On Thu, Sep 22, 2022 at 09:10:56AM +0200, Christian König wrote: > Am 22.09.22 um 05:10 schrieb Kees Cook: > > Hi, > > > > This series fixes up the cases where callers of ksize() use it to > > opportunistically grow their buffer sizes, which can run afoul of the > > __alloc_size hinting that CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE > > use to perform dynamic buffer bounds checking. > > Good cleanup, but one question: What other use cases we have for ksize() > except the opportunistically growth of buffers? The remaining cases all seem to be using it as a "do we need to resize yet?" check, where they don't actually track the allocation size themselves and want to just depend on the slab cache to answer it. This is most clearly seen in the igp code: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/intel/igb/igb_main.c?h=v6.0-rc6#n1204 My "solution" there kind of side-steps it, and leaves ksize() as-is: https://lore.kernel.org/linux-hardening/20220922031013.2150682-8-keescook@xxxxxxxxxxxx/ The more correct solution would be to add per-v_idx size tracking, similar to the other changes I sent: https://lore.kernel.org/linux-hardening/20220922031013.2150682-11-keescook@xxxxxxxxxxxx/ I wonder if perhaps I should just migrate some of this code to using something like struct membuf. > Off hand I can't see any. > > So when this patch set is about to clean up this use case it should probably > also take care to remove ksize() or at least limit it so that it won't be > used for this use case in the future. Yeah, my goal would be to eliminate ksize(), and it seems possible if other cases are satisfied with tracking their allocation sizes directly. -Kees -- Kees Cook