From: Andrew Morton <akpm@linux-foundation.org>
To: akpm@linux-foundation.org, apw@canonical.com, cl@linux.com,
danielmicay@gmail.com, dennis@kernel.org,
dwaipayanray1@gmail.com, iamjoonsoo.kim@lge.com, joe@perches.com,
keescook@chromium.org, linux-mm@kvack.org,
lukas.bulwahn@gmail.com, mm-commits@vger.kernel.org,
nathan@kernel.org, ndesaulniers@google.com, ojeda@kernel.org,
penberg@kernel.org, rientjes@google.com, tj@kernel.org,
torvalds@linux-foundation.org, vbabka@suse.cz
Subject: [patch 6/9] slab: add __alloc_size attributes for better bounds checking
Date: Thu, 09 Sep 2021 20:10:36 -0700 [thread overview]
Message-ID: <20210910031036._znbALnV_%akpm@linux-foundation.org> (raw)
In-Reply-To: <20210909200948.090d4e213ca34b5ad1325a7e@linux-foundation.org>
From: Kees Cook <keescook@chromium.org>
Subject: slab: add __alloc_size attributes for better bounds checking
As already done in GrapheneOS, add the __alloc_size attribute for regular
kmalloc interfaces, to provide additional hinting for better bounds
checking, assisting CONFIG_FORTIFY_SOURCE and other compiler
optimizations.
Link: https://lkml.kernel.org/r/20210818214021.2476230-5-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Co-developed-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Andy Whitcroft <apw@canonical.com>
Cc: Dennis Zhou <dennis@kernel.org>
Cc: Dwaipayan Ray <dwaipayanray1@gmail.com>
Cc: Joe Perches <joe@perches.com>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/slab.h | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
--- a/include/linux/slab.h~slab-add-__alloc_size-attributes-for-better-bounds-checking
+++ a/include/linux/slab.h
@@ -181,7 +181,7 @@ int kmem_cache_shrink(struct kmem_cache
/*
* Common kmalloc functions provided by all allocators
*/
-__must_check
+__must_check __alloc_size(2)
void *krealloc(const void *objp, size_t new_size, gfp_t flags);
void kfree(const void *objp);
void kfree_sensitive(const void *objp);
@@ -426,6 +426,7 @@ static __always_inline unsigned int __km
#define kmalloc_index(s) __kmalloc_index(s, true)
#endif /* !CONFIG_SLOB */
+__alloc_size(1)
void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc;
void *kmem_cache_alloc(struct kmem_cache *s, gfp_t flags) __assume_kmalloc_alignment __malloc;
void kmem_cache_free(struct kmem_cache *s, void *objp);
@@ -450,6 +451,7 @@ static __always_inline void kfree_bulk(s
}
#ifdef CONFIG_NUMA
+__alloc_size(1)
void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_slab_alignment __malloc;
void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t flags, int node)
__assume_slab_alignment __malloc;
@@ -574,6 +576,7 @@ static __always_inline void *kmalloc_lar
* Try really hard to succeed the allocation but fail
* eventually.
*/
+__alloc_size(1)
static __always_inline void *kmalloc(size_t size, gfp_t flags)
{
if (__builtin_constant_p(size)) {
@@ -596,6 +599,7 @@ static __always_inline void *kmalloc(siz
return __kmalloc(size, flags);
}
+__alloc_size(1)
static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
{
#ifndef CONFIG_SLOB
@@ -620,6 +624,7 @@ static __always_inline void *kmalloc_nod
* @size: element size.
* @flags: the type of memory to allocate (see kmalloc).
*/
+__alloc_size(1, 2)
static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
{
size_t bytes;
@@ -638,7 +643,7 @@ static inline void *kmalloc_array(size_t
* @new_size: new size of a single member of the array
* @flags: the type of memory to allocate (see kmalloc)
*/
-__must_check
+__must_check __alloc_size(2, 3)
static inline void *krealloc_array(void *p, size_t new_n, size_t new_size,
gfp_t flags)
{
@@ -656,6 +661,7 @@ static inline void *krealloc_array(void
* @size: element size.
* @flags: the type of memory to allocate (see kmalloc).
*/
+__alloc_size(1, 2)
static inline void *kcalloc(size_t n, size_t size, gfp_t flags)
{
return kmalloc_array(n, size, flags | __GFP_ZERO);
@@ -685,6 +691,7 @@ static inline void *kmalloc_array_node(s
return __kmalloc_node(bytes, flags, node);
}
+__alloc_size(1, 2)
static inline void *kcalloc_node(size_t n, size_t size, gfp_t flags, int node)
{
return kmalloc_array_node(n, size, flags | __GFP_ZERO, node);
@@ -718,6 +725,7 @@ static inline void *kmem_cache_zalloc(st
* @size: how many bytes of memory are required.
* @flags: the type of memory to allocate (see kmalloc).
*/
+__alloc_size(1)
static inline void *kzalloc(size_t size, gfp_t flags)
{
return kmalloc(size, flags | __GFP_ZERO);
@@ -729,25 +737,31 @@ static inline void *kzalloc(size_t size,
* @flags: the type of memory to allocate (see kmalloc).
* @node: memory node from which to allocate
*/
+__alloc_size(1)
static inline void *kzalloc_node(size_t size, gfp_t flags, int node)
{
return kmalloc_node(size, flags | __GFP_ZERO, node);
}
+__alloc_size(1)
extern void *kvmalloc_node(size_t size, gfp_t flags, int node);
+__alloc_size(1)
static inline void *kvmalloc(size_t size, gfp_t flags)
{
return kvmalloc_node(size, flags, NUMA_NO_NODE);
}
+__alloc_size(1)
static inline void *kvzalloc_node(size_t size, gfp_t flags, int node)
{
return kvmalloc_node(size, flags | __GFP_ZERO, node);
}
+__alloc_size(1)
static inline void *kvzalloc(size_t size, gfp_t flags)
{
return kvmalloc(size, flags | __GFP_ZERO);
}
+__alloc_size(1, 2)
static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags)
{
size_t bytes;
@@ -758,11 +772,13 @@ static inline void *kvmalloc_array(size_
return kvmalloc(bytes, flags);
}
+__alloc_size(1, 2)
static inline void *kvcalloc(size_t n, size_t size, gfp_t flags)
{
return kvmalloc_array(n, size, flags | __GFP_ZERO);
}
+__alloc_size(3)
extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize,
gfp_t flags);
extern void kvfree(const void *addr);
_
next prev parent reply other threads:[~2021-09-10 3:10 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-10 3:09 incoming Andrew Morton
2021-09-10 3:10 ` [patch 1/9] mm: move kvmalloc-related functions to slab.h Andrew Morton
2021-09-10 3:10 ` [patch 2/9] rapidio: avoid bogus __alloc_size warning Andrew Morton
2021-09-10 3:10 ` [patch 3/9] Compiler Attributes: add __alloc_size() for better bounds checking Andrew Morton
2021-09-10 3:10 ` [patch 4/9] checkpatch: add __alloc_size() to known $Attribute Andrew Morton
2021-09-10 3:10 ` [patch 5/9] slab: clean up function declarations Andrew Morton
2021-09-10 3:10 ` Andrew Morton [this message]
2021-09-10 3:10 ` [patch 7/9] mm/page_alloc: add __alloc_size attributes for better bounds checking Andrew Morton
2021-09-10 3:10 ` [patch 8/9] percpu: " Andrew Morton
2021-09-10 3:10 ` [patch 9/9] mm/vmalloc: " Andrew Morton
2021-09-10 17:23 ` Linus Torvalds
2021-09-10 18:43 ` Kees Cook
2021-09-10 19:17 ` Linus Torvalds
2021-09-10 19:32 ` Kees Cook
2021-09-10 19:49 ` Nick Desaulniers
2021-09-10 20:16 ` Linus Torvalds
2021-09-10 20:47 ` Kees Cook
2021-09-10 20:58 ` Nick Desaulniers
2021-09-10 21:07 ` Kees Cook
2021-09-11 5:29 ` Joe Perches
2021-09-21 23:37 ` Kees Cook
2021-09-21 23:45 ` Joe Perches
2021-09-22 2:25 ` function prototype element ordering Kees Cook
2021-09-22 4:24 ` Joe Perches
2021-09-24 19:43 ` Kees Cook
2021-09-22 7:24 ` Alexey Dobriyan
2021-09-22 8:51 ` Joe Perches
2021-09-22 10:45 ` Alexey Dobriyan
2021-09-22 11:19 ` Jani Nikula
2021-09-22 21:15 ` Linus Torvalds
2021-09-23 5:10 ` Joe Perches
2021-09-25 19:40 ` David Laight
2021-09-26 21:03 ` Linus Torvalds
2021-09-27 8:21 ` David Laight
2021-09-27 9:22 ` Willy Tarreau
2021-09-10 17:11 ` incoming Kees Cook
2021-09-10 20:13 ` incoming Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210910031036._znbALnV_%akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=apw@canonical.com \
--cc=cl@linux.com \
--cc=danielmicay@gmail.com \
--cc=dennis@kernel.org \
--cc=dwaipayanray1@gmail.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=joe@perches.com \
--cc=keescook@chromium.org \
--cc=linux-mm@kvack.org \
--cc=lukas.bulwahn@gmail.com \
--cc=mm-commits@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).