Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp836105rwb; Sat, 1 Oct 2022 09:18:37 -0700 (PDT) X-Google-Smtp-Source: AMsMyM40h5NW8eHdNN9o3t3HSuer0C0FpLBPCGBWtDMcSxR0vGzX8nkI0yMUFMChupLxRZEHj/Zl X-Received: by 2002:a17:906:6a16:b0:787:d08d:6020 with SMTP id qw22-20020a1709066a1600b00787d08d6020mr9226840ejc.507.1664641116728; Sat, 01 Oct 2022 09:18:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664641116; cv=none; d=google.com; s=arc-20160816; b=sgfwJF2cvfC3zTbP7i4Lgi8pMboMMcNev2kEW4gMWcpCU8oT4beSOPs2ejLORvGXVK f78agZnqV5+suHcqcfomIde5fuhDLwJ4lovtMBE6JuMHf77jcPN4eZo8bkmKZxdjHyhw h5gfFT7QMyxEq19xDKzNyacWnaBwKaR7BK9J6zwJYSUcVeh5dAOmJzpdmfA+O4ZvDp98 od3CW9nbWUcJFc1eQOIKRpm65sZYXnSqM5p8+5ozctB0/558J84MAML/o9uSQkljhc99 DftIGhIsqLcOrerQgVK56rEwHX3F9vNrZ3w5hn/3mw4kzGTi5/OntkSFlTEYXi4fiykW 0/qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ZFt50GDqlKIYM4l8mECHUWC3f4w34q3ItwBbk2NFmik=; b=ojwEHdrW+eW0wTO26zOsHoMOAsxlHzNwPqOzNNf3lFXa0A4xVxBsenelGnhkRlyaJK x7wjZ08ifut9gl4Pnr15963PQQFx8OFVKqHAH/bPZERKJSeo6XcJdgXiGjoM1rS4D1WF AuENR7nQ4H1Z4BLZ7VucQyHNVke2/G5b5/5vhtjM8FvMmp7IKkUUHVKCneJ0uf8T3Z9N Sbw0xoa7ZBl0ao6hCpqtcX4lN+YmSGlCK1LtqOyfzIvPMmxlNZ3Hzosn5Ssro7z3BUpu mYq7IIu+ZqqMqmQnlsmGZCsVvN/amYvi931zszcYX6fYYw/bM3wnecu6M+HjPbiZY6Dp z7Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=K3if3PVJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sb42-20020a1709076daa00b00783d5a93880si3906104ejc.503.2022.10.01.09.18.11; Sat, 01 Oct 2022 09:18:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=K3if3PVJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229449AbiJAQKH (ORCPT + 99 others); Sat, 1 Oct 2022 12:10:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229445AbiJAQKF (ORCPT ); Sat, 1 Oct 2022 12:10:05 -0400 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7CF227DD3; Sat, 1 Oct 2022 09:10:00 -0700 (PDT) Received: by mail-pl1-x636.google.com with SMTP id d24so6382647pls.4; Sat, 01 Oct 2022 09:10:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date; bh=ZFt50GDqlKIYM4l8mECHUWC3f4w34q3ItwBbk2NFmik=; b=K3if3PVJ5bvcTJ9M0NPajRsS9R22PhUV8mt1DF9aSjhi92xxGX68nw1fQOdsnfeW88 RYDbvN3GquD6aYJG58Lch5x17v+7Fbew3pLZMAkWt1+ooRJfi37RQADA2PXlVWpJ0CkC Tph9mkBw10QRI/4GlEXa2GIU/ewaCJw+Q5bhNbWEldyfKXsiimIOVSMffXQx+3tGU4Mj dJvzomia0B+Wj46FPagEpyfhrlYIDzrrtNbXqmnTPZIsHCWjn0Q7IxiKUPw+lNuqO8YW mhgisps0Go9/DKTKISmZAxZzmxBVutsjUNJDrnOyzW3IiQoFEADN8PzV+SFx5mJvo2bv Sq2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date; bh=ZFt50GDqlKIYM4l8mECHUWC3f4w34q3ItwBbk2NFmik=; b=c5jAmLeP6Y8YFdsIgQMbsieNEPdAxKsNFmnv/Fsq/rNo0p5J33j8pmrShGaes5/iuz CL0SR7uONTP0nfyaAb5cCLwqrL+kCjd6HPBoKxHTLkI7mqqZ56nxzf8inda3ISoF7Rft fDILH7h8ctoST2en0t8SMOynG1wN/KPzBy8LXYmtS0TyIwl+Eg3wKJPxCFBOnDWoULh0 SO9nAukb5PIU4zIcmEwIZg+NcPSBH240bARWs+m8WDCSFnQDZFLWKL8CrEVdmQOmR1zw 0L3rIB5PJUPmzTN/qJ4t5bzOSFDtf/FwrVtA666ojgi9z0tBKYjJPCQMetv6N2qMd0DJ 7dFQ== X-Gm-Message-State: ACrzQf08TtNsiSdzKQnRBbwrKZ98QmhF/PEtnp/JzTgTEbgvJh3L6EGW H6rbPkglhh/G6kezKQvwzTo= X-Received: by 2002:a17:903:246:b0:179:96b5:1ad2 with SMTP id j6-20020a170903024600b0017996b51ad2mr14161925plh.37.1664640600299; Sat, 01 Oct 2022 09:10:00 -0700 (PDT) Received: from hyeyoo ([114.29.91.56]) by smtp.gmail.com with ESMTPSA id y9-20020a17090a474900b0020a28156e11sm3000108pjg.26.2022.10.01.09.09.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Oct 2022 09:09:59 -0700 (PDT) Date: Sun, 2 Oct 2022 01:09:47 +0900 From: Hyeonggon Yoo <42.hyeyoo@gmail.com> To: Kees Cook Cc: Vlastimil Babka , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Marco Elver , linux-mm@kvack.org, "Ruhl, Michael J" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Greg Kroah-Hartman , Nick Desaulniers , Alex Elder , Josef Bacik , David Sterba , Sumit Semwal , Christian =?iso-8859-1?Q?K=F6nig?= , Jesse Brandeburg , Daniel Micay , Yonghong Song , Miguel Ojeda , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org, intel-wired-lan@lists.osuosl.org, dev@openvswitch.org, x86@kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2 01/16] slab: Remove __malloc attribute from realloc functions Message-ID: References: <20220923202822.2667581-1-keescook@chromium.org> <20220923202822.2667581-2-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220923202822.2667581-2-keescook@chromium.org> X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HK_RANDOM_ENVFROM, HK_RANDOM_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 23, 2022 at 01:28:07PM -0700, Kees Cook wrote: > The __malloc attribute should not be applied to "realloc" functions, as > the returned pointer may alias the storage of the prior pointer. Instead > of splitting __malloc from __alloc_size, which would be a huge amount of > churn, just create __realloc_size for the few cases where it is needed. > > Additionally removes the conditional test for __alloc_size__, which is > always defined now. > > Cc: Christoph Lameter > Cc: Pekka Enberg > Cc: David Rientjes > Cc: Joonsoo Kim > Cc: Andrew Morton > Cc: Vlastimil Babka > Cc: Roman Gushchin > Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> > Cc: Marco Elver > Cc: linux-mm@kvack.org > Signed-off-by: Kees Cook > --- > include/linux/compiler_types.h | 13 +++++-------- > include/linux/slab.h | 12 ++++++------ > mm/slab_common.c | 4 ++-- > 3 files changed, 13 insertions(+), 16 deletions(-) > > diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h > index 4f2a819fd60a..f141a6f6b9f6 100644 > --- a/include/linux/compiler_types.h > +++ b/include/linux/compiler_types.h > @@ -271,15 +271,12 @@ struct ftrace_likely_data { > > /* > * Any place that could be marked with the "alloc_size" attribute is also > - * a place to be marked with the "malloc" attribute. Do this as part of the > - * __alloc_size macro to avoid redundant attributes and to avoid missing a > - * __malloc marking. > + * a place to be marked with the "malloc" attribute, except those that may > + * be performing a _reallocation_, as that may alias the existing pointer. > + * For these, use __realloc_size(). > */ > -#ifdef __alloc_size__ > -# define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc > -#else > -# define __alloc_size(x, ...) __malloc > -#endif > +#define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc > +#define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) > > #ifndef asm_volatile_goto > #define asm_volatile_goto(x...) asm goto(x) > diff --git a/include/linux/slab.h b/include/linux/slab.h > index 0fefdf528e0d..41bd036e7551 100644 > --- a/include/linux/slab.h > +++ b/include/linux/slab.h > @@ -184,7 +184,7 @@ int kmem_cache_shrink(struct kmem_cache *s); > /* > * Common kmalloc functions provided by all allocators > */ > -void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __alloc_size(2); > +void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __realloc_size(2); > void kfree(const void *objp); > void kfree_sensitive(const void *objp); > size_t __ksize(const void *objp); > @@ -647,10 +647,10 @@ static inline __alloc_size(1, 2) void *kmalloc_array(size_t n, size_t size, gfp_ > * @new_size: new size of a single member of the array > * @flags: the type of memory to allocate (see kmalloc) > */ > -static inline __alloc_size(2, 3) void * __must_check krealloc_array(void *p, > - size_t new_n, > - size_t new_size, > - gfp_t flags) > +static inline __realloc_size(2, 3) void * __must_check krealloc_array(void *p, > + size_t new_n, > + size_t new_size, > + gfp_t flags) > { > size_t bytes; > > @@ -774,7 +774,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla > } > > extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) > - __alloc_size(3); > + __realloc_size(3); > extern void kvfree(const void *addr); > extern void kvfree_sensitive(const void *addr, size_t len); > > diff --git a/mm/slab_common.c b/mm/slab_common.c > index 17996649cfe3..457671ace7eb 100644 > --- a/mm/slab_common.c > +++ b/mm/slab_common.c > @@ -1134,8 +1134,8 @@ module_init(slab_proc_init); > > #endif /* CONFIG_SLAB || CONFIG_SLUB_DEBUG */ > > -static __always_inline void *__do_krealloc(const void *p, size_t new_size, > - gfp_t flags) > +static __always_inline __realloc_size(2) void * > +__do_krealloc(const void *p, size_t new_size, gfp_t flags) > { > void *ret; > size_t ks; > -- > 2.34.1 > This is now squashed with later one. (so undefined __alloc_size__ issues are fixed) for the latest version of this patch: Looks good to me, Acked-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> -- Thanks, Hyeonggon