From patchwork Thu Sep 30 22:26:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12538017 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5D46C43217 for ; Thu, 30 Sep 2021 22:27:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AED2B61882 for ; Thu, 30 Sep 2021 22:27:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344573AbhI3W2x (ORCPT ); Thu, 30 Sep 2021 18:28:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343652AbhI3W2v (ORCPT ); Thu, 30 Sep 2021 18:28:51 -0400 Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3FB4C06176D for ; Thu, 30 Sep 2021 15:27:08 -0700 (PDT) Received: by mail-pg1-x532.google.com with SMTP id h3so7628415pgb.7 for ; Thu, 30 Sep 2021 15:27:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=36j5L3IXWBXJSa10uMT5uD6s/Y5u7bDApoWqfRj3glw=; b=jdF4+GGFPTaheVbue765+UfgFhpqgRf4n2s6bFx1BdfagCMTvVJMI5rPIAsyJxBIUp /wGNVS5PAsmda7VGWicIS0lb7cjah8fETmzwWJksUMDbKsbCYNLWuZdJZ40Usk5gnrrU +C63RBPWlPJP62rZ6V8t/R4q8cigpMX4rIgYk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=36j5L3IXWBXJSa10uMT5uD6s/Y5u7bDApoWqfRj3glw=; b=qalZj4KXmz0mE17lpZwVSP8XJAx/fjwW8jyD079z13MeFwBysOvUZNtk7J+pJGiWL5 x4UNxsd+wjWkplSAr7Ik7Paj1vnVePoAmxDIlVaHQtpHtwN7Zq6tWDxT80QYO2M9BtC/ g5I/J/xhgOfmwSaynPaJvMb5qy9lKZ9S2Ys5U42rNOdDMoyD6zz6nA/Zr2fO9QUCHEcy C5Uyr0TB5vIwoaMa5EQMCTGe34O/qRe4MSTs1S13GowKwFRFMPGcS9l4MU4p84iuf7ED cyAyNMiFlu1bhjXdSgJ5KXn9ThKRN1qK5gPxonFclF56NYDNm+9G8Eeaw+6wKmDQ45MP rg9Q== X-Gm-Message-State: AOAM530rAKCxXSwkIy1KqUg4XMQsENHNLGy5hy//fGNKz0iMCy12rraK G8mMws6onxw7hCmIqjvNuxNjTDNxRz80qw== X-Google-Smtp-Source: ABdhPJzwvdcLzYPcnUhMbdaXUYsbzCJISTZjEr818vMUHCmvn0wRC/EuUIDTvv2mbQ0uruyIeNqBeA== X-Received: by 2002:a63:1104:: with SMTP id g4mr6808034pgl.403.1633040828353; Thu, 30 Sep 2021 15:27:08 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id w14sm4014005pge.40.2021.09.30.15.27.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Sep 2021 15:27:07 -0700 (PDT) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Daniel Micay , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v3 0/8] Add __alloc_size() Date: Thu, 30 Sep 2021 15:26:56 -0700 Message-Id: <20210930222704.2631604-1-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2796; h=from:subject; bh=I3VSaYm9ezb7bHImNRkPHiAlz1ym/3eSqmSHHw7PzPc=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhVjm2trNkLaQC+FMTfijdk1cGylQunUf+UbapBw2l aTY8uFmJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYVY5tgAKCRCJcvTf3G3AJqQFD/ 9YSlk3PdAdtRBkTdXkwP8owLGfO+VnOq9vtRzRbsuSKa7C8/IvCCNxD16nC3XgUP+A3X9DeEeZpxtN KQQXav7b2c9MVVtP9HKO6AeJzfz0IEGECZ9KI+Om3wXz+qsFv+fZCWl4UmNQKT1vr+SDRyEINCKxGZ ExiIpojTRrbldN7lLHazXnka1vOiJ8O1zA8zi8fjhL2Lb+oj2/7/HUXzK7cOKdG/+FQ2ku14z+hnVT Fn3ErgRyIZxOuaCPtryDdLV7nNoSmxT9f9UFP2uWIZ5SU6gPOfEI7frcGyIm/IlMXNcdTBMhNK8UhY 65VQezKn/Uk3bD4JOquuWhail4ChaSiWz/h/rY5VbegnJrC66iy96m6zTOmFqmPpYjCsVCR2VFUWuf FrYMjVOEO36ewYrtLO1ZjP6c9/AahG4Z6Nq75Or9T9JLHKcvSP06DtEC4H/aApy80DQqKojn/TJSTV wuVss9nAR6pZniVZ32+7TIfb9VbNbz1q4KGxkgFn46pkNlb8s0h9x0X7mjw6QgnnSkvocacbtiOvx0 SQisQwgvoDLZYG9YIvVpGJxy8TeyCBmt6LLM0ecQmxk+H5Q6PwgQAH6s6Eg5ofM+TMmgIJwHsdN82F OuoVLbrzAV/9M48u+Nw5VdALC6BZmelf+t3IXv0xggKtQwplVG9fyn3dmBsQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Hi Andrew, This is a refresh of the __alloc_size series you have in -mm currently. This addresses the issues[1] Linus had with attribute location and the redundant use of __malloc. These are meant to replace the following patches: compiler-attributes-add-__alloc_size-for-better-bounds-checking.patch compiler-attributes-add-__alloc_size-for-better-bounds-checking-fix.patch checkpatch-add-__alloc_size-to-known-attribute.patch slab-clean-up-function-declarations.patch slab-add-__alloc_size-attributes-for-better-bounds-checking.patch mm-page_alloc-add-__alloc_size-attributes-for-better-bounds-checking.patch percpu-add-__alloc_size-attributes-for-better-bounds-checking.patch mm-vmalloc-add-__alloc_size-attributes-for-better-bounds-checking.patch rapidio-avoid-bogus-__alloc_size-warning.patch Thanks! -Kees [1] https://lore.kernel.org/mm-commits/CAHk-=wgfbSyW6QYd5rmhSHRoOQ=ZvV+jLn1U8U4nBDgBuaOAjQ@mail.gmail.com/ v3: - move attribute logic around to better handle GCC's weird behavior - merge __malloc into the __alloc_size macro (Linus) - refactor attribute positions (Linus) v2: https://lore.kernel.org/lkml/20210818214021.2476230-1-keescook@chromium.org v1: https://lore.kernel.org/lkml/20210818050841.2226600-1-keescook@chromium.org Original cover letter: GCC and Clang both use the "alloc_size" attribute to assist with bounds checking around the use of allocation functions. Add the attribute, adjust the Makefile to silence needless warnings, and add the hints to the allocators where possible. These changes have been in use for a while now in GrapheneOS. Kees Cook (8): rapidio: Avoid bogus __alloc_size warning Compiler Attributes: add __alloc_size() for better bounds checking slab: Clean up function prototypes slab: Add __alloc_size attributes for better bounds checking mm/kvmalloc: Add __alloc_size attributes for better bounds checking mm/vmalloc: Add __alloc_size attributes for better bounds checking mm/page_alloc: Add __alloc_size attributes for better bounds checking percpu: Add __alloc_size attributes for better bounds checking Makefile | 15 ++++ drivers/rapidio/devices/rio_mport_cdev.c | 9 ++- include/linux/compiler-gcc.h | 8 ++ include/linux/compiler_attributes.h | 10 +++ include/linux/compiler_types.h | 12 +++ include/linux/gfp.h | 4 +- include/linux/mm.h | 16 ++-- include/linux/percpu.h | 6 +- include/linux/slab.h | 99 +++++++++++++----------- include/linux/vmalloc.h | 22 +++--- scripts/checkpatch.pl | 3 +- 11 files changed, 128 insertions(+), 76 deletions(-)