From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=4Cc5=NK=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4E046C432BE
	for <linux-mm@archiver.kernel.org>; Thu, 19 Aug 2021 00:43:04 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id F3C5A610E8
	for <linux-mm@archiver.kernel.org>; Thu, 19 Aug 2021 00:43:03 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F3C5A610E8
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 7011B6B006C; Wed, 18 Aug 2021 20:43:03 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6B15F6B0071; Wed, 18 Aug 2021 20:43:03 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5A0508D0001; Wed, 18 Aug 2021 20:43:03 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0050.hostedemail.com [216.40.44.50])
	by kanga.kvack.org (Postfix) with ESMTP id 3F09F6B006C
	for <linux-mm@kvack.org>; Wed, 18 Aug 2021 20:43:03 -0400 (EDT)
Received: from smtpin39.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id D9383250A6
	for <linux-mm@kvack.org>; Thu, 19 Aug 2021 00:43:02 +0000 (UTC)
X-FDA: 78489980604.39.8279C5A
Received: from mail-qv1-f52.google.com (mail-qv1-f52.google.com [209.85.219.52])
	by imf10.hostedemail.com (Postfix) with ESMTP id 9FAA4600F2F0
	for <linux-mm@kvack.org>; Thu, 19 Aug 2021 00:43:02 +0000 (UTC)
Received: by mail-qv1-f52.google.com with SMTP id eh1so2739654qvb.11
        for <linux-mm@kvack.org>; Wed, 18 Aug 2021 17:43:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=WUckR6/rEyG6hoZXTxRWHk9iw1OsAucy5gKY4D8oDS4=;
        b=E7/rcz0tDlK65NDSB5rWWCsDuv8Ypd/t3pwhENUotpgXAQ+HmUPrGvQtwzE4upsps2
         QmJE3LEfyvhynISBQSsvTOHtqgYB11fKSI+UoYakgy5TWbfpQ2zZl/ypTvT0S6o+8eKW
         OLE+g+IjG7T35XscWxOuI0vUERYsYtx8T2Wd/4EiCQF5ursdwYsxkXhvfAFpYUd7CRQ/
         ydFYxwsQ18it7JWBW/y8tOVoxtHvoo3g2kz/kwOr3TXC9ab3OaOvSIC4ue5Av/LKYAPF
         7x3nosMK3ZIufJ1v+MfC4P1iwGO44hHONNVVQP0ORQFvcPbY/PDbxn9e8s7IwRU62k/9
         UVUg==
X-Gm-Message-State: AOAM530psxBiWjiafy1AbH3/70BFnxw/rSVhV8ipTzCI2DAuV1h5wg52
	UW4ccRbD/Wj0W4DVXGSkJgw=
X-Google-Smtp-Source: ABdhPJw2WHDOBNbPG85sjVtvZQqxQoF7wFWwdSLM/WNkMnAF4dVw1u1fqgrrm+X/5nVgJcE1FJnGbA==
X-Received: by 2002:a05:6214:902:: with SMTP id dj2mr11985796qvb.62.1629333782032;
        Wed, 18 Aug 2021 17:43:02 -0700 (PDT)
Received: from fedora (pool-173-68-57-129.nycmny.fios.verizon.net. [173.68.57.129])
        by smtp.gmail.com with ESMTPSA id d8sm758453qtr.0.2021.08.18.17.43.00
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 Aug 2021 17:43:01 -0700 (PDT)
Date: Wed, 18 Aug 2021 20:42:59 -0400
From: Dennis Zhou <dennis@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Daniel Micay <danielmicay@gmail.com>,
	Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
	Christoph Lameter <cl@linux.com>, linux-mm@kvack.org,
	Joe Perches <joe@perches.com>, Miguel Ojeda <ojeda@kernel.org>,
	Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Andy Whitcroft <apw@canonical.com>,
	Dwaipayan Ray <dwaipayanray1@gmail.com>,
	Lukas Bulwahn <lukas.bulwahn@gmail.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Vlastimil Babka <vbabka@suse.cz>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Michal Marek <michal.lkml@markovi.net>,
	clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: Re: [PATCH v2 6/7] percpu: Add __alloc_size attributes for better
 bounds checking
Message-ID: <YR2pE9V1P0xmBWUo@fedora>
References: <20210818214021.2476230-1-keescook@chromium.org>
 <20210818214021.2476230-7-keescook@chromium.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210818214021.2476230-7-keescook@chromium.org>
Authentication-Results: imf10.hostedemail.com;
	dkim=none;
	dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=kernel.org (policy=none);
	spf=pass (imf10.hostedemail.com: domain of dennisszhou@gmail.com designates 209.85.219.52 as permitted sender) smtp.mailfrom=dennisszhou@gmail.com
X-Stat-Signature: z9z1pux13n1fd49mju8s7qsxm6tpf7wr
X-Rspamd-Queue-Id: 9FAA4600F2F0
X-Rspamd-Server: rspam05
X-HE-Tag: 1629333782-446121
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hello,

On Wed, Aug 18, 2021 at 02:40:20PM -0700, Kees Cook wrote:
> As already done in GrapheneOS, add the __alloc_size attribute for
> appropriate percpu allocator interfaces, to provide additional hinting
> for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other
> compiler optimizations.

Can you elaborate a little bit for me how this works for percpu? In any
case that's not uniprocessor, any modification is done through address
accessors and not on the returned percpu pointer. Is the metadata kept
by gcc/clang able to transpire the percpu pointer accessors?

Thanks,
Dennis

> 
> Co-developed-by: Daniel Micay <danielmicay@gmail.com>
> Signed-off-by: Daniel Micay <danielmicay@gmail.com>
> Cc: Dennis Zhou <dennis@kernel.org>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: Christoph Lameter <cl@linux.com>
> Cc: linux-mm@kvack.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  include/linux/percpu.h | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/include/linux/percpu.h b/include/linux/percpu.h
> index 5e76af742c80..119f41815b32 100644
> --- a/include/linux/percpu.h
> +++ b/include/linux/percpu.h
> @@ -123,6 +123,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size,
>  				pcpu_fc_populate_pte_fn_t populate_pte_fn);
>  #endif
>  
> +__alloc_size(1)
>  extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align);
>  extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr);
>  extern bool is_kernel_percpu_address(unsigned long addr);
> @@ -131,7 +132,9 @@ extern bool is_kernel_percpu_address(unsigned long addr);
>  extern void __init setup_per_cpu_areas(void);
>  #endif
>  
> +__alloc_size(1)
>  extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp);
> +__alloc_size(1)
>  extern void __percpu *__alloc_percpu(size_t size, size_t align);
>  extern void free_percpu(void __percpu *__pdata);
>  extern phys_addr_t per_cpu_ptr_to_phys(void *addr);
> -- 
> 2.30.2
>