Re: [PATCH v3 3/4] devres: provide devm_kstrdup_const()

From: Kees Cook
Date: Wed Sep 26 2018 - 19:20:34 EST


On Mon, Sep 24, 2018 at 3:11 AM, Bartosz Golaszewski <brgl@xxxxxxxx> wrote:
> Provide a resource managed version of kstrdup_const(). This variant
> internally calls devm_kstrdup() on pointers that are outside of
> .rodata section and returns the string as is otherwise.
>
> Also provide a corresponding version of devm_kfree().
>
> Signed-off-by: Bartosz Golaszewski <brgl@xxxxxxxx>
> Reviewed-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
> ---
> drivers/base/devres.c | 38 ++++++++++++++++++++++++++++++++++++++
> include/linux/device.h | 3 +++
> 2 files changed, 41 insertions(+)
>
> diff --git a/drivers/base/devres.c b/drivers/base/devres.c
> index 438c91a43508..48185d57bc5b 100644
> --- a/drivers/base/devres.c
> +++ b/drivers/base/devres.c
> @@ -11,6 +11,8 @@
> #include <linux/slab.h>
> #include <linux/percpu.h>
>
> +#include <asm/sections.h>
> +
> #include "base.h"
>
> struct devres_node {
> @@ -822,6 +824,28 @@ char *devm_kstrdup(struct device *dev, const char *s, gfp_t gfp)
> }
> EXPORT_SYMBOL_GPL(devm_kstrdup);
>
> +/**
> + * devm_kstrdup_const - resource managed conditional string duplication
> + * @dev: device for which to duplicate the string
> + * @s: the string to duplicate
> + * @gfp: the GFP mask used in the kmalloc() call when allocating memory
> + *
> + * Strings allocated by devm_kstrdup_const will be automatically freed when
> + * the associated device is detached.
> + *
> + * RETURNS:
> + * Source string if it is in .rodata section otherwise it falls back to
> + * devm_kstrdup.
> + */
> +const char *devm_kstrdup_const(struct device *dev, const char *s, gfp_t gfp)
> +{
> + if (is_kernel_rodata((unsigned long)s))
> + return s;
> +
> + return devm_kstrdup(dev, s, gfp);
> +}
> +EXPORT_SYMBOL(devm_kstrdup_const);
> +
> /**
> * devm_kvasprintf - Allocate resource managed space and format a string
> * into that.
> @@ -895,6 +919,20 @@ void devm_kfree(struct device *dev, const void *p)
> }
> EXPORT_SYMBOL_GPL(devm_kfree);
>
> +/**
> + * devm_kfree_const - Resource managed conditional kfree
> + * @dev: device this memory belongs to
> + * @p: memory to free
> + *
> + * Function calls devm_kfree only if @p is not in .rodata section.
> + */
> +void devm_kfree_const(struct device *dev, const void *p)
> +{
> + if (!is_kernel_rodata((unsigned long)p))
> + devm_kfree(dev, p);
> +}
> +EXPORT_SYMBOL(devm_kfree_const);
> +
> /**
> * devm_kmemdup - Resource-managed kmemdup
> * @dev: Device this memory belongs to
> diff --git a/include/linux/device.h b/include/linux/device.h
> index 33f7cb271fbb..79ccc6eb0975 100644
> --- a/include/linux/device.h
> +++ b/include/linux/device.h
> @@ -693,7 +693,10 @@ static inline void *devm_kcalloc(struct device *dev,
> return devm_kmalloc_array(dev, n, size, flags | __GFP_ZERO);
> }
> extern void devm_kfree(struct device *dev, const void *p);
> +extern void devm_kfree_const(struct device *dev, const void *p);

With devm_kfree and devm_kfree_const both taking "const", how are
devm_kstrdup_const() and devm_kfree_const() going to be correctly
paired at compile time? (i.e. I wasn't expecting the prototype change
to devm_kfree())

-Kees

> extern char *devm_kstrdup(struct device *dev, const char *s, gfp_t gfp) __malloc;
> +extern const char *devm_kstrdup_const(struct device *dev,
> + const char *s, gfp_t gfp);
> extern void *devm_kmemdup(struct device *dev, const void *src, size_t len,
> gfp_t gfp);
>
> --
> 2.18.0
>



--
Kees Cook
Pixel Security