lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 28 Sep 2022 18:27:36 +0200
From:   Vlastimil Babka <vbabka@...e.cz>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>,
        Kees Cook <keescook@...omium.org>
Cc:     Christoph Lameter <cl@...ux.com>,
        Pekka Enberg <penberg@...nel.org>,
        David Rientjes <rientjes@...gle.com>,
        Joonsoo Kim <iamjoonsoo.kim@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Roman Gushchin <roman.gushchin@...ux.dev>,
        Hyeonggon Yoo <42.hyeyoo@...il.com>,
        Marco Elver <elver@...gle.com>, linux-mm@...ck.org,
        "Ruhl, Michael J" <michael.j.ruhl@...el.com>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Alex Elder <elder@...nel.org>,
        Josef Bacik <josef@...icpanda.com>,
        David Sterba <dsterba@...e.com>,
        Sumit Semwal <sumit.semwal@...aro.org>,
        Christian König <christian.koenig@....com>,
        Jesse Brandeburg <jesse.brandeburg@...el.com>,
        Daniel Micay <danielmicay@...il.com>,
        Yonghong Song <yhs@...com>, Miguel Ojeda <ojeda@...nel.org>,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        linux-btrfs@...r.kernel.org, linux-media@...r.kernel.org,
        dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org,
        linux-fsdevel@...r.kernel.org, intel-wired-lan@...ts.osuosl.org,
        dev@...nvswitch.org, x86@...nel.org, llvm@...ts.linux.dev,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2 01/16] slab: Remove __malloc attribute from realloc
 functions

On 9/28/22 09:26, Geert Uytterhoeven wrote:
> Hi Kees,
> 
> On Fri, Sep 23, 2022 at 10:35 PM Kees Cook <keescook@...omium.org> wrote:
>> The __malloc attribute should not be applied to "realloc" functions, as
>> the returned pointer may alias the storage of the prior pointer. Instead
>> of splitting __malloc from __alloc_size, which would be a huge amount of
>> churn, just create __realloc_size for the few cases where it is needed.
>>
>> Additionally removes the conditional test for __alloc_size__, which is
>> always defined now.
>>
>> Cc: Christoph Lameter <cl@...ux.com>
>> Cc: Pekka Enberg <penberg@...nel.org>
>> Cc: David Rientjes <rientjes@...gle.com>
>> Cc: Joonsoo Kim <iamjoonsoo.kim@....com>
>> Cc: Andrew Morton <akpm@...ux-foundation.org>
>> Cc: Vlastimil Babka <vbabka@...e.cz>
>> Cc: Roman Gushchin <roman.gushchin@...ux.dev>
>> Cc: Hyeonggon Yoo <42.hyeyoo@...il.com>
>> Cc: Marco Elver <elver@...gle.com>
>> Cc: linux-mm@...ck.org
>> Signed-off-by: Kees Cook <keescook@...omium.org>
> 
> Thanks for your patch, which is now commit 63caa04ec60583b1 ("slab:
> Remove __malloc attribute from realloc functions") in next-20220927.
> 
> Noreply@...erman.id.au reported all gcc8-based builds to fail
> (e.g. [1], more at [2]):
> 
>      In file included from <command-line>:
>      ./include/linux/percpu.h: In function ‘__alloc_reserved_percpu’:
>      ././include/linux/compiler_types.h:279:30: error: expected
> declaration specifiers before ‘__alloc_size__’
>       #define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
>                                    ^~~~~~~~~~~~~~
>      ./include/linux/percpu.h:120:74: note: in expansion of macro ‘__alloc_size’
>      [...]
> 
> It's building fine with e.g. gcc-9 (which is my usual m68k cross-compiler).
> Reverting this commit on next-20220927 fixes the issue.

So IIUC it was wrong to remove the #ifdefs?

> [1] http://kisskb.ellerman.id.au/kisskb/buildresult/14803908/
> [2] http://kisskb.ellerman.id.au/kisskb/head/1bd8b75fe6adeaa89d02968bdd811ffe708cf839/
> 
> 
> 
>> ---
>>   include/linux/compiler_types.h | 13 +++++--------
>>   include/linux/slab.h           | 12 ++++++------
>>   mm/slab_common.c               |  4 ++--
>>   3 files changed, 13 insertions(+), 16 deletions(-)
>>
>> diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
>> index 4f2a819fd60a..f141a6f6b9f6 100644
>> --- a/include/linux/compiler_types.h
>> +++ b/include/linux/compiler_types.h
>> @@ -271,15 +271,12 @@ struct ftrace_likely_data {
>>
>>   /*
>>    * Any place that could be marked with the "alloc_size" attribute is also
>> - * a place to be marked with the "malloc" attribute. Do this as part of the
>> - * __alloc_size macro to avoid redundant attributes and to avoid missing a
>> - * __malloc marking.
>> + * a place to be marked with the "malloc" attribute, except those that may
>> + * be performing a _reallocation_, as that may alias the existing pointer.
>> + * For these, use __realloc_size().
>>    */
>> -#ifdef __alloc_size__
>> -# define __alloc_size(x, ...)  __alloc_size__(x, ## __VA_ARGS__) __malloc
>> -#else
>> -# define __alloc_size(x, ...)  __malloc
>> -#endif
>> +#define __alloc_size(x, ...)   __alloc_size__(x, ## __VA_ARGS__) __malloc
>> +#define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__)
>>
>>   #ifndef asm_volatile_goto
>>   #define asm_volatile_goto(x...) asm goto(x)
>> diff --git a/include/linux/slab.h b/include/linux/slab.h
>> index 0fefdf528e0d..41bd036e7551 100644
>> --- a/include/linux/slab.h
>> +++ b/include/linux/slab.h
>> @@ -184,7 +184,7 @@ int kmem_cache_shrink(struct kmem_cache *s);
>>   /*
>>    * Common kmalloc functions provided by all allocators
>>    */
>> -void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __alloc_size(2);
>> +void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __realloc_size(2);
>>   void kfree(const void *objp);
>>   void kfree_sensitive(const void *objp);
>>   size_t __ksize(const void *objp);
>> @@ -647,10 +647,10 @@ static inline __alloc_size(1, 2) void *kmalloc_array(size_t n, size_t size, gfp_
>>    * @new_size: new size of a single member of the array
>>    * @flags: the type of memory to allocate (see kmalloc)
>>    */
>> -static inline __alloc_size(2, 3) void * __must_check krealloc_array(void *p,
>> -                                                                   size_t new_n,
>> -                                                                   size_t new_size,
>> -                                                                   gfp_t flags)
>> +static inline __realloc_size(2, 3) void * __must_check krealloc_array(void *p,
>> +                                                                     size_t new_n,
>> +                                                                     size_t new_size,
>> +                                                                     gfp_t flags)
>>   {
>>          size_t bytes;
>>
>> @@ -774,7 +774,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla
>>   }
>>
>>   extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags)
>> -                     __alloc_size(3);
>> +                     __realloc_size(3);
>>   extern void kvfree(const void *addr);
>>   extern void kvfree_sensitive(const void *addr, size_t len);
>>
>> diff --git a/mm/slab_common.c b/mm/slab_common.c
>> index 17996649cfe3..457671ace7eb 100644
>> --- a/mm/slab_common.c
>> +++ b/mm/slab_common.c
>> @@ -1134,8 +1134,8 @@ module_init(slab_proc_init);
>>
>>   #endif /* CONFIG_SLAB || CONFIG_SLUB_DEBUG */
>>
>> -static __always_inline void *__do_krealloc(const void *p, size_t new_size,
>> -                                          gfp_t flags)
>> +static __always_inline __realloc_size(2) void *
>> +__do_krealloc(const void *p, size_t new_size, gfp_t flags)
>>   {
>>          void *ret;
>>          size_t ks;
>> --
>> 2.34.1
>>
> 
> 
> --
> Gr{oetje,eeting}s,
> 
>                          Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                  -- Linus Torvalds

Powered by blists - more mailing lists