| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jan 2024 21:08:43 +0100 From: Rasmus Villemoes <rasmus.villemoes@...vas.dk> To: Kees Cook <keescook@...omium.org> Cc: Mark Rutland <mark.rutland@....com>, linux-hardening@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, Miguel Ojeda <ojeda@...nel.org>, Marco Elver <elver@...gle.com>, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH 4/5] overflow: Introduce add_wrap(), sub_wrap(), and mul_wrap() On 29/01/2024 19.34, Kees Cook wrote: > Provide helpers that will perform wrapping addition, subtraction, or > multiplication without tripping the arithmetic wrap-around sanitizers. The > first argument is the type under which the wrap-around should happen > with. In other words, these two calls will get very different results: > > add_wrap(int, 50, 50) == 2500 > add_wrap(u8, 50, 50) == 196 s/add/mul/g I suppose. > Cc: Rasmus Villemoes <rasmus.villemoes@...vas.dk> > Cc: Mark Rutland <mark.rutland@....com> > Cc: linux-hardening@...r.kernel.org > Signed-off-by: Kees Cook <keescook@...omium.org> > --- > include/linux/overflow.h | 54 ++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 54 insertions(+) > > diff --git a/include/linux/overflow.h b/include/linux/overflow.h > index 3c46c648d2e8..4f945e9e7881 100644 > --- a/include/linux/overflow.h > +++ b/include/linux/overflow.h > @@ -120,6 +120,24 @@ static inline bool __must_check __must_check_overflow(bool overflow) > check_add_overflow(var, offset, &__result); \ > })) > > +/** > + * add_wrap() - Intentionally perform a wrapping addition > + * @type: type to check overflow against Well, nothing is "checked", so why not just say "type of result"? > > +/** > + * sub_wrap() - Intentionally perform a wrapping subtraction > + * @type: type to check underflow against The terminology becomes muddy, is (INT_MAX) - (-1) an underflow or overflow? Anyway, see above. > > +/** > + * mul_wrap() - Intentionally perform a wrapping multiplication > + * @type: type to check underflow against And here there's definitely a copy-pasto. The code itself looks fine. Rasmus
Powered by blists - more mailing lists