Re: [PATCH] driver core: Add __alloc_size hint to devm allocators

[Kees Cook]

On Tue, Oct 18, 2022 at 12:09:30PM +0200, Rasmus Villemoes wrote:
> On 18/10/2022 09.34, Kees Cook wrote:
> > Mark the devm_*alloc()-family of allocations with appropriate
> > __alloc_size() hints so the compiler can attempt to reason about buffer
> > lengths from allocations.
> > 
> 
> > @@ -226,7 +226,8 @@ static inline void *devm_kcalloc(struct device *dev,
> >  void devm_kfree(struct device *dev, const void *p);
> >  char *devm_kstrdup(struct device *dev, const char *s, gfp_t gfp) __malloc;
> >  const char *devm_kstrdup_const(struct device *dev, const char *s, gfp_t gfp);
> > -void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp);
> > +void *devm_kmemdup(struct device *dev, const void *src, size_t len, gfp_t gfp)
> > +	__alloc_size(3);
> 
> I think it's wrong to apply the __malloc attribute to kmemdup() and
> variants.
>
> 'malloc'
>      This tells the compiler that a function is 'malloc'-like, i.e.,
>      that the pointer P returned by the function cannot alias any other
>      pointer valid when the function returns, and moreover no pointers
>      to valid objects occur in any storage addressed by P.

Oh, ew, it defines rules about _contents_ as well. Thank you for
pointing that out!

I suppose we can use __realloc_size for these cases then?

-- 
Kees Cook