From patchwork Wed Aug 18 21:40:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FD4BC43214 for ; Wed, 18 Aug 2021 21:40:40 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E7C88610CD for ; Wed, 18 Aug 2021 21:40:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E7C88610CD Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6A60E8D0001; Wed, 18 Aug 2021 17:40:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 62A496B0072; Wed, 18 Aug 2021 17:40:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 471C78D0001; Wed, 18 Aug 2021 17:40:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0058.hostedemail.com [216.40.44.58]) by kanga.kvack.org (Postfix) with ESMTP id 2D5736B006C for ; Wed, 18 Aug 2021 17:40:39 -0400 (EDT) Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id D2D0A253C4 for ; Wed, 18 Aug 2021 21:40:38 +0000 (UTC) X-FDA: 78489520956.12.3BEF8E0 Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by imf07.hostedemail.com (Postfix) with ESMTP id 81B101003FD9 for ; Wed, 18 Aug 2021 21:40:38 +0000 (UTC) Received: by mail-pg1-f182.google.com with SMTP id n18so3735681pgm.12 for ; Wed, 18 Aug 2021 14:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XLWKK7LIN3Cbqy3W2WG3JLeHKbBTWFft4ZXFdFk9oXg=; b=iGBFjWUFZQWs5tJxDH1zVSYBBvZeKZmjtKDzzDV/bHENQO/+/SVex15OXmv5bKOox8 l1/ZJUuNgNWsTqdylnHEuL68VupV+5Esam26T+2T/VEKF6mHyeATWOFYeeaYMRSynJGo Qg31Vaqz4JIjA32QsGquNnsojx8UC480D2RGY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XLWKK7LIN3Cbqy3W2WG3JLeHKbBTWFft4ZXFdFk9oXg=; b=rsoxYPI2hbhmam28npmwgyiGY7WbU0IbzdpKxMxL8E5IWowhRHItVevT4Y4hDhOn2j t2aEpmXMHhsGkeN4q6oiwk0hxGMe5ovi/sAs4TAy8tA/j46Z63LT9lUOg5mAQSisxV5m B9WytqyGEezbSBHV4i+3o090rGlzX6AHtIsSt8Lf60T7tEDNL7rD4j97DQFtA8sij+lr nZd3QiBX61p7C6T1bE49bfZeHi1CAjzCYgnewUkJ+NpKvQi39WCayY5Ijw+U7Bi+qoRj 6QzkjHBtqi2H20k6QvMmGgeaxSLrUaTuWdfDeYU11NEjejIKCy6sU6YSnkxIRDwqMrGu Z/FA== X-Gm-Message-State: AOAM531g2x8bsdd3XAJ75Nj0AVwwNFYyEHVf8FUgc/FtxcN8fGakxSpH M5JAUn4JoQIu9LWw7HVhkwgbSA== X-Google-Smtp-Source: ABdhPJziMmG6PE0Pt8e5A81cwjUWvVn8KVdE0CAWH55XJhYyFQ8cyWD/wnWI9zJoxkQCi3/DdE1R9A== X-Received: by 2002:a63:4a55:: with SMTP id j21mr10729161pgl.187.1629322837472; Wed, 18 Aug 2021 14:40:37 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p10sm733567pfw.28.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , clang-built-linux@googlegroups.com, Joe Perches , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Daniel Micay , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , linux-mm@kvack.org, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 1/7] Compiler Attributes: Add __alloc_size() for better bounds checking Date: Wed, 18 Aug 2021 14:40:15 -0700 Message-Id: <20210818214021.2476230-2-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2756; h=from:subject; bh=kP6BgOKRNS6IGb207/dpbelm3mOMw4/bS5t0UhzraAE=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5Dq2QiOaeJq1Tj5NGc1dgSWvBgwfJAXIGyj+oL W+yI7feJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJnAYD/ 9S/10XpWJFiW6irIxn1Dci3UXeTaYnlapjvA0tEslOoyvPQVNvDbbtNLWWHgdV2hTr+XBIHJIur28v A7Xakugzm+7yFl6YeZTUQe4KtY3TnrzpIW/ADLn9VeJEwbm3Z6guch1tTPonEB/fNjrPd9y+ymvn3o V68VUOEp3Kl1CaGJnfxPwylMu75z6hn8cDBtpx0YXGTNSiR61ScVZIvqdWYmcJkgHB5FCdUY8PddHs cbYZQqMm/AO1/bb/BjABFx3hJ1OBH4L67gBqXXF4rp1IUzx5+r8buFg4dnfe96CAoPaYCTUq32ooKZ 8bCw/3fuM14Rkz9Q4clEt2Ip10fu6f8dY7bg6H2X+66buRxpc84yFlm68N9SeHZatLiQzU361cSscZ HpjrBWBKG8IZFX/yb6lbpbmEpTUJZg+HEK1z0M+bqp+YIsXoV3P04y9YvpfzuJxI+2Y0iuMQcoVK2a IgOCkNBJXpJOYyT3/ahDUhL504XWhbMqxUycST3NEOKK9Qre9M6eQJnr3AwPBl78mvjJw0dpL3Udk4 ocFoq+Kgk1s0F4/okTEQq71CGxjVrdVyJEPDcOOw28/r+NdKvytkpxCXgtV5kxLkKHC3OpsNIOh/ox UjFVO4rREbJdr6qsgDDPo4jDzWk1N3E/oIFKRyk2wCZwpsBPogv1hwZyjZIA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=iGBFjWUF; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf07.hostedemail.com: domain of keescook@chromium.org designates 209.85.215.182 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Stat-Signature: uszj4a8n43kn4qfnecnu7zt19cwb16dq X-Rspamd-Queue-Id: 81B101003FD9 X-Rspamd-Server: rspam01 X-HE-Tag: 1629322838-355444 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: GCC and Clang can use the "alloc_size" attribute to better inform the results of __builtin_object_size() (for compile-time constant values). Clang can additionally use alloc_size to inform the results of __builtin_dynamic_object_size() (for run-time values). Because GCC sees the frequent use of struct_size() as an allocator size argument, and notices it can return SIZE_MAX (the overflow indication), it complains about these call sites may overflow (since SIZE_MAX is greater than the default -Walloc-size-larger-than=PTRDIFF_MAX). This isn't helpful since we already know a SIZE_MAX will be caught at run-time (this was an intentional design). Instead, just disable this check as it is both a false positive and redundant. (Clang does not have this warning option.) Cc: Miguel Ojeda Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: clang-built-linux@googlegroups.com Signed-off-by: Kees Cook Reviewed-by: Nathan Chancellor Reviewed-by: Miguel Ojeda --- Makefile | 6 +++++- include/linux/compiler_attributes.h | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 72f9e2b0202c..34cffcdfd5dc 100644 --- a/Makefile +++ b/Makefile @@ -1078,9 +1078,13 @@ KBUILD_CFLAGS += $(call cc-disable-warning, stringop-overflow) # Another good warning that we'll want to enable eventually KBUILD_CFLAGS += $(call cc-disable-warning, restrict) -# Enabled with W=2, disabled by default as noisy ifdef CONFIG_CC_IS_GCC +# Enabled with W=2, disabled by default as noisy KBUILD_CFLAGS += -Wno-maybe-uninitialized + +# The allocators already balk at large sizes, so silence the compiler +# warnings for bounds checks involving those possible values. +KBUILD_CFLAGS += -Wno-alloc-size-larger-than endif # disable invalid "can't wrap" optimizations for signed / pointers diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h index 67c5667f8042..203b0ac62d15 100644 --- a/include/linux/compiler_attributes.h +++ b/include/linux/compiler_attributes.h @@ -54,6 +54,12 @@ #define __aligned(x) __attribute__((__aligned__(x))) #define __aligned_largest __attribute__((__aligned__)) +/* + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-alloc_005fsize-function-attribute + * clang: https://clang.llvm.org/docs/AttributeReference.html#alloc-size + */ +#define __alloc_size(x, ...) __attribute__((__alloc_size__(x, ## __VA_ARGS__))) + /* * Note: users of __always_inline currently do not write "inline" themselves, * which seems to be required by gcc to apply the attribute according From patchwork Wed Aug 18 21:40:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445471 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B013C4320E for ; Wed, 18 Aug 2021 21:40:43 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 06A5061106 for ; Wed, 18 Aug 2021 21:40:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 06A5061106 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 0CB6A6B006C; Wed, 18 Aug 2021 17:40:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 052D98D0003; Wed, 18 Aug 2021 17:40:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E0E0A6B0071; Wed, 18 Aug 2021 17:40:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0106.hostedemail.com [216.40.44.106]) by kanga.kvack.org (Postfix) with ESMTP id BB51D8D0003 for ; Wed, 18 Aug 2021 17:40:39 -0400 (EDT) Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 6796680790E7 for ; Wed, 18 Aug 2021 21:40:39 +0000 (UTC) X-FDA: 78489520998.04.42DC7AE Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by imf04.hostedemail.com (Postfix) with ESMTP id 2636D5000307 for ; Wed, 18 Aug 2021 21:40:39 +0000 (UTC) Received: by mail-pg1-f181.google.com with SMTP id 17so3731947pgp.4 for ; Wed, 18 Aug 2021 14:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=j9DqXIvxCIM/uJCCeVoynzfDym6qm3dtyLAT5E0EvZQ=; b=IVcXEnYGIgkxp08bXfmT4Z/QM2rlhkGqHMb4AimQ1lPm8+B8jgH7qoE/Y1k6f6RIB0 f1loyx5+TOZGqY4BAB479NEA0Wdx5Wwah4KXeOk3PuftyMLStwSpM0LpD0If6gUUc2td ekGdIHDc0xSjaMo9BoL1YSg6vAPozzOgdXG4o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j9DqXIvxCIM/uJCCeVoynzfDym6qm3dtyLAT5E0EvZQ=; b=Va2NmN9YktqkYsuk7QuGGVAZluT5dX89i9mG99WC1ZvfHofFiaNEp8cndTjL0rnPyH fGLcqWbBcE2IFGFncM22pl4mKctdLJBXSnxpW0WUj61wj9uFrERiDfig2ADbd+vkhhH/ MHVVLkF4RyS+Xw67QPkPzJqp0ZMQWeB+JVjtPqK4zIWGjkUmdfQbbh2zv8sof3v6ZnaA vkFoErOk1XwWDhctl394VnKi5ieNVJVyn9q2pWr//lFw+o+mrTe5PiTHtRfDOPXpaQGK ScSMS0aG1AylHy7aYltbLsdtLcC1dnZYcES1PmDPWPiZDKr5DjZO6GfyMEkQCwn3IVnS dynQ== X-Gm-Message-State: AOAM531jBnHSa/3NBTMVxpY110mJfuqHkuFSPYY9b+/TmT611x2NwUsI 48MwJYRVJp+wq6uyf5Dbk29soQ== X-Google-Smtp-Source: ABdhPJz4r38rCjQXBAdz5RKupPpOX5AXF2/LNIdBOa/52R9ZgKDp5P005icezNJ91KF+IbpL+Yvx7Q== X-Received: by 2002:aa7:87d1:0:b029:3e0:e44b:6429 with SMTP id i17-20020aa787d10000b02903e0e44b6429mr11485358pfo.81.1629322838217; Wed, 18 Aug 2021 14:40:38 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id v20sm846721pgi.39.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Joe Perches , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Daniel Micay , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-mm@kvack.org, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 2/7] checkpatch: Add __alloc_size() to known $Attribute Date: Wed, 18 Aug 2021 14:40:16 -0700 Message-Id: <20210818214021.2476230-3-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=912; h=from:subject; bh=6Teat8DBaEMMX6uWXJym8AvRSHRT+DxfYZVALLaAHjA=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5DBAWPRR5j7mh8AUY9CepoJIBrtuPXzvvnwNso swpVkhiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJh7KD/ 96JnKMQjuQw7QtjrbSbFxElQz16CfGElDpaJ1vmSZyt5B94MVj1bxxm20gR7QAEGbHyBPNyae7HA80 /eGzg2PywQcfB6x4/I0U1vis5JgM8dvYpANANpoi0nYzP/cgkM+ZI7evoAF46FggzG2+O3idTnEgzr DpYQ9H3D3JyEL/TqDbNFh5DgovOyydTKuMWa6ME5T91vVKPrw0ObE03YKzBPehWKbdW+AEzAANor1b cGwSAKuVy32QNt3mPR/IsRkGWSAV0+Kni+8BgmXt/8TTLhxuEAUp5KpQc3061OiwSbbniWGU6TNZTI ajGROJBqm4tAGaBQL2rqL+nMCFm+Hh92wBwgxrJLDur7oiuOii9ZnNgIDx7k+GgFqEYf1HSp0TglqQ M4nuT/MvfO0c/1/F3hGvEQHp4Rp/KOpGTu6z0kJ3RePjPVqMySTot3hJ1JwIIDJha2OlSOXczxBN+E A4P3QaN/sEpO0KRIjbAZeyCCukgg/Ca2QlCCDxETAq2aKCdq6NQJbNwHvTYLJrOqqNAzGBwr++Rt+w 5IqUpM7ekMoEWy10JxkE63eElBxOtaboQ9rYmcAM8Rpg48Y42Dw+WY+QKeIcl/Jwphs5jMUEmACxC1 jYYU0zHh/C+ep7ngW3J3xPyoGZJeNxIzQ1vWRqLiIj4Ua4u/JbSYyCobzvNQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=IVcXEnYG; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf04.hostedemail.com: domain of keescook@chromium.org designates 209.85.215.181 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Stat-Signature: so1x5nf63a3d51urhzy9au6r8ibunezu X-Rspamd-Queue-Id: 2636D5000307 X-Rspamd-Server: rspam05 X-HE-Tag: 1629322839-324542 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Make sure checkpatch.pl doesn't get confused about finding the __alloc_size attribute on functions. Suggested-by: Joe Perches Cc: Andy Whitcroft Cc: Dwaipayan Ray Cc: Lukas Bulwahn Signed-off-by: Kees Cook --- scripts/checkpatch.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index a65753c05a69..e4b0def605c3 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -489,7 +489,8 @@ our $Attribute = qr{ ____cacheline_aligned| ____cacheline_aligned_in_smp| ____cacheline_internodealigned_in_smp| - __weak + __weak| + __alloc_size\s*\(\s*\d+\s*(?:,\s*\d+\s*)?\) }x; our $Modifier; our $Inline = qr{inline|__always_inline|noinline|__inline|__inline__}; From patchwork Wed Aug 18 21:40:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445475 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9ABC9C47422 for ; Wed, 18 Aug 2021 21:40:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 54C9D61106 for ; Wed, 18 Aug 2021 21:40:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 54C9D61106 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id D2A9D6B0072; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C63A28D0003; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A1F696B0074; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0061.hostedemail.com [216.40.44.61]) by kanga.kvack.org (Postfix) with ESMTP id 80D0F6B0072 for ; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 192DC8086B93 for ; Wed, 18 Aug 2021 21:40:41 +0000 (UTC) X-FDA: 78489521082.30.786F184 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by imf21.hostedemail.com (Postfix) with ESMTP id C6F5FD01BFF7 for ; Wed, 18 Aug 2021 21:40:40 +0000 (UTC) Received: by mail-pl1-f175.google.com with SMTP id u15so2643856plg.13 for ; Wed, 18 Aug 2021 14:40:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=O8qjYY2cJtsRmGm/zdMlQTzE6OnnaKrP94K9BZF3rSA=; b=nMy7A/nPsqqnV8Mg5wlS7/0IsGs50z8tCUXJYrfOg4AsWZa9SXVsUnl6Wo70zFzIzZ APXXBcZVA5rMrWVOlBjoM+3eOPYHijbfKlzO6eAP+gry0FfUhhpaeBU0hN4k179yh+Z+ jqvpR1Mn8CSchx3dmcpXjwm6mRiWmterswDCU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=O8qjYY2cJtsRmGm/zdMlQTzE6OnnaKrP94K9BZF3rSA=; b=hoQPTTkAP4PgL5z5FVohwtglGUA+c0sVoltyXG28scmMmYtNnG4RuGPltKSUclMztv 1vyu+P0JdQc2GRImjxNEQISfqT8rlauS2FQnSibbei7RwfJeALlYYHQK1pPgenzx/525 aK6XrDUhhNjLg3MYmQvk8famr4sxtEr+1lfDnoIYr9cjiQLUCT0oc+Aic29NmuCAu5fj IkeHYYmaNb+fVo4kNhqvyYLKgel1RTndn+IeFaWzMSKSpnBZS72AXbHqZjAw1nEaYMXt Jsy6GiKuFixpJ0m8PEslBQSGkhbD0HLkTVypHBFJq9C9cenAL3IplGSybdEixoP2+tiQ Otew== X-Gm-Message-State: AOAM532OTZGGQYFKJ2b8Omcl87aZEdiCQxSi75cCuAqMraQ6EMZCda06 4ue+mdD6peMT9lI7kaNzgSoUxg== X-Google-Smtp-Source: ABdhPJxYjaN+DPPuAIQ69L5BdqEKlPPf/7kM7hgR09tYFR4qxImDaw4J7iKHF/Tk7z+ejQWXelFwSA== X-Received: by 2002:a17:902:9a47:b0:12f:6a05:caaf with SMTP id x7-20020a1709029a4700b0012f6a05caafmr2040047plv.55.1629322839915; Wed, 18 Aug 2021 14:40:39 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x13sm713276pjh.30.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Joe Perches , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , linux-mm@kvack.org, Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Daniel Micay , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 3/7] slab: Clean up function declarations Date: Wed, 18 Aug 2021 14:40:17 -0700 Message-Id: <20210818214021.2476230-4-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7386; h=from:subject; bh=twU3C8Odrnjtt0fLQV1v3kpwGFqUFkkEJcF/jNvyyhw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5DwWG8Hbuzv1t4kr4ppi1TMFFQ+1095F1DCS+E ugeeNVeJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJrrJEA CiuNoKbuv3vd4OKjhaJsh/uzJaVSeJtUBbZd3/9tG9s4xBEiQv2TlQu0xZaF6WmgcCcuqQIstsDoAa QSaY4YKqRiBrUSqEXm6RtvXyFALNQIcRO64dkTw/k6NlY1vnQ+cznAbzY7uUemCoMXMRFWGTrFAjNL h4nYkrsKvd7bJS8rKfhkqhQDjQFHxtxAjYRFEYi018DHon/MmNrWxLSRHwwVfg61CpTHknF6VL5ekk PqE6RbO3HAI94bkmZXP2e09oyfgedXdMHdydBH6m0rXYJXls3R3e3IdGGnG8Lln/FcUMtKuQ+AQYUb uRrqf12S29q1WuPsb9oiBrvP1Faqo5PlB2gFK0Z2pF1ZVWDRFqTkX0hcEJacHbxHTcOfEFoBQDwZYR pECQpkqKGrR4Jft3sMcMHYl9fqRBMIrHg3FR66qExZGsErEYgsDkY8HvzCz7fCjkJZfTW1ZQ7XBdn8 spXz/cTL1OnWA9T+8AFCne8QCjrrGsnCQwaxCStrQc3Oh8sBJ9mwDGXxV+kiqyHyy1LShFc99t2Zz4 vljcX0jpG1gk9KBTw5xPUTxLm++BeNjFJfbKP3k4tUYpXT/A4047+XLEXjnmAWCKUX6p/6sqd8C6F7 kTLOE8Mk9+/O7V/BXO4FZiCjuMmSNstND0eEUVgfzhfaFiAqjYhAtf8HI0dw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b="nMy7A/nP"; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf21.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.175 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Stat-Signature: azj41gnzufshhpxtizaog7j8ezzdhtxi X-Rspamd-Queue-Id: C6F5FD01BFF7 X-Rspamd-Server: rspam01 X-HE-Tag: 1629322840-688281 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In order to have more readable and regular declarations, move __must_check to the line above the main function declaration and add all the missing parameter names. Suggested-by: Joe Perches Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Vlastimil Babka Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/slab.h | 68 +++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index c0d46b6fa12a..10fd0a8c816a 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -152,8 +152,8 @@ struct kmem_cache *kmem_cache_create_usercopy(const char *name, slab_flags_t flags, unsigned int useroffset, unsigned int usersize, void (*ctor)(void *)); -void kmem_cache_destroy(struct kmem_cache *); -int kmem_cache_shrink(struct kmem_cache *); +void kmem_cache_destroy(struct kmem_cache *s); +int kmem_cache_shrink(struct kmem_cache *s); /* * Please use this macro to create slab caches. Simply specify the @@ -181,11 +181,12 @@ int kmem_cache_shrink(struct kmem_cache *); /* * Common kmalloc functions provided by all allocators */ -void * __must_check krealloc(const void *, size_t, gfp_t); -void kfree(const void *); -void kfree_sensitive(const void *); -size_t __ksize(const void *); -size_t ksize(const void *); +__must_check +void *krealloc(const void *objp, size_t new_size, gfp_t flags); +void kfree(const void *objp); +void kfree_sensitive(const void *objp); +size_t __ksize(const void *objp); +size_t ksize(const void *objp); #ifdef CONFIG_PRINTK bool kmem_valid_obj(void *object); void kmem_dump_obj(void *object); @@ -426,8 +427,8 @@ static __always_inline unsigned int __kmalloc_index(size_t size, #endif /* !CONFIG_SLOB */ void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; -void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; -void kmem_cache_free(struct kmem_cache *, void *); +void *kmem_cache_alloc(struct kmem_cache *s, gfp_t flags) __assume_kmalloc_alignment __malloc; +void kmem_cache_free(struct kmem_cache *s, void *objp); /* * Bulk allocation and freeing operations. These are accelerated in an @@ -436,8 +437,8 @@ void kmem_cache_free(struct kmem_cache *, void *); * * Note that interrupts must be enabled when calling these functions. */ -void kmem_cache_free_bulk(struct kmem_cache *, size_t, void **); -int kmem_cache_alloc_bulk(struct kmem_cache *, gfp_t, size_t, void **); +void kmem_cache_free_bulk(struct kmem_cache *orig_s, size_t size, void **p); +int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, void **p); /* * Caller must not use kfree_bulk() on memory not originally allocated @@ -449,8 +450,9 @@ static __always_inline void kfree_bulk(size_t size, void **p) } #ifdef CONFIG_NUMA -void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc; -void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; +void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_slab_alignment __malloc; +void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t flags, int node) + __assume_slab_alignment __malloc; #else static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) { @@ -464,17 +466,15 @@ static __always_inline void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t f #endif #ifdef CONFIG_TRACING -extern void *kmem_cache_alloc_trace(struct kmem_cache *, gfp_t, size_t) __assume_slab_alignment __malloc; +extern void *kmem_cache_alloc_trace(struct kmem_cache *s, gfp_t flags, size_t size) + __assume_slab_alignment __malloc; #ifdef CONFIG_NUMA -extern void *kmem_cache_alloc_node_trace(struct kmem_cache *s, - gfp_t gfpflags, - int node, size_t size) __assume_slab_alignment __malloc; +extern void *kmem_cache_alloc_node_trace(struct kmem_cache *s, gfp_t gfpflags, + int node, size_t size) __assume_slab_alignment __malloc; #else -static __always_inline void * -kmem_cache_alloc_node_trace(struct kmem_cache *s, - gfp_t gfpflags, - int node, size_t size) +static __always_inline void *kmem_cache_alloc_node_trace(struct kmem_cache *s, + gfp_t gfpflags, int node, size_t size) { return kmem_cache_alloc_trace(s, gfpflags, size); } @@ -490,10 +490,8 @@ static __always_inline void *kmem_cache_alloc_trace(struct kmem_cache *s, return ret; } -static __always_inline void * -kmem_cache_alloc_node_trace(struct kmem_cache *s, - gfp_t gfpflags, - int node, size_t size) +static __always_inline void *kmem_cache_alloc_node_trace(struct kmem_cache *s, + gfp_t gfpflags, int node, size_t size) { void *ret = kmem_cache_alloc_node(s, gfpflags, node); @@ -502,13 +500,15 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s, } #endif /* CONFIG_TRACING */ -extern void *kmalloc_order(size_t size, gfp_t flags, unsigned int order) __assume_page_alignment __malloc; +extern void *kmalloc_order(size_t size, gfp_t flags, unsigned int order) + __assume_page_alignment __malloc; #ifdef CONFIG_TRACING -extern void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) __assume_page_alignment __malloc; +extern void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) + __assume_page_alignment __malloc; #else -static __always_inline void * -kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) +static __always_inline void *kmalloc_order_trace(size_t size, gfp_t flags, + unsigned int order) { return kmalloc_order(size, flags, order); } @@ -638,8 +638,9 @@ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) * @new_size: new size of a single member of the array * @flags: the type of memory to allocate (see kmalloc) */ -static __must_check inline void * -krealloc_array(void *p, size_t new_n, size_t new_size, gfp_t flags) +__must_check +static inline void *krealloc_array(void *p, size_t new_n, size_t new_size, + gfp_t flags) { size_t bytes; @@ -668,7 +669,7 @@ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) * allocator where we care about the real place the memory allocation * request comes from. */ -extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +extern void *__kmalloc_track_caller(size_t size, gfp_t flags, unsigned long caller); #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) @@ -691,7 +692,8 @@ static inline void *kcalloc_node(size_t n, size_t size, gfp_t flags, int node) #ifdef CONFIG_NUMA -extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long); +extern void *__kmalloc_node_track_caller(size_t size, gfp_t flags, int node, + unsigned long caller); #define kmalloc_node_track_caller(size, flags, node) \ __kmalloc_node_track_caller(size, flags, node, \ _RET_IP_) From patchwork Wed Aug 18 21:40:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445473 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9902C43216 for ; Wed, 18 Aug 2021 21:40:45 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 62BCC61101 for ; Wed, 18 Aug 2021 21:40:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 62BCC61101 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 7A9656B0071; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 70D738D0005; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 361668D0003; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0137.hostedemail.com [216.40.44.137]) by kanga.kvack.org (Postfix) with ESMTP id 10F076B0071 for ; Wed, 18 Aug 2021 17:40:41 -0400 (EDT) Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id AA5D7276F6 for ; Wed, 18 Aug 2021 21:40:40 +0000 (UTC) X-FDA: 78489521040.15.BF2C0B7 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by imf09.hostedemail.com (Postfix) with ESMTP id 64AEE3001346 for ; Wed, 18 Aug 2021 21:40:40 +0000 (UTC) Received: by mail-pl1-f181.google.com with SMTP id c4so2673080plh.7 for ; Wed, 18 Aug 2021 14:40:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MwqyUyVBfuGOdnrF3tl+l2Mzk/6qR2NKBKGCWMmBzR4=; b=lJaSXy0lYdah6JlaBB6JCDKQ2od42DJIgRCsFUgHsBBkFpAugC7RyzzubprgIsCsXZ 9DQDgGpSKtlIeBQELVxglQndJc5/IwgT1v+VvnCeu08kNR5l23Q33fHaFs1sjuUkvC1Q SaoIpXooxKVHvS+E/tHb9grtgqN4dMSP75Tkw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MwqyUyVBfuGOdnrF3tl+l2Mzk/6qR2NKBKGCWMmBzR4=; b=WpV7eyI44F6IeKgiXDuFHjAMiHm7qG+8SijzN5I4oyL8XayxTurVw8r+G5gORzy1gC BN93v3SpCzhRYrKc8j5W4BA6CBPtGF9EKJC3tGHg3f66LLknwIeTDPzETZkLhtqHTKPC VSKMwPRs0GzQpypSBZbMLHBNWAe+wBZZv2KPCxjiZByodqlea2H+h9AE1cGjBkk41uwn HvK5rfLkzaP37HvG/IXNsXadQyt2xm4qejdp05L9acUTFcwIUqKR1MKUJhv4CodnGvlG OiqQ9cZExqYJhbLagO4xba6OmRT3ucEQto4HxsnxoCc0Kvs8SV1o3AcvLSqNRjct0vLN Q4BA== X-Gm-Message-State: AOAM531k2KUaSnnEFNO9lqxD7JscSHYfdJT+VqcyfKgkXljsh9nqi6UT lHozlHlLlEcQK6MEpqoi70KQVA== X-Google-Smtp-Source: ABdhPJyyi7ErTbm+ViiZvCfJWCAymEafpFEKY15NWZprddMDTt1sR71iauCzPKqMFd7+RlNs3K2WQw== X-Received: by 2002:a17:902:d343:b029:12d:3624:d997 with SMTP id l3-20020a170902d343b029012d3624d997mr9013434plk.79.1629322839521; Wed, 18 Aug 2021 14:40:39 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id n5sm784454pfj.49.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 4/7] slab: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:18 -0700 Message-Id: <20210818214021.2476230-5-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5608; h=from:subject; bh=AW2v9G59SMc9b2TjyulXwopISZ5N5UugKCOULL9fb0g=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5DF+L11JdRBLUW37gUf3S/QgZ9yRAYxPnw6Q5k rK1KJQ+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJoW8EA CDq9Jkfm5K3l1TaVzOEW/WA0AfLKl/mG8AZKQHZbrk3EUW1tUrvcARr4YvCurHpfayCK2mdIFt0GIw Hh0y0T8Q06jg9bE5y6an/1XGvQXzFzowT0kvZLIIo/TyvZWmc2AbFXw621OA7tmldlP9x4hbhLkgMi nWYvZmMF32QWod+5iOwwPT3J01bnmGlJ/5IceWnCUrWslK88vS277HFMVAmEO85i/lLXi3oT0I/k2V jhg89zp3n2ozHJWEJ5DJ/o8akLgkaN9rsn159jGQKOcMoChQel2R6Jz+740W6pbfbhNyKamS26+Ocb 58aXqfzxYjoym/TNuU7FKENR+835OudmiWZoQqrfMDdyFVisNqSktorQ/mzluQc10gC4GC2sBhsLI0 s28g1QorO89zcfaK7hh4GEeTleyChCevyhWuG1voD4/Nu+cUAbw5sgZprunMbuc2vC9xTACQbkVNO/ k6LEMglwD89MLoVJ9850MJ+QU1qpFwCQAsqJ4Wx8zuRK79tdqgsfIlgq/eh4pvMCk/ERvXQ3/Y0nhO i9OkcUWaiKVjP29BjemVqIBtgDriJWQPrwn7i6uOwE9PjGWjvTy8VvX73yxIvtBgj76E94gVrZTdEy D3CzpNDxiSxMMvDJT9F5MUzEACKmTVOHzk6cg+20nic6/oMh3FGFaRMesCIQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=lJaSXy0l; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf09.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.181 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Stat-Signature: 8bn65zj4gwojbxfsh8yhd8dg4fdbwr8k X-Rspamd-Queue-Id: 64AEE3001346 X-Rspamd-Server: rspam01 X-HE-Tag: 1629322840-822688 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As already done in GrapheneOS, add the __alloc_size attribute for regular kmalloc interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Vlastimil Babka Cc: linux-mm@kvack.org Signed-off-by: Kees Cook Reviewed-by: Nick Desaulniers --- include/linux/slab.h | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 10fd0a8c816a..6ce826d8194d 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -181,7 +181,7 @@ int kmem_cache_shrink(struct kmem_cache *s); /* * Common kmalloc functions provided by all allocators */ -__must_check +__must_check __alloc_size(2) void *krealloc(const void *objp, size_t new_size, gfp_t flags); void kfree(const void *objp); void kfree_sensitive(const void *objp); @@ -426,6 +426,7 @@ static __always_inline unsigned int __kmalloc_index(size_t size, #define kmalloc_index(s) __kmalloc_index(s, true) #endif /* !CONFIG_SLOB */ +__alloc_size(1) void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; void *kmem_cache_alloc(struct kmem_cache *s, gfp_t flags) __assume_kmalloc_alignment __malloc; void kmem_cache_free(struct kmem_cache *s, void *objp); @@ -450,6 +451,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) } #ifdef CONFIG_NUMA +__alloc_size(1) void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_slab_alignment __malloc; void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t flags, int node) __assume_slab_alignment __malloc; @@ -574,6 +576,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) * Try really hard to succeed the allocation but fail * eventually. */ +__alloc_size(1) static __always_inline void *kmalloc(size_t size, gfp_t flags) { if (__builtin_constant_p(size)) { @@ -596,6 +599,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) return __kmalloc(size, flags); } +__alloc_size(1) static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) { #ifndef CONFIG_SLOB @@ -620,6 +624,7 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) * @size: element size. * @flags: the type of memory to allocate (see kmalloc). */ +__alloc_size(1, 2) static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) { size_t bytes; @@ -638,7 +643,7 @@ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) * @new_size: new size of a single member of the array * @flags: the type of memory to allocate (see kmalloc) */ -__must_check +__must_check __alloc_size(2, 3) static inline void *krealloc_array(void *p, size_t new_n, size_t new_size, gfp_t flags) { @@ -656,6 +661,7 @@ static inline void *krealloc_array(void *p, size_t new_n, size_t new_size, * @size: element size. * @flags: the type of memory to allocate (see kmalloc). */ +__alloc_size(1, 2) static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { return kmalloc_array(n, size, flags | __GFP_ZERO); @@ -685,6 +691,7 @@ static inline void *kmalloc_array_node(size_t n, size_t size, gfp_t flags, return __kmalloc_node(bytes, flags, node); } +__alloc_size(1, 2) static inline void *kcalloc_node(size_t n, size_t size, gfp_t flags, int node) { return kmalloc_array_node(n, size, flags | __GFP_ZERO, node); @@ -718,6 +725,7 @@ static inline void *kmem_cache_zalloc(struct kmem_cache *k, gfp_t flags) * @size: how many bytes of memory are required. * @flags: the type of memory to allocate (see kmalloc). */ +__alloc_size(1) static inline void *kzalloc(size_t size, gfp_t flags) { return kmalloc(size, flags | __GFP_ZERO); @@ -729,25 +737,31 @@ static inline void *kzalloc(size_t size, gfp_t flags) * @flags: the type of memory to allocate (see kmalloc). * @node: memory node from which to allocate */ +__alloc_size(1) static inline void *kzalloc_node(size_t size, gfp_t flags, int node) { return kmalloc_node(size, flags | __GFP_ZERO, node); } +__alloc_size(1) extern void *kvmalloc_node(size_t size, gfp_t flags, int node); +__alloc_size(1) static inline void *kvmalloc(size_t size, gfp_t flags) { return kvmalloc_node(size, flags, NUMA_NO_NODE); } +__alloc_size(1) static inline void *kvzalloc_node(size_t size, gfp_t flags, int node) { return kvmalloc_node(size, flags | __GFP_ZERO, node); } +__alloc_size(1) static inline void *kvzalloc(size_t size, gfp_t flags) { return kvmalloc(size, flags | __GFP_ZERO); } +__alloc_size(1, 2) static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags) { size_t bytes; @@ -758,11 +772,13 @@ static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags) return kvmalloc(bytes, flags); } +__alloc_size(1, 2) static inline void *kvcalloc(size_t n, size_t size, gfp_t flags) { return kvmalloc_array(n, size, flags | __GFP_ZERO); } +__alloc_size(3) extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags); extern void kvfree(const void *addr); From patchwork Wed Aug 18 21:40:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB692C4338F for ; Wed, 18 Aug 2021 21:40:53 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 91E21610CD for ; Wed, 18 Aug 2021 21:40:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 91E21610CD Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 870B78D0003; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7AAF48D0007; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F8EB8D0003; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0157.hostedemail.com [216.40.44.157]) by kanga.kvack.org (Postfix) with ESMTP id 35FE48D0006 for ; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id C40CA253C4 for ; Wed, 18 Aug 2021 21:40:42 +0000 (UTC) X-FDA: 78489521124.25.FBFC91D Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by imf29.hostedemail.com (Postfix) with ESMTP id 7F393900802C for ; Wed, 18 Aug 2021 21:40:42 +0000 (UTC) Received: by mail-pl1-f176.google.com with SMTP id x1so125763plg.10 for ; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gkpL6W5wADmlyNHUFZldG5mVI9okFbona7uNlwuA1mU=; b=Qy6If4qcKtJkUwTqjP8yxEzl81jcjqu3HXxxHD0WGo85OKcGnfjztCysIKYYXPN72G SnwjhDp/FioXSHi9fY1oM+99u51Sf23nMV3pdTq5lcrcYFl/uGbHH0LYNFERH/McPKxz NnpyYsr58PmrgdH74qwoLj/U42/4DaqEYdHIc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gkpL6W5wADmlyNHUFZldG5mVI9okFbona7uNlwuA1mU=; b=FidWtuiP01wP0Gn2f3iMek8M5u/sOcd4afQ/PBJlYebVRaw5APDrEj8iwdBfm9P67Q OEuil/rlR7DEwCNuDX3q3wHGF/JgKLDuOiprsDqisRBSnvBBHxn5PXzV0myuy0pepqfP bmlN/7jBvs7cz09DxmlXS2P2ECVGCx3ySvDvWScly/CFT4pWIGuAhGqEQ4znN/l/mtXi 3hLuKNtv7dzvFvt8b5AovfTOWReg1xm+1sv1RsOnlqymID+Z6Y8vTpu/MavFiyNNaPjZ fm7zmMMHvTp8WgOxB6zW6tjn35E0y4KI3w6o/NyD7acoVZePNT+6cNSXCvzZ08gDMfbj 9bEw== X-Gm-Message-State: AOAM532W0+0s9fPnPphM4PxKct631mQp0X+5RhutKkYz7wX7oE74GmRR +unkZdZVKrxMTMKWvFHTcO9DyA== X-Google-Smtp-Source: ABdhPJzrhbYuLI5UlRW4aCCE3cbFMxFlFAXa9Z61qJQhnBzGGozo/4kJ/fhJlNKJnbWcs4ZQihLH7g== X-Received: by 2002:a17:90b:fd3:: with SMTP id gd19mr9573234pjb.76.1629322841706; Wed, 18 Aug 2021 14:40:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x19sm834704pgk.37.2021.08.18.14.40.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:39 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Andrew Morton , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 5/7] mm/page_alloc: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:19 -0700 Message-Id: <20210818214021.2476230-6-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1190; h=from:subject; bh=W6Cb28S2qXmrTKUD2DPqGU+sVI4WS8pidViY5hBWcNE=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5ERWo0fTNGYg6mwSKLViBT93/C8jzcI2r2WUjP LwkFmOOJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+RAAKCRCJcvTf3G3AJu5UD/ 9yIUyrMR9IxHlxKAanhzIsME7zxx04n6zWRtwcafigdh/kVuzrzuRYMif8CdvvgBvmz8HJwZdDcdQE 82qUSTku6Uc0adci2vK6LHAWS+sDWZ3y83xb61th6T9qdLd8fcpin+QnJYegrBY56S1DOI4ipiyEXa w68LROW++aDn1Yb0oS+5DBCusLj0DqNdO63YohcPDDjtXNNamr5A6kjzJLbtUDeFJDxp65/gisJEo6 oV/morkS6bYX73qMpvcGnt1dXWLw6irYepPYWiyYPa29OL4bzmjo8TVNFj6869tivAN6s2p8BxyeHM 5hpfLWXwu1dC1GqLFGMxENpbegEsaqkzhn/KFG3dPkm8DFSCbTzB14kZ7wr1vqD65b1FQoZhlghJEW PWciluNwgNnwlQKgC3uvfsvBPMJvWN5974DLE/OCwJWr4P8y6OGFjeAg3GFD4ds+UgtkXb9nEwEVij SojHGWi6tife8OuVdpiyAaAousPkkz02htMpPDwG8SSxJJO1Fw9CwRWGDF0sEkOHwCCosUKhVTp8Vu UivVUOYfr/LVdMW5lpya4iiJDoBoL8ww5GKz0SAGrRpmPpbLtWALZA9bu9NmpyoloQ9lKFEAACF+dJ Fq0C6qVNHPMSUlCr0vhM7/JSbua0QjaQtTxhpC+iz25WikK4frNDFwJKbcnw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Qy6If4qc; spf=pass (imf29.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.176 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 7F393900802C X-Stat-Signature: bos5msed9uw15yhmntd6xyzb884oiugb X-HE-Tag: 1629322842-470711 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As already done in GrapheneOS, add the __alloc_size attribute for appropriate page allocator interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Andrew Morton Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/gfp.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/gfp.h b/include/linux/gfp.h index 3745efd21cf6..897538d5ffd2 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -618,8 +618,10 @@ static inline struct folio *folio_alloc(gfp_t gfp, unsigned int order) extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); extern unsigned long get_zeroed_page(gfp_t gfp_mask); +__alloc_size(1) void *alloc_pages_exact(size_t size, gfp_t gfp_mask); void free_pages_exact(void *virt, size_t size); +__alloc_size(1) void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); #define __get_free_page(gfp_mask) \ From patchwork Wed Aug 18 21:40:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445477 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 507D9C19F37 for ; Wed, 18 Aug 2021 21:40:51 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E8FA761153 for ; Wed, 18 Aug 2021 21:40:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E8FA761153 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 202D38D0005; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 166C98D0003; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EAB448D0005; Wed, 18 Aug 2021 17:40:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0244.hostedemail.com [216.40.44.244]) by kanga.kvack.org (Postfix) with ESMTP id CA2638D0003 for ; Wed, 18 Aug 2021 17:40:42 -0400 (EDT) Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 74AC6274D7 for ; Wed, 18 Aug 2021 21:40:42 +0000 (UTC) X-FDA: 78489521124.15.FCB0682 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by imf22.hostedemail.com (Postfix) with ESMTP id 358BC8EC0 for ; Wed, 18 Aug 2021 21:40:42 +0000 (UTC) Received: by mail-pl1-f174.google.com with SMTP id u1so2714589plr.1 for ; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=hkb7Jfu8siQEeZroFh7P2leDv5HZhgyEO3/P7zQyv7o=; b=RSJ0nHFz0YIcadZEK+2T//KeKYLb8iPMtRzFaI7ERNqAF/9UzjlEvsmh60f+OAG0hR Qj0RaYKR9wNVB6Z8CE3TAnUtflL1hT4INidx6hvPICYLbw9LUID/Z0TgTqlMFeC1joks 8gQqtC0TPN6FGO2wynWdR3t8c/hxAKrpFBhZ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hkb7Jfu8siQEeZroFh7P2leDv5HZhgyEO3/P7zQyv7o=; b=UhWdAt/GcYWtpHULLTs+1vXcSssEN4l+OGDDMElsdBCoKsU4VfEAAsiM+h/tPeWLN6 x26Bb9eOVDtSOKNnLrL3WVS9pjv8mvdVhvCEfvucxrR8GFpfj2PY0dq/pkYGlqSWEodB INiZ9DJDAOzqT+1UN2e9IYzJKGwY0lGo0mkLlsvbe1OSigN6pkHGJaftM7chnR/ChcQC Q51MskLDjZiWq5Bhn3EMOjyzIStg3bgcIS0kxsOOsgur8acKiE+7xMeOH4+2sLkK2mB8 SkixxnrNhUA9bjkPYdcewANwvt7aoNPqMv2x4c/4KzdDHHbkglUh4k/xeX8VqOy5Aonz 1p4A== X-Gm-Message-State: AOAM5330RX5HpRwKd32mi+wDg27TAF9DX2UwYdXwx6V83S9q6kGpvF+O d5Ps+voAQWhuOhLaHxYNTybxaA== X-Google-Smtp-Source: ABdhPJzmfME2/iuvry6l1RXtXFLw2B8x/9UtYWsQyHviQ+a+yu2VpuQUlSlfyodXtUqiobzZT9CGsQ== X-Received: by 2002:a17:902:e54e:b0:12d:cca1:2c1f with SMTP id n14-20020a170902e54e00b0012dcca12c1fmr8778762plf.79.1629322841388; Wed, 18 Aug 2021 14:40:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p30sm771381pfh.116.2021.08.18.14.40.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:39 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Dennis Zhou , Tejun Heo , Christoph Lameter , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 6/7] percpu: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:20 -0700 Message-Id: <20210818214021.2476230-7-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; h=from:subject; bh=ekTvmEitMMQysLPDeBX8i89VfgDCF2rtfdT6Z6IUx4A=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5EsqlEW2vfPq2eFmV43wt3rhdXc8JsXzXAcFu/ K19rrryJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+RAAKCRCJcvTf3G3AJuxtD/ 9NUGRG0V5AKk7qevvbKJ8t28yDZ6RZ0La8S1XLLAg61jPfECQvj6pVLv5NrDYtQMSbnwdh77FUg+II vLCH66LG8N2MwxQgbX7gtAfkcv2VV1dChGUbDODhzCKYU1ggZbOz55qV09DiWOCHE04y5LSlABcay2 1Di10cEmBP3LyrcM45UIOvl3fbc5iewqMqz/g2BZSmbGC0jJG1QjOvQezGZvid6TmQozA6VJ7oUJTA yQQ3KaPMNrueSUKmqwe/B5/sBXvgGM1hOSVjuZNFgLeL2Eb4qMJnukSGWxaIHY8JYpT1kMog9OOfD4 ngnPNYTprHzGVHq8wPzJOcfaQ9ZBKsSRM9Sn6mpGfrpqF8+WRID4zn/Vdcz2m8k3AEgPaTs3DWOhq5 9VYp9XI5i5dvtDnlooedZt4ux8Bdv6+JD8e8zwBf+w7uONbj0PU4iq2Kax/B1F8tDOvHyflWvwlQxb nd5XW7tez+VJqv0r+Vi5cyZ9Z4txtiC3cepvO5YiFD/vsyFKB59HnScAAvwClZTYHb+u8xWLrElSDk t8qKonk8l3+uGZueDC8sHGMVtV+lqxYbD10EMx46FGmrtbEBZT/shTf8vQllIDghYvHfEzL9ymZtxG jGGWnPlILGujzSofOTeKoJvJHLxS+LelzhTaK2IdytAHBhi4QsOwxZZNtx8g== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 358BC8EC0 X-Stat-Signature: jh5af8h3wmtsidkj91r7ez5pfbp9mc41 Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=RSJ0nHFz; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf22.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.174 as permitted sender) smtp.mailfrom=keescook@chromium.org X-HE-Tag: 1629322842-124103 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As already done in GrapheneOS, add the __alloc_size attribute for appropriate percpu allocator interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Dennis Zhou Cc: Tejun Heo Cc: Christoph Lameter Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/percpu.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/percpu.h b/include/linux/percpu.h index 5e76af742c80..119f41815b32 100644 --- a/include/linux/percpu.h +++ b/include/linux/percpu.h @@ -123,6 +123,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, pcpu_fc_populate_pte_fn_t populate_pte_fn); #endif +__alloc_size(1) extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align); extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); extern bool is_kernel_percpu_address(unsigned long addr); @@ -131,7 +132,9 @@ extern bool is_kernel_percpu_address(unsigned long addr); extern void __init setup_per_cpu_areas(void); #endif +__alloc_size(1) extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp); +__alloc_size(1) extern void __percpu *__alloc_percpu(size_t size, size_t align); extern void free_percpu(void __percpu *__pdata); extern phys_addr_t per_cpu_ptr_to_phys(void *addr); From patchwork Wed Aug 18 21:40:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445481 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B06AAC4320E for ; Wed, 18 Aug 2021 21:40:56 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 63BDB6024A for ; Wed, 18 Aug 2021 21:40:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 63BDB6024A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id D00628D0007; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CAF648D0006; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A3CBC8D0008; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0039.hostedemail.com [216.40.44.39]) by kanga.kvack.org (Postfix) with ESMTP id 697168D0006 for ; Wed, 18 Aug 2021 17:40:43 -0400 (EDT) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 11A8C181355FF for ; Wed, 18 Aug 2021 21:40:43 +0000 (UTC) X-FDA: 78489521166.01.358EA1D Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by imf07.hostedemail.com (Postfix) with ESMTP id CF04B1003FD4 for ; Wed, 18 Aug 2021 21:40:42 +0000 (UTC) Received: by mail-pg1-f175.google.com with SMTP id r2so3737527pgl.10 for ; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=obyCsyhTKD9ULYgdRm0xF6fBRvJ21Igqh3M9baDJkzs=; b=gfoOfwCntAnNAJFuBtpqMhXssh75dB9pXawiBDuYUsb1knx7XpO1ULvRh4UWBQI7Bz FOhaEa6ykLVedUd4BqcLZqz1Ht+0PebP3lMGcJwf+KZNzHWuIHV+/cKUxmXqqYpMNcso Gyv2LEVmZMkaWyOxL2QsZi+qfz4ZSubt89mXs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=obyCsyhTKD9ULYgdRm0xF6fBRvJ21Igqh3M9baDJkzs=; b=OENpHNMKDSrCZORD7hjVGrrkc/BsqBy64cispqC/Tl+3wnY/B66vVH+I/MKWYMNFBo imfSz2HqB1GtjNHjW6nSiX1Pxm7raN2uUUboBOpgDcGkI2cUEIO+823N4jGoUeBUOVmT aGpGBn6e7Ns3NCP4l60x4GsarHBDr0TPR0/swqOmXY0ml8jI5PqBN8A0FCAVHUmuqFOj DfjTn8QhZtZpUVnfbkRpJLwejpB6wMBqTNhZTXNEuuHe/pRKx+DLZMm26wQZ63Y9GnuC Db81gNKVuXEfYrPimDhLpYJO6eKn463gdOKrnSD4xmm8/8Xhet+xU0z3XJKN3Z/gQHYu HtOQ== X-Gm-Message-State: AOAM533+bviw9ilE0mc7SXnDMgm56J/Ez+Q9cCGGaMdoQkW4xMec/Tyv /drJDJVRFVLZ3aYC7VD+1RuJuw== X-Google-Smtp-Source: ABdhPJwXHJZznk4JTYaE7rhZvSIvyF+ITwR+l8nNQl5rGGRvQRTxm60WUot4QCOH/cQrek7ozkyHag== X-Received: by 2002:aa7:9086:0:b029:39b:6377:17c1 with SMTP id i6-20020aa790860000b029039b637717c1mr11523853pfa.11.1629322842023; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id d22sm2428pjw.38.2021.08.18.14.40.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:39 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Andrew Morton , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 7/7] mm/vmalloc: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:21 -0700 Message-Id: <20210818214021.2476230-8-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1906; h=from:subject; bh=zZAhvg0/X2ZvejN1Ximar4dbpGivh/+QQFsXl6ok5Vw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5EQcnqyfy1qEIP1S4mcozbG6+autpWOD9SsOFn +9NTZ52JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+RAAKCRCJcvTf3G3AJkdcD/ 9jF1T7G8iKELXphXJtJn6dWEfa0njsQ+5w/PgRzIb8ou0ZSzyTfJxwPTEhiiS8YfBZIbgG1olvXO1/ 9jlS/Jl7O6s1zJrbjTkAG+0YryyZeUgN0ikB5brvDOQADIQKa8Qv9p0nJ8PfnTzf3Y51GwQnLYTYYm m1pgQQJWt4Me+uYokWJyi5GZRoplJ7c7nEUJ/wfR3DD9fKzuP2kDP8cxiSFG+Th587g8qd0y/jaonj m2Phd4OY38vdxSbHtXYJHgVrnV4mdjhJI0fq7+/X7e6DsXV0seK8QO6/wgQP4hqUSLSUCQIunNHA+L IB2DZ95EFj6p7mKVVqGUNsqZZtAR40ad8E60M1SkpPImENeFhkBvCxk64cZo8j2rNryfFZJPYqD0/5 fVi75RuDWLa74deb59h0nK9wYA8qe62eXlCl0SZTz0GPBhPJXbgRwD4e0gHoZA5I4nRYjc+g6SYrl+ cBJNjVlr6nOYr59zb63l3gaBmo7CjoRlYRLlhlOor0UwVo4mDt6HgFO9Ns0hm7Q+z9TfKhBgVvJfgm rUxXWyozpmm26ROVdgGw7jhw1PCulKCVaFADIaMLXfZ156UUZirAS1jaQQQ0rhFNtKOUrtoGZJsmlD SO/O279GWNlF3ovkUXiQFuJ5GbVSkbIwwuCdsVeHSk0PssdSMAWKGEHE637g== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: CF04B1003FD4 X-Stat-Signature: 1xot1ay5m11qwpbihe4p6ryy46d6q7ea Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=gfoOfwCn; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf07.hostedemail.com: domain of keescook@chromium.org designates 209.85.215.175 as permitted sender) smtp.mailfrom=keescook@chromium.org X-HE-Tag: 1629322842-735557 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As already done in GrapheneOS, add the __alloc_size attribute for appropriate vmalloc allocator interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Andrew Morton Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/vmalloc.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h index 2644425b6dce..1521ba38957d 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -136,20 +136,31 @@ static inline void vmalloc_init(void) static inline unsigned long vmalloc_nr_pages(void) { return 0; } #endif +__alloc_size(1) extern void *vmalloc(unsigned long size); +__alloc_size(1) extern void *vzalloc(unsigned long size); +__alloc_size(1) extern void *vmalloc_user(unsigned long size); +__alloc_size(1) extern void *vmalloc_node(unsigned long size, int node); +__alloc_size(1) extern void *vzalloc_node(unsigned long size, int node); +__alloc_size(1) extern void *vmalloc_32(unsigned long size); +__alloc_size(1) extern void *vmalloc_32_user(unsigned long size); +__alloc_size(1) extern void *__vmalloc(unsigned long size, gfp_t gfp_mask); +__alloc_size(1) extern void *__vmalloc_node_range(unsigned long size, unsigned long align, unsigned long start, unsigned long end, gfp_t gfp_mask, pgprot_t prot, unsigned long vm_flags, int node, const void *caller); +__alloc_size(1) void *__vmalloc_node(unsigned long size, unsigned long align, gfp_t gfp_mask, int node, const void *caller); +__alloc_size(1) void *vmalloc_no_huge(unsigned long size); extern void vfree(const void *addr);