Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3702632pxb; Mon, 24 Jan 2022 15:48:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJw36byoGD1RXvAPAwwegpU4JWfEvn1Uv9XSlcWFLojo9jGOQTzgUThfCPjnH6LxcQdCiWTX X-Received: by 2002:a17:90a:1784:: with SMTP id q4mr672119pja.3.1643068132709; Mon, 24 Jan 2022 15:48:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643068132; cv=none; d=google.com; s=arc-20160816; b=zhx8ApTHiByOIEoLXISe6MyFt/v2/UaoAOmx6t/vkz1Ffa/5R0NFe1mZmm+ciVEVSG 3fK6+mA23ErrFrBs96yhyE4cogROEhyZAe/yBqiLTiDp4TNaa6puXS2iRzgEncnLSoYd Oe+uTDGzqESwpIsjOKaAO6ab1RGkd+9GizcIPJr7dWko7pZC25dqluKEUiuoF/+lML6I 0WMvjVJ+YzX88cxs4U9hMrNkyJIBTmfOUBq+ItNOj7mgx5OSi945A3HtXueU2Yq+Kf/Q /BeMheTxr4OheDHONJC/wx/C58E5QPZ1a0SoaffF0fOcr7JkE3soGlCtkgJcD7EyyG1j HQxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=WbkbP5nVlpDQIH9bUIpldZ6mTxuvHwEsP/vz+04zBU4=; b=fpd9206YAVgVgrKgwkR13l0307ZYok7x97br+3LhTk6vgrX1FyihYeMNF3FA+RNNK9 3Zmkl+RSO+0zweVyrmZSMK8LITKWzfTDHuYylcIQ+VRpFmsc7Um/lSX3wnXeBFcpNGg+ A5OsWl8lErJIwgCNJqJGHtQ6qE7HHF6TXNvVPkfdg70W4nGPypdhmmb11TxFAttsEh+Z NWGj7AyG7Q0c94IVqM5AvJk2UbKuGAg2QgdX/ESV5bYMNJGZq5VEVWXhy3NFmE413gNF UWr0bipwnS2NnYSRehTQC3mAQDWUIHBp1Aiesnas9uwh5O6h5IZi0BDakPA668d17YCQ k6/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Q6sI+Z6Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d16si17655198pfv.175.2022.01.24.15.48.41; Mon, 24 Jan 2022 15:48:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Q6sI+Z6Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2362851AbiAXXnD (ORCPT + 99 others); Mon, 24 Jan 2022 18:43:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384553AbiAXXGH (ORCPT ); Mon, 24 Jan 2022 18:06:07 -0500 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8A6EC06E021 for ; Mon, 24 Jan 2022 13:17:05 -0800 (PST) Received: by mail-lf1-x133.google.com with SMTP id z19so15945804lfq.13 for ; Mon, 24 Jan 2022 13:17:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WbkbP5nVlpDQIH9bUIpldZ6mTxuvHwEsP/vz+04zBU4=; b=Q6sI+Z6Z71Mx42IsUTyF6awNbPcATnJiPiYOKwXUz9swnUbSoS4xUkddTF/7VsV5fN BCcWCyeyGtLxVzsqBJtGngvZzNPI/LU9pT0pcFWu4+NuHGp/Z2dKT+PaZmQilgKSrRSO 8cHnac0/7bDdh6bZoLXzc+j1fr1HDosy4o1D4TUkhcZ+Jf7koKKOmjn2YZZLcejBsaRi yXpfPwwub2lqZ522I4c6cxV4dhBthVYI3PA6MhsfknOWYTVucRT8uYeeKcLczVK3Ip4v 9HYxoW9NNPYuWQHimdWPimjVuRD7pSM/jhw/CnP4Nr6988X1t70cXWGjSrYg0+s4DU1y mQUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WbkbP5nVlpDQIH9bUIpldZ6mTxuvHwEsP/vz+04zBU4=; b=XBWQRasvqK10b1liJTBRl8t00883DOXSeUSkxfUWLMjsdQgfAnmO/fkdZJo/7rL00n khBQeZ9QqyJEopuqXzn9RnQcrHcdER/WPx9hKCCjF9aZz9hIzJhO5/izBdyvSOjVqEo3 kMovNJzzrgrX220jSCRtlZg3vLG9qoTtKe4399p6Q7XvEU2tQdbUv8ItmzsdrDlIb2JQ EFffnJswxKC0zymYUhT0KqkkssEdDTbGumkz/CAWHh+ei2X+JP3+b19IwwPIY/uD+2un qvASfYVii5NhQFFQkNKmRLmjays5pY7yhc8UKfZX7mffjQMpktcrgBCM0+dPwiTD5iU0 3YlA== X-Gm-Message-State: AOAM530RCvYHlljYmomkRJ8EKZh3GroTbdqHVpOtLdtli+IaJNP9ue5S 9kO8S1+muzklqvIW6mUQttHNv7EcPV+o16CFTMBbE9q7Y8gKNw== X-Received: by 2002:a19:ad02:: with SMTP id t2mr14199612lfc.82.1643059023997; Mon, 24 Jan 2022 13:17:03 -0800 (PST) MIME-Version: 1.0 References: <20210920180853.1825195-1-keescook@chromium.org> <20210920180853.1825195-2-keescook@chromium.org> <202201241237.C82267B66C@keescook> In-Reply-To: <202201241237.C82267B66C@keescook> From: Nick Desaulniers Date: Mon, 24 Jan 2022 13:16:51 -0800 Message-ID: Subject: Re: [PATCH 1/2] overflow: Implement size_t saturating arithmetic helpers To: Kees Cook Cc: Rasmus Villemoes , "Gustavo A . R . Silva" , Nathan Chancellor , Jason Gunthorpe , Leon Romanovsky , Keith Busch , Len Baker , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 24, 2022 at 1:13 PM Kees Cook wrote: > > What I'd really like is a "store this in a size_t" check to catch dumb > storage size problems (or related overflows). In other words: > > size_t big1 = 2147483647; > size_t big2 = 2147483647; > > /* Doesn't overflow, but 4611686014132420609 becomes a 1 for int */ > int size = size_mul(big1, big2); > ... > ptr = kmalloc(size, GFP_KERNEL); /* Allocates a 1 instead... */ -Wshorten-64-to-32 ? -- Thanks, ~Nick Desaulniers