Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4689112rwd; Tue, 23 May 2023 11:00:56 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4rwjEBkZGmVPlnPrY9j0lSf2TnzbhAgLn0uwDYqpxxiAs0bLgoDmJnzTC9kMNp2hML6oye X-Received: by 2002:a05:6a00:24c8:b0:648:c1be:496 with SMTP id d8-20020a056a0024c800b00648c1be0496mr21478936pfv.22.1684864856210; Tue, 23 May 2023 11:00:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684864856; cv=none; d=google.com; s=arc-20160816; b=q7FxkhAZ1Yu9GwrgkfN3DFRpD1GWUw92h1js/Mc6xCsWEaZY+dR4y6be6j8KPOeb7Q ilcfixtXfhYQMPJyADxcgqYRs6iYo4L5Mg8/XvP1a1nqmOU1UyVvq2OhXUMMX93pMaOR JQpK7FQo5AA+fnFAcQ9leltGlhZuSEmG0lqFaXWZ2fuyCNCKy/L7xWrRX7LhElRgJsgS CMtfGWAqpnr5qb0zVdvvIEq+bCV+i6a/QPvdTPGr6/anvhYAgcJWUSKy96GGMj8kHV+D rkxva+qIYK2m1XkUjEDHTkHKInd5QQ5kcxMRP1XdE/aYpSCq7m8lCSSnAzrpnstn7SFx UThg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=cDSe93C6HjCET4xApTCSeqbusXOXkwn44GS7hjJBCV8=; b=XQjdgeYbysdkL4vlCPISJMFgff2V1tcYHka5mUd6yYCM3KIIpvfe7R26wI1Kj/R6MK 5JM7FMdM5KInzYTnkPNy3jGt8gI1c/2pMXBzyCpQh3HqeXVHL30R5AaSfjl/yifiHB5p J78N10MaSerexkIpa/yEWR1+WrMFRd8fAojP7UASZMrGJbr606tfAUojcYe8hkVTjDn+ LsEtKgDND1aKadfZZSKGwKHZ5BBgpbZZhtJHzRadPcMTaRCZ8fr14A/Lk1EgEgagF7mF rF4xkDhAERJm4c7JpYq9VntHJOsn7fI9TKF4IGQpykJ2ww95YyNqlKsS//0gaqpNiAeH Txqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cX2tItOE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bt19-20020a632913000000b00520b3928bebsi1507098pgb.7.2023.05.23.11.00.40; Tue, 23 May 2023 11:00:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cX2tItOE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237548AbjEWRuB (ORCPT + 99 others); Tue, 23 May 2023 13:50:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237830AbjEWRtq (ORCPT ); Tue, 23 May 2023 13:49:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E17DFE70; Tue, 23 May 2023 10:49:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E998E61D51; Tue, 23 May 2023 17:49:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BDF95C433EF; Tue, 23 May 2023 17:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684864155; bh=WulWyTLsl5PkcQrddm9jfceGIGntrpe2tN+xa+us7bo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=cX2tItOE1A1Jntu+R2QwFXn1l2foJFtg3vTP5UqBKoyZAx1yIVSFWvsSppTEK/EOP lN7uZmcVpfDnJLrPAK6p60xdJr60YQkvTKJ9egHit5rKTgaVtlfC5DrIIcVuVa1PFF q1Rgb8mF6vjH0jYHR6CmpB5cz3pG5RY46o+x53evUnUB2rCdD4iCI7gCRQZHsgiqA2 KwyIutNcCQl9ndkkDPM89DD6D+5+/8NAiqoAUZuwyjrrjqs0bnFJc7HxI/H/oHPED7 K2Hu1Wx4MD5Ad4NUkal8QwWsuF0f1J8vGR9nTjgaKW8lAvglCsQTkZQ8a3n3daoFjQ tIlPVx23OT0Gg== Date: Tue, 23 May 2023 10:49:13 -0700 From: Nathan Chancellor To: Kees Cook Cc: Miguel Ojeda , Bill Wendling , Qing Zhao , "Gustavo A . R . Silva" , Nick Desaulniers , Tom Rix , llvm@lists.linux.dev, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2] Compiler Attributes: Add __counted_by macro Message-ID: <20230523174913.GB1388474@dev-arch.thelio-3990X> References: <20230517190841.gonna.796-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230517190841.gonna.796-kees@kernel.org> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 17, 2023 at 12:08:44PM -0700, Kees Cook wrote: > In an effort to annotate all flexible array members with their run-time > size information, the "element_count" attribute is being introduced by > Clang[1] and GCC[2] in future releases. This annotation will provide > the CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE features the ability > to perform run-time bounds checking on otherwise unknown-size flexible > arrays. > > Even though the attribute is under development, we can start the > annotation process in the kernel. This requires defining a macro for > it, even if we have to change the name of the actual attribute later. > Since it is likely that this attribute may change its name to "counted_by" > in the future (to better align with a future total bytes "sized_by" > attribute), name the wrapper macro "__counted_by", which also reads more > clearly (and concisely) in structure definitions. > > [1] https://reviews.llvm.org/D148381 > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 > > Cc: Miguel Ojeda > Cc: Bill Wendling > Cc: Qing Zhao > Cc: Gustavo A. R. Silva > Cc: Nick Desaulniers > Cc: Nathan Chancellor > Cc: Tom Rix > Cc: llvm@lists.linux.dev > Signed-off-by: Kees Cook Reviewed-by: Nathan Chancellor > --- > v2: - update "Optional" comments > v1: https://lore.kernel.org/all/20230504181636.never.222-kees@kernel.org/ > --- > include/linux/compiler_attributes.h | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h > index e659cb6fded3..a92d8887e8f0 100644 > --- a/include/linux/compiler_attributes.h > +++ b/include/linux/compiler_attributes.h > @@ -123,6 +123,19 @@ > # define __designated_init > #endif > > +/* > + * Optional: only supported since gcc >= 14 > + * Optional: only supported since clang >= 17 > + * > + * gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 > + * clang: https://reviews.llvm.org/D148381 > + */ > +#if __has_attribute(__element_count__) > +# define __counted_by(member) __attribute__((__element_count__(member))) > +#else > +# define __counted_by(member) > +#endif > + > /* > * Optional: only supported since clang >= 14.0 > * > -- > 2.34.1 >