From: Kees Cook <keescook@chromium.org>
To: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
Marco Elver <elver@google.com>,
Eric Biggers <ebiggers@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
linux-hardening@vger.kernel.org,
"Gustavo A . R . Silva" <gustavoars@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 2/3] overflow: Introduce wrapping_add(), wrapping_sub(), and wrapping_mul()
Date: Wed, 7 Feb 2024 01:35:10 -0800 [thread overview]
Message-ID: <202402070134.53727173F@keescook> (raw)
In-Reply-To: <4bde6e72-c7f6-434d-9489-3a0de7804b18@embeddedor.com>
On Tue, Feb 06, 2024 at 10:54:06AM -0600, Gustavo A. R. Silva wrote:
>
>
> On 2/6/24 04:31, Kees Cook wrote:
> > Provide helpers that will perform wrapping addition, subtraction, or
> > multiplication without tripping the arithmetic wrap-around sanitizers. The
> > first argument is the type under which the wrap-around should happen
> > with. In other words, these two calls will get very different results:
> >
> > wrapping_mul(int, 50, 50) == 2500
> > wrapping_mul(u8, 50, 50) == 196
> >
> > Add to the selftests to validate behavior and lack of side-effects.
> >
> > Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
> > Cc: Marco Elver <elver@google.com>
> > Cc: Eric Biggers <ebiggers@kernel.org>
> > Cc: Mark Rutland <mark.rutland@arm.com>
> > Cc: linux-hardening@vger.kernel.org
> > Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> > include/linux/overflow.h | 54 ++++++++++++++++++++++++++++++++++++++++
> > lib/overflow_kunit.c | 24 +++++++++++++++---
> > 2 files changed, 74 insertions(+), 4 deletions(-)
> >
> > diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> > index 4e741ebb8005..429c4d61a940 100644
> > --- a/include/linux/overflow.h
> > +++ b/include/linux/overflow.h
> > @@ -64,6 +64,24 @@ static inline bool __must_check __must_check_overflow(bool overflow)
> > #define check_add_overflow(a, b, d) \
> > __must_check_overflow(__builtin_add_overflow(a, b, d))
> > +/**
> > + * wrapping_add() - Intentionally perform a wrapping addition
> > + * @type: type for result of calculation
> > + * @a: first addend
> > + * @b: second addend
> > + *
> > + * Return the potentially wrapped-around addition without
> > + * tripping any wrap-around sanitizers that may be enabled.
> > + */
> > +#define wrapping_add(type, a, b) \
> > + ({ \
> > + type __val; \
> > + if (__builtin_add_overflow(a, b, &__val)) { \
> > + /* do nothing */ \
> > + } \
> > + __val; \
>
> mmh... now that __builtin_*_overflow() is directly used, I guess
> we don't need to _check_ for overflow anymore.
/me slaps his forehead
Yes indeed! I will adjust it.
--
Kees Cook
next prev parent reply other threads:[~2024-02-07 9:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-06 10:31 [PATCH v4 0/3] overflow: Introduce wrapping helpers Kees Cook
2024-02-06 10:31 ` [PATCH v4 1/3] overflow: Adjust check_*_overflow() kern-doc to reflect results Kees Cook
2024-02-06 16:36 ` Gustavo A. R. Silva
2024-02-06 10:31 ` [PATCH v4 2/3] overflow: Introduce wrapping_add(), wrapping_sub(), and wrapping_mul() Kees Cook
2024-02-06 16:54 ` Gustavo A. R. Silva
2024-02-07 9:35 ` Kees Cook [this message]
2024-02-06 10:31 ` [PATCH v4 3/3] overflow: Introduce wrapping_inc() and wrapping_dec() Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202402070134.53727173F@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=ebiggers@kernel.org \
--cc=elver@google.com \
--cc=gustavo@embeddedor.com \
--cc=gustavoars@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=rasmus.villemoes@prevas.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.