Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp155714pxb; Tue, 17 Aug 2021 22:13:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyjyR673uNiOcjjR+cFi12fzDfynQC5jXV+jECw/AytqAzG4/8sZ3wBuk3uMG5FOMn9ljC3 X-Received: by 2002:a17:906:f910:: with SMTP id lc16mr7802767ejb.478.1629263602587; Tue, 17 Aug 2021 22:13:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629263602; cv=none; d=google.com; s=arc-20160816; b=bbOui7L2x3Jp8wx28FouJ0Hxb1dJCv+x+fiWK6KXZpVjqziwO4mqJ84vjCiFg9dbQg uRkOTYwOeXQNx7FVk2fRdLKXk0J5yh7V+kldQwZQSD3OMnEqwsYrIOHTcOaExvvF940U IDcNvw79v2NvUkVFYYdXGiZlGAFqAF1ZFRciklUz0q7kli4hywxxVzkv7xsInNt2tcO/ U3rbNMH/Jk9Jq8C1/+QZfxJUvr65GfqXQuqVFs/oLMTdi+zD8oWJ43P5Q/THmjVeLa2l zbwPJfDXqSsxajpbPz1fLA2VPIzJ1FgouzrdhYYZ2uaIfQzajxNhtz1wvooXkU16RNwV sxXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=ibfYg9pbryt9B5bM+TpRAt9ju/X9d6W3Gs+jxd+YtkU=; b=qunq3lcydTWoz1qjb/6Sp9cGAEh7Lu4AbdJg8BuMA9iYHsDTuP329GLrEGgIapqGnd 4SXpxN7+w0750P1+NB9ke120kzXyBQ7uVVADYV1umtM1W1xW0+tt0AC1vk3RFgZbGPgC sM+S5J6x2V2+DFnjLOFlaBJA7xolp955xqsWbKuNPJqQPBloh8VDBJ4xX4B7d3hf8xkF OfiAqYOJsgSFy9/RBeniemJl0dubJ0vVKONm3zA1vdLZFMFWRIsfTIdbHH6X4OoPXIc3 PJ8yyuRKzSfdfULHyGoxywrX/XLjAfCkexH/zbOBl9A5vC2g47iRbpNtmmzsi2CX7VXL +eQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=g4c93iNe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gc22si4740460ejc.97.2021.08.17.22.12.48; Tue, 17 Aug 2021 22:13:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=g4c93iNe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237435AbhHRFJZ (ORCPT + 99 others); Wed, 18 Aug 2021 01:09:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236518AbhHRFJT (ORCPT ); Wed, 18 Aug 2021 01:09:19 -0400 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14AEAC06179A for ; Tue, 17 Aug 2021 22:08:45 -0700 (PDT) Received: by mail-pj1-x1034.google.com with SMTP id gz13-20020a17090b0ecdb0290178c0e0ce8bso4516960pjb.1 for ; Tue, 17 Aug 2021 22:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ibfYg9pbryt9B5bM+TpRAt9ju/X9d6W3Gs+jxd+YtkU=; b=g4c93iNehB9VMgT8ohcQ2DTJpLbRTcPBX11gQZpAeoIJv0399CHnkPyELherSb4clp 1K/KxP5FszZ81iDLg0QVY2WZlelG+LztfsxtZ2Rkb/8pSReiRloywS6qUGybT55xP3oo Y/pu24ZALeRP4SMmrarBPMhnrqDCkEa+A5N3E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ibfYg9pbryt9B5bM+TpRAt9ju/X9d6W3Gs+jxd+YtkU=; b=cZsOfewGNaH1ISBEOgwFZ3KpJUU2Rg5GKD/+YBu5kt8ejYPTlXLc03MO54uJ3Tge88 5FG39Z5lXNmoBmp3ErcJ0NfS/9TdQC9yyhg61JVW13TmB9GqQgEKMmNf/zh+92hMg2KI PiJmfdZHVlkCA1lcgpnE/3cxMyb199oEQmfXAmX2VGG0Eq4e6MLN7xUZQfjm3FWxyWhP 3+cv+iZ1/j2clvo+KIiBpcPrdWB2JR8DM+yW5HjCI4a6OAoyYs8gYZvceBHP5KiVnUmm xwErz0thGiZhKVoKM/DmnVvGe2mNLhAny2vYsKFz6Bu4pdRjvtENBEdrJqBEOA43uW1L 6zTA== X-Gm-Message-State: AOAM532qS+3KfAl3c4PiXW8xeAKJpAnX5Usq5exLRUKHgH2ajYt2c3Dd tiZ92PoaQGhwPoye0MNx0wYEuQ== X-Received: by 2002:a17:90b:360a:: with SMTP id ml10mr7312861pjb.134.1629263324660; Tue, 17 Aug 2021 22:08:44 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id q21sm3578775pjg.55.2021.08.17.22.08.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Aug 2021 22:08:43 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Andrew Morton , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Daniel Micay , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Dennis Zhou , Tejun Heo , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-mm@kvack.org, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 0/5] Add __alloc_size() for better bounds checking Date: Tue, 17 Aug 2021 22:08:36 -0700 Message-Id: <20210818050841.2226600-1-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1503; h=from:subject; bh=M1Tok+LfKYfKMg3IsfepbLLdtBAUXEFJ6hNboUgrVcQ=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHJXX4iubi2i9iuFz+LsiKuwROx1EI+5yY5ZbGOgo sK/JE9+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYRyV1wAKCRCJcvTf3G3AJpXhD/ 4z085X3Ll8rZJC6uVrygExuVDtlwKRRcu1+fsHdRvTBsNePyBe6eM7MdWyzSU6pRDGSwoPBBggFZ0F jYxajPqmHe9N5J8ZRMoRF/c+TcctzqSJjvaMxRrULJzBvM00RDUmapmE7i7gGeB8nsgMopdiuNpIFk eSzlfd5/V66zAWa2+vZ2gDFgHjWQIMrU4U7QeajbQOfbxYmzeN7nT5T7UTAtszzl4Dz29khVmFSxQK 8O8+mgv+S3HnLHpsm/X9189a9gx9FrY5CmmojA1NLFshWiMFwt0HqBWax2L0RA+QCj5YBTy5blQUve +qaLIvFS/G43o2Hr2KaK2BeROLFr9c/ridogvWg/BGM7Ohlervc/vSS9vGnrd1EAyNZ8VovR76HmA0 YceN0FYjjjrn0C2IaX1315H6wz71VTBRZMfQ3UUrzGFDzPLpqRd1jXKw0sXKQxAOJAqNIhOrdYse2U Z1DmuGpFHPFq7IWT12lvVMbY6on1GJy72xVVct1ZgUQpLTolS2BmWvpDFgTATpXlRSiiylxlEGY8dT AJEBIUkvRLFhe/ThymPuUkqCLfnMVsiTlbo3grvPI74w2D0zbBpsQXXry5IOI/9wBDD98Dczq0qdDd pwOrFTKxLBfnL6zBGq7mCyUtLzJzOTgVR+wyP4t3kuzVj/KqpTV0/LACImUQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, GCC and Clang both use the "alloc_size" attribute to assist with bounds checking around the use of allocation functions. Add the attribute, adjust the Makefile to silence needless warnings, and add the hints to the allocators where possible. These changes have been in use for a while now in GrapheneOS. To build without warnings, this series needs a couple small fixes for allmodconfig, which I sent separately: https://lore.kernel.org/lkml/20210818044540.1601664-1-keescook@chromium.org/ https://lore.kernel.org/lkml/20210818044252.1533634-1-keescook@chromium.org/ https://lore.kernel.org/lkml/20210818043912.1466447-1-keescook@chromium.org/ I figure I can take this via my "overflow" series, or it could go via -mm? -Kees Kees Cook (5): Compiler Attributes: Add __alloc_size() for better bounds checking slab: Add __alloc_size attributes for better bounds checking mm/page_alloc: Add __alloc_size attributes for better bounds checking percpu: Add __alloc_size attributes for better bounds checking mm/vmalloc: Add __alloc_size attributes for better bounds checking Makefile | 6 +++- include/linux/compiler_attributes.h | 6 ++++ include/linux/gfp.h | 4 +-- include/linux/percpu.h | 6 ++-- include/linux/slab.h | 50 ++++++++++++++++++----------- include/linux/vmalloc.h | 22 ++++++------- 6 files changed, 58 insertions(+), 36 deletions(-) -- 2.30.2