In preparation for making kfree() a wrapper macro, replace address-taken
instances of kfree with __kfree so the future renaming of kfree to
__kfree will work correctly. (Or to avoid needing to create a union for
a cast.)
This is an example subset needed to build my bootable image. I'm sure
there are more, but they immediately throw build errors when encountered
so they cannot be silently missed.
Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
---
arch/mips/alchemy/common/dbdma.c | 2 +-
include/linux/slab.h | 2 ++
io_uring/futex.c | 2 +-
io_uring/io_uring.c | 12 ++++++------
kernel/bpf/core.c | 3 ++-
5 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/arch/mips/alchemy/common/dbdma.c b/arch/mips/alchemy/common/dbdma.c
index 6a3c890f7bbf..08548e5daead 100644
--- a/arch/mips/alchemy/common/dbdma.c
+++ b/arch/mips/alchemy/common/dbdma.c
@@ -422,7 +422,7 @@ u32 au1xxx_dbdma_ring_alloc(u32 chanid, int entries)
* Lost....do it again, allocate extra, and round
* the address base.
*/
- kfree((const void *)desc_base);
+ __kfree((const void *)desc_base);
i = entries * sizeof(au1x_ddma_desc_t);
i += (sizeof(au1x_ddma_desc_t) - 1);
desc_base = (u32)kmalloc(i, GFP_KERNEL|GFP_DMA);
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 09eedaecf120..3e807ccc8583 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -469,6 +469,8 @@ void kfree(const void *objp);
void kfree_sensitive(const void *objp);
size_t __ksize(const void *objp);
+#define __kfree(x) kfree(x)
+
DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T))
DEFINE_FREE(kfree_sensitive, void *, if (_T) kfree_sensitive(_T))
diff --git a/io_uring/futex.c b/io_uring/futex.c
index 43e2143255f5..e46a019fbd08 100644
--- a/io_uring/futex.c
+++ b/io_uring/futex.c
@@ -41,7 +41,7 @@ bool io_futex_cache_init(struct io_ring_ctx *ctx)
void io_futex_cache_free(struct io_ring_ctx *ctx)
{
- io_alloc_cache_free(&ctx->futex_cache, kfree);
+ io_alloc_cache_free(&ctx->futex_cache, __kfree);
}
static void __io_futex_complete(struct io_kiocb *req, struct io_tw_state *ts)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index ceacf6230e34..0a41a3a981b1 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -360,11 +360,11 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p)
free_ref:
percpu_ref_exit(&ctx->refs);
err:
- io_alloc_cache_free(&ctx->apoll_cache, kfree);
+ io_alloc_cache_free(&ctx->apoll_cache, __kfree);
io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free);
io_alloc_cache_free(&ctx->rw_cache, io_rw_cache_free);
- io_alloc_cache_free(&ctx->uring_cache, kfree);
- io_alloc_cache_free(&ctx->msg_cache, kfree);
+ io_alloc_cache_free(&ctx->uring_cache, __kfree);
+ io_alloc_cache_free(&ctx->msg_cache, __kfree);
io_futex_cache_free(ctx);
kvfree(ctx->cancel_table.hbs);
xa_destroy(&ctx->io_bl_xa);
@@ -2702,11 +2702,11 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx)
io_sqe_files_unregister(ctx);
io_cqring_overflow_kill(ctx);
io_eventfd_unregister(ctx);
- io_alloc_cache_free(&ctx->apoll_cache, kfree);
+ io_alloc_cache_free(&ctx->apoll_cache, __kfree);
io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free);
io_alloc_cache_free(&ctx->rw_cache, io_rw_cache_free);
- io_alloc_cache_free(&ctx->uring_cache, kfree);
- io_alloc_cache_free(&ctx->msg_cache, kfree);
+ io_alloc_cache_free(&ctx->uring_cache, __kfree);
+ io_alloc_cache_free(&ctx->msg_cache, __kfree);
io_futex_cache_free(ctx);
io_destroy_buffers(ctx);
io_free_region(ctx, &ctx->param_region);
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index da729cbbaeb9..9d2721d24c40 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -280,7 +280,8 @@ void __bpf_prog_free(struct bpf_prog *fp)
mutex_destroy(&fp->aux->used_maps_mutex);
mutex_destroy(&fp->aux->dst_mutex);
kfree(fp->aux->poke_tab);
- kfree(fp->aux);
+ /* "fp" may be in read-only memory */
+ __kfree(fp->aux);
}
free_percpu(fp->stats);
free_percpu(fp->active);
--
2.34.1
