With skbuff's post-allocation use of ksize() rearranged to use kmalloc_size_round() prior to allocation, the compiler can correctly reason about the size of these allocations. The prior mismatch had caused buffer overflow mitigations to erroneously fire under CONFIG_UBSAN_BOUNDS, requiring a partial revert of the __alloc_size attributes. Restore the attribute that had been removed in commit 93dd04ab0b2b ("slab: remove __alloc_size attribute from __kmalloc_track_caller").
Cc: Christoph Lameter cl@linux.com Cc: Pekka Enberg penberg@kernel.org Cc: David Rientjes rientjes@google.com Cc: Joonsoo Kim iamjoonsoo.kim@lge.com Cc: Andrew Morton akpm@linux-foundation.org Cc: Vlastimil Babka vbabka@suse.cz Cc: Roman Gushchin roman.gushchin@linux.dev Cc: Hyeonggon Yoo 42.hyeyoo@gmail.com Cc: linux-mm@kvack.org Signed-off-by: Kees Cook keescook@chromium.org --- include/linux/slab.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/slab.h b/include/linux/slab.h index 727640173568..297b85ed2c29 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -693,7 +693,8 @@ static inline __alloc_size(1, 2) void *kcalloc(size_t n, size_t size, gfp_t flag * allocator where we care about the real place the memory allocation * request comes from. */ -extern void *__kmalloc_track_caller(size_t size, gfp_t flags, unsigned long caller); +extern void *__kmalloc_track_caller(size_t size, gfp_t flags, unsigned long caller) + __alloc_size(1); #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_)