| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGG=3QUNTxpFiQd6EkRaN2ynLPi4WTY9CW-pBZG9Y5hr8VT5qg@mail.gmail.com> Date: Mon, 24 Nov 2025 12:01:02 -0800 From: Bill Wendling <morbo@...gle.com> To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com> Cc: linux-kernel@...r.kernel.org, Kees Cook <kees@...nel.org>, Qing Zhao <qing.zhao@...cle.com>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Justin Stitt <justinstitt@...gle.com>, Miguel Ojeda <ojeda@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, Heiko Carstens <hca@...ux.ibm.com>, Marc Herbert <Marc.Herbert@...ux.intel.com>, Uros Bizjak <ubizjak@...il.com>, Tejun Heo <tj@...nel.org>, Jeff Xu <jeffxu@...omium.org>, Michal Koutný <mkoutny@...e.com>, Shakeel Butt <shakeel.butt@...ux.dev>, Thomas Weißschuh <thomas.weissschuh@...utronix.de>, John Stultz <jstultz@...gle.com>, Christian Brauner <brauner@...nel.org>, Randy Dunlap <rdunlap@...radead.org>, Brian Gerst <brgerst@...il.com>, Masahiro Yamada <masahiroy@...nel.org>, linux-hardening@...r.kernel.org, llvm@...ts.linux.dev, Jan Hendrik Farr <kernel@...rr.cc> Subject: Re: [PATCH v2 1/2] Compiler Attributes: Add __counted_by_ptr macro On Fri, Nov 21, 2025 at 1:48 PM Miguel Ojeda <miguel.ojeda.sandonis@...il.com> wrote: > On Fri, Nov 21, 2025 at 8:55 PM Bill Wendling <morbo@...gle.com> wrote: > > > > +/* > > + * Optional: only supported since clang >= 21 > > + * > > + * clang: https://github.com/llvm/llvm-project/pull/137250 > > + */ > > +#ifdef CONFIG_CC_HAS_COUNTED_BY_FOR_POINTER > > +#define __counted_by_ptr(member) __attribute__((__counted_by__(member))) > > +#else > > +#define __counted_by_ptr(member) > > +#endif > > I guess there is a reason for this name, but it sounds to me a bit > like the thing between parenthesis is a pointer, i.e. that perhaps it > is the pointee that one that counts. > > Hmm... what about `__ptr_counted_by`? > > In addition, could we please provide a bit of context in the > documentation? i.e. links to the attribute docs in both Clang and GCC. > > And perhaps explaining why this cannot use `__has_attribute`, i.e. > what the commit log mentions. > The attribute used to be hidden behind "__has_attribute" (git show c8248faf3ca2), but was converted to a 'CONFIG_' variable due to (I assume) bug fixes that occurred at different compiler versions (git show f06e108a3dc53). Also "__has_attribute" won't work in this situation, because the attribute name, "__counted_by__", is used for both a pointer field (unsupported) and the flexible array member (supported). The naming of the macro is flexible of course. I have a preference for adding a suffix, because there are other expansions of this and other bounds safety attributes where, during discussions about the attributes' syntaxes, we've been using suffixes. I.e., Clang supports a limited form of context-free expressions as the argument to the attribute. We want to add support for that in the future, but there are issues with adding that support to GCC that haven't been ironed out yet. We've been calling that macro "__counted_by_expr", because again the attribute name is the same. This is not to say that it's the *best* name for the macro, but it does seem natural. I'll add these explanations to the commit message in a new version after I collect all feedback. :-) Thanks! -bw
Powered by blists - more mailing lists