On Wed, Mar 02, 2022 at 12:18:45PM -0800, Linus Torvalds wrote:
On Wed, Mar 2, 2022 at 12:07 PM Kees Cook keescook@chromium.org wrote:
I've long wanted to change kfree() to explicitly set pointers to NULL on free. https://github.com/KSPP/linux/issues/87
We've had this discussion with the gcc people in the past, and gcc actually has some support for it, but it's sadly tied to the actual function name (ie gcc has some special-casing for "free()")
See
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94527for some of that discussion.
Oh, and I see some patch actually got merged since I looked there last so that you can mark "deallocator" functions, but I think it's only for the context matching, not for actually killing accesses to the pointer afterwards.
Ah! I missed that getting added in GCC 11. But yes, there it is:
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-mal...
Hah, now we may need to split __malloc from __alloc_size. ;)
I'd still like the NULL assignment behavior, though, since some things can easily avoid static analysis.