From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90B71C04A95 for ; Wed, 28 Sep 2022 16:30:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E2C3D6B0073; Wed, 28 Sep 2022 12:30:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DB3666B0074; Wed, 28 Sep 2022 12:30:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C0CBC6B0078; Wed, 28 Sep 2022 12:30:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id AC2146B0073 for ; Wed, 28 Sep 2022 12:30:05 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 5D2F340272 for ; Wed, 28 Sep 2022 16:30:05 +0000 (UTC) X-FDA: 79962031170.01.1FBD396 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by imf13.hostedemail.com (Postfix) with ESMTP id 68377200F4 for ; Wed, 28 Sep 2022 16:29:19 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id C8FAF21BD0; Wed, 28 Sep 2022 16:29:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1664382557; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EnWbGV237BuzDgTB50BqcLBq1d2zN9a/YOcWsHi9fr4=; b=t0+ihg6khVdLY0KsOqEColQEDlRylpDqT1w3q1DzA50zxqc/Vqwf/Zi+169ascbHLgt2bW FQkeclL4pKkrvckUy0cyXjOjZQxxzwvYNVbzSbw8k0t1HEJSrsQMny3TCh9HQ5Eog+GWZM 66qq9zmMiQtEpL5PRSk7pG7/X1wkGwI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1664382557; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EnWbGV237BuzDgTB50BqcLBq1d2zN9a/YOcWsHi9fr4=; b=EorZdnweBb5NkWdw4eR45K3RqBYZ40BM744J5xENipJYNYfffn6v9+l3CJz/AghB3JfX3n 6rVrw5Fity5E62Dg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 1213713677; Wed, 28 Sep 2022 16:29:17 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id dWVWAF12NGMNKgAAMHmgww (envelope-from ); Wed, 28 Sep 2022 16:29:17 +0000 Message-ID: Date: Wed, 28 Sep 2022 18:27:36 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.0 Subject: Re: [PATCH v2 01/16] slab: Remove __malloc attribute from realloc functions Content-Language: en-US To: Geert Uytterhoeven , Kees Cook Cc: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Marco Elver , linux-mm@kvack.org, "Ruhl, Michael J" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Greg Kroah-Hartman , Nick Desaulniers , Alex Elder , Josef Bacik , David Sterba , Sumit Semwal , =?UTF-8?Q?Christian_K=c3=b6nig?= , Jesse Brandeburg , Daniel Micay , Yonghong Song , Miguel Ojeda , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org, intel-wired-lan@lists.osuosl.org, dev@openvswitch.org, x86@kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org References: <20220923202822.2667581-1-keescook@chromium.org> <20220923202822.2667581-2-keescook@chromium.org> From: Vlastimil Babka In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=t0+ihg6k; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=EorZdnwe; spf=pass (imf13.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.28 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1664382559; a=rsa-sha256; cv=none; b=O4RTD6REqr3Pwarxr0kVvUKJ2138SBrg6D2bGLkQLFOTrnOXz9T2LeCEZpBYAEA9EJELmB CAfTpQ4ysQfUr/QtAcfPLQkEP0gVdCfxNOJ66HKW3hAIcinhz0bRoniiU0nU+HcuElZI3q 46w2v1+rTTc6OBFRJp3sEoN+vcmFjaE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1664382559; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EnWbGV237BuzDgTB50BqcLBq1d2zN9a/YOcWsHi9fr4=; b=Opg76LcmOFAizRI1LwnZqXxwatbOPNdinWm7YQjRk1jU4G/xlNC88FJX7BoXqBTJtKH5S2 lWZhAypIx9NOKgpgredBx3vI/yy2kzJVeAQtaCYsTbdqYMDz1J5FHRNlUvbygrfTDeZv6H GCOY4zjprukybmMB0u58n3FNvQGhMnU= Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=t0+ihg6k; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=EorZdnwe; spf=pass (imf13.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.28 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none X-Rspam-User: X-Stat-Signature: wuweqr8i3e8em1twrshqcmcw64p18snc X-Rspamd-Queue-Id: 68377200F4 X-Rspamd-Server: rspam05 X-HE-Tag: 1664382559-253454 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 9/28/22 09:26, Geert Uytterhoeven wrote: > Hi Kees, > > On Fri, Sep 23, 2022 at 10:35 PM Kees Cook wrote: >> The __malloc attribute should not be applied to "realloc" functions, as >> the returned pointer may alias the storage of the prior pointer. Instead >> of splitting __malloc from __alloc_size, which would be a huge amount of >> churn, just create __realloc_size for the few cases where it is needed. >> >> Additionally removes the conditional test for __alloc_size__, which is >> always defined now. >> >> Cc: Christoph Lameter >> Cc: Pekka Enberg >> Cc: David Rientjes >> Cc: Joonsoo Kim >> Cc: Andrew Morton >> Cc: Vlastimil Babka >> Cc: Roman Gushchin >> Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> >> Cc: Marco Elver >> Cc: linux-mm@kvack.org >> Signed-off-by: Kees Cook > > Thanks for your patch, which is now commit 63caa04ec60583b1 ("slab: > Remove __malloc attribute from realloc functions") in next-20220927. > > Noreply@ellerman.id.au reported all gcc8-based builds to fail > (e.g. [1], more at [2]): > > In file included from : > ./include/linux/percpu.h: In function ‘__alloc_reserved_percpu’: > ././include/linux/compiler_types.h:279:30: error: expected > declaration specifiers before ‘__alloc_size__’ > #define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc > ^~~~~~~~~~~~~~ > ./include/linux/percpu.h:120:74: note: in expansion of macro ‘__alloc_size’ > [...] > > It's building fine with e.g. gcc-9 (which is my usual m68k cross-compiler). > Reverting this commit on next-20220927 fixes the issue. So IIUC it was wrong to remove the #ifdefs? > [1] http://kisskb.ellerman.id.au/kisskb/buildresult/14803908/ > [2] http://kisskb.ellerman.id.au/kisskb/head/1bd8b75fe6adeaa89d02968bdd811ffe708cf839/ > > > >> --- >> include/linux/compiler_types.h | 13 +++++-------- >> include/linux/slab.h | 12 ++++++------ >> mm/slab_common.c | 4 ++-- >> 3 files changed, 13 insertions(+), 16 deletions(-) >> >> diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h >> index 4f2a819fd60a..f141a6f6b9f6 100644 >> --- a/include/linux/compiler_types.h >> +++ b/include/linux/compiler_types.h >> @@ -271,15 +271,12 @@ struct ftrace_likely_data { >> >> /* >> * Any place that could be marked with the "alloc_size" attribute is also >> - * a place to be marked with the "malloc" attribute. Do this as part of the >> - * __alloc_size macro to avoid redundant attributes and to avoid missing a >> - * __malloc marking. >> + * a place to be marked with the "malloc" attribute, except those that may >> + * be performing a _reallocation_, as that may alias the existing pointer. >> + * For these, use __realloc_size(). >> */ >> -#ifdef __alloc_size__ >> -# define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc >> -#else >> -# define __alloc_size(x, ...) __malloc >> -#endif >> +#define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc >> +#define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) >> >> #ifndef asm_volatile_goto >> #define asm_volatile_goto(x...) asm goto(x) >> diff --git a/include/linux/slab.h b/include/linux/slab.h >> index 0fefdf528e0d..41bd036e7551 100644 >> --- a/include/linux/slab.h >> +++ b/include/linux/slab.h >> @@ -184,7 +184,7 @@ int kmem_cache_shrink(struct kmem_cache *s); >> /* >> * Common kmalloc functions provided by all allocators >> */ >> -void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __alloc_size(2); >> +void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __realloc_size(2); >> void kfree(const void *objp); >> void kfree_sensitive(const void *objp); >> size_t __ksize(const void *objp); >> @@ -647,10 +647,10 @@ static inline __alloc_size(1, 2) void *kmalloc_array(size_t n, size_t size, gfp_ >> * @new_size: new size of a single member of the array >> * @flags: the type of memory to allocate (see kmalloc) >> */ >> -static inline __alloc_size(2, 3) void * __must_check krealloc_array(void *p, >> - size_t new_n, >> - size_t new_size, >> - gfp_t flags) >> +static inline __realloc_size(2, 3) void * __must_check krealloc_array(void *p, >> + size_t new_n, >> + size_t new_size, >> + gfp_t flags) >> { >> size_t bytes; >> >> @@ -774,7 +774,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla >> } >> >> extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) >> - __alloc_size(3); >> + __realloc_size(3); >> extern void kvfree(const void *addr); >> extern void kvfree_sensitive(const void *addr, size_t len); >> >> diff --git a/mm/slab_common.c b/mm/slab_common.c >> index 17996649cfe3..457671ace7eb 100644 >> --- a/mm/slab_common.c >> +++ b/mm/slab_common.c >> @@ -1134,8 +1134,8 @@ module_init(slab_proc_init); >> >> #endif /* CONFIG_SLAB || CONFIG_SLUB_DEBUG */ >> >> -static __always_inline void *__do_krealloc(const void *p, size_t new_size, >> - gfp_t flags) >> +static __always_inline __realloc_size(2) void * >> +__do_krealloc(const void *p, size_t new_size, gfp_t flags) >> { >> void *ret; >> size_t ks; >> -- >> 2.34.1 >> > > > -- > Gr{oetje,eeting}s, > > Geert > > -- > Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org > > In personal conversations with technical people, I call myself a hacker. But > when I'm talking to journalists I just say "programmer" or something like that. > -- Linus Torvalds