Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp15704pxb;
        Wed, 18 Aug 2021 14:41:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzi/gh174En7zYjV7+0fnvyqCpqgyA1/Veyo9NzvrhCmcl4snKovD+UFf1pZkqKKAEPQpBK
X-Received: by 2002:a05:6602:26cb:: with SMTP id g11mr8686390ioo.110.1629322892479;
        Wed, 18 Aug 2021 14:41:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1629322892; cv=none;
        d=google.com; s=arc-20160816;
        b=gletWQmB8+j0j9q615CvbkkTUnUHfsAq3IVa05TYRtlusZDkYEQael7kpfOl7w9sTZ
         Uu0g1/RHy7fSVyH1JiLYUEsud3yyjulRcj2C9zEHVbQZaghAtbbOUMLLKOAM/CawjWil
         Ki25iTz/n2EiGxQYWJf+qsKk1QhhaAuFtzHgzWZdTWC+gJvdHJKXjo/tuUDOFC3TienK
         ikSdg9fDOei5ZsLr11zzuvW4Qc+HKpQe7uFm0AQdPtKyWxH8yF9uD7VC9UG2E1wx9foU
         vKnZAXrYiRxmrJgRwyio5GFFQ83TIKwAq0m4TgFz3qJjqGJ7SnZvzY6GxIu9/TWqmdi9
         GL5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=akAmUlIHVyMCnIAEIuPla2RgaGumEDghjwfRk7fePO8=;
        b=JUFeYlolv/QzcZbC8j25Tm0/oNIm9Ol0MlGf67jDIF+m4FnySsL5L+md9e9Vr329tR
         7/T3w7p7asPRX5S/sJ25vtDA7+KCGoqKeHR8QLFZS61Iv/nnZkRlu07pwWiO06p7KDUU
         JJvGfAwETwSOs1fCjAOhKqVtjzHG7ZX/Bz8hf9PicSAqCOwAH5/Y2noKZdnZbh/dSm3F
         S8pf9ofz3MoZ5F5uEMsWuDaNlhbylavUO7eVCBm4DZ5iONm/62Zyj1RdkelGMyoaPN1j
         09wKNH0ocIGQf1ALs9sdAr1xbfzP5apI/0S5iIgcqtFKbXza/NVqsNvdU4l1J5vmrJbx
         CFjQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=a8rtLFTu;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c4si902689iok.10.2021.08.18.14.41.21;
        Wed, 18 Aug 2021 14:41:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=a8rtLFTu;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234140AbhHRVlP (ORCPT <rfc822;liujianlinux@gmail.com>
        + 99 others); Wed, 18 Aug 2021 17:41:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37930 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234014AbhHRVlN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 18 Aug 2021 17:41:13 -0400
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55C6AC061796
        for <linux-kernel@vger.kernel.org>; Wed, 18 Aug 2021 14:40:38 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id gz13-20020a17090b0ecdb0290178c0e0ce8bso5975537pjb.1
        for <linux-kernel@vger.kernel.org>; Wed, 18 Aug 2021 14:40:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=akAmUlIHVyMCnIAEIuPla2RgaGumEDghjwfRk7fePO8=;
        b=a8rtLFTutCVX8kAVFQBoCFVIFF3XhbHoHk315ZS95VwdPVZZOWozYUV6xXg1LFhzmR
         b97DOY2X4uTQmBQ0MoV3QYP9jiCOqetKVeS7PzpRs7el0f/9EWLG13/qyjRg3eYOrqle
         PHl8LB4eQdIb4RU1oDqKh+w1JuI0NlIdvBCg0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=akAmUlIHVyMCnIAEIuPla2RgaGumEDghjwfRk7fePO8=;
        b=SE8t4LiybhPOZnBrK33E4XyzonWgC9lmbu4pZ5CXGmc+kKeTrTbyMQpS5khWNmrEyp
         EyiGrsYzgJs+q9LD4tMuJYvHKvXIbtYBfeTpnQER75X40oTfWp1iWOiThLYzsPNha4+m
         nQItrBjRo671gSWROMZEU2jYwIR1DWmYKbD/7gt8rsaZ2TPLGiteADX5My+etfyD3039
         DRU/K61dy+pHsKhwRgq01IQ1UXN4bdCrSZW+AFbtfFM/uBG6BRmdLZ7a91AvkKFrNh9L
         sM/s5cxW+800R41jxLRQeZaDxzqUDxrbv7qUUa8JurRoieHe4bMjFk07QtViQJFx9M7b
         WSlQ==
X-Gm-Message-State: AOAM532OaNbDKMBOhcCQ4IqQ20cBS/+a+VLoIM4klkbJrPPJQ6lMps3U
        Y+TIRYUoznuBUXuWZlWy/ttMsQ==
X-Received: by 2002:a17:90a:c7cc:: with SMTP id gf12mr11236442pjb.152.1629322837839;
        Wed, 18 Aug 2021 14:40:37 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id u16sm833047pgh.53.2021.08.18.14.40.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 Aug 2021 14:40:36 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     linux-kernel@vger.kernel.org
Cc:     Kees Cook <keescook@chromium.org>, Joe Perches <joe@perches.com>,
        Miguel Ojeda <ojeda@kernel.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Andy Whitcroft <apw@canonical.com>,
        Dwaipayan Ray <dwaipayanray1@gmail.com>,
        Lukas Bulwahn <lukas.bulwahn@gmail.com>,
        Christoph Lameter <cl@linux.com>,
        Pekka Enberg <penberg@kernel.org>,
        David Rientjes <rientjes@google.com>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Vlastimil Babka <vbabka@suse.cz>,
        Daniel Micay <danielmicay@gmail.com>,
        Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
        Masahiro Yamada <masahiroy@kernel.org>,
        Michal Marek <michal.lkml@markovi.net>,
        clang-built-linux@googlegroups.com, linux-mm@kvack.org,
        linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v2 0/7] Add __alloc_size() for better bounds checking
Date:   Wed, 18 Aug 2021 14:40:14 -0700
Message-Id: <20210818214021.2476230-1-keescook@chromium.org>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=1862; h=from:subject; bh=rsMgLXm/8j8zp3cC9QOAG2syHyng6bO/WmNVEexJxdo=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhHX5CJ/SlNYpWE0Ykxq+PzeUKRG1gC/093Z7fxOqZ wEYXCCiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR1+QgAKCRCJcvTf3G3AJo3AEA CRpUXhzKUXa83bU08HMYk8w3CI0lPzuD6WVd7f8zuaswtTFfH/Hhf0jvPMTmoC6K5Pd8AE87/wBmUH movYpOXkti6rw/ORur3peVR7FtzjxTcbY+KfjktIU9xbLcdj1GyKNr/ZnXqH4tiGuIYzl7+QIgC1pl Z26pG54aUxZVwgdaBgr3YBwyn9zwNcNlth7UdxDilgHrFB6xeEGdbCwSirgpnboJrVjpve3lDgwjH4 Q6zPPWan82zmnP0HbY/T6brScwp5MpHW3UhTzdcfUfBNxmjfhIQHAhoVcXGlJUyBbHnrINSOv75H3y 6F0wiCpckheLpTgrio85Ydq4S0Et/JtOpejeclbEYhrqe/2D6urk8FEqBKHf7rC7uFlINsuc8z11PS S6WF29dvRToPp4kvE45ge5eIdj24peW4NzGhCGDXPhraGd8tFxLV4F9Vq8g4F2UdbnqkGhN6HNs5OG Te+aSJseJhr+FaAANM8fvXBQzTjM4RGQeFtDwvcWU2zPq5bx3bJCaNTOHnyjGZ/KNS0rxGw8JeqBHF CO8EYPvzIhHVVUT0lebK+o9O0vanvKwUKcy1h1eR8DRx4bK7g8c91Hm59872I8zDPjw1ovaybRAzrv 7Nul/uQgIzzglOXzFM5EZix4zg1+ua3rV5n79ekbMFaagG9uz9kIWkTK2sGA==
X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

GCC and Clang both use the "alloc_size" attribute to assist with bounds
checking around the use of allocation functions. Add the attribute,
adjust the Makefile to silence needless warnings, and add the hints to
the allocators where possible. These changes have been in use for a
while now in GrapheneOS.

To build without warnings, this series needs a couple small fixes for
allmodconfig, which I sent separately:
https://lore.kernel.org/lkml/20210818174855.2307828-5-keescook@chromium.org/
https://lore.kernel.org/lkml/20210818044252.1533634-1-keescook@chromium.org/
https://lore.kernel.org/lkml/20210818043912.1466447-1-keescook@chromium.org/

I figure I can take this via my "overflow" series, or it could go via
-mm?

-Kees

v2:
- clean up slab function declarations (joe)
- update checkpatch.pl attribute regex (joe)
- explain the Makefile changes better (ojeda, nathan)
v1: https://lore.kernel.org/lkml/20210818050841.2226600-1-keescook@chromium.org

Kees Cook (7):
  Compiler Attributes: Add __alloc_size() for better bounds checking
  checkpatch: Add __alloc_size() to known $Attribute
  slab: Clean up function declarations
  slab: Add __alloc_size attributes for better bounds checking
  mm/page_alloc: Add __alloc_size attributes for better bounds checking
  percpu: Add __alloc_size attributes for better bounds checking
  mm/vmalloc: Add __alloc_size attributes for better bounds checking

 Makefile                            |  6 ++-
 include/linux/compiler_attributes.h |  6 +++
 include/linux/gfp.h                 |  2 +
 include/linux/percpu.h              |  3 ++
 include/linux/slab.h                | 84 +++++++++++++++++------------
 include/linux/vmalloc.h             | 11 ++++
 scripts/checkpatch.pl               |  3 +-
 7 files changed, 80 insertions(+), 35 deletions(-)

-- 
2.30.2