want to have a code more robust even if all what you say applies?
> > > Also this makes the call consistent with zillions of others from the alloc
> > > family of calls in the Linux kernel.
>
> Having a clean API is fine, just do not bill it as something that is
> "safer". As I mentioned, unlike other allocators this one is supposed to
> operate with a valid source object and size passed to devm_kmemdup()
> should not exceed the size of the source object. There is no chance of
> overflowing.
Agree.
> > Agree. Although shooting in the foot is never the expectation, it is
> > atleast better than having to debug such unexpected cases.
>
> Then maybe have a BUG() there instead of returning NULL? I know BUG()s
> are frowned upon, but I think in this case overflow is really an
> indicator of a hard error by the caller which is passing garbage
> arguments to this function.
>
> Hm, I see we have kmemdup_array() already. Ok. How about making your
> devm_kmemdup_array() be similar to kmemdup_array()?
>
> static inline void *devm_kmemdup_array(struct device *dev, const void *src,
> size_t n, size_t size, gfp_t flags)
> {
> return devm_kmemdup(dev, src, size_mul(size, n), flags);
> }
>
> This will trigger a warning on a too large order of allocation in
> mm/page_alloc.c::__alloc_pages_noprof().
This is nice! I have overlooked that kmemdup_array() uses size_mul()
instead of a check. Raag, can you rebuild your series on this?
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2024-11-25 17:13 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-23 20:05 [PATCH v1 0/5] Introduce devm_kmemdup_array() helper Raag Jadav
2024-11-23 20:05 ` [PATCH v1 1/5] devres: Introduce devm_kmemdup_array() Raag Jadav
2024-11-24 7:03 ` Dmitry Torokhov
2024-11-25 7:49 ` Andy Shevchenko
2024-11-25 15:08 ` Raag Jadav
2024-11-25 16:29 ` Dmitry Torokhov
2024-11-25 17:13 ` Andy Shevchenko [this message]
2024-11-26 8:14 ` Raag Jadav
2024-11-23 20:05 ` [PATCH v1 2/5] pinctrl: intel: copy communities using devm_kmemdup_array() Raag Jadav
2024-11-23 20:05 ` [PATCH v1 3/5] pinctrl: pxa2xx: use devm_kmemdup_array() Raag Jadav
2024-11-23 20:05 ` [PATCH v1 4/5] input: sparse-keymap: " Raag Jadav
2024-11-23 20:05 ` [PATCH v1 5/5] ASoC: Intel: avs: " Raag Jadav
2024-11-25 17:21 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z0SwIsmKPlqfRlMB@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=broonie@kernel.org \
--cc=dmitry.torokhov@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linus.walleij@linaro.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sound@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=pierre-louis.bossart@linux.dev \
--cc=raag.jadav@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.