From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=MEXA=OV=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EA524C433F5
	for <linux-mm@archiver.kernel.org>; Fri,  1 Oct 2021 14:15:57 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 829DA61A57
	for <linux-mm@archiver.kernel.org>; Fri,  1 Oct 2021 14:15:57 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 829DA61A57
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 1B5D9940110; Fri,  1 Oct 2021 10:15:57 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 13DE79400E4; Fri,  1 Oct 2021 10:15:57 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id EF9E1940110; Fri,  1 Oct 2021 10:15:56 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0103.hostedemail.com [216.40.44.103])
	by kanga.kvack.org (Postfix) with ESMTP id DF3B09400E4
	for <linux-mm@kvack.org>; Fri,  1 Oct 2021 10:15:56 -0400 (EDT)
Received: from smtpin31.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 97E103C659
	for <linux-mm@kvack.org>; Fri,  1 Oct 2021 14:15:56 +0000 (UTC)
X-FDA: 78648067512.31.C7C0409
Received: from mail-qv1-f42.google.com (mail-qv1-f42.google.com [209.85.219.42])
	by imf09.hostedemail.com (Postfix) with ESMTP id 5EC3F3000139
	for <linux-mm@kvack.org>; Fri,  1 Oct 2021 14:15:56 +0000 (UTC)
Received: by mail-qv1-f42.google.com with SMTP id k3so1000013qve.10
        for <linux-mm@kvack.org>; Fri, 01 Oct 2021 07:15:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=QVjZB2U1LiPX5N7VS+BV6iC3aFCiEGYAbe9Pf/bwPeM=;
        b=7R+0d1ls5J5IVSAzlXwQuoYs0PSdHv0+h7kswrxubZSCsYF2+s5gGit0PQk0qCSr3H
         S7rZjWMdfWhD7HDkxMpWOA5+Oz8FsFbqbyosNbIMqHpzboGlYExnZbYGwmpqHSW3BuiD
         ZBsW1HJ07E3eOcyTEw0BUcXDL/0ou0k3qXM9ABXJQAEQ/A6Whh3k/qRimu/3bRMEIl4o
         TCvZgFRvl+tWfTvpI0j01ja4W5E921lYOnvmjTYhQ+iT8EFdsWv6zlHF109/IZ8gw0Mv
         eiI+IhOsj2gWmdnRH1oTj/IrO1Dg9T7qFy/8yA6h9NsejCEvQEy9T8Rj1Em/fdJ6LSe8
         9YLw==
X-Gm-Message-State: AOAM533fP0pIdsbyZxafhdFfg5542wMOIiFz3P2UHShWO0QSse5rsTqS
	cuZIw5hR2a9uNdsklOnab8U=
X-Google-Smtp-Source: ABdhPJyIkUYORyiz2OEQ8u3gomA3D95woMcD+5WRTPssKn45MNYSYCELeiB1FGLm40MPn35a8Jk15Q==
X-Received: by 2002:ad4:5bad:: with SMTP id 13mr9283552qvq.52.1633097755709;
        Fri, 01 Oct 2021 07:15:55 -0700 (PDT)
Received: from fedora (pool-173-68-57-129.nycmny.fios.verizon.net. [173.68.57.129])
        by smtp.gmail.com with ESMTPSA id y27sm126180qkj.64.2021.10.01.07.15.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 01 Oct 2021 07:15:55 -0700 (PDT)
Date: Fri, 1 Oct 2021 10:15:52 -0400
From: Dennis Zhou <dennis@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
	Christoph Lameter <cl@linux.com>,
	Andy Whitcroft <apw@canonical.com>,
	David Rientjes <rientjes@google.com>,
	Dwaipayan Ray <dwaipayanray1@gmail.com>,
	Joe Perches <joe@perches.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Lukas Bulwahn <lukas.bulwahn@gmail.com>,
	Miguel Ojeda <ojeda@kernel.org>,
	Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Pekka Enberg <penberg@kernel.org>, Vlastimil Babka <vbabka@suse.cz>,
	Daniel Micay <danielmicay@gmail.com>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Michal Marek <michal.lkml@markovi.net>,
	clang-built-linux@googlegroups.com, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3 8/8] percpu: Add __alloc_size attributes for better
 bounds checking
Message-ID: <YVcYGOIT8eUUiPcc@fedora>
References: <20210930222704.2631604-1-keescook@chromium.org>
 <20210930222704.2631604-9-keescook@chromium.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210930222704.2631604-9-keescook@chromium.org>
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: 5EC3F3000139
X-Stat-Signature: zteujywd76jrhmjgm7pr69qgs919a9cf
Authentication-Results: imf09.hostedemail.com;
	dkim=none;
	dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=kernel.org (policy=none);
	spf=pass (imf09.hostedemail.com: domain of dennisszhou@gmail.com designates 209.85.219.42 as permitted sender) smtp.mailfrom=dennisszhou@gmail.com
X-HE-Tag: 1633097756-856074
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hello,

On Thu, Sep 30, 2021 at 03:27:04PM -0700, Kees Cook wrote:
> As already done in GrapheneOS, add the __alloc_size attribute for
> appropriate percpu allocator interfaces, to provide additional hinting for
> better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other compiler
> optimizations.
> 
> Note that due to the implementation of the percpu API, this is unlikely
> to ever actually provide compile-time checking beyond very simple non-SMP
> builds. But, since they are technically allocators, mark them as such.
> 
> Cc: Dennis Zhou <dennis@kernel.org>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: Christoph Lameter <cl@linux.com>
> Cc: Andy Whitcroft <apw@canonical.com>
> Cc: David Rientjes <rientjes@google.com>
> Cc: Dwaipayan Ray <dwaipayanray1@gmail.com>
> Cc: Joe Perches <joe@perches.com>
> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
> Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
> Cc: Miguel Ojeda <ojeda@kernel.org>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Pekka Enberg <penberg@kernel.org>
> Cc: Vlastimil Babka <vbabka@suse.cz>
> Co-developed-by: Daniel Micay <danielmicay@gmail.com>
> Signed-off-by: Daniel Micay <danielmicay@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>

Thanks for updating the commit log.

Acked-by: Dennis Zhou <dennis@kernel.org>

Thanks,
Dennis

> ---
>  include/linux/percpu.h | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/include/linux/percpu.h b/include/linux/percpu.h
> index 5e76af742c80..98a9371133f8 100644
> --- a/include/linux/percpu.h
> +++ b/include/linux/percpu.h
> @@ -123,7 +123,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size,
>  				pcpu_fc_populate_pte_fn_t populate_pte_fn);
>  #endif
>  
> -extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align);
> +extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align) __alloc_size(1);
>  extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr);
>  extern bool is_kernel_percpu_address(unsigned long addr);
>  
> @@ -131,8 +131,8 @@ extern bool is_kernel_percpu_address(unsigned long addr);
>  extern void __init setup_per_cpu_areas(void);
>  #endif
>  
> -extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp);
> -extern void __percpu *__alloc_percpu(size_t size, size_t align);
> +extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp) __alloc_size(1);
> +extern void __percpu *__alloc_percpu(size_t size, size_t align) __alloc_size(1);
>  extern void free_percpu(void __percpu *__pdata);
>  extern phys_addr_t per_cpu_ptr_to_phys(void *addr);
>  
> -- 
> 2.30.2
>