Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp121388pxb; Wed, 18 Aug 2021 17:43:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvip6RK4sVTjvd+MMG4b4x97YuFEPoR+JwLi31NIoCVfaGHsciLRwvhv6cxYdTvihqgs50 X-Received: by 2002:a05:6e02:2149:: with SMTP id d9mr8083349ilv.141.1629333835333; Wed, 18 Aug 2021 17:43:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629333835; cv=none; d=google.com; s=arc-20160816; b=pcKRYiZbUuHBFSPkb4z6WiZwFqYpC7UdqomdkWBV8meKTMVR7PmdQniTTkNy8H+7/b ZaOYTf+C+J4hcB+8CSGQ/hL5z86YYYBUAH4TpeWw9eY4Sdc7hEm0gMBVu+t0kIHaIz6r vI+aMqzCUjcnOKqP+v0A2XEdTAwxFqxxov1fYogNUTWlCHEmGJEmYuTX0GyPTMDmUMd/ 0YCm7xZAkMABDK1KZCcg6lqC9KYdgKF9+05g2LKIfjXJrajIyaS+3az2/I3nWldoxfcQ e1klCoZPnmh1TRIjKmCBu+rmvzF8/EjMC1DNIKOzFzGBDMiZu2l6SjyMpKmtmhLhbYcj SAVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=WUckR6/rEyG6hoZXTxRWHk9iw1OsAucy5gKY4D8oDS4=; b=sbkWM9iJ5x2YqCpyng13M3lMAaNmyW519JkdPD3ghI+C3GSPtX6wVJTyusHIa+/gt+ rZ3SLG5abvQqRo9dlwwX/LQ3EA5/5WJpH/IRB+UublBZRYDXasCILGFuKkzCn/FoFTmf 2VIdW/HL/JxGev2AMgEaT00lwnoFX6AHglQZCDq6a0XVpYrQyk0NXg1a3d97IJGlwrW8 9FZC1aKKWvV1T9sXILsdd6DEO8I2tbg77pxl2lhiYJQ3r2dMDYGQehnbkP14ussIHWZr kaPYLG9oOWHQ0qRBnFPZO4OVt9i0DvIyKraaSQWGdUF/kfBOYLkKqh8zC0WGJCXu+7cp /epA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r8si1201885jar.122.2021.08.18.17.43.44; Wed, 18 Aug 2021 17:43:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234903AbhHSAni (ORCPT + 99 others); Wed, 18 Aug 2021 20:43:38 -0400 Received: from mail-qv1-f49.google.com ([209.85.219.49]:38781 "EHLO mail-qv1-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234523AbhHSAnh (ORCPT ); Wed, 18 Aug 2021 20:43:37 -0400 Received: by mail-qv1-f49.google.com with SMTP id bl13so2759795qvb.5; Wed, 18 Aug 2021 17:43:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=WUckR6/rEyG6hoZXTxRWHk9iw1OsAucy5gKY4D8oDS4=; b=mbLSyTIAKSlwe7r/tkKetZFBXt5infeLFXZ9WN4lQ1B6d+n9gJ760sTf4MgG1Hvjp+ DoQJBD7LMRWZCziqrTMTx6yiuPp2iE6g66kxUEeRiaxK9EK90oucRyXwAGPS0dLQGEfl AnBntlEOIjnN70WqJW7PEWhIKW+/AUOWrkDrEjQS25Wo9eEVy9LKrif/98bWaR3fj6l4 wz+Y54c1EP2s92SpW67TZkM4JrM2fV8B8SVp+J5RV+ZKA+Qpim0yyXy4mRj+pb8z7eTZ 0n4dxUUbc9dwnNMcZ9BuqK8+/qaOBCD5Nfg55AxG7ZQyBb/CIjnsqvaBTXNSCxJIdev/ J/6A== X-Gm-Message-State: AOAM531NpHCyK5G+dZyNB5aQPHpA+J3qCEYLr9ZtG1dzrJbVxcSomGaB fJ579pUAt9RdUDn1Mc6stOA= X-Received: by 2002:a05:6214:902:: with SMTP id dj2mr11985796qvb.62.1629333782032; Wed, 18 Aug 2021 17:43:02 -0700 (PDT) Received: from fedora (pool-173-68-57-129.nycmny.fios.verizon.net. [173.68.57.129]) by smtp.gmail.com with ESMTPSA id d8sm758453qtr.0.2021.08.18.17.43.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 17:43:01 -0700 (PDT) Date: Wed, 18 Aug 2021 20:42:59 -0400 From: Dennis Zhou To: Kees Cook Cc: linux-kernel@vger.kernel.org, Daniel Micay , Dennis Zhou , Tejun Heo , Christoph Lameter , linux-mm@kvack.org, Joe Perches , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Masahiro Yamada , Michal Marek , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2 6/7] percpu: Add __alloc_size attributes for better bounds checking Message-ID: References: <20210818214021.2476230-1-keescook@chromium.org> <20210818214021.2476230-7-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210818214021.2476230-7-keescook@chromium.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Wed, Aug 18, 2021 at 02:40:20PM -0700, Kees Cook wrote: > As already done in GrapheneOS, add the __alloc_size attribute for > appropriate percpu allocator interfaces, to provide additional hinting > for better bounds checking, assisting CONFIG_FORTIFY_SOURCE and other > compiler optimizations. Can you elaborate a little bit for me how this works for percpu? In any case that's not uniprocessor, any modification is done through address accessors and not on the returned percpu pointer. Is the metadata kept by gcc/clang able to transpire the percpu pointer accessors? Thanks, Dennis > > Co-developed-by: Daniel Micay > Signed-off-by: Daniel Micay > Cc: Dennis Zhou > Cc: Tejun Heo > Cc: Christoph Lameter > Cc: linux-mm@kvack.org > Signed-off-by: Kees Cook > --- > include/linux/percpu.h | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/include/linux/percpu.h b/include/linux/percpu.h > index 5e76af742c80..119f41815b32 100644 > --- a/include/linux/percpu.h > +++ b/include/linux/percpu.h > @@ -123,6 +123,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, > pcpu_fc_populate_pte_fn_t populate_pte_fn); > #endif > > +__alloc_size(1) > extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align); > extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); > extern bool is_kernel_percpu_address(unsigned long addr); > @@ -131,7 +132,9 @@ extern bool is_kernel_percpu_address(unsigned long addr); > extern void __init setup_per_cpu_areas(void); > #endif > > +__alloc_size(1) > extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp); > +__alloc_size(1) > extern void __percpu *__alloc_percpu(size_t size, size_t align); > extern void free_percpu(void __percpu *__pdata); > extern phys_addr_t per_cpu_ptr_to_phys(void *addr); > -- > 2.30.2 >