[PATCH] compiler_types.h: Test for __alloc_size_

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] compiler_types.h: Test for __alloc_size__ again
@ 2022-09-29  8:16 Kees Cook
  2022-09-29  9:14 ` Vlastimil Babka
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2022-09-29  8:16 UTC (permalink / raw)
  To: Vlastimil Babka
  Cc: Kees Cook, Miguel Ojeda, Nick Desaulniers, Andrew Morton,
	Yonghong Song, Hao Luo, Marco Elver, Geert Uytterhoeven,
	Alexei Starovoitov, Kumar Kartikeya Dwivedi, Rasmus Villemoes,
	linux-kernel, linux-hardening

While the "alloc_size" attribute is available on all GCC versions, I
forgot that it gets disabled explicitly by the kernel in GCC < 9.1 due
to misbehaviors. Add a note to the compiler_attributes.h entry for it,
and restore the #ifdef in compiler_types.h.

Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Yonghong Song <yhs@fb.com>
Cc: Hao Luo <haoluo@google.com>
Cc: Marco Elver <elver@google.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/lkml/CAMuHMdXK+UN1YVZm9DenuXAM8hZRUZJwp=SXsueP7sWiVU3a9A@mail.gmail.com
Fixes: 63caa04ec60583b1 ("slab: Remove __malloc attribute from realloc functions")
Signed-off-by: Kees Cook <keescook@chromium.org>
---
I swear I sent this earlier today, but I don't see it on lore still. Resending,
so apologies if this is a duplicate.
---
 include/linux/compiler_attributes.h | 3 ++-
 include/linux/compiler_types.h      | 9 +++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
index 465be5f072ff..55fbb6091ecf 100644
--- a/include/linux/compiler_attributes.h
+++ b/include/linux/compiler_attributes.h
@@ -65,7 +65,8 @@
 
 /*
  * Note: do not use this directly. Instead, use __alloc_size() since it is conditionally
- * available and includes other attributes.
+ * available and includes other attributes. For GCC < 9.1, __alloc_size__ gets undefined
+ * in compiler-gcc.h, due to misbehaviors.
  *
  *   gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-alloc_005fsize-function-attribute
  * clang: https://clang.llvm.org/docs/AttributeReference.html#alloc-size
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index f141a6f6b9f6..0717534f8364 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -275,8 +275,13 @@ struct ftrace_likely_data {
  * be performing a _reallocation_, as that may alias the existing pointer.
  * For these, use __realloc_size().
  */
-#define __alloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__) __malloc
-#define __realloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__)
+#ifdef __alloc_size__
+# define __alloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__) __malloc
+# define __realloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__)
+#else
+# define __alloc_size(x, ...)	__malloc
+# define __realloc_size(x, ...)
+#endif
 
 #ifndef asm_volatile_goto
 #define asm_volatile_goto(x...) asm goto(x)
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] compiler_types.h: Test for __alloc_size__ again
  2022-09-29  8:16 [PATCH] compiler_types.h: Test for __alloc_size__ again Kees Cook
@ 2022-09-29  9:14 ` Vlastimil Babka
  2022-09-29  9:41   ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Vlastimil Babka @ 2022-09-29  9:14 UTC (permalink / raw)
  To: Kees Cook
  Cc: Miguel Ojeda, Nick Desaulniers, Andrew Morton, Yonghong Song,
	Hao Luo, Marco Elver, Geert Uytterhoeven, Alexei Starovoitov,
	Kumar Kartikeya Dwivedi, Rasmus Villemoes, linux-kernel,
	linux-hardening

On 9/29/22 10:16, Kees Cook wrote:
> While the "alloc_size" attribute is available on all GCC versions, I
> forgot that it gets disabled explicitly by the kernel in GCC < 9.1 due
> to misbehaviors. Add a note to the compiler_attributes.h entry for it,
> and restore the #ifdef in compiler_types.h.
> 
> Cc: Vlastimil Babka <vbabka@suse.cz>
> Cc: Miguel Ojeda <ojeda@kernel.org>
> Cc: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Yonghong Song <yhs@fb.com>
> Cc: Hao Luo <haoluo@google.com>
> Cc: Marco Elver <elver@google.com>
> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
> Link: https://lore.kernel.org/lkml/CAMuHMdXK+UN1YVZm9DenuXAM8hZRUZJwp=SXsueP7sWiVU3a9A@mail.gmail.com
> Fixes: 63caa04ec60583b1 ("slab: Remove __malloc attribute from realloc functions")
> Signed-off-by: Kees Cook <keescook@chromium.org>

Thanks, I decided to late squash it so we don't needlessly cause issues for
people doing bisections with gcc-8 later.

> ---
> I swear I sent this earlier today, but I don't see it on lore still. Resending,
> so apologies if this is a duplicate.
> ---
>  include/linux/compiler_attributes.h | 3 ++-
>  include/linux/compiler_types.h      | 9 +++++++--
>  2 files changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
> index 465be5f072ff..55fbb6091ecf 100644
> --- a/include/linux/compiler_attributes.h
> +++ b/include/linux/compiler_attributes.h
> @@ -65,7 +65,8 @@
>  
>  /*
>   * Note: do not use this directly. Instead, use __alloc_size() since it is conditionally
> - * available and includes other attributes.
> + * available and includes other attributes. For GCC < 9.1, __alloc_size__ gets undefined
> + * in compiler-gcc.h, due to misbehaviors.
>   *
>   *   gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-alloc_005fsize-function-attribute
>   * clang: https://clang.llvm.org/docs/AttributeReference.html#alloc-size
> diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
> index f141a6f6b9f6..0717534f8364 100644
> --- a/include/linux/compiler_types.h
> +++ b/include/linux/compiler_types.h
> @@ -275,8 +275,13 @@ struct ftrace_likely_data {
>   * be performing a _reallocation_, as that may alias the existing pointer.
>   * For these, use __realloc_size().
>   */
> -#define __alloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__) __malloc
> -#define __realloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__)
> +#ifdef __alloc_size__
> +# define __alloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__) __malloc
> +# define __realloc_size(x, ...)	__alloc_size__(x, ## __VA_ARGS__)
> +#else
> +# define __alloc_size(x, ...)	__malloc
> +# define __realloc_size(x, ...)
> +#endif
>  
>  #ifndef asm_volatile_goto
>  #define asm_volatile_goto(x...) asm goto(x)


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] compiler_types.h: Test for __alloc_size__ again
  2022-09-29  9:14 ` Vlastimil Babka
@ 2022-09-29  9:41   ` Kees Cook
  0 siblings, 0 replies; 3+ messages in thread
From: Kees Cook @ 2022-09-29  9:41 UTC (permalink / raw)
  To: Vlastimil Babka
  Cc: Miguel Ojeda, Nick Desaulniers, Andrew Morton, Yonghong Song,
	Hao Luo, Marco Elver, Geert Uytterhoeven, Alexei Starovoitov,
	Kumar Kartikeya Dwivedi, Rasmus Villemoes, linux-kernel,
	linux-hardening

On Thu, Sep 29, 2022 at 11:14:47AM +0200, Vlastimil Babka wrote:
> On 9/29/22 10:16, Kees Cook wrote:
> > While the "alloc_size" attribute is available on all GCC versions, I
> > forgot that it gets disabled explicitly by the kernel in GCC < 9.1 due
> > to misbehaviors. Add a note to the compiler_attributes.h entry for it,
> > and restore the #ifdef in compiler_types.h.
> > 
> > Cc: Vlastimil Babka <vbabka@suse.cz>
> > Cc: Miguel Ojeda <ojeda@kernel.org>
> > Cc: Nick Desaulniers <ndesaulniers@google.com>
> > Cc: Andrew Morton <akpm@linux-foundation.org>
> > Cc: Yonghong Song <yhs@fb.com>
> > Cc: Hao Luo <haoluo@google.com>
> > Cc: Marco Elver <elver@google.com>
> > Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
> > Link: https://lore.kernel.org/lkml/CAMuHMdXK+UN1YVZm9DenuXAM8hZRUZJwp=SXsueP7sWiVU3a9A@mail.gmail.com
> > Fixes: 63caa04ec60583b1 ("slab: Remove __malloc attribute from realloc functions")
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> 
> Thanks, I decided to late squash it so we don't needlessly cause issues for
> people doing bisections with gcc-8 later.

Sounds good to me; thanks!

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-09-29  9:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-29  8:16 [PATCH] compiler_types.h: Test for __alloc_size__ again Kees Cook
2022-09-29  9:14 ` Vlastimil Babka
2022-09-29  9:41   ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox