lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251121195504.1661783-1-morbo@google.com>
Date: Fri, 21 Nov 2025 19:54:33 +0000
From: Bill Wendling <morbo@...gle.com>
To: linux-kernel@...r.kernel.org
Cc: Bill Wendling <morbo@...gle.com>, Kees Cook <kees@...nel.org>, Qing Zhao <qing.zhao@...cle.com>, 
	"Gustavo A. R. Silva" <gustavoars@...nel.org>, Nathan Chancellor <nathan@...nel.org>, 
	Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Justin Stitt <justinstitt@...gle.com>, 
	Miguel Ojeda <ojeda@...nel.org>, Peter Zijlstra <peterz@...radead.org>, 
	Andrew Morton <akpm@...ux-foundation.org>, Heiko Carstens <hca@...ux.ibm.com>, 
	Marc Herbert <Marc.Herbert@...ux.intel.com>, Uros Bizjak <ubizjak@...il.com>, 
	Tejun Heo <tj@...nel.org>, Jeff Xu <jeffxu@...omium.org>, 
	"Michal Koutný" <mkoutny@...e.com>, Shakeel Butt <shakeel.butt@...ux.dev>, 
	"Thomas Weißschuh" <thomas.weissschuh@...utronix.de>, John Stultz <jstultz@...gle.com>, 
	Christian Brauner <brauner@...nel.org>, Randy Dunlap <rdunlap@...radead.org>, 
	Brian Gerst <brgerst@...il.com>, Masahiro Yamada <masahiroy@...nel.org>, 
	linux-hardening@...r.kernel.org, llvm@...ts.linux.dev, 
	Jan Hendrik Farr <kernel@...rr.cc>
Subject: [PATCH v2 1/2] Compiler Attributes: Add __counted_by_ptr macro

Clang and GCC are expanding the '__counted_by' attribute to support
pointers in structs. Clang has support for it since version 21. This
requires defining a separate macro, '__counted_by_ptr', because, while
the attribute has the same name for both a pointer and a flexible array
member, minimal compiler versions need to catch up.

The effect of this feature is the same as for __counted_by on flexible
array members. It provides hardening the ability to perform run-time
bounds checking on otherwise unknown-size pointers.

Cc: Kees Cook <kees@...nel.org>
Cc: Qing Zhao <qing.zhao@...cle.com>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>
Cc: Nick Desaulniers <nick.desaulniers+lkml@...il.com>
Cc: Justin Stitt <justinstitt@...gle.com>
Cc: Miguel Ojeda <ojeda@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Heiko Carstens <hca@...ux.ibm.com>
Cc: Marc Herbert <Marc.Herbert@...ux.intel.com>
Cc: Uros Bizjak <ubizjak@...il.com>
Cc: Tejun Heo <tj@...nel.org>
Cc: Jeff Xu <jeffxu@...omium.org>
Cc: "Michal Koutný" <mkoutny@...e.com>
Cc: Shakeel Butt <shakeel.butt@...ux.dev>
Cc: "Thomas Weißschuh" <thomas.weissschuh@...utronix.de>
Cc: John Stultz <jstultz@...gle.com>
Cc: Christian Brauner <brauner@...nel.org>
Cc: Randy Dunlap <rdunlap@...radead.org>
Cc: Brian Gerst <brgerst@...il.com>
Cc: Masahiro Yamada <masahiroy@...nel.org>
Cc: linux-kernel@...r.kernel.org
Cc: linux-hardening@...r.kernel.org
Cc: llvm@...ts.linux.dev
Signed-off-by: Bill Wendling <morbo@...gle.com>
---
v2 - Add support for GCC.
---
 include/linux/compiler_types.h | 11 +++++++++++
 init/Kconfig                   |  7 +++++++
 2 files changed, 18 insertions(+)

diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index 0a1b9598940d..2b0251bb951c 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -351,6 +351,17 @@ struct ftrace_likely_data {
 # define __assume(expr)
 #endif
 
+/*
+ * Optional: only supported since clang >= 21
+ *
+ * clang: https://github.com/llvm/llvm-project/pull/137250
+ */
+#ifdef CONFIG_CC_HAS_COUNTED_BY_FOR_POINTER
+#define __counted_by_ptr(member)	__attribute__((__counted_by__(member)))
+#else
+#define __counted_by_ptr(member)
+#endif
+
 /*
  * Optional: only supported since gcc >= 15
  * Optional: only supported since clang >= 18
diff --git a/init/Kconfig b/init/Kconfig
index cab3ad28ca49..f947f242bca8 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -139,6 +139,13 @@ config CC_HAS_COUNTED_BY
 	# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
 	default y if CC_IS_GCC && GCC_VERSION >= 150100
 
+config CC_HAS_COUNTED_BY_ON_POINTERS
+	bool
+	# supported since clang 21.1.0
+	default y if CC_IS_CLANG && CLANG_VERSION >= 210100
+	# supported since gcc 16.0.0
+	default y if CC_IS_GCC && GCC_VERSION >= 160000
+
 config CC_HAS_MULTIDIMENSIONAL_NONSTRING
 	def_bool $(success,echo 'char tag[][4] __attribute__((__nonstring__)) = { };' | $(CC) $(CLANG_FLAGS) -x c - -c -o /dev/null -Werror)
 
-- 
2.52.0.rc2.455.g230fcf2819-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ