Received: by 10.192.165.148 with SMTP id m20csp4236353imm;
        Mon, 30 Apr 2018 14:29:49 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZp3t+vZ45UIk2RSE8mKhWgEI3prDw/XyhYlUNvZPtHIef0ixWolgaG6ddOZ3jUPdGIyhYaX
X-Received: by 2002:a63:6b43:: with SMTP id g64-v6mr3780645pgc.337.1525123789131;
        Mon, 30 Apr 2018 14:29:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525123789; cv=none;
        d=google.com; s=arc-20160816;
        b=xvTpT0kHHspfFgm8r15AlPzkr6lrq2jbCBD5qQXOXzABnDX5tovVhvjwyPZsIQ5UAZ
         ePjPJN55sSAaKDDMQtzuNaoitZnWygdvCbjOhhcyZvpkmqi/0jrK3XMCl8TVIksgMOSA
         XdvfvSXTWCa5rC0SXBdQZncFoX4VcAGOIOYdwINts0yJz9LdtGCpjO1JY5joeKPdVKD8
         p2bR0COQQ/cQqsLiLUN01UDy5aOEWwOzt7KynEI8VIcONP40pk2oDLi5meOdGDxtpUw9
         WhlzAZJ3Kd8A3cfSLV6v/JeD00lKTePCkd706hKYzrGySkwXuPQ27t2rPhNp1z3MDhap
         7H8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=ghFX6RVsBJwad9eAlo3LqtcZ8S18WlhExbwtf3vbUR4=;
        b=e/rP6C+2a7H7k8RbdC0d8ZBu2bLrJS9kP+UueMaXjaHLGnzvCpgTlKbId1fiQH/ToJ
         UEoF+MN6S4oBmGAb9TQEZiwB48BLbnK8+u1lq1BZBhqFDyhSUZ213yfiWWPT78IePVX2
         mTWWvWxpf8lgP+lJ169hfX8qNhzBSwFL5/1huS0L3jf6SlYvi7FXreVwD1JDlj4ELNVq
         C2GnZSKhCWU9A1DxD5LW7DoZPS0of7q4poVNpayDc+hji2JeyscNfyz/zufXw1NMCklO
         yFqkq+eGBdAvxik2g9Je6FxR7HICYAT/ASBcWVEGjpodPrIfkYMLNG44vfXURPpKYO20
         TouQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=AE5eLP5X;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s189-v6si6822567pgc.571.2018.04.30.14.29.35;
        Mon, 30 Apr 2018 14:29:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=AE5eLP5X;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755390AbeD3V3J (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Mon, 30 Apr 2018 17:29:09 -0400
Received: from mail-wm0-f65.google.com ([74.125.82.65]:54966 "EHLO
        mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751304AbeD3V3H (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 30 Apr 2018 17:29:07 -0400
Received: by mail-wm0-f65.google.com with SMTP id f6so15421760wmc.4
        for <linux-kernel@vger.kernel.org>; Mon, 30 Apr 2018 14:29:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rasmusvillemoes.dk; s=google;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=ghFX6RVsBJwad9eAlo3LqtcZ8S18WlhExbwtf3vbUR4=;
        b=AE5eLP5X9FXkqFG5maaUD+YKoYAnyzV9qV6YwJjvzTRHQGTCdrawXSfoiqZhGqBdNV
         21Feo4t9FJJ8Y8ICw3Vw+cMwmuKu1FZ9fISfCDx1kUt3Efuyr2tQPIU7tkYOYpV98Hkr
         3l9/p1nptvjZx89ebNXo5Z27xpiKLJe83Xneg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=ghFX6RVsBJwad9eAlo3LqtcZ8S18WlhExbwtf3vbUR4=;
        b=DsEpXlzRqCGLDiVE808I0/YgrI3Cr3RnfrtEw9M7WQsbpfJk+y7Tf9+2vMyIhhukrZ
         kiy5Xa2rxcCedwy/4B5kZ7sJg2nGAGClDyAsAcokSicIB0XwJnR27h/dTaFF6sWK/NZ7
         +3zgnoj/lRmWryIFXEbXpObSA5lRruk3xc4+iZLoD1vbolVgijobJEa1DZiZVWsWataM
         rnycFJddyIOCySmwl3/HpIZYn6WSZEC5Kjrm7hG46RLR6xdM0n155vg5/GHEn2SUGD02
         j4AG4XKl1SSXZr6xwH8ukU9uqJGp7/PjuR7Lr6if5lbxIwx6EPH5qfQn5yVOoE37rfSO
         Vjaw==
X-Gm-Message-State: ALQs6tCxmv/0T9o+DnQyBVxT9XJdcQk81DEzJts3IaMv3yR2vw1Q5OfG
        fUABduLbwvb0/XGDWIr1HF1Xbw==
X-Received: by 2002:a50:8bbd:: with SMTP id m58-v6mr18827967edm.165.1525123746411;
        Mon, 30 Apr 2018 14:29:06 -0700 (PDT)
Received: from [192.168.0.189] (dhcp-5-186-126-104.cgn.ip.fibianet.dk. [5.186.126.104])
        by smtp.gmail.com with ESMTPSA id s8-v6sm4874256edk.76.2018.04.30.14.29.05
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 30 Apr 2018 14:29:05 -0700 (PDT)
Subject: Re: [PATCH 2/2] mm: Add kvmalloc_ab_c and kvzalloc_struct
To:     Matthew Wilcox <willy@infradead.org>,
        Kees Cook <keescook@chromium.org>
Cc:     Julia Lawall <julia.lawall@lip6.fr>,
        Andrew Morton <akpm@linux-foundation.org>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        Linux-MM <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        cocci@systeme.lip6.fr, Himanshu Jha <himanshujha199640@gmail.com>
References: <CAGXu5jL9hqQGe672CmvFwqNbtTr=qu7WRwHuS4Vy7o5sX_UTgg@mail.gmail.com>
 <alpine.DEB.2.20.1803072212160.2814@hadrien>
 <20180308025812.GA9082@bombadil.infradead.org>
 <alpine.DEB.2.20.1803080722300.3754@hadrien>
 <20180308230512.GD29073@bombadil.infradead.org>
 <alpine.DEB.2.20.1803131818550.3117@hadrien>
 <20180313183220.GA21538@bombadil.infradead.org>
 <CAGXu5jKLaY2vzeFNaEhZOXbMgDXp4nF4=BnGCFfHFRwL6LXNHA@mail.gmail.com>
 <20180429203023.GA11891@bombadil.infradead.org>
 <CAGXu5j+N9tt4rxaUMxoZnE-ziqU_yu-jkt-cBZ=R8wmYq6XBTg@mail.gmail.com>
 <20180430201607.GA7041@bombadil.infradead.org>
From:   Rasmus Villemoes <linux@rasmusvillemoes.dk>
Message-ID: <4ad99a55-9c93-5ea1-5954-3cb6e5ba7df9@rasmusvillemoes.dk>
Date:   Mon, 30 Apr 2018 23:29:04 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180430201607.GA7041@bombadil.infradead.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2018-04-30 22:16, Matthew Wilcox wrote:
> On Mon, Apr 30, 2018 at 12:02:14PM -0700, Kees Cook wrote:
>>
>> Getting the constant ordering right could be part of the macro
>> definition, maybe? i.e.:
>>
>> static inline void *kmalloc_ab(size_t a, size_t b, gfp_t flags)
>> {
>>     if (__builtin_constant_p(a) && a != 0 && \
>>         b > SIZE_MAX / a)
>>             return NULL;
>>     else if (__builtin_constant_p(b) && b != 0 && \
>>                a > SIZE_MAX / b)
>>             return NULL;
>>
>>     return kmalloc(a * b, flags);
>> }
> 
> Ooh, if neither a nor b is constant, it just didn't do a check ;-(  This
> stuff is hard.
> 
>> (I just wish C had a sensible way to catch overflow...)
> 
> Every CPU I ever worked with had an "overflow" bit ... do we have a
> friend on the C standards ctte who might figure out a way to let us
> write code that checks it?

gcc 5.1+ (I think) have the __builtin_OP_overflow checks that should
generate reasonable code. Too bad there's no completely generic
check_all_ops_in_this_expression(a+b*c+d/e, or_jump_here). Though it's
hard to define what they should be checked against - probably would
require all subexpressions (including the variables themselves) to have
the same type.

plug: https://lkml.org/lkml/2015/7/19/358

Rasmus