Kees Cook keescook@chromium.org writes:
On Wed, Sep 28, 2022 at 09:26:15AM +0200, Geert Uytterhoeven wrote:
On Fri, Sep 23, 2022 at 10:35 PM Kees Cook keescook@chromium.org wrote:
The __malloc attribute should not be applied to "realloc" functions, as the returned pointer may alias the storage of the prior pointer. Instead of splitting __malloc from __alloc_size, which would be a huge amount of churn, just create __realloc_size for the few cases where it is needed.
Additionally removes the conditional test for __alloc_size__, which is always defined now.
Cc: Christoph Lameter cl@linux.com Cc: Pekka Enberg penberg@kernel.org Cc: David Rientjes rientjes@google.com Cc: Joonsoo Kim iamjoonsoo.kim@lge.com Cc: Andrew Morton akpm@linux-foundation.org Cc: Vlastimil Babka vbabka@suse.cz Cc: Roman Gushchin roman.gushchin@linux.dev Cc: Hyeonggon Yoo 42.hyeyoo@gmail.com Cc: Marco Elver elver@google.com Cc: linux-mm@kvack.org Signed-off-by: Kees Cook keescook@chromium.org
Thanks for your patch, which is now commit 63caa04ec60583b1 ("slab: Remove __malloc attribute from realloc functions") in next-20220927.
Noreply@ellerman.id.au reported all gcc8-based builds to fail (e.g. [1], more at [2]):
In file included from <command-line>: ./include/linux/percpu.h: In function ‘__alloc_reserved_percpu’: ././include/linux/compiler_types.h:279:30: error: expecteddeclaration specifiers before ‘__alloc_size__’ #define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc ^~~~~~~~~~~~~~ ./include/linux/percpu.h:120:74: note: in expansion of macro ‘__alloc_size’ [...]
It's building fine with e.g. gcc-9 (which is my usual m68k cross-compiler). Reverting this commit on next-20220927 fixes the issue.
[1] http://kisskb.ellerman.id.au/kisskb/buildresult/14803908/ [2] http://kisskb.ellerman.id.au/kisskb/head/1bd8b75fe6adeaa89d02968bdd811ffe708...
Eek! Thanks for letting me know. I'm confused about this -- __alloc_size__ wasn't optional in compiler_attributes.h -- but obviously I broke something! I'll go figure this out.
This fixes it for me.
cheers
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index f141a6f6b9f6..0717534f8364 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -275,8 +275,13 @@ struct ftrace_likely_data { * be performing a _reallocation_, as that may alias the existing pointer. * For these, use __realloc_size(). */ -#define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc -#define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) +#ifdef __alloc_size__ +# define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc +# define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) +#else +# define __alloc_size(x, ...) __malloc +# define __realloc_size(x, ...) +#endif
#ifndef asm_volatile_goto #define asm_volatile_goto(x...) asm goto(x)