lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8dead2fb-d522-492b-89f2-1358198c1cdf@prevas.dk>
Date: Mon, 29 Jan 2024 21:08:43 +0100
From: Rasmus Villemoes <rasmus.villemoes@...vas.dk>
To: Kees Cook <keescook@...omium.org>
Cc: Mark Rutland <mark.rutland@....com>, linux-hardening@...r.kernel.org,
 "Gustavo A. R. Silva" <gustavoars@...nel.org>,
 Nathan Chancellor <nathan@...nel.org>, Bill Wendling <morbo@...gle.com>,
 Justin Stitt <justinstitt@...gle.com>, Miguel Ojeda <ojeda@...nel.org>,
 Marco Elver <elver@...gle.com>, linux-kernel@...r.kernel.org,
 llvm@...ts.linux.dev
Subject: Re: [PATCH 4/5] overflow: Introduce add_wrap(), sub_wrap(), and
 mul_wrap()

On 29/01/2024 19.34, Kees Cook wrote:
> Provide helpers that will perform wrapping addition, subtraction, or
> multiplication without tripping the arithmetic wrap-around sanitizers. The
> first argument is the type under which the wrap-around should happen
> with. In other words, these two calls will get very different results:
> 
> 	add_wrap(int, 50, 50) == 2500
> 	add_wrap(u8,  50, 50) ==  196

s/add/mul/g I suppose.


> Cc: Rasmus Villemoes <rasmus.villemoes@...vas.dk>
> Cc: Mark Rutland <mark.rutland@....com>
> Cc: linux-hardening@...r.kernel.org
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
>  include/linux/overflow.h | 54 ++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 54 insertions(+)
> 
> diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> index 3c46c648d2e8..4f945e9e7881 100644
> --- a/include/linux/overflow.h
> +++ b/include/linux/overflow.h
> @@ -120,6 +120,24 @@ static inline bool __must_check __must_check_overflow(bool overflow)
>  		check_add_overflow(var, offset, &__result);	\
>  	}))
>  
> +/**
> + * add_wrap() - Intentionally perform a wrapping addition
> + * @type: type to check overflow against

Well, nothing is "checked", so why not just say "type of result"?

>  
> +/**
> + * sub_wrap() - Intentionally perform a wrapping subtraction
> + * @type: type to check underflow against

The terminology becomes muddy, is (INT_MAX) - (-1) an underflow or
overflow? Anyway, see above.

>  
> +/**
> + * mul_wrap() - Intentionally perform a wrapping multiplication
> + * @type: type to check underflow against

And here there's definitely a copy-pasto.

The code itself looks fine.

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ