We already use __alloc_size and __realloc_size in <malloc.h>, so GCC can
warn about some types of memory safety issues at build-time.
Let's have the same for xfuncs.h as well and additionally specify
__returns_nonnull, so the compiler could provide better diagnostics.
Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
include/linux/compiler_types.h | 9 +++++++++
include/xfuncs.h | 25 +++++++++++++------------
scripts/include/linux/compiler.h | 9 +++++++++
3 files changed, 31 insertions(+), 12 deletions(-)
diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index d925b3da296d..e9205bb03e81 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -157,6 +157,12 @@ struct ftrace_likely_data {
# define __no_stack_protector
#endif
+#if __has_attribute(__returns_nonnull)
+#define __returns_nonnull __attribute__((__returns_nonnull__))
+#else
+#define __returns_nonnull
+#endif
+
#endif /* __KERNEL__ */
#endif /* __ASSEMBLY__ */
@@ -212,6 +218,9 @@ struct ftrace_likely_data {
# define __realloc_size(x, ...)
#endif
+# define __xalloc_size(args...) __returns_nonnull __alloc_size(args)
+# define __xrealloc_size(args...) __returns_nonnull __realloc_size(args)
+
/* Are two types/vars the same type (ignoring qualifiers)? */
#define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
diff --git a/include/xfuncs.h b/include/xfuncs.h
index a9132d378722..1db88c63a03d 100644
--- a/include/xfuncs.h
+++ b/include/xfuncs.h
@@ -3,21 +3,22 @@
#define __XFUNCS_H
#include <linux/types.h>
+#include <linux/compiler.h>
#include <stdarg.h>
#include <wchar.h>
-void *xmalloc(size_t size);
-void *xrealloc(void *ptr, size_t size);
-void *xzalloc(size_t size);
-char *xstrdup(const char *s);
-char *xstrndup(const char *s, size_t size);
-void* xmemalign(size_t alignment, size_t bytes);
-void* xmemdup(const void *orig, size_t size);
-char *xasprintf(const char *fmt, ...) __attribute__ ((format(__printf__, 1, 2)));
-char *xvasprintf(const char *fmt, va_list ap);
+void *xmalloc(size_t size) __xalloc_size(1);
+void *xrealloc(void *ptr, size_t size) __xrealloc_size(2);
+void *xzalloc(size_t size) __xalloc_size(1);
+char *xstrdup(const char *s) __returns_nonnull;
+char *xstrndup(const char *s, size_t size) __returns_nonnull;
+void* xmemalign(size_t alignment, size_t bytes) __xalloc_size(2);
+void* xmemdup(const void *orig, size_t size) __returns_nonnull;
+char *xasprintf(const char *fmt, ...) __attribute__ ((format(__printf__, 1, 2))) __returns_nonnull;
+char *xvasprintf(const char *fmt, va_list ap) __returns_nonnull;
-wchar_t *xstrdup_wchar(const wchar_t *src);
-wchar_t *xstrdup_char_to_wchar(const char *src);
-char *xstrdup_wchar_to_char(const wchar_t *src);
+wchar_t *xstrdup_wchar(const wchar_t *src) __returns_nonnull;
+wchar_t *xstrdup_char_to_wchar(const char *src) __returns_nonnull;
+char *xstrdup_wchar_to_char(const wchar_t *src) __returns_nonnull;
#endif /* __XFUNCS_H */
diff --git a/scripts/include/linux/compiler.h b/scripts/include/linux/compiler.h
index fa7208a32d76..780ccec21a3c 100644
--- a/scripts/include/linux/compiler.h
+++ b/scripts/include/linux/compiler.h
@@ -39,6 +39,15 @@
# define unlikely(x) __builtin_expect(!!(x), 0)
#endif
+#ifndef __returns_nonnull
+# define __returns_nonnull
+#endif
+
+# define __alloc_size(x, ...)
+# define __realloc_size(x, ...)
+# define __xalloc_size(args...) __returns_nonnull __alloc_size(args)
+# define __xrealloc_size(args...) __returns_nonnull __realloc_size(args)
+
#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
#include <linux/types.h>
--
2.39.2
