| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180830130534.GA31044@avx2> Date: Thu, 30 Aug 2018 16:05:34 +0300 From: Alexey Dobriyan <adobriyan@...il.com> To: keescook@...omium.org Cc: linux-kernel@...r.kernel.org Subject: uNNw: wrapping integer annotations LWN wrote: > Marking places where unsigned overflow is expected is needed; it would be > nice to get those annotations put into the kernel, Cook said. Let's discuss the most important part -- naming :^) In my opinion, signed universe should _not_ get anything before specific examples are presented where the value is in fact can be negative and can overflow. As for size_t/uintptr_t/..., they can be added as usize_w Rust-style or left until someone presents a usecase --- a/include/linux/types.h +++ b/include/linux/types.h @@ -119,6 +119,18 @@ typedef s64 int64_t; #define aligned_be64 __aligned_be64 #define aligned_le64 __aligned_le64 +#ifdef __CHECKER__ // change to sanitizer define +#define __wrap __attribute__((whatever)) +#else +#define __wrap +#endif +/* wrapping is OK */ +typedef u8 __wrap u8w; +typedef u16 __wrap u16w; +typedef u32 __wrap u32w; +typedef u64 __wrap u64w; +typedef unsigned long __wrap unsigned_long_w; // name sucks but consistently so + /** * The type used for indexing onto a disc or disc partition. *
Powered by blists - more mailing lists