Re: [PATCH v2 01/16] slab: Remove __malloc attribute from realloc functions
From: Geert Uytterhoeven
Date: Thu Sep 29 2022 - 05:01:01 EST
Hi Michael,
On Thu, Sep 29, 2022 at 10:36 AM Michael Ellerman <mpe@xxxxxxxxxxxxxx> wrote:
> Kees Cook <keescook@xxxxxxxxxxxx> writes:
> > On Wed, Sep 28, 2022 at 09:26:15AM +0200, Geert Uytterhoeven wrote:
> >> On Fri, Sep 23, 2022 at 10:35 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >> > The __malloc attribute should not be applied to "realloc" functions, as
> >> > the returned pointer may alias the storage of the prior pointer. Instead
> >> > of splitting __malloc from __alloc_size, which would be a huge amount of
> >> > churn, just create __realloc_size for the few cases where it is needed.
> >> >
> >> > Additionally removes the conditional test for __alloc_size__, which is
> >> > always defined now.
> >> >
> >> > Cc: Christoph Lameter <cl@xxxxxxxxx>
> >> > Cc: Pekka Enberg <penberg@xxxxxxxxxx>
> >> > Cc: David Rientjes <rientjes@xxxxxxxxxx>
> >> > Cc: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
> >> > Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> >> > Cc: Vlastimil Babka <vbabka@xxxxxxx>
> >> > Cc: Roman Gushchin <roman.gushchin@xxxxxxxxx>
> >> > Cc: Hyeonggon Yoo <42.hyeyoo@xxxxxxxxx>
> >> > Cc: Marco Elver <elver@xxxxxxxxxx>
> >> > Cc: linux-mm@xxxxxxxxx
> >> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> >>
> >> Thanks for your patch, which is now commit 63caa04ec60583b1 ("slab:
> >> Remove __malloc attribute from realloc functions") in next-20220927.
> >>
> >> Noreply@xxxxxxxxxxxxxx reported all gcc8-based builds to fail
> >> (e.g. [1], more at [2]):
> >>
> >> In file included from <command-line>:
> >> ./include/linux/percpu.h: In function ‘__alloc_reserved_percpu’:
> >> ././include/linux/compiler_types.h:279:30: error: expected
> >> declaration specifiers before ‘__alloc_size__’
> >> #define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
> >> ^~~~~~~~~~~~~~
> >> ./include/linux/percpu.h:120:74: note: in expansion of macro ‘__alloc_size’
> >> [...]
> >>
> >> It's building fine with e.g. gcc-9 (which is my usual m68k cross-compiler).
> >> Reverting this commit on next-20220927 fixes the issue.
> >>
> >> [1] http://kisskb.ellerman.id.au/kisskb/buildresult/14803908/
> >> [2] http://kisskb.ellerman.id.au/kisskb/head/1bd8b75fe6adeaa89d02968bdd811ffe708cf839/
> >
> > Eek! Thanks for letting me know. I'm confused about this --
> > __alloc_size__ wasn't optional in compiler_attributes.h -- but obviously
> > I broke something! I'll go figure this out.
>
> This fixes it for me.
Kees submitted a similar patch 20 minutes before:
https://lore.kernel.org/all/20220929081642.1932200-1-keescook@xxxxxxxxxxxx
> --- a/include/linux/compiler_types.h
> +++ b/include/linux/compiler_types.h
> @@ -275,8 +275,13 @@ struct ftrace_likely_data {
> * be performing a _reallocation_, as that may alias the existing pointer.
> * For these, use __realloc_size().
> */
> -#define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
> -#define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__)
> +#ifdef __alloc_size__
> +# define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
> +# define __realloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__)
> +#else
> +# define __alloc_size(x, ...) __malloc
> +# define __realloc_size(x, ...)
> +#endif
>
> #ifndef asm_volatile_goto
> #define asm_volatile_goto(x...) asm goto(x)
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds