lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Thu, 30 Aug 2018 16:05:34 +0300
From:   Alexey Dobriyan <>
Subject: uNNw: wrapping integer annotations

LWN wrote:
> Marking places where unsigned overflow is expected is needed; it would be
> nice to get those annotations put into the kernel, Cook said.

Let's discuss the most important part -- naming :^)

In my opinion, signed universe should _not_ get anything before specific
examples are presented where the value is in fact can be negative and
can overflow.

As for size_t/uintptr_t/..., they can be added as usize_w Rust-style
or left until someone presents a usecase

--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -119,6 +119,18 @@ typedef s64			int64_t;
 #define aligned_be64		__aligned_be64
 #define aligned_le64		__aligned_le64
+#ifdef __CHECKER__	// change to sanitizer define
+#define __wrap __attribute__((whatever))
+#define __wrap
+/* wrapping is OK */
+typedef u8 __wrap u8w;
+typedef u16 __wrap u16w;
+typedef u32 __wrap u32w;
+typedef u64 __wrap u64w;
+typedef unsigned long __wrap unsigned_long_w;	// name sucks but consistently so
  * The type used for indexing onto a disc or disc partition.

Powered by blists - more mailing lists