From patchwork Wed Aug 18 21:40:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445483 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E761C432BE for ; Wed, 18 Aug 2021 21:40:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1E4E661103 for ; Wed, 18 Aug 2021 21:40:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234048AbhHRVlN (ORCPT ); Wed, 18 Aug 2021 17:41:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229519AbhHRVlN (ORCPT ); Wed, 18 Aug 2021 17:41:13 -0400 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC892C061764 for ; Wed, 18 Aug 2021 14:40:37 -0700 (PDT) Received: by mail-pg1-x52c.google.com with SMTP id c17so3746659pgc.0 for ; Wed, 18 Aug 2021 14:40:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XLWKK7LIN3Cbqy3W2WG3JLeHKbBTWFft4ZXFdFk9oXg=; b=iGBFjWUFZQWs5tJxDH1zVSYBBvZeKZmjtKDzzDV/bHENQO/+/SVex15OXmv5bKOox8 l1/ZJUuNgNWsTqdylnHEuL68VupV+5Esam26T+2T/VEKF6mHyeATWOFYeeaYMRSynJGo Qg31Vaqz4JIjA32QsGquNnsojx8UC480D2RGY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XLWKK7LIN3Cbqy3W2WG3JLeHKbBTWFft4ZXFdFk9oXg=; b=QyIV6qSJdqX127uUmniDcWk0wVyM9ZwxL5ujHvmg/i65hip7ClzbkEi/csHqJxPcEJ ieIYVUcsa86vTar3TOmlRCZQ4wjNmEwOCjbMfm2v2J87Ea0fC1IoBEVv4uvX27aCTmPu SxeOciqn5e+3UjhZeQwaNnic0Egl7XK2RseP/1wpfKpdg8jVtgU33eQoYK2v0xQGf0C6 sLjUbF0eXwXizKR7eRCjHcPRxb8jw3kDPJktL/zjwd3v1BHNwaIa+KJLLEDud2B1YTSM CSQnWOFIMg7CSs4RN/5ZdkirZU20OQt/iqBlc30Ep5cfcpimvyv15Ozh+fvIsS6rKVL2 KgyA== X-Gm-Message-State: AOAM530FY+r+KskiZfv6ftORTeM93ZkuBBwuLEvfvU1L70zkbG/Y9oYI A0ftAMDoP8LryMC9LhLuCJEE9g== X-Google-Smtp-Source: ABdhPJziMmG6PE0Pt8e5A81cwjUWvVn8KVdE0CAWH55XJhYyFQ8cyWD/wnWI9zJoxkQCi3/DdE1R9A== X-Received: by 2002:a63:4a55:: with SMTP id j21mr10729161pgl.187.1629322837472; Wed, 18 Aug 2021 14:40:37 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p10sm733567pfw.28.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , clang-built-linux@googlegroups.com, Joe Perches , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Daniel Micay , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , linux-mm@kvack.org, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 1/7] Compiler Attributes: Add __alloc_size() for better bounds checking Date: Wed, 18 Aug 2021 14:40:15 -0700 Message-Id: <20210818214021.2476230-2-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2756; h=from:subject; bh=kP6BgOKRNS6IGb207/dpbelm3mOMw4/bS5t0UhzraAE=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5Dq2QiOaeJq1Tj5NGc1dgSWvBgwfJAXIGyj+oL W+yI7feJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJnAYD/ 9S/10XpWJFiW6irIxn1Dci3UXeTaYnlapjvA0tEslOoyvPQVNvDbbtNLWWHgdV2hTr+XBIHJIur28v A7Xakugzm+7yFl6YeZTUQe4KtY3TnrzpIW/ADLn9VeJEwbm3Z6guch1tTPonEB/fNjrPd9y+ymvn3o V68VUOEp3Kl1CaGJnfxPwylMu75z6hn8cDBtpx0YXGTNSiR61ScVZIvqdWYmcJkgHB5FCdUY8PddHs cbYZQqMm/AO1/bb/BjABFx3hJ1OBH4L67gBqXXF4rp1IUzx5+r8buFg4dnfe96CAoPaYCTUq32ooKZ 8bCw/3fuM14Rkz9Q4clEt2Ip10fu6f8dY7bg6H2X+66buRxpc84yFlm68N9SeHZatLiQzU361cSscZ HpjrBWBKG8IZFX/yb6lbpbmEpTUJZg+HEK1z0M+bqp+YIsXoV3P04y9YvpfzuJxI+2Y0iuMQcoVK2a IgOCkNBJXpJOYyT3/ahDUhL504XWhbMqxUycST3NEOKK9Qre9M6eQJnr3AwPBl78mvjJw0dpL3Udk4 ocFoq+Kgk1s0F4/okTEQq71CGxjVrdVyJEPDcOOw28/r+NdKvytkpxCXgtV5kxLkKHC3OpsNIOh/ox UjFVO4rREbJdr6qsgDDPo4jDzWk1N3E/oIFKRyk2wCZwpsBPogv1hwZyjZIA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org GCC and Clang can use the "alloc_size" attribute to better inform the results of __builtin_object_size() (for compile-time constant values). Clang can additionally use alloc_size to inform the results of __builtin_dynamic_object_size() (for run-time values). Because GCC sees the frequent use of struct_size() as an allocator size argument, and notices it can return SIZE_MAX (the overflow indication), it complains about these call sites may overflow (since SIZE_MAX is greater than the default -Walloc-size-larger-than=PTRDIFF_MAX). This isn't helpful since we already know a SIZE_MAX will be caught at run-time (this was an intentional design). Instead, just disable this check as it is both a false positive and redundant. (Clang does not have this warning option.) Cc: Miguel Ojeda Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: clang-built-linux@googlegroups.com Signed-off-by: Kees Cook Reviewed-by: Nathan Chancellor Reviewed-by: Miguel Ojeda --- Makefile | 6 +++++- include/linux/compiler_attributes.h | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 72f9e2b0202c..34cffcdfd5dc 100644 --- a/Makefile +++ b/Makefile @@ -1078,9 +1078,13 @@ KBUILD_CFLAGS += $(call cc-disable-warning, stringop-overflow) # Another good warning that we'll want to enable eventually KBUILD_CFLAGS += $(call cc-disable-warning, restrict) -# Enabled with W=2, disabled by default as noisy ifdef CONFIG_CC_IS_GCC +# Enabled with W=2, disabled by default as noisy KBUILD_CFLAGS += -Wno-maybe-uninitialized + +# The allocators already balk at large sizes, so silence the compiler +# warnings for bounds checks involving those possible values. +KBUILD_CFLAGS += -Wno-alloc-size-larger-than endif # disable invalid "can't wrap" optimizations for signed / pointers diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h index 67c5667f8042..203b0ac62d15 100644 --- a/include/linux/compiler_attributes.h +++ b/include/linux/compiler_attributes.h @@ -54,6 +54,12 @@ #define __aligned(x) __attribute__((__aligned__(x))) #define __aligned_largest __attribute__((__aligned__)) +/* + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-alloc_005fsize-function-attribute + * clang: https://clang.llvm.org/docs/AttributeReference.html#alloc-size + */ +#define __alloc_size(x, ...) __attribute__((__alloc_size__(x, ## __VA_ARGS__))) + /* * Note: users of __always_inline currently do not write "inline" themselves, * which seems to be required by gcc to apply the attribute according From patchwork Wed Aug 18 21:40:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8160FC19F34 for ; Wed, 18 Aug 2021 21:40:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5EC9961103 for ; Wed, 18 Aug 2021 21:40:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234116AbhHRVlO (ORCPT ); Wed, 18 Aug 2021 17:41:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234057AbhHRVlN (ORCPT ); Wed, 18 Aug 2021 17:41:13 -0400 Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B4A2C06179A for ; Wed, 18 Aug 2021 14:40:38 -0700 (PDT) Received: by mail-pg1-x535.google.com with SMTP id n18so3735709pgm.12 for ; Wed, 18 Aug 2021 14:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=j9DqXIvxCIM/uJCCeVoynzfDym6qm3dtyLAT5E0EvZQ=; b=IVcXEnYGIgkxp08bXfmT4Z/QM2rlhkGqHMb4AimQ1lPm8+B8jgH7qoE/Y1k6f6RIB0 f1loyx5+TOZGqY4BAB479NEA0Wdx5Wwah4KXeOk3PuftyMLStwSpM0LpD0If6gUUc2td ekGdIHDc0xSjaMo9BoL1YSg6vAPozzOgdXG4o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j9DqXIvxCIM/uJCCeVoynzfDym6qm3dtyLAT5E0EvZQ=; b=uUiQp6p54Sh7Aksd6nHS605aS45vkov3IkATPhvUIzLhnOxPAFq8hhnJn3CKFYCsYQ p2fcNioQE+H7SdS4c0i2TXqsdLdKJJRgI4vT1+8U7UwBbk8XeYDn2QAoKmUYzOOTU5pE 0T9WcoLYlusNIL254E9gNeWVWtUXRbzhJCpevb+s3iUTEbAGy14LksGcLbijWtOIruHB ijKsTMNRr3JWPjHXYfXns511BCcIQt3bPAEpHMFbuiX79uQRHZKfKOHhMUoffzqSCu0g CXB3NCndL5JbJATrx3FFbj9dUTN0Etjx7d1tC6gDU4phiedSvoTSxywRRm4ES12W0PsS vKzQ== X-Gm-Message-State: AOAM530YJsmHAGWmOnHWuRUs/uF5TwUgCns+JN+8DKv6vuD8shilU1aw 6lwoftXovZzlImZ8unioPy44hQ== X-Google-Smtp-Source: ABdhPJz4r38rCjQXBAdz5RKupPpOX5AXF2/LNIdBOa/52R9ZgKDp5P005icezNJ91KF+IbpL+Yvx7Q== X-Received: by 2002:aa7:87d1:0:b029:3e0:e44b:6429 with SMTP id i17-20020aa787d10000b02903e0e44b6429mr11485358pfo.81.1629322838217; Wed, 18 Aug 2021 14:40:38 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id v20sm846721pgi.39.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Joe Perches , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Daniel Micay , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-mm@kvack.org, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 2/7] checkpatch: Add __alloc_size() to known $Attribute Date: Wed, 18 Aug 2021 14:40:16 -0700 Message-Id: <20210818214021.2476230-3-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=912; h=from:subject; bh=6Teat8DBaEMMX6uWXJym8AvRSHRT+DxfYZVALLaAHjA=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5DBAWPRR5j7mh8AUY9CepoJIBrtuPXzvvnwNso swpVkhiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJh7KD/ 96JnKMQjuQw7QtjrbSbFxElQz16CfGElDpaJ1vmSZyt5B94MVj1bxxm20gR7QAEGbHyBPNyae7HA80 /eGzg2PywQcfB6x4/I0U1vis5JgM8dvYpANANpoi0nYzP/cgkM+ZI7evoAF46FggzG2+O3idTnEgzr DpYQ9H3D3JyEL/TqDbNFh5DgovOyydTKuMWa6ME5T91vVKPrw0ObE03YKzBPehWKbdW+AEzAANor1b cGwSAKuVy32QNt3mPR/IsRkGWSAV0+Kni+8BgmXt/8TTLhxuEAUp5KpQc3061OiwSbbniWGU6TNZTI ajGROJBqm4tAGaBQL2rqL+nMCFm+Hh92wBwgxrJLDur7oiuOii9ZnNgIDx7k+GgFqEYf1HSp0TglqQ M4nuT/MvfO0c/1/F3hGvEQHp4Rp/KOpGTu6z0kJ3RePjPVqMySTot3hJ1JwIIDJha2OlSOXczxBN+E A4P3QaN/sEpO0KRIjbAZeyCCukgg/Ca2QlCCDxETAq2aKCdq6NQJbNwHvTYLJrOqqNAzGBwr++Rt+w 5IqUpM7ekMoEWy10JxkE63eElBxOtaboQ9rYmcAM8Rpg48Y42Dw+WY+QKeIcl/Jwphs5jMUEmACxC1 jYYU0zHh/C+ep7ngW3J3xPyoGZJeNxIzQ1vWRqLiIj4Ua4u/JbSYyCobzvNQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Make sure checkpatch.pl doesn't get confused about finding the __alloc_size attribute on functions. Suggested-by: Joe Perches Cc: Andy Whitcroft Cc: Dwaipayan Ray Cc: Lukas Bulwahn Signed-off-by: Kees Cook --- scripts/checkpatch.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index a65753c05a69..e4b0def605c3 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -489,7 +489,8 @@ our $Attribute = qr{ ____cacheline_aligned| ____cacheline_aligned_in_smp| ____cacheline_internodealigned_in_smp| - __weak + __weak| + __alloc_size\s*\(\s*\d+\s*(?:,\s*\d+\s*)?\) }x; our $Modifier; our $Inline = qr{inline|__always_inline|noinline|__inline|__inline__}; From patchwork Wed Aug 18 21:40:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445491 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24CD5C19F3A for ; Wed, 18 Aug 2021 21:40:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0E81C61104 for ; Wed, 18 Aug 2021 21:40:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233971AbhHRVlQ (ORCPT ); Wed, 18 Aug 2021 17:41:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234131AbhHRVlP (ORCPT ); Wed, 18 Aug 2021 17:41:15 -0400 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 583BFC061796 for ; Wed, 18 Aug 2021 14:40:40 -0700 (PDT) Received: by mail-pj1-x102c.google.com with SMTP id 28-20020a17090a031cb0290178dcd8a4d1so6016328pje.0 for ; Wed, 18 Aug 2021 14:40:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=O8qjYY2cJtsRmGm/zdMlQTzE6OnnaKrP94K9BZF3rSA=; b=nMy7A/nPsqqnV8Mg5wlS7/0IsGs50z8tCUXJYrfOg4AsWZa9SXVsUnl6Wo70zFzIzZ APXXBcZVA5rMrWVOlBjoM+3eOPYHijbfKlzO6eAP+gry0FfUhhpaeBU0hN4k179yh+Z+ jqvpR1Mn8CSchx3dmcpXjwm6mRiWmterswDCU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=O8qjYY2cJtsRmGm/zdMlQTzE6OnnaKrP94K9BZF3rSA=; b=T3mg7HUQp5RhxlDYGy8ZD84bN71iIlHYIPNMbI3O+aiUqbmT1+3/AoTqXOF/cfV53T kpZHbSinBYYkas/lmqUT93jVjfpMLZxeLAx/24GWabhYXWUr/o9/rN1uFTZJlrE7IRfB iRNOiR2xEqXJprrO7t3tIKWyhVIKHNW7kp0dd6rtcUg2mY5yNWe2bwfykmB5uQlxLIfR QifcqXhF9nC0h8Ajx74qWqpMe2hx0KYIl5X8tH3lAxrV5LsIPfhFMtdDIwEwvFi86znY tl1GqWlNwnhGI53eHnOGiqC8qbNCpm23hC18okyTquFpvwqFyNPyL5GU1HMBMpPOnQcn ryCg== X-Gm-Message-State: AOAM530io+ItEndjKiCtovuTaMe4A7pjO1+i57HliU4nIekYrSET4Z71 TpX7ZJMC1ahTNlpYxHX4adHmgg== X-Google-Smtp-Source: ABdhPJxYjaN+DPPuAIQ69L5BdqEKlPPf/7kM7hgR09tYFR4qxImDaw4J7iKHF/Tk7z+ejQWXelFwSA== X-Received: by 2002:a17:902:9a47:b0:12f:6a05:caaf with SMTP id x7-20020a1709029a4700b0012f6a05caafmr2040047plv.55.1629322839915; Wed, 18 Aug 2021 14:40:39 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x13sm713276pjh.30.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Joe Perches , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , linux-mm@kvack.org, Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Daniel Micay , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 3/7] slab: Clean up function declarations Date: Wed, 18 Aug 2021 14:40:17 -0700 Message-Id: <20210818214021.2476230-4-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7386; h=from:subject; bh=twU3C8Odrnjtt0fLQV1v3kpwGFqUFkkEJcF/jNvyyhw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5DwWG8Hbuzv1t4kr4ppi1TMFFQ+1095F1DCS+E ugeeNVeJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJrrJEA CiuNoKbuv3vd4OKjhaJsh/uzJaVSeJtUBbZd3/9tG9s4xBEiQv2TlQu0xZaF6WmgcCcuqQIstsDoAa QSaY4YKqRiBrUSqEXm6RtvXyFALNQIcRO64dkTw/k6NlY1vnQ+cznAbzY7uUemCoMXMRFWGTrFAjNL h4nYkrsKvd7bJS8rKfhkqhQDjQFHxtxAjYRFEYi018DHon/MmNrWxLSRHwwVfg61CpTHknF6VL5ekk PqE6RbO3HAI94bkmZXP2e09oyfgedXdMHdydBH6m0rXYJXls3R3e3IdGGnG8Lln/FcUMtKuQ+AQYUb uRrqf12S29q1WuPsb9oiBrvP1Faqo5PlB2gFK0Z2pF1ZVWDRFqTkX0hcEJacHbxHTcOfEFoBQDwZYR pECQpkqKGrR4Jft3sMcMHYl9fqRBMIrHg3FR66qExZGsErEYgsDkY8HvzCz7fCjkJZfTW1ZQ7XBdn8 spXz/cTL1OnWA9T+8AFCne8QCjrrGsnCQwaxCStrQc3Oh8sBJ9mwDGXxV+kiqyHyy1LShFc99t2Zz4 vljcX0jpG1gk9KBTw5xPUTxLm++BeNjFJfbKP3k4tUYpXT/A4047+XLEXjnmAWCKUX6p/6sqd8C6F7 kTLOE8Mk9+/O7V/BXO4FZiCjuMmSNstND0eEUVgfzhfaFiAqjYhAtf8HI0dw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org In order to have more readable and regular declarations, move __must_check to the line above the main function declaration and add all the missing parameter names. Suggested-by: Joe Perches Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Vlastimil Babka Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/slab.h | 68 +++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index c0d46b6fa12a..10fd0a8c816a 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -152,8 +152,8 @@ struct kmem_cache *kmem_cache_create_usercopy(const char *name, slab_flags_t flags, unsigned int useroffset, unsigned int usersize, void (*ctor)(void *)); -void kmem_cache_destroy(struct kmem_cache *); -int kmem_cache_shrink(struct kmem_cache *); +void kmem_cache_destroy(struct kmem_cache *s); +int kmem_cache_shrink(struct kmem_cache *s); /* * Please use this macro to create slab caches. Simply specify the @@ -181,11 +181,12 @@ int kmem_cache_shrink(struct kmem_cache *); /* * Common kmalloc functions provided by all allocators */ -void * __must_check krealloc(const void *, size_t, gfp_t); -void kfree(const void *); -void kfree_sensitive(const void *); -size_t __ksize(const void *); -size_t ksize(const void *); +__must_check +void *krealloc(const void *objp, size_t new_size, gfp_t flags); +void kfree(const void *objp); +void kfree_sensitive(const void *objp); +size_t __ksize(const void *objp); +size_t ksize(const void *objp); #ifdef CONFIG_PRINTK bool kmem_valid_obj(void *object); void kmem_dump_obj(void *object); @@ -426,8 +427,8 @@ static __always_inline unsigned int __kmalloc_index(size_t size, #endif /* !CONFIG_SLOB */ void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; -void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; -void kmem_cache_free(struct kmem_cache *, void *); +void *kmem_cache_alloc(struct kmem_cache *s, gfp_t flags) __assume_kmalloc_alignment __malloc; +void kmem_cache_free(struct kmem_cache *s, void *objp); /* * Bulk allocation and freeing operations. These are accelerated in an @@ -436,8 +437,8 @@ void kmem_cache_free(struct kmem_cache *, void *); * * Note that interrupts must be enabled when calling these functions. */ -void kmem_cache_free_bulk(struct kmem_cache *, size_t, void **); -int kmem_cache_alloc_bulk(struct kmem_cache *, gfp_t, size_t, void **); +void kmem_cache_free_bulk(struct kmem_cache *orig_s, size_t size, void **p); +int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, void **p); /* * Caller must not use kfree_bulk() on memory not originally allocated @@ -449,8 +450,9 @@ static __always_inline void kfree_bulk(size_t size, void **p) } #ifdef CONFIG_NUMA -void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc; -void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; +void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_slab_alignment __malloc; +void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t flags, int node) + __assume_slab_alignment __malloc; #else static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) { @@ -464,17 +466,15 @@ static __always_inline void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t f #endif #ifdef CONFIG_TRACING -extern void *kmem_cache_alloc_trace(struct kmem_cache *, gfp_t, size_t) __assume_slab_alignment __malloc; +extern void *kmem_cache_alloc_trace(struct kmem_cache *s, gfp_t flags, size_t size) + __assume_slab_alignment __malloc; #ifdef CONFIG_NUMA -extern void *kmem_cache_alloc_node_trace(struct kmem_cache *s, - gfp_t gfpflags, - int node, size_t size) __assume_slab_alignment __malloc; +extern void *kmem_cache_alloc_node_trace(struct kmem_cache *s, gfp_t gfpflags, + int node, size_t size) __assume_slab_alignment __malloc; #else -static __always_inline void * -kmem_cache_alloc_node_trace(struct kmem_cache *s, - gfp_t gfpflags, - int node, size_t size) +static __always_inline void *kmem_cache_alloc_node_trace(struct kmem_cache *s, + gfp_t gfpflags, int node, size_t size) { return kmem_cache_alloc_trace(s, gfpflags, size); } @@ -490,10 +490,8 @@ static __always_inline void *kmem_cache_alloc_trace(struct kmem_cache *s, return ret; } -static __always_inline void * -kmem_cache_alloc_node_trace(struct kmem_cache *s, - gfp_t gfpflags, - int node, size_t size) +static __always_inline void *kmem_cache_alloc_node_trace(struct kmem_cache *s, + gfp_t gfpflags, int node, size_t size) { void *ret = kmem_cache_alloc_node(s, gfpflags, node); @@ -502,13 +500,15 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s, } #endif /* CONFIG_TRACING */ -extern void *kmalloc_order(size_t size, gfp_t flags, unsigned int order) __assume_page_alignment __malloc; +extern void *kmalloc_order(size_t size, gfp_t flags, unsigned int order) + __assume_page_alignment __malloc; #ifdef CONFIG_TRACING -extern void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) __assume_page_alignment __malloc; +extern void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) + __assume_page_alignment __malloc; #else -static __always_inline void * -kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) +static __always_inline void *kmalloc_order_trace(size_t size, gfp_t flags, + unsigned int order) { return kmalloc_order(size, flags, order); } @@ -638,8 +638,9 @@ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) * @new_size: new size of a single member of the array * @flags: the type of memory to allocate (see kmalloc) */ -static __must_check inline void * -krealloc_array(void *p, size_t new_n, size_t new_size, gfp_t flags) +__must_check +static inline void *krealloc_array(void *p, size_t new_n, size_t new_size, + gfp_t flags) { size_t bytes; @@ -668,7 +669,7 @@ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) * allocator where we care about the real place the memory allocation * request comes from. */ -extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +extern void *__kmalloc_track_caller(size_t size, gfp_t flags, unsigned long caller); #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) @@ -691,7 +692,8 @@ static inline void *kcalloc_node(size_t n, size_t size, gfp_t flags, int node) #ifdef CONFIG_NUMA -extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long); +extern void *__kmalloc_node_track_caller(size_t size, gfp_t flags, int node, + unsigned long caller); #define kmalloc_node_track_caller(size, flags, node) \ __kmalloc_node_track_caller(size, flags, node, \ _RET_IP_) From patchwork Wed Aug 18 21:40:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445489 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0D0DC432BE for ; Wed, 18 Aug 2021 21:40:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 75BE36113D for ; Wed, 18 Aug 2021 21:40:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234152AbhHRVlP (ORCPT ); Wed, 18 Aug 2021 17:41:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233986AbhHRVlP (ORCPT ); Wed, 18 Aug 2021 17:41:15 -0400 Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F173EC0613D9 for ; Wed, 18 Aug 2021 14:40:39 -0700 (PDT) Received: by mail-pl1-x635.google.com with SMTP id l11so2689617plk.6 for ; Wed, 18 Aug 2021 14:40:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MwqyUyVBfuGOdnrF3tl+l2Mzk/6qR2NKBKGCWMmBzR4=; b=lJaSXy0lYdah6JlaBB6JCDKQ2od42DJIgRCsFUgHsBBkFpAugC7RyzzubprgIsCsXZ 9DQDgGpSKtlIeBQELVxglQndJc5/IwgT1v+VvnCeu08kNR5l23Q33fHaFs1sjuUkvC1Q SaoIpXooxKVHvS+E/tHb9grtgqN4dMSP75Tkw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MwqyUyVBfuGOdnrF3tl+l2Mzk/6qR2NKBKGCWMmBzR4=; b=VX5qlUtPcqF70vRxPNXuLQY9RGQxw2XLDUkoE5XQ+PQnuK5NjZXx+d8kyqsQPbUcLn XZu6aoPy3vGzZYMWd54USnXzd6/dWzrLf1OcQk6a9r/LbQWFScJvPsc3sBtVs5IBG87o ACxMNj4ZWPlT8/ukThQaSkxTEQ26cCPXI23kpM8zTlwzst7nivtDR1f9MKSc5/t77hqP /+AVK+qn93N77TABm4u8HPpGgcEHKM+xMNWUBJSWnka7Bv2B64+0ODMJh/FXLp276Z8B 50RImXeJiFvFvpjvtQ2qZB/yQ1h/+XVDmFEe2DrLlgJr30rL4UBHzFro6dap/4UOGN01 CTqQ== X-Gm-Message-State: AOAM530CwLQjFYArC/+nnqUXtccChLb2rFMuA41Zabo3lF3SQ3QaqL1E 7N5ngeMUgqtlCNa2OoSv6f99vg== X-Google-Smtp-Source: ABdhPJyyi7ErTbm+ViiZvCfJWCAymEafpFEKY15NWZprddMDTt1sR71iauCzPKqMFd7+RlNs3K2WQw== X-Received: by 2002:a17:902:d343:b029:12d:3624:d997 with SMTP id l3-20020a170902d343b029012d3624d997mr9013434plk.79.1629322839521; Wed, 18 Aug 2021 14:40:39 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id n5sm784454pfj.49.2021.08.18.14.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:36 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 4/7] slab: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:18 -0700 Message-Id: <20210818214021.2476230-5-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5608; h=from:subject; bh=AW2v9G59SMc9b2TjyulXwopISZ5N5UugKCOULL9fb0g=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5DF+L11JdRBLUW37gUf3S/QgZ9yRAYxPnw6Q5k rK1KJQ+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QwAKCRCJcvTf3G3AJoW8EA CDq9Jkfm5K3l1TaVzOEW/WA0AfLKl/mG8AZKQHZbrk3EUW1tUrvcARr4YvCurHpfayCK2mdIFt0GIw Hh0y0T8Q06jg9bE5y6an/1XGvQXzFzowT0kvZLIIo/TyvZWmc2AbFXw621OA7tmldlP9x4hbhLkgMi nWYvZmMF32QWod+5iOwwPT3J01bnmGlJ/5IceWnCUrWslK88vS277HFMVAmEO85i/lLXi3oT0I/k2V jhg89zp3n2ozHJWEJ5DJ/o8akLgkaN9rsn159jGQKOcMoChQel2R6Jz+740W6pbfbhNyKamS26+Ocb 58aXqfzxYjoym/TNuU7FKENR+835OudmiWZoQqrfMDdyFVisNqSktorQ/mzluQc10gC4GC2sBhsLI0 s28g1QorO89zcfaK7hh4GEeTleyChCevyhWuG1voD4/Nu+cUAbw5sgZprunMbuc2vC9xTACQbkVNO/ k6LEMglwD89MLoVJ9850MJ+QU1qpFwCQAsqJ4Wx8zuRK79tdqgsfIlgq/eh4pvMCk/ERvXQ3/Y0nhO i9OkcUWaiKVjP29BjemVqIBtgDriJWQPrwn7i6uOwE9PjGWjvTy8VvX73yxIvtBgj76E94gVrZTdEy D3CzpNDxiSxMMvDJT9F5MUzEACKmTVOHzk6cg+20nic6/oMh3FGFaRMesCIQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org As already done in GrapheneOS, add the __alloc_size attribute for regular kmalloc interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Vlastimil Babka Cc: linux-mm@kvack.org Signed-off-by: Kees Cook Reviewed-by: Nick Desaulniers --- include/linux/slab.h | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 10fd0a8c816a..6ce826d8194d 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -181,7 +181,7 @@ int kmem_cache_shrink(struct kmem_cache *s); /* * Common kmalloc functions provided by all allocators */ -__must_check +__must_check __alloc_size(2) void *krealloc(const void *objp, size_t new_size, gfp_t flags); void kfree(const void *objp); void kfree_sensitive(const void *objp); @@ -426,6 +426,7 @@ static __always_inline unsigned int __kmalloc_index(size_t size, #define kmalloc_index(s) __kmalloc_index(s, true) #endif /* !CONFIG_SLOB */ +__alloc_size(1) void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; void *kmem_cache_alloc(struct kmem_cache *s, gfp_t flags) __assume_kmalloc_alignment __malloc; void kmem_cache_free(struct kmem_cache *s, void *objp); @@ -450,6 +451,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) } #ifdef CONFIG_NUMA +__alloc_size(1) void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_slab_alignment __malloc; void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t flags, int node) __assume_slab_alignment __malloc; @@ -574,6 +576,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) * Try really hard to succeed the allocation but fail * eventually. */ +__alloc_size(1) static __always_inline void *kmalloc(size_t size, gfp_t flags) { if (__builtin_constant_p(size)) { @@ -596,6 +599,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) return __kmalloc(size, flags); } +__alloc_size(1) static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) { #ifndef CONFIG_SLOB @@ -620,6 +624,7 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) * @size: element size. * @flags: the type of memory to allocate (see kmalloc). */ +__alloc_size(1, 2) static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) { size_t bytes; @@ -638,7 +643,7 @@ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) * @new_size: new size of a single member of the array * @flags: the type of memory to allocate (see kmalloc) */ -__must_check +__must_check __alloc_size(2, 3) static inline void *krealloc_array(void *p, size_t new_n, size_t new_size, gfp_t flags) { @@ -656,6 +661,7 @@ static inline void *krealloc_array(void *p, size_t new_n, size_t new_size, * @size: element size. * @flags: the type of memory to allocate (see kmalloc). */ +__alloc_size(1, 2) static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { return kmalloc_array(n, size, flags | __GFP_ZERO); @@ -685,6 +691,7 @@ static inline void *kmalloc_array_node(size_t n, size_t size, gfp_t flags, return __kmalloc_node(bytes, flags, node); } +__alloc_size(1, 2) static inline void *kcalloc_node(size_t n, size_t size, gfp_t flags, int node) { return kmalloc_array_node(n, size, flags | __GFP_ZERO, node); @@ -718,6 +725,7 @@ static inline void *kmem_cache_zalloc(struct kmem_cache *k, gfp_t flags) * @size: how many bytes of memory are required. * @flags: the type of memory to allocate (see kmalloc). */ +__alloc_size(1) static inline void *kzalloc(size_t size, gfp_t flags) { return kmalloc(size, flags | __GFP_ZERO); @@ -729,25 +737,31 @@ static inline void *kzalloc(size_t size, gfp_t flags) * @flags: the type of memory to allocate (see kmalloc). * @node: memory node from which to allocate */ +__alloc_size(1) static inline void *kzalloc_node(size_t size, gfp_t flags, int node) { return kmalloc_node(size, flags | __GFP_ZERO, node); } +__alloc_size(1) extern void *kvmalloc_node(size_t size, gfp_t flags, int node); +__alloc_size(1) static inline void *kvmalloc(size_t size, gfp_t flags) { return kvmalloc_node(size, flags, NUMA_NO_NODE); } +__alloc_size(1) static inline void *kvzalloc_node(size_t size, gfp_t flags, int node) { return kvmalloc_node(size, flags | __GFP_ZERO, node); } +__alloc_size(1) static inline void *kvzalloc(size_t size, gfp_t flags) { return kvmalloc(size, flags | __GFP_ZERO); } +__alloc_size(1, 2) static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags) { size_t bytes; @@ -758,11 +772,13 @@ static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags) return kvmalloc(bytes, flags); } +__alloc_size(1, 2) static inline void *kvcalloc(size_t n, size_t size, gfp_t flags) { return kvmalloc_array(n, size, flags | __GFP_ZERO); } +__alloc_size(3) extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags); extern void kvfree(const void *addr); From patchwork Wed Aug 18 21:40:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445497 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76411C4320A for ; Wed, 18 Aug 2021 21:40:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6153E610A6 for ; Wed, 18 Aug 2021 21:40:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234337AbhHRVlV (ORCPT ); Wed, 18 Aug 2021 17:41:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37980 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234240AbhHRVlS (ORCPT ); Wed, 18 Aug 2021 17:41:18 -0400 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20761C0617AE for ; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) Received: by mail-pl1-x634.google.com with SMTP id o10so2745090plg.0 for ; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gkpL6W5wADmlyNHUFZldG5mVI9okFbona7uNlwuA1mU=; b=Qy6If4qcKtJkUwTqjP8yxEzl81jcjqu3HXxxHD0WGo85OKcGnfjztCysIKYYXPN72G SnwjhDp/FioXSHi9fY1oM+99u51Sf23nMV3pdTq5lcrcYFl/uGbHH0LYNFERH/McPKxz NnpyYsr58PmrgdH74qwoLj/U42/4DaqEYdHIc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gkpL6W5wADmlyNHUFZldG5mVI9okFbona7uNlwuA1mU=; b=PFNmNiPsj9mN0hc8mA1/mjfVNAAzIgsTxyXSKYfKq3bhF/3GDIALjgt5fIZqzJUvGB 3U+v74YeEVU7icaE/gpPS5yO2UDr2CBtzHWi9U1mejzWL7UTL29WxkXBAeyKIxYKSoI1 kGjJXFabcSytldLfdFtrtNNVGuSXQuVKdX7OzFGPYLggAVCITH02sbX1bR9vobguw44T KbWbYJuqD+bwmGQiCQjNtHOVvhkXn3hj8c5IEdi4PNTeIRuqprhhgQXrVSBTXKGu7h/X a1M4GerkWsBun57LmRwXxu6Vpa0acDkEHhqtKKVjR1mz9RL82AYtQ9/WpRP/nIL6JZCx y2BQ== X-Gm-Message-State: AOAM533Y+v9YZOxyg0onaLSVzC5B0GUNhTFCJw72tacs9HPuQUrlsnxa SzBffv7M0n9mpsP/FBgDpGPmyg== X-Google-Smtp-Source: ABdhPJzrhbYuLI5UlRW4aCCE3cbFMxFlFAXa9Z61qJQhnBzGGozo/4kJ/fhJlNKJnbWcs4ZQihLH7g== X-Received: by 2002:a17:90b:fd3:: with SMTP id gd19mr9573234pjb.76.1629322841706; Wed, 18 Aug 2021 14:40:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x19sm834704pgk.37.2021.08.18.14.40.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:39 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Andrew Morton , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 5/7] mm/page_alloc: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:19 -0700 Message-Id: <20210818214021.2476230-6-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1190; h=from:subject; bh=W6Cb28S2qXmrTKUD2DPqGU+sVI4WS8pidViY5hBWcNE=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5ERWo0fTNGYg6mwSKLViBT93/C8jzcI2r2WUjP LwkFmOOJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+RAAKCRCJcvTf3G3AJu5UD/ 9yIUyrMR9IxHlxKAanhzIsME7zxx04n6zWRtwcafigdh/kVuzrzuRYMif8CdvvgBvmz8HJwZdDcdQE 82qUSTku6Uc0adci2vK6LHAWS+sDWZ3y83xb61th6T9qdLd8fcpin+QnJYegrBY56S1DOI4ipiyEXa w68LROW++aDn1Yb0oS+5DBCusLj0DqNdO63YohcPDDjtXNNamr5A6kjzJLbtUDeFJDxp65/gisJEo6 oV/morkS6bYX73qMpvcGnt1dXWLw6irYepPYWiyYPa29OL4bzmjo8TVNFj6869tivAN6s2p8BxyeHM 5hpfLWXwu1dC1GqLFGMxENpbegEsaqkzhn/KFG3dPkm8DFSCbTzB14kZ7wr1vqD65b1FQoZhlghJEW PWciluNwgNnwlQKgC3uvfsvBPMJvWN5974DLE/OCwJWr4P8y6OGFjeAg3GFD4ds+UgtkXb9nEwEVij SojHGWi6tife8OuVdpiyAaAousPkkz02htMpPDwG8SSxJJO1Fw9CwRWGDF0sEkOHwCCosUKhVTp8Vu UivVUOYfr/LVdMW5lpya4iiJDoBoL8ww5GKz0SAGrRpmPpbLtWALZA9bu9NmpyoloQ9lKFEAACF+dJ Fq0C6qVNHPMSUlCr0vhM7/JSbua0QjaQtTxhpC+iz25WikK4frNDFwJKbcnw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org As already done in GrapheneOS, add the __alloc_size attribute for appropriate page allocator interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Andrew Morton Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/gfp.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/gfp.h b/include/linux/gfp.h index 3745efd21cf6..897538d5ffd2 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -618,8 +618,10 @@ static inline struct folio *folio_alloc(gfp_t gfp, unsigned int order) extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); extern unsigned long get_zeroed_page(gfp_t gfp_mask); +__alloc_size(1) void *alloc_pages_exact(size_t size, gfp_t gfp_mask); void free_pages_exact(void *virt, size_t size); +__alloc_size(1) void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); #define __get_free_page(gfp_mask) \ From patchwork Wed Aug 18 21:40:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445493 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A4E6C43214 for ; Wed, 18 Aug 2021 21:40:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 726A861107 for ; Wed, 18 Aug 2021 21:40:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234276AbhHRVlT (ORCPT ); Wed, 18 Aug 2021 17:41:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234104AbhHRVlQ (ORCPT ); Wed, 18 Aug 2021 17:41:16 -0400 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1F8FC061796 for ; Wed, 18 Aug 2021 14:40:41 -0700 (PDT) Received: by mail-pj1-x102e.google.com with SMTP id 28-20020a17090a031cb0290178dcd8a4d1so6016354pje.0 for ; Wed, 18 Aug 2021 14:40:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=hkb7Jfu8siQEeZroFh7P2leDv5HZhgyEO3/P7zQyv7o=; b=RSJ0nHFz0YIcadZEK+2T//KeKYLb8iPMtRzFaI7ERNqAF/9UzjlEvsmh60f+OAG0hR Qj0RaYKR9wNVB6Z8CE3TAnUtflL1hT4INidx6hvPICYLbw9LUID/Z0TgTqlMFeC1joks 8gQqtC0TPN6FGO2wynWdR3t8c/hxAKrpFBhZ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hkb7Jfu8siQEeZroFh7P2leDv5HZhgyEO3/P7zQyv7o=; b=PSjpQeDXXh4V++nysmRsjO6YrDxgpl85ET/C09NNWA/oVtGaXFrTUuTK0eISUQQ+sf FvsUhHG9hBxOJfLXLG+sWIHp8HL41JxGEAz+V7znZKmrjLKqIUDahEXgZ0CeEVcy5Eon iYxAJuV/pkiuHt8InKjNcKlUzgJ8WYLBfYx5yeP8LtTMdY8eV3xGfcO2jKaMSTeL/kxB D/l4Gnjs2I757G2c5QfIIfSOACor4EmdH2pCeSaCIBgjjCUixC6FtG6F4BX2Xf5+sCs+ V6NlWKnC1HxlXYCrz9xDp538KumVFtQnEkqSPRycuCCAJUjMSOPxFXO8rZOiEjMJ6fwt tlmA== X-Gm-Message-State: AOAM5323/pFKRUeZKCF8Q/s4I/kAnfn06UrMk3DENpbuxgK+P6Bob6VP kYzz3XEl8vRjg4ONp/9wKv/jPg== X-Google-Smtp-Source: ABdhPJzmfME2/iuvry6l1RXtXFLw2B8x/9UtYWsQyHviQ+a+yu2VpuQUlSlfyodXtUqiobzZT9CGsQ== X-Received: by 2002:a17:902:e54e:b0:12d:cca1:2c1f with SMTP id n14-20020a170902e54e00b0012dcca12c1fmr8778762plf.79.1629322841388; Wed, 18 Aug 2021 14:40:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p30sm771381pfh.116.2021.08.18.14.40.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:39 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Dennis Zhou , Tejun Heo , Christoph Lameter , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 6/7] percpu: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:20 -0700 Message-Id: <20210818214021.2476230-7-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; h=from:subject; bh=ekTvmEitMMQysLPDeBX8i89VfgDCF2rtfdT6Z6IUx4A=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5EsqlEW2vfPq2eFmV43wt3rhdXc8JsXzXAcFu/ K19rrryJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+RAAKCRCJcvTf3G3AJuxtD/ 9NUGRG0V5AKk7qevvbKJ8t28yDZ6RZ0La8S1XLLAg61jPfECQvj6pVLv5NrDYtQMSbnwdh77FUg+II vLCH66LG8N2MwxQgbX7gtAfkcv2VV1dChGUbDODhzCKYU1ggZbOz55qV09DiWOCHE04y5LSlABcay2 1Di10cEmBP3LyrcM45UIOvl3fbc5iewqMqz/g2BZSmbGC0jJG1QjOvQezGZvid6TmQozA6VJ7oUJTA yQQ3KaPMNrueSUKmqwe/B5/sBXvgGM1hOSVjuZNFgLeL2Eb4qMJnukSGWxaIHY8JYpT1kMog9OOfD4 ngnPNYTprHzGVHq8wPzJOcfaQ9ZBKsSRM9Sn6mpGfrpqF8+WRID4zn/Vdcz2m8k3AEgPaTs3DWOhq5 9VYp9XI5i5dvtDnlooedZt4ux8Bdv6+JD8e8zwBf+w7uONbj0PU4iq2Kax/B1F8tDOvHyflWvwlQxb nd5XW7tez+VJqv0r+Vi5cyZ9Z4txtiC3cepvO5YiFD/vsyFKB59HnScAAvwClZTYHb+u8xWLrElSDk t8qKonk8l3+uGZueDC8sHGMVtV+lqxYbD10EMx46FGmrtbEBZT/shTf8vQllIDghYvHfEzL9ymZtxG jGGWnPlILGujzSofOTeKoJvJHLxS+LelzhTaK2IdytAHBhi4QsOwxZZNtx8g== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org As already done in GrapheneOS, add the __alloc_size attribute for appropriate percpu allocator interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Dennis Zhou Cc: Tejun Heo Cc: Christoph Lameter Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/percpu.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/percpu.h b/include/linux/percpu.h index 5e76af742c80..119f41815b32 100644 --- a/include/linux/percpu.h +++ b/include/linux/percpu.h @@ -123,6 +123,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, pcpu_fc_populate_pte_fn_t populate_pte_fn); #endif +__alloc_size(1) extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align); extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); extern bool is_kernel_percpu_address(unsigned long addr); @@ -131,7 +132,9 @@ extern bool is_kernel_percpu_address(unsigned long addr); extern void __init setup_per_cpu_areas(void); #endif +__alloc_size(1) extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp); +__alloc_size(1) extern void __percpu *__alloc_percpu(size_t size, size_t align); extern void free_percpu(void __percpu *__pdata); extern phys_addr_t per_cpu_ptr_to_phys(void *addr); From patchwork Wed Aug 18 21:40:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12445495 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84E3DC19F33 for ; Wed, 18 Aug 2021 21:40:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 78FC6610A6 for ; Wed, 18 Aug 2021 21:40:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234057AbhHRVlW (ORCPT ); Wed, 18 Aug 2021 17:41:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37984 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234250AbhHRVlS (ORCPT ); Wed, 18 Aug 2021 17:41:18 -0400 Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73CEBC0613A3 for ; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) Received: by mail-pg1-x535.google.com with SMTP id c17so3746814pgc.0 for ; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=obyCsyhTKD9ULYgdRm0xF6fBRvJ21Igqh3M9baDJkzs=; b=gfoOfwCntAnNAJFuBtpqMhXssh75dB9pXawiBDuYUsb1knx7XpO1ULvRh4UWBQI7Bz FOhaEa6ykLVedUd4BqcLZqz1Ht+0PebP3lMGcJwf+KZNzHWuIHV+/cKUxmXqqYpMNcso Gyv2LEVmZMkaWyOxL2QsZi+qfz4ZSubt89mXs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=obyCsyhTKD9ULYgdRm0xF6fBRvJ21Igqh3M9baDJkzs=; b=Vk+1FvPPG1+k+pJQ85itm1e82aHlc5FC7HbKzNQHUOoFKiiJDEzVGuSXNptzxmvsZR DYxBC9v6h0Z47XSdPKPemmMe5Ps6UJfQHUYvouLnD4Wciwj7xMTUVOHgbzHL6b7+99jR o30XmJooBvX7JFBpcfECk2NOqHNeNDSYB/0SjA/GQHgEoUa6ICza8oXPNx1xxfn9CWpu m7CaNIVHgKlaJrJLHOFaO8X94TxZV69P2QgDlADApTptSgdi9HILs+Ymn5ztXNUzd16u k44fshAGGLKsZ0Ygydd7TrQ/pbGbsUl/p0Xskw30DEkk1e5Ht/ddku4gjZ5qhKknMeMX OY+Q== X-Gm-Message-State: AOAM532Pb5zlcn5nplJniXL5YnuzMwCF0+L1LTi60tyrfIsdyXr7+ZAB 15A29u5h6tatD2YdHL2OqnJcXQ== X-Google-Smtp-Source: ABdhPJwXHJZznk4JTYaE7rhZvSIvyF+ITwR+l8nNQl5rGGRvQRTxm60WUot4QCOH/cQrek7ozkyHag== X-Received: by 2002:aa7:9086:0:b029:39b:6377:17c1 with SMTP id i6-20020aa790860000b029039b637717c1mr11523853pfa.11.1629322842023; Wed, 18 Aug 2021 14:40:42 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id d22sm2428pjw.38.2021.08.18.14.40.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 14:40:39 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Daniel Micay , Andrew Morton , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 7/7] mm/vmalloc: Add __alloc_size attributes for better bounds checking Date: Wed, 18 Aug 2021 14:40:21 -0700 Message-Id: <20210818214021.2476230-8-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210818214021.2476230-1-keescook@chromium.org> References: <20210818214021.2476230-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1906; h=from:subject; bh=zZAhvg0/X2ZvejN1Ximar4dbpGivh/+QQFsXl6ok5Vw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5EQcnqyfy1qEIP1S4mcozbG6+autpWOD9SsOFn +9NTZ52JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+RAAKCRCJcvTf3G3AJkdcD/ 9jF1T7G8iKELXphXJtJn6dWEfa0njsQ+5w/PgRzIb8ou0ZSzyTfJxwPTEhiiS8YfBZIbgG1olvXO1/ 9jlS/Jl7O6s1zJrbjTkAG+0YryyZeUgN0ikB5brvDOQADIQKa8Qv9p0nJ8PfnTzf3Y51GwQnLYTYYm m1pgQQJWt4Me+uYokWJyi5GZRoplJ7c7nEUJ/wfR3DD9fKzuP2kDP8cxiSFG+Th587g8qd0y/jaonj m2Phd4OY38vdxSbHtXYJHgVrnV4mdjhJI0fq7+/X7e6DsXV0seK8QO6/wgQP4hqUSLSUCQIunNHA+L IB2DZ95EFj6p7mKVVqGUNsqZZtAR40ad8E60M1SkpPImENeFhkBvCxk64cZo8j2rNryfFZJPYqD0/5 fVi75RuDWLa74deb59h0nK9wYA8qe62eXlCl0SZTz0GPBhPJXbgRwD4e0gHoZA5I4nRYjc+g6SYrl+ cBJNjVlr6nOYr59zb63l3gaBmo7CjoRlYRLlhlOor0UwVo4mDt6HgFO9Ns0hm7Q+z9TfKhBgVvJfgm rUxXWyozpmm26ROVdgGw7jhw1PCulKCVaFADIaMLXfZ156UUZirAS1jaQQQ0rhFNtKOUrtoGZJsmlD SO/O279GWNlF3ovkUXiQFuJ5GbVSkbIwwuCdsVeHSk0PssdSMAWKGEHE637g== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org As already done in GrapheneOS, add the __alloc_size attribute for appropriate vmalloc allocator interfaces, to provide additional hinting for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler optimizations. Co-developed-by: Daniel Micay Signed-off-by: Daniel Micay Cc: Andrew Morton Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- include/linux/vmalloc.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h index 2644425b6dce..1521ba38957d 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -136,20 +136,31 @@ static inline void vmalloc_init(void) static inline unsigned long vmalloc_nr_pages(void) { return 0; } #endif +__alloc_size(1) extern void *vmalloc(unsigned long size); +__alloc_size(1) extern void *vzalloc(unsigned long size); +__alloc_size(1) extern void *vmalloc_user(unsigned long size); +__alloc_size(1) extern void *vmalloc_node(unsigned long size, int node); +__alloc_size(1) extern void *vzalloc_node(unsigned long size, int node); +__alloc_size(1) extern void *vmalloc_32(unsigned long size); +__alloc_size(1) extern void *vmalloc_32_user(unsigned long size); +__alloc_size(1) extern void *__vmalloc(unsigned long size, gfp_t gfp_mask); +__alloc_size(1) extern void *__vmalloc_node_range(unsigned long size, unsigned long align, unsigned long start, unsigned long end, gfp_t gfp_mask, pgprot_t prot, unsigned long vm_flags, int node, const void *caller); +__alloc_size(1) void *__vmalloc_node(unsigned long size, unsigned long align, gfp_t gfp_mask, int node, const void *caller); +__alloc_size(1) void *vmalloc_no_huge(unsigned long size); extern void vfree(const void *addr);