From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4357CC433EF for ; Fri, 10 Sep 2021 20:58:32 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BEEF361208 for ; Fri, 10 Sep 2021 20:58:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BEEF361208 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 3E2D96B0071; Fri, 10 Sep 2021 16:58:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 390B0900002; Fri, 10 Sep 2021 16:58:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 231AA6B0073; Fri, 10 Sep 2021 16:58:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0133.hostedemail.com [216.40.44.133]) by kanga.kvack.org (Postfix) with ESMTP id 1151D6B0071 for ; Fri, 10 Sep 2021 16:58:31 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 9BCBA1801DC37 for ; Fri, 10 Sep 2021 20:58:30 +0000 (UTC) X-FDA: 78572877180.18.05FC0C3 Received: from mail-lj1-f174.google.com (mail-lj1-f174.google.com [209.85.208.174]) by imf14.hostedemail.com (Postfix) with ESMTP id 626956001988 for ; Fri, 10 Sep 2021 20:58:30 +0000 (UTC) Received: by mail-lj1-f174.google.com with SMTP id p15so5248745ljn.3 for ; Fri, 10 Sep 2021 13:58:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vEUZXH3M/SQ453EGXpEqw5L2mLWMbvjphyJujJracnk=; b=f3BL7STQnjG9rAr9jDFy/qUWbxqwdUs653gNETSUuawD76fDUoo0tWc3BjhGd0KXVX irjY30Du1gKpZZLYOqVdDg3Y2CXthr09xjcFtuoxdxYOw4hJk9eNRJNgLy6XFoiMl+q0 YdHLww9V5SwvkufQg2uQneHLlpsHArIe76DvTOa/EDW/GVbAbPqO8h9Lk8H99vPet5Ez VA6G1URWCf/yvykqMSWDUVjgQ159LXYNeOAJNNsaXVAUPVq1m3vPlGF4le8v63deik0u JnzR2zdv0q4v0PAsDK2arBVRb0t2LWeBIgClDVe20VMkHMCd2Eh+u7mePaky0XVsMwNp MVfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vEUZXH3M/SQ453EGXpEqw5L2mLWMbvjphyJujJracnk=; b=tj6o5WU7/Sks96+P3CNZCB9vB85nV1vKjLwFNOyjOSq+J89ETpT38K/WHPFUjBvqTt EnZ+33iYSTpnp6Dowqtq1Hz1HXi2R9S3Sj9eUX7MormIA7HMRJU0GnJIMykjK1xVKLY0 loyAj/59MBNwsNgqVIYzarGOyp2bGEm1CXxXDQ9CbFnW7RhZiDh7oRugyLg6V3wQGXvc +r0WQGv+r3ltt+k/8fbGEkABBvht7uJTVRumdY6T4T2TAM8l3tGMEiIkxwlr+G3ZCIP5 8sNXdFCNWGgIGY+e70+BTvO9UnEjMPJZIZPUaMuWeUbQBklvhHrWxL7nvazFT520Fjhj ubbg== X-Gm-Message-State: AOAM530Ts5AWVPAVbLrZd8GLGMFNnMX1/hPhRvPtBepK+v8iHcFXuxmw 3yAWapZfsR5b1n9pANS6+uZNmxwM2uh+W2e2I2F5sQ== X-Google-Smtp-Source: ABdhPJx9LKRcnNWARf8srsNV0YQazwhGjMmfLbOM1+xPBJ09Uzg+2COXESpOmlYLZZ0A4WQWO6Lwti5ETb5yx2djX6M= X-Received: by 2002:a05:651c:54d:: with SMTP id q13mr5783351ljp.526.1631307508459; Fri, 10 Sep 2021 13:58:28 -0700 (PDT) MIME-Version: 1.0 References: <20210909200948.090d4e213ca34b5ad1325a7e@linux-foundation.org> <20210910031046.G76dQvPhV%akpm@linux-foundation.org> <202109101341.1BA94A0F5@keescook> In-Reply-To: <202109101341.1BA94A0F5@keescook> From: Nick Desaulniers Date: Fri, 10 Sep 2021 13:58:17 -0700 Message-ID: Subject: Re: [patch 9/9] mm/vmalloc: add __alloc_size attributes for better bounds checking To: Kees Cook Cc: Linus Torvalds , Andrew Morton , apw@canonical.com, Christoph Lameter , Daniel Micay , Dennis Zhou , dwaipayanray1@gmail.com, Joonsoo Kim , Joe Perches , Linux-MM , Lukas Bulwahn , mm-commits@vger.kernel.org, Nathan Chancellor , Miguel Ojeda , Pekka Enberg , David Rientjes , Tejun Heo , Vlastimil Babka Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: i4gqa78n67ru49wikpgmpuycmmnoubxt Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=f3BL7STQ; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf14.hostedemail.com: domain of ndesaulniers@google.com designates 209.85.208.174 as permitted sender) smtp.mailfrom=ndesaulniers@google.com X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 626956001988 X-HE-Tag: 1631307510-885558 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Sep 10, 2021 at 1:47 PM Kees Cook wrote: > > On Fri, Sep 10, 2021 at 01:16:00PM -0700, Linus Torvalds wrote: > > So to a close approximation > > > > - "storage class" goes first, so "static inline" etc. > > > > - return type next (including attributes directly related to the > > returned value - like "__must_check") > > > > - then function name and argument declaration > > > > - and finally the "function argument type attributes" at the end. > > I'm going to eventually forget this thread, so I want to get it into > our coding style so I can find it again more easily. :) How does this > look? > > diff --git a/Documentation/process/coding-style.rst b/Documentation/process/coding-style.rst > index 42969ab37b34..3c72f0232f02 100644 > --- a/Documentation/process/coding-style.rst > +++ b/Documentation/process/coding-style.rst > @@ -487,6 +487,29 @@ because it is a simple way to add valuable information for the reader. > Do not use the ``extern`` keyword with function prototypes as this makes > lines longer and isn't strictly necessary. > > +.. code-block:: c > + > + static __always_inline __must_check void *action(enum magic value, > + size_t size, u8 count, > + char *buffer) > + __alloc_size(2, 3) > + { > + ... > + } > + > +When writing a function prototype, keep the order of elements regular. The > +desired order is "storage class", "return type attributes", "return > +type", name, arguments (as described earlier), followed by "function > +argument attributes". In the ``action`` function example above, ``static > +__always_inline`` is the "storage class" (even though ``__always_inline`` > +is an attribute, it is treated like ``inline``). ``__must_check`` is eh...mentioning inline as though it was a storage class doesn't seem precise, but I think this is a good start. Thanks Kees. Acked-by: Nick Desaulniers Worst case, consider "inlining related attributes like __always_inline and noinline should follow the storage class (static, extern). > +a "return type attribute" (describing ``void *``). ``void *`` is the > +"return type". ``action`` is the function name, followed by the function > +arguments. Finally ``__alloc_size(2,3)`` is an "function argument attribute", > +describing things about the function arguments. Some attributes, like > +``__malloc``, describe the behavior of the function more than they > +describe the function return type, and are more appropriately included > +in the "function argument attributes". > > 7) Centralized exiting of functions > ----------------------------------- > > -- > Kees Cook -- Thanks, ~Nick Desaulniers