Re: [GIT PULL] hardening updates for v6.5-rc1

From: Kees Cook
Date: Wed Jun 28 2023 - 12:30:18 EST

Next message: Konrad Dybcio: "[PATCH 0/4] Qualcomm REFGEN regulator"
Previous message: Konrad Dybcio: "[PATCH 1/4] dt-bindings: regulator: Describe Qualcomm REFGEN regulator"
In reply to: Christoph Hellwig: "Re: [GIT PULL] hardening updates for v6.5-rc1"
Next in thread: Christoph Hellwig: "Re: [GIT PULL] hardening updates for v6.5-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 27, 2023 at 11:20:05PM -0700, Christoph Hellwig wrote:
> On Tue, Jun 27, 2023 at 05:34:57PM -0700, Kees Cook wrote:
> > - The under-development compiler attribute __counted_by has been added
> > so that we can start annotating flexible array members with their
> > associated structure member that tracks the count of flexible array
> > elements at run-time. It is possible (likely?) that the exact syntax
> > of the attribute will change before it is finalized, but GCC and Clang
> > are working together to sort it out. Any changes can be made to the
> > macro while we continue to add annotations. As an example, I have a
> > treewide commit waiting with such annotations found via Coccinelle:
> > https://git.kernel.org/linus/adc5b3cb48a049563dc673f348eab7b6beba8a9b
> > See commit dd06e72e68bcb4070ef211be100d2896e236c8fb for more details.
>
> So I've been following the discussion of that feature for clang and
> I can't wait to actually be able to use it.

Me too! :)

> But this feels a bit premature to me, not only due to the ongoing
> discussions on the syntax, but more importantly because I fear it

I was on the fence about this too, and in the end, I decided that any
syntax changes are going to be mostly mechanical, and in the meantime
we needed a way to capture the associations. This has been a pain point
for years as we've been doing flexible array conversions, since when
doing the work it usually becomes clear which struct member is tracking
the element count, but that information couldn't be reliably recorded
anywhere. Now we can include the annotation (which is the really important
part). If/when the exact syntax changes, we can either adjust the macro,
or at worst we can easily do a tree-wide change. But I really want to
start capturing the associations _now_, and get us all into the habit
of doing it, and I want it to be through some kind of regular syntax
(now that there are patches to both GCC and Clang that can validate the
results), not just comments.

> will be completely misued before we have a compiler actually supporting
> available widely enough that we have it in the usual test bots.

How do you see it being misused? Your mention of the test bots, I think,
means you're worried the annotations will go unchecked for valid syntax?
FWIW, I've got builders with the GCC and Clang patches that should catch
this.

--
Kees Cook

Next message: Konrad Dybcio: "[PATCH 0/4] Qualcomm REFGEN regulator"
Previous message: Konrad Dybcio: "[PATCH 1/4] dt-bindings: regulator: Describe Qualcomm REFGEN regulator"
In reply to: Christoph Hellwig: "Re: [GIT PULL] hardening updates for v6.5-rc1"
Next in thread: Christoph Hellwig: "Re: [GIT PULL] hardening updates for v6.5-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]