lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251128033830.331426-3-rafael.v.volkmer@gmail.com>
Date: Fri, 28 Nov 2025 00:38:30 -0300
From: "Rafael V. Volkmer" <rafael.v.volkmer@...il.com>
To: Kees Cook <kees@...nel.org>
Cc: "Gustavo A . R . Silva" <gustavoars@...nel.org>,
	linux-hardening@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	"Rafael V. Volkmer" <rafael.v.volkmer@...il.com>
Subject: [PATCH 2/2] overflow: add size_shl() helper for saturated left shifts

Introduce size_shl() as a sibling to size_mul(), size_add() and size_sub()
for the left-shift case. It computes value << shift with both operands
promoted to size_t and uses check_shl_overflow() to detect invalid or
overflowing shifts, returning SIZE_MAX on failure.

No functional change for existing callers; this only adds a new helper.

Signed-off-by: Rafael V. Volkmer <rafael.v.volkmer@...il.com>
---
 include/linux/overflow.h | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index ca8252e625d5..91d0b5b00a56 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -404,6 +404,25 @@ static inline size_t __must_check size_sub(size_t minuend, size_t subtrahend)
 	return bytes;
 }
 
+/**
+ * size_shl() - Calculate size_t left shift with saturation at SIZE_MAX
+ * @value: value to be shifted
+ * @shift: how many bits left to shift
+ *
+ * Returns: calculate @value << @shift, both promoted to size_t, with any
+ * overflow or invalid shift causing the return value to be SIZE_MAX. The
+ * lvalue must be size_t to avoid implicit type conversion.
+ */
+static inline size_t __must_check size_shl(size_t value, size_t shift)
+{
+	size_t out;
+
+	if (check_shl_overflow(value, shift, &out))
+		return SIZE_MAX;
+
+	return out;
+}
+
 /**
  * array_size() - Calculate size of 2-dimensional array.
  * @a: dimension one
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ