All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kees Cook <kees@kernel.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
	"Justin Stitt" <justinstitt@google.com>,
	"Miguel Ojeda" <ojeda@kernel.org>,
	"Nathan Chancellor" <nathan@kernel.org>,
	"Andrew Morton" <akpm@linux-foundation.org>,
	"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
	"Arnd Bergmann" <arnd@arndb.de>,
	"Mark Rutland" <mark.rutland@arm.com>,
	"Matthew Wilcox (Oracle)" <willy@infradead.org>,
	"Suren Baghdasaryan" <surenb@google.com>,
	"Thomas Gleixner" <tglx@kernel.org>,
	"Finn Thain" <fthain@linux-m68k.org>,
	"Geert Uytterhoeven" <geert+renesas@glider.be>,
	"Thomas Weißschuh" <thomas.weissschuh@linutronix.de>,
	llvm@lists.linux.dev, "Marco Elver" <elver@google.com>,
	"Jonathan Corbet" <corbet@lwn.net>,
	"Nicolas Schier" <nsc@kernel.org>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
	linux-hardening@vger.kernel.org, linux-doc@vger.kernel.org,
	linux-kbuild@vger.kernel.org
Subject: Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types
Date: Wed, 1 Apr 2026 14:41:00 -0700	[thread overview]
Message-ID: <202604011438.E5D2335@keescook> (raw)
In-Reply-To: <20260401093820.GX3738786@noisy.programming.kicks-ass.net>

On Wed, Apr 01, 2026 at 11:38:20AM +0200, Peter Zijlstra wrote:
> On Tue, Mar 31, 2026 at 01:31:16PM -0700, Kees Cook wrote:
> 
> > int func()
> > {
> > 	...
> > 	u8 __ob_trap product = 5;
> > 	...
> > 	product = a * b; // if store is truncated, goto __overflow
> > 	...
> > 	return product;
> > 
> > __overflow:
> > 	pr_info("%u\n", product); // shows "5"
> > 	return -1;
> > }
> > 
> > (Isn't this just an implicit "try"?)
> 
> So I like this implicit try with a default label, and mostly I expect
> this will be fine.
> 
> But as Linus already mentioned, sometimes you might want more. Could we
> perhaps also have an explicit version, something along the lines of:
> 
> int func()
> {
> 	int __ob_trap size;
> 
> 	size = try(count * flex_size, __mul_overflow);
> 	size = try(size + base_size, __add_overflow);
> 
> 	obj = kzalloc(size,...);
> 
> }
> 
> where we have something like:
> 
> #define try(stmt, _label) ({		\
> 	__label __overflow; 		\
> 	if (0) {			\
> __overflow:				\
> 		goto _label;		\
> 	}				\
> 	stmt; })
> 
> That is, have the overflow trapped and confined in the
> statement-expression by using the overflow label as a local label and
> use this little trampoline to re-direct to a custom label.

Yeah, that should work, and gives us a nice way to create handler
overrides. We've have to make sure the "locally defined" labels (with
__label__) and __ob_trap worked together sanely.

-- 
Kees Cook

      reply	other threads:[~2026-04-01 21:41 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-31 16:37 [PATCH 0/5] Introduce Overflow Behavior Types Kees Cook
2026-03-31 16:37 ` [PATCH 1/5] refcount: Remove unused __signed_wrap function annotations Kees Cook
2026-03-31 16:37 ` [PATCH 2/5] hardening: Introduce Overflow Behavior Types support Kees Cook
2026-03-31 16:37 ` [PATCH 3/5] compiler_attributes: Add overflow_behavior macros __ob_trap and __ob_wrap Kees Cook
2026-03-31 17:01   ` Miguel Ojeda
2026-03-31 17:09     ` Miguel Ojeda
2026-03-31 17:09     ` Justin Stitt
2026-03-31 17:14       ` Miguel Ojeda
2026-03-31 17:17         ` Justin Stitt
2026-03-31 19:52       ` Kees Cook
2026-04-01  9:08         ` Peter Zijlstra
2026-04-01 20:21           ` Kees Cook
2026-04-01 20:30             ` Peter Zijlstra
2026-04-01 20:55               ` Kees Cook
2026-04-01 23:42               ` Justin Stitt
2026-04-02  9:13             ` David Laight
2026-03-31 17:16   ` Linus Torvalds
2026-03-31 17:18     ` Linus Torvalds
2026-04-01  7:19   ` Vincent Mailhol
2026-04-01  9:20     ` Peter Zijlstra
2026-04-01 19:43       ` Kees Cook
2026-04-01 19:42     ` Kees Cook
2026-03-31 16:37 ` [PATCH 4/5] lkdtm/bugs: Add basic Overflow Behavior Types test Kees Cook
2026-03-31 17:16   ` Justin Stitt
2026-03-31 16:37 ` [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types Kees Cook
2026-03-31 17:10   ` Linus Torvalds
2026-03-31 17:47     ` Miguel Ojeda
2026-03-31 18:02       ` Linus Torvalds
2026-03-31 18:25         ` Linus Torvalds
2026-03-31 18:59           ` Kees Cook
2026-03-31 20:01             ` Linus Torvalds
2026-03-31 18:32         ` Kees Cook
2026-03-31 18:36           ` Linus Torvalds
2026-03-31 18:16       ` Kees Cook
2026-03-31 20:03     ` Kees Cook
2026-03-31 20:11       ` Linus Torvalds
2026-03-31 20:18         ` Linus Torvalds
2026-03-31 20:31         ` Kees Cook
2026-03-31 20:58           ` Linus Torvalds
2026-03-31 21:50             ` Justin Stitt
2026-03-31 23:49               ` Kees Cook
2026-03-31 23:50               ` Linus Torvalds
2026-04-01  8:31           ` Peter Zijlstra
2026-04-01 20:52             ` Kees Cook
2026-04-02  5:38               ` Peter Zijlstra
2026-04-10 17:48                 ` Justin Stitt
2026-04-01  8:57           ` Peter Zijlstra
2026-04-01 20:23             ` Kees Cook
2026-04-01  9:38           ` Peter Zijlstra
2026-04-01 21:41             ` Kees Cook [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202604011438.E5D2335@keescook \
    --to=kees@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=arnd@arndb.de \
    --cc=corbet@lwn.net \
    --cc=elver@google.com \
    --cc=fthain@linux-m68k.org \
    --cc=geert+renesas@glider.be \
    --cc=gregkh@linuxfoundation.org \
    --cc=justinstitt@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=llvm@lists.linux.dev \
    --cc=mark.rutland@arm.com \
    --cc=nathan@kernel.org \
    --cc=nsc@kernel.org \
    --cc=ojeda@kernel.org \
    --cc=peterz@infradead.org \
    --cc=surenb@google.com \
    --cc=tglx@kernel.org \
    --cc=thomas.weissschuh@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.