Re: [PATCH v2 01/16] slab: Remove __malloc attribute from realloc functions
From: Michael Ellerman
Date: Thu Sep 29 2022 - 04:36:38 EST
Kees Cook <keescook@xxxxxxxxxxxx> writes:
> On Wed, Sep 28, 2022 at 09:26:15AM +0200, Geert Uytterhoeven wrote:
>> On Fri, Sep 23, 2022 at 10:35 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>> > The __malloc attribute should not be applied to "realloc" functions, as
>> > the returned pointer may alias the storage of the prior pointer. Instead
>> > of splitting __malloc from __alloc_size, which would be a huge amount of
>> > churn, just create __realloc_size for the few cases where it is needed.
>> >
>> > Additionally removes the conditional test for __alloc_size__, which is
>> > always defined now.
>> >
>> > Cc: Christoph Lameter <cl@xxxxxxxxx>
>> > Cc: Pekka Enberg <penberg@xxxxxxxxxx>
>> > Cc: David Rientjes <rientjes@xxxxxxxxxx>
>> > Cc: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
>> > Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
>> > Cc: Vlastimil Babka <vbabka@xxxxxxx>
>> > Cc: Roman Gushchin <roman.gushchin@xxxxxxxxx>
>> > Cc: Hyeonggon Yoo <42.hyeyoo@xxxxxxxxx>
>> > Cc: Marco Elver <elver@xxxxxxxxxx>
>> > Cc: linux-mm@xxxxxxxxx
>> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
>>
>> Thanks for your patch, which is now commit 63caa04ec60583b1 ("slab:
>> Remove __malloc attribute from realloc functions") in next-20220927.
>>
>> Noreply@xxxxxxxxxxxxxx reported all gcc8-based builds to fail
>> (e.g. [1], more at [2]):
>>
>> In file included from <command-line>:
>> ./include/linux/percpu.h: In function ‘__alloc_reserved_percpu’:
>> ././include/linux/compiler_types.h:279:30: error: expected
>> declaration specifiers before ‘__alloc_size__’
>> #define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
>> ^~~~~~~~~~~~~~
>> ./include/linux/percpu.h:120:74: note: in expansion of macro ‘__alloc_size’
>> [...]
>>
>> It's building fine with e.g. gcc-9 (which is my usual m68k cross-compiler).
>> Reverting this commit on next-20220927 fixes the issue.
>>
>> [1] http://kisskb.ellerman.id.au/kisskb/buildresult/14803908/
>> [2] http://kisskb.ellerman.id.au/kisskb/head/1bd8b75fe6adeaa89d02968bdd811ffe708cf839/
>
> Eek! Thanks for letting me know. I'm confused about this --
> __alloc_size__ wasn't optional in compiler_attributes.h -- but obviously
> I broke something! I'll go figure this out.
This fixes it for me.
cheers
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index f141a6f6b9f6..0717534f8364 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -275,8 +275,13 @@ struct ftrace_likely_data {
* be performing a _reallocation_, as that may alias the existing pointer.
* For these, use __realloc_size().
*/
-#define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
-#define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__)
+#ifdef __alloc_size__
+# define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
+# define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__)
+#else
+# define __alloc_size(x, ...) __malloc
+# define __realloc_size(x, ...)
+#endif
#ifndef asm_volatile_goto
#define asm_volatile_goto(x...) asm goto(x)