[PATCH v2 01/16] slab: Remove __malloc attribute from realloc functions

Vlastimil Babka vbabka at suse.cz
Wed Sep 28 21:39:06 UTC 2022 

On 9/28/22 19:13, Kees Cook wrote:
> On Wed, Sep 28, 2022 at 09:26:15AM +0200, Geert Uytterhoeven wrote:
>> Hi Kees,
>>
>> On Fri, Sep 23, 2022 at 10:35 PM Kees Cook <keescook at chromium.org> wrote:
>>> The __malloc attribute should not be applied to "realloc" functions, as
>>> the returned pointer may alias the storage of the prior pointer. Instead
>>> of splitting __malloc from __alloc_size, which would be a huge amount of
>>> churn, just create __realloc_size for the few cases where it is needed.
>>>
>>> Additionally removes the conditional test for __alloc_size__, which is
>>> always defined now.
>>>
>>> Cc: Christoph Lameter <cl at linux.com>
>>> Cc: Pekka Enberg <penberg at kernel.org>
>>> Cc: David Rientjes <rientjes at google.com>
>>> Cc: Joonsoo Kim <iamjoonsoo.kim at lge.com>
>>> Cc: Andrew Morton <akpm at linux-foundation.org>
>>> Cc: Vlastimil Babka <vbabka at suse.cz>
>>> Cc: Roman Gushchin <roman.gushchin at linux.dev>
>>> Cc: Hyeonggon Yoo <42.hyeyoo at gmail.com>
>>> Cc: Marco Elver <elver at google.com>
>>> Cc: linux-mm at kvack.org
>>> Signed-off-by: Kees Cook <keescook at chromium.org>
>>
>> Thanks for your patch, which is now commit 63caa04ec60583b1 ("slab:
>> Remove __malloc attribute from realloc functions") in next-20220927.
>>
>> Noreply at ellerman.id.au reported all gcc8-based builds to fail
>> (e.g. [1], more at [2]):
>>
>>      In file included from <command-line>:
>>      ./include/linux/percpu.h: In function ‘__alloc_reserved_percpu’:
>>      ././include/linux/compiler_types.h:279:30: error: expected
>> declaration specifiers before ‘__alloc_size__’
>>       #define __alloc_size(x, ...) __alloc_size__(x, ## __VA_ARGS__) __malloc
>>                                    ^~~~~~~~~~~~~~
>>      ./include/linux/percpu.h:120:74: note: in expansion of macro ‘__alloc_size’
>>      [...]
>>
>> It's building fine with e.g. gcc-9 (which is my usual m68k cross-compiler).
>> Reverting this commit on next-20220927 fixes the issue.
>>
>> [1] http://kisskb.ellerman.id.au/kisskb/buildresult/14803908/
>> [2] http://kisskb.ellerman.id.au/kisskb/head/1bd8b75fe6adeaa89d02968bdd811ffe708cf839/
> 
> Eek! Thanks for letting me know. I'm confused about this --
> __alloc_size__ wasn't optional in compiler_attributes.h -- but obviously
> I broke something! I'll go figure this out.

Even in latest next I can see at the end of include/linux/compiler-gcc.h

/*
  * Prior to 9.1, -Wno-alloc-size-larger-than (and therefore the "alloc_size"
  * attribute) do not work, and must be disabled.
  */
#if GCC_VERSION < 90100
#undef __alloc_size__
#endif



> -Kees
>

More information about the dri-devel mailing list