On October 23, 2025 1:01:23 AM PDT, Peter Zijlstra <[email protected]> wrote:
>On Wed, Oct 22, 2025 at 05:47:43PM -0700, Kees Cook wrote:
>> On Tue, Oct 21, 2025 at 12:24:05PM -0700, Kees Cook wrote:
>> > On Tue, Oct 21, 2025 at 11:54:47AM +0200, Peter Zijlstra wrote:
>> > > > [...]
>> > > > Unfortunately, this annotation cannot be used for "void *" members
>> > > > (since such a member is considered a pointer to an incomplete type,
>> > > > and neither Clang nor GCC developers could be convinced otherwise[1],
>> > > > even in the face of the GNU extension that "void *" has size "1 byte"
>> > > > for pointer arithmetic). For "void *" members, we must use the coming
>> > > > "sized_by" attribute.
>> > >
>> > > So why do we need both __counted_by_ptr() and this __sized_by(), won't
>> > > one be good enough?
>> > [...]
>> > Let me take another stab at it...
>>
>> It seems this will be acceptable as long as it is gated by GNU
>> extensions.
>
>Excellent!
>
>> GCC patch in progress. Clang PR here:
>> https://github.com/llvm/llvm-project/pull/163698
>
>I think you've got your link mixed up, this appears to be arm-kcfi (also
>good ofc). Either that, or I need copy/paste lessons.
>
>This one?
>
> https://github.com/llvm/llvm-project/pull/164737
Whoops, yes, that's the one! Seems I'm the one needing those lessons. ;)
--
Kees Cook
