Commit f06e108a authored by Jan Hendrik Farr's avatar Jan Hendrik Farr Committed by Kees Cook
Browse files

Compiler Attributes: disable __counted_by for clang < 19.1.3 

This patch disables __counted_by for clang versions < 19.1.3 because
of the two issues listed below. It does this by introducing
CONFIG_CC_HAS_COUNTED_BY.

1. clang < 19.1.2 has a bug that can lead to __bdos returning 0:
https://github.com/llvm/llvm-project/pull/110497

2. clang < 19.1.3 has a bug that can lead to __bdos being off by 4:
https://github.com/llvm/llvm-project/pull/112636



Fixes: c8248faf ("Compiler Attributes: counted_by: Adjust name and identifier expansion")
Cc: stable@vger.kernel.org # 6.6.x: 16c31dd7: Compiler Attributes: counted_by: bump min gcc version
Cc: stable@vger.kernel.org # 6.6.x: 2993eb7a: Compiler Attributes: counted_by: fixup clang URL
Cc: stable@vger.kernel.org # 6.6.x: 231dc3f0: lkdtm/bugs: Improve warning message for compilers without counted_by support
Cc: stable@vger.kernel.org # 6.6.x
Reported-by: default avatarNathan Chancellor <nathan@kernel.org>
Closes: https://lore.kernel.org/all/20240913164630.GA4091534@thelio-3990X/


Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202409260949.a1254989-oliver.sang@intel.com
Link: https://lore.kernel.org/all/Zw8iawAF5W2uzGuh@archlinux/T/#m204c09f63c076586a02d194b87dffc7e81b8de7b


Suggested-by: default avatarNathan Chancellor <nathan@kernel.org>
Signed-off-by: default avatarJan Hendrik Farr <kernel@jfarr.cc>
Reviewed-by: default avatarNathan Chancellor <nathan@kernel.org>
Tested-by: default avatarNathan Chancellor <nathan@kernel.org>
Reviewed-by: default avatarMiguel Ojeda <ojeda@kernel.org>
Reviewed-by: default avatarThorsten Blum <thorsten.blum@linux.dev>
Link: https://lore.kernel.org/r/20241029140036.577804-2-kernel@jfarr.cc


Signed-off-by: default avatarKees Cook <kees@kernel.org>
parent d7a516c6

drivers/misc/lkdtm/bugs.c

+1 −1
Original line number Diff line number Diff line
@@ -445,7 +445,7 @@ static void lkdtm_FAM_BOUNDS(void) 


	pr_err("FAIL: survived access of invalid flexible array member index!\n");



	if (!__has_attribute(__counted_by__))

	if (!IS_ENABLED(CONFIG_CC_HAS_COUNTED_BY))

		pr_warn("This is expected since this %s was built with a compiler that does not support __counted_by\n",

			lkdtm_kernel_info);

	else if (IS_ENABLED(CONFIG_UBSAN_BOUNDS))

include/linux/compiler_attributes.h

+0 −13
Original line number Diff line number Diff line
@@ -94,19 +94,6 @@ 
# define __copy(symbol)

#endif



/*

 * Optional: only supported since gcc >= 15

 * Optional: only supported since clang >= 18

 *

 *   gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896

 * clang: https://github.com/llvm/llvm-project/pull/76348

 */

#if __has_attribute(__counted_by__)

# define __counted_by(member)		__attribute__((__counted_by__(member)))

#else

# define __counted_by(member)

#endif



/*

 * Optional: not supported by gcc

 * Optional: only supported since clang >= 14.0

include/linux/compiler_types.h

+19 −0
Original line number Diff line number Diff line
@@ -323,6 +323,25 @@ struct ftrace_likely_data { 
#define __no_sanitize_or_inline __always_inline

#endif



/*

 * Optional: only supported since gcc >= 15

 * Optional: only supported since clang >= 18

 *

 *   gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896

 * clang: https://github.com/llvm/llvm-project/pull/76348

 *

 * __bdos on clang < 19.1.2 can erroneously return 0:

 * https://github.com/llvm/llvm-project/pull/110497

 *

 * __bdos on clang < 19.1.3 can be off by 4:

 * https://github.com/llvm/llvm-project/pull/112636

 */

#ifdef CONFIG_CC_HAS_COUNTED_BY

# define __counted_by(member)		__attribute__((__counted_by__(member)))

#else

# define __counted_by(member)

#endif



/*

 * Apply __counted_by() when the Endianness matches to increase test coverage.

 */

init/Kconfig

+9 −0
Original line number Diff line number Diff line
@@ -116,6 +116,15 @@ config CC_HAS_ASM_INLINE 
config CC_HAS_NO_PROFILE_FN_ATTR

	def_bool $(success,echo '__attribute__((no_profile_instrument_function)) int x();' | $(CC) -x c - -c -o /dev/null -Werror)



config CC_HAS_COUNTED_BY

	# TODO: when gcc 15 is released remove the build test and add

	# a gcc version check

	def_bool $(success,echo 'struct flex { int count; int array[] __attribute__((__counted_by__(count))); };' | $(CC) $(CLANG_FLAGS) -x c - -c -o /dev/null -Werror)

	# clang needs to be at least 19.1.3 to avoid __bdos miscalculations

	# https://github.com/llvm/llvm-project/pull/110497

	# https://github.com/llvm/llvm-project/pull/112636

	depends on !(CC_IS_CLANG && CLANG_VERSION < 190103)



config PAHOLE_VERSION

	int

	default $(shell,$(srctree)/scripts/pahole-version.sh $(PAHOLE))

lib/overflow_kunit.c

+1 −1
Original line number Diff line number Diff line
@@ -1187,7 +1187,7 @@ static void DEFINE_FLEX_test(struct kunit *test) 
{

	/* Using _RAW_ on a __counted_by struct will initialize "counter" to zero */

	DEFINE_RAW_FLEX(struct foo, two_but_zero, array, 2);

#if __has_attribute(__counted_by__)

#ifdef CONFIG_CC_HAS_COUNTED_BY

	int expected_raw_size = sizeof(struct foo);

#else

	int expected_raw_size = sizeof(struct foo) + 2 * sizeof(s16);