Re: [PATCH v2 01/16] slab: Remove __malloc attribute from realloc functions

Wed, 28 Sep 2022 14:41:01 -0700 

On 9/28/22 19:13, Kees Cook wrote:

On Wed, Sep 28, 2022 at 09:26:15AM +0200, Geert Uytterhoeven wrote:

Hi Kees,

On Fri, Sep 23, 2022 at 10:35 PM Kees Cook <keesc...@chromium.org> wrote:

The __malloc attribute should not be applied to "realloc" functions, as
the returned pointer may alias the storage of the prior pointer. Instead
of splitting __malloc from __alloc_size, which would be a huge amount of
churn, just create __realloc_size for the few cases where it is needed.

Additionally removes the conditional test for __alloc_size__, which is
always defined now.

Cc: Christoph Lameter <c...@linux.com>
Cc: Pekka Enberg <penb...@kernel.org>
Cc: David Rientjes <rient...@google.com>
Cc: Joonsoo Kim <iamjoonsoo....@lge.com>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: Vlastimil Babka <vba...@suse.cz>
Cc: Roman Gushchin <roman.gushc...@linux.dev>
Cc: Hyeonggon Yoo <42.hye...@gmail.com>
Cc: Marco Elver <el...@google.com>
Cc: linux...@kvack.org
Signed-off-by: Kees Cook <keesc...@chromium.org>


Thanks for your patch, which is now commit 63caa04ec60583b1 ("slab:
Remove __malloc attribute from realloc functions") in next-20220927.

nore...@ellerman.id.au reported all gcc8-based builds to fail
(e.g. [1], more at [2]):

     In file included from <command-line>:
     ./include/linux/percpu.h: In function ‘__alloc_reserved_percpu’:
     ././include/linux/compiler_types.h:279:30: error: expected
declaration specifiers before ‘__alloc_size__’
      #define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
                                   ^~~~~~~~~~~~~~
     ./include/linux/percpu.h:120:74: note: in expansion of macro ‘__alloc_size’
     [...]

It's building fine with e.g. gcc-9 (which is my usual m68k cross-compiler).
Reverting this commit on next-20220927 fixes the issue.

[1] http://kisskb.ellerman.id.au/kisskb/buildresult/14803908/
[2] 
http://kisskb.ellerman.id.au/kisskb/head/1bd8b75fe6adeaa89d02968bdd811ffe708cf839/


Eek! Thanks for letting me know. I'm confused about this --
__alloc_size__ wasn't optional in compiler_attributes.h -- but obviously
I broke something! I'll go figure this out.


Even in latest next I can see at the end of include/linux/compiler-gcc.h

/*
 * Prior to 9.1, -Wno-alloc-size-larger-than (and therefore the "alloc_size"
 * attribute) do not work, and must be disabled.
 */
#if GCC_VERSION < 90100
#undef __alloc_size__
#endif




-Kees

Reply via email to