Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4689112rwd;
        Tue, 23 May 2023 11:00:56 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ4rwjEBkZGmVPlnPrY9j0lSf2TnzbhAgLn0uwDYqpxxiAs0bLgoDmJnzTC9kMNp2hML6oye
X-Received: by 2002:a05:6a00:24c8:b0:648:c1be:496 with SMTP id d8-20020a056a0024c800b00648c1be0496mr21478936pfv.22.1684864856210;
        Tue, 23 May 2023 11:00:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1684864856; cv=none;
        d=google.com; s=arc-20160816;
        b=q7FxkhAZ1Yu9GwrgkfN3DFRpD1GWUw92h1js/Mc6xCsWEaZY+dR4y6be6j8KPOeb7Q
         ilcfixtXfhYQMPJyADxcgqYRs6iYo4L5Mg8/XvP1a1nqmOU1UyVvq2OhXUMMX93pMaOR
         JQpK7FQo5AA+fnFAcQ9leltGlhZuSEmG0lqFaXWZ2fuyCNCKy/L7xWrRX7LhElRgJsgS
         CMtfGWAqpnr5qb0zVdvvIEq+bCV+i6a/QPvdTPGr6/anvhYAgcJWUSKy96GGMj8kHV+D
         rkxva+qIYK2m1XkUjEDHTkHKInd5QQ5kcxMRP1XdE/aYpSCq7m8lCSSnAzrpnstn7SFx
         UThg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=cDSe93C6HjCET4xApTCSeqbusXOXkwn44GS7hjJBCV8=;
        b=XQjdgeYbysdkL4vlCPISJMFgff2V1tcYHka5mUd6yYCM3KIIpvfe7R26wI1Kj/R6MK
         5JM7FMdM5KInzYTnkPNy3jGt8gI1c/2pMXBzyCpQh3HqeXVHL30R5AaSfjl/yifiHB5p
         J78N10MaSerexkIpa/yEWR1+WrMFRd8fAojP7UASZMrGJbr606tfAUojcYe8hkVTjDn+
         LsEtKgDND1aKadfZZSKGwKHZ5BBgpbZZhtJHzRadPcMTaRCZ8fr14A/Lk1EgEgagF7mF
         rF4xkDhAERJm4c7JpYq9VntHJOsn7fI9TKF4IGQpykJ2ww95YyNqlKsS//0gaqpNiAeH
         Txqg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cX2tItOE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id bt19-20020a632913000000b00520b3928bebsi1507098pgb.7.2023.05.23.11.00.40;
        Tue, 23 May 2023 11:00:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cX2tItOE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237548AbjEWRuB (ORCPT <rfc822;a839024@gmail.com> + 99 others);
        Tue, 23 May 2023 13:50:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48144 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237830AbjEWRtq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 May 2023 13:49:46 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E17DFE70;
        Tue, 23 May 2023 10:49:28 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id E998E61D51;
        Tue, 23 May 2023 17:49:15 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BDF95C433EF;
        Tue, 23 May 2023 17:49:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1684864155;
        bh=WulWyTLsl5PkcQrddm9jfceGIGntrpe2tN+xa+us7bo=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=cX2tItOE1A1Jntu+R2QwFXn1l2foJFtg3vTP5UqBKoyZAx1yIVSFWvsSppTEK/EOP
         lN7uZmcVpfDnJLrPAK6p60xdJr60YQkvTKJ9egHit5rKTgaVtlfC5DrIIcVuVa1PFF
         q1Rgb8mF6vjH0jYHR6CmpB5cz3pG5RY46o+x53evUnUB2rCdD4iCI7gCRQZHsgiqA2
         KwyIutNcCQl9ndkkDPM89DD6D+5+/8NAiqoAUZuwyjrrjqs0bnFJc7HxI/H/oHPED7
         K2Hu1Wx4MD5Ad4NUkal8QwWsuF0f1J8vGR9nTjgaKW8lAvglCsQTkZQ8a3n3daoFjQ
         tIlPVx23OT0Gg==
Date:   Tue, 23 May 2023 10:49:13 -0700
From:   Nathan Chancellor <nathan@kernel.org>
To:     Kees Cook <keescook@chromium.org>
Cc:     Miguel Ojeda <ojeda@kernel.org>, Bill Wendling <morbo@google.com>,
        Qing Zhao <qing.zhao@oracle.com>,
        "Gustavo A . R . Silva" <gustavoars@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Tom Rix <trix@redhat.com>, llvm@lists.linux.dev,
        linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v2] Compiler Attributes: Add __counted_by macro
Message-ID: <20230523174913.GB1388474@dev-arch.thelio-3990X>
References: <20230517190841.gonna.796-kees@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230517190841.gonna.796-kees@kernel.org>
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 17, 2023 at 12:08:44PM -0700, Kees Cook wrote:
> In an effort to annotate all flexible array members with their run-time
> size information, the "element_count" attribute is being introduced by
> Clang[1] and GCC[2] in future releases. This annotation will provide
> the CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE features the ability
> to perform run-time bounds checking on otherwise unknown-size flexible
> arrays.
> 
> Even though the attribute is under development, we can start the
> annotation process in the kernel. This requires defining a macro for
> it, even if we have to change the name of the actual attribute later.
> Since it is likely that this attribute may change its name to "counted_by"
> in the future (to better align with a future total bytes "sized_by"
> attribute), name the wrapper macro "__counted_by", which also reads more
> clearly (and concisely) in structure definitions.
> 
> [1] https://reviews.llvm.org/D148381
> [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
> 
> Cc: Miguel Ojeda <ojeda@kernel.org>
> Cc: Bill Wendling <morbo@google.com>
> Cc: Qing Zhao <qing.zhao@oracle.com>
> Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
> Cc: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Tom Rix <trix@redhat.com>
> Cc: llvm@lists.linux.dev
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Nathan Chancellor <nathan@kernel.org>

> ---
> v2: - update "Optional" comments
> v1: https://lore.kernel.org/all/20230504181636.never.222-kees@kernel.org/
> ---
>  include/linux/compiler_attributes.h | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
> index e659cb6fded3..a92d8887e8f0 100644
> --- a/include/linux/compiler_attributes.h
> +++ b/include/linux/compiler_attributes.h
> @@ -123,6 +123,19 @@
>  # define __designated_init
>  #endif
>  
> +/*
> + * Optional: only supported since gcc >= 14
> + * Optional: only supported since clang >= 17
> + *
> + *   gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
> + * clang: https://reviews.llvm.org/D148381
> + */
> +#if __has_attribute(__element_count__)
> +# define __counted_by(member)		__attribute__((__element_count__(member)))
> +#else
> +# define __counted_by(member)
> +#endif
> +
>  /*
>   * Optional: only supported since clang >= 14.0
>   *
> -- 
> 2.34.1
>