lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 13 May 2024 17:04:43 +0200
From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Boqun Feng <boqun.feng@...il.com>, Miguel Ojeda <ojeda@...nel.org>, 
	John Stultz <jstultz@...gle.com>, Stephen Boyd <sboyd@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Gary Guo <gary@...yguo.net>, 
	bjorn3_gh@...tonmail.com, Benno Lossin <benno.lossin@...ton.me>, 
	Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>, 
	rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Kees Cook <keescook@...omium.org>, Mara Bos <m-ou.se@...u.se>, 
	"Amanieu d'Antras" <amanieu@...il.com>
Subject: Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()

On Thu, May 9, 2024 at 2:14 PM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> In principle ktime_sub() should not overflow for regular use cases.
>
> If the binder example overflows the substraction, then something is
> seriously wrong. Though in that case as it's only for debug purposes
> panicing would be totally counter productive. A warning might be
> appropriate though.

Thanks for the clarification Thomas.

Alice and I pinged about this in the RustNL Unconf, i.e. about having
a way to customize what happens on integer overflow (and, in general,
other panics too), which I had in:

    https://github.com/Rust-for-Linux/linux/issues/354

e.g. like UBSan that allows a "report and continue" option.

We chatted with Mara and Amanieu, who were receptive. In particular,
Mara posted right away:

    https://github.com/rust-lang/rfcs/pull/3632

as a possible first step to eventually have that ability, mentioning
Rust for Linux as a user.

If we get the ability to customize those, then this could simply be a
normal arithmetic operation, i.e. like any other. That is, considered
to be a bug if it overflows.

Meanwhile, one alternative is going with Boqun's approach, but I would
just use the standard operator (i.e. what we do elsewhere) and try to
get the customization happen as soon as possible since we will need it
for everything else (plus we avoid to make the code uglier with
changes that we will need to revert anyway; and it also allows us to
easily test any new customization feature from the compiler/library).

Cheers,
Miguel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ