From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64128C43217 for ; Thu, 1 Dec 2022 17:15:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C9ADB6B0071; Thu, 1 Dec 2022 12:15:38 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C4B396B0072; Thu, 1 Dec 2022 12:15:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AEBDA6B0073; Thu, 1 Dec 2022 12:15:38 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 9E8F86B0071 for ; Thu, 1 Dec 2022 12:15:38 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 780F51C68B3 for ; Thu, 1 Dec 2022 17:15:38 +0000 (UTC) X-FDA: 80194389156.20.ADD61DC Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by imf20.hostedemail.com (Postfix) with ESMTP id E1DFE1C0019 for ; Thu, 1 Dec 2022 17:15:36 +0000 (UTC) Received: by mail-pj1-f53.google.com with SMTP id cm20so2458245pjb.1 for ; Thu, 01 Dec 2022 09:15:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=YIINIHGhGskcMDqmUFFXNmVZPREPkJD5rw4zIRk+6sQ=; b=lX7ncvUzSC9rS2ZdVzvSVXdSjYS0XfkOJUpUDqM9m1MziQwQ+9qm+151brYvHnWkOo FgANLgqlGG/z5WgU/eqZH7t6i4HEXTREHuZ76s9iSD6WuDoDYQ9MIb/9FB99Uo1dHdPm I1pD+By6iGuvWEmYvkWzU2tygVfKpSYoBbn4s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=YIINIHGhGskcMDqmUFFXNmVZPREPkJD5rw4zIRk+6sQ=; b=mpkxrI/6GijkeodmJmukyOjS7r1LaIAOMyF8bJnYSz6oIrEYradYqRqMTa09USqXCE vjvUQsBczYhwNXU8f0/7dbjt8V5AAPKVbia5PXihoEFgEoAA9hpKnJmQFSxGgUH1he2Q v8DaCMMOn9XdBasbmGq9f8ZbuePvaAfMIxEhg8Pq/mEe4er5vlv4tPpn13cTs91Kh8EZ SuZ7VFIv/Zz96X1itmtgdbDSQSyh96Bt1raTauVzr7s0p7YXJYnHksGhAu4G/5vX7igi yqASJ4t3W2jCazXYGC0GX4NwsQKQQE0zmJDhO3ZjP/nDP+w6W8sR7hslgTzukrRSSoWe NjNw== X-Gm-Message-State: ANoB5pnRJ303CmgY/ZdVwnf9U3j6gf9wv9Qlm6ZDTnmbSCFCf8U0HUkN BKcE/6b2vEijzsgmYIOlsoextg== X-Google-Smtp-Source: AA0mqf7hLOuoteAV7+avN4qvvGgVHF7ekfjG+aG+RXbz2yEIxrPB3hTqariDmAhhNwmKDWq0XzzGcg== X-Received: by 2002:a17:90b:3e8b:b0:1fb:825c:af8a with SMTP id rj11-20020a17090b3e8b00b001fb825caf8amr31770278pjb.104.1669914935787; Thu, 01 Dec 2022 09:15:35 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s20-20020a170902a51400b001894dc5fdf2sm3850559plq.296.2022.12.01.09.15.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 09:15:34 -0800 (PST) Date: Thu, 1 Dec 2022 09:15:34 -0800 From: Kees Cook To: Arnd Bergmann Cc: "Conor.Dooley" , Vlastimil Babka , David Gow , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Rasmus Villemoes , Guenter Roeck , Andy Shevchenko , Paolo Abeni , Geert Uytterhoeven , Nathan Chancellor , Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH 0/6] slab: Provide full coverage for __alloc_size attribute Message-ID: <202212010915.ADB7D298@keescook> References: <20221101222520.never.109-kees@kernel.org> <63ced4a4-33b9-4c03-8d7a-987ceb1fc2c7@app.fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <63ced4a4-33b9-4c03-8d7a-987ceb1fc2c7@app.fastmail.com> ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1669914937; a=rsa-sha256; cv=none; b=GlPMwMAmtNd21FlZAjGkANXolH3lGxFJ6gtmU5Pfl0/UVDAebE2GlXJd8Fq4vCIZ2hAar5 42GSljMou8CmYActTuIlZb6EgGv2NwD4Y3uisb6vT6HasIVyGpQLkXIQEJLZwL96JlWuDU 1KtZhFfaIV4r3OfW6U4gVE513y9LbF4= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=lX7ncvUz; spf=pass (imf20.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.53 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1669914937; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YIINIHGhGskcMDqmUFFXNmVZPREPkJD5rw4zIRk+6sQ=; b=c1zqXh/+UeC7xK383p9K0xoxAK0A2i77Wj/P72irAQNQW4gsHrv0vp3QdTUzdM+wJ/sfWJ 0HU43YOmI7bUqJyohF1a5p6c+bw0filFx6Y1H+mQKyjrhLMMcbFIQKLp6ejd4ekwwMvDa7 GIFK8A0VdrZOrUUIV3c4P9XGCfodhUo= X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: E1DFE1C0019 X-Rspam-User: Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=lX7ncvUz; spf=pass (imf20.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.53 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org X-Stat-Signature: uyfegynwax5k4d3e87pha4rx5b9kaxi9 X-HE-Tag: 1669914936-571095 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Nov 29, 2022 at 01:33:03PM +0100, Arnd Bergmann wrote: > On Tue, Nov 29, 2022, at 13:24, Conor Dooley wrote: > > On Tue, Nov 01, 2022 at 03:33:08PM -0700, Kees Cook wrote: > >> Hi, > >> > >> This is a series to work around a deficiency in GCC (>=11) and Clang > >> (<16) where the __alloc_size attribute does not apply to inlines. :( > >> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 > >> > >> This manifests as reduced overflow detection coverage for many allocation > >> sites under CONFIG_FORTIFY_SOURCE=y, where the allocation size was > >> not actually being propagated to __builtin_dynamic_object_size(). In > >> addition to working around the issue, expand use of __alloc_size (and > >> __realloc_size) to more places and provide KUnit tests to validate all > >> the covered allocator APIs. > > > > Hello Kees! > > > > It would appear that one of the macros you've added here is doing Bad > > Things^TM to allmodconfig on RISC-V since the 22nd: > > > > ../lib/fortify_kunit.c: In function 'alloc_size_kmalloc_const_test': > > ../lib/fortify_kunit.c:140:1: error: the frame size of 2384 bytes is > > larger than 2048 bytes [-Werror=frame-larger-than=] > > 140 | } > > \ > > | ^ > > ../lib/fortify_kunit.c:209:1: note: in expansion of macro > > 'DEFINE_ALLOC_SIZE_TEST_PAIR' > > 209 | DEFINE_ALLOC_SIZE_TEST_PAIR(kmalloc) > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ > > cc1: all warnings being treated as errors > > > > CONFIG_GCC_VERSION=110100 > > CONFIG_AS_VERSION=23700 > > CONFIG_LD_VERSION=23700 > > > > The report came out of my CI (which I should have passed on sooner) so > > I do not have anything other than stderr - I can get you anything else > > you'd like/need though if you LMK. > > There is generally a conflict between kunit and the structleak > gcc plugin, I think the Makefile needs a line like > > CFLAGS_fortify_kunit.o += $(DISABLE_STRUCTLEAK_PLUGIN) Thanks for the report! I've taken Anders's patch for this now. -- Kees Cook