From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D60EBECAAA1 for ; Fri, 16 Sep 2022 21:31:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229505AbiIPVbe (ORCPT ); Fri, 16 Sep 2022 17:31:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229450AbiIPVba (ORCPT ); Fri, 16 Sep 2022 17:31:30 -0400 Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1039BA157 for ; Fri, 16 Sep 2022 14:31:25 -0700 (PDT) Received: by mail-pf1-x42e.google.com with SMTP id e68so22442126pfe.1 for ; Fri, 16 Sep 2022 14:31:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date; bh=gAOpf4VaiyzuyzEgBlSDI/rb/mxIT2fGVc3O4sRyz8Q=; b=ESaZCkLet+Qy6/RvuyqCTnQHokSf4VLHnPureVwo7ogYklmGP1Sztila7n66Rd4Rpx p8mM7GZYSPEVPVnneskMYs3iQhwxLf9yo9KPvmptyMHSHdIHgLLpttwzX2mDEzYLLpST vioqg93hpJQCo9Uc4aIg3ueQPLLjc07hHzXxk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date; bh=gAOpf4VaiyzuyzEgBlSDI/rb/mxIT2fGVc3O4sRyz8Q=; b=zMeXpFXv5tN8OPRt2cH0egAwegtWwBPWCriYFvF3L/yw05NByQPrzwjcQVhlm0Pbv9 Ub6NfrsT90+crzko/SmjCrYOqDJydW8BQoKX6OCyNmf6jszRIxOlfv8+rq9yrysLd9I5 EkW+pYeiWxXTzTzc28u8/DBmsSdhTWa4H0W98b9zq9C2xOaDqvQn5PwWuYXZLZRs/Yt3 LtaaD2e3rqFjHy/ye6SM6l+modFntCAaoLv7g16ERQqqp5TJrCGP8wUaAfUtdpH1QHAP g3TakY5jCi0e2oxlZDCCdLZwRoeA3TzdxjjWVUI4CAKub3u9PvYaqASRmuzbq5JcuRE5 xxPg== X-Gm-Message-State: ACrzQf390LxNlVOlziD1vuW0ECdaXep970ZaKdNSuBpyIs6HRh8Jpuqa 2LRgAgtwCik5Y92IhyX0Qfg9VA== X-Google-Smtp-Source: AMsMyM6NXdExmvfrm3oknYIgGPotEd25We5Echz9dev/PyZDMj2iXCY/P49FQgqOgPGc3Lo0M3EjBQ== X-Received: by 2002:a05:6a02:309:b0:434:d151:639e with SMTP id bn9-20020a056a02030900b00434d151639emr6100944pgb.124.1663363885331; Fri, 16 Sep 2022 14:31:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id z11-20020a170902cccb00b00173cfaed233sm15307582ple.62.2022.09.16.14.31.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Sep 2022 14:31:23 -0700 (PDT) Date: Fri, 16 Sep 2022 14:31:22 -0700 From: Kees Cook To: Dan Carpenter Cc: "Gustavo A. R. Silva" , Peter Rosin , Wolfram Sang , "Gustavo A. R. Silva" , linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] i2c: mux: harden i2c_mux_alloc() against integer overflows Message-ID: <202209160812.2B4AB7FC@keescook> References: <202209160101.2A240E9@keescook> <202209160630.CF7AE9708D@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 16, 2022 at 05:55:55PM +0300, Dan Carpenter wrote: > On Fri, Sep 16, 2022 at 06:31:45AM -0700, Kees Cook wrote: > > On Fri, Sep 16, 2022 at 11:23:25AM +0300, Dan Carpenter wrote: > > > [...] > > > net/ipv6/mcast.c:450 ip6_mc_source() saving 'size_add' to type 'int' > > > > Interesting! Are you able to report the consumer? e.g. I think a bunch > > of these would be fixed by: > > > > Are you asking if I can add "passed to sock_kmalloc()" to the report? Yeah. > It's possible but it's kind of a headache the way this code is written. Okay, no worries -- I was curious if it would be "easy". I can happily just spit out the source line. -- Kees Cook