Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp39280rwn; Fri, 16 Sep 2022 14:58:47 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6QR5r6+vZvBjsYSvbC+1UjRpsxVOsivUfJb/dvwdVNxFEpu5dDTpgAQkrwG0zAUsjO0I2k X-Received: by 2002:a05:6a00:2402:b0:52c:81cf:8df8 with SMTP id z2-20020a056a00240200b0052c81cf8df8mr6977333pfh.60.1663365526826; Fri, 16 Sep 2022 14:58:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663365526; cv=none; d=google.com; s=arc-20160816; b=pn4sYHyPQfHdO386qi5OIckYnWGPej17WeTZ4RgfH8vwp9egalThEfkjpLuzIPv4d4 4oZh/L+uVC7riCLcMcKzgYh9FNTBjHdHe1Ph5HvoE3Jj+un/qb4v7mDxozsI4Ftfkc+o MvhDfiQJGies6yqhy9bEJfSdVhjKPP2RQB5t1UIqMt/ExKi0XkLOYS1g+5SScFBPuohk fEDaXFHEYzQGWKLXx5Hv6fnawD6aTGnAt4rrwNYCgPGPVRt9DN8Qrut6/tEChj/t7OjS e3lp4fxrmyySuv4CTBMNIMQHF8bMYXkXXk+bOzf4cIdjTEKvNARzoJ3g97a1OPGmjDtB 8K/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=gAOpf4VaiyzuyzEgBlSDI/rb/mxIT2fGVc3O4sRyz8Q=; b=fAnAe6XeF+1KjT/6im3kJxbdkjPwrHi68At2p6+RBPDxfWgDCRqWNbbNw/rjMgcYrp FGMzprjO8GVR5PvEsjeg4tt1jNVRAWwVB5fcw3JAKvk8sEhxFCRJkRphK4az8kkWy9Cq PfNtdx/xsk+YRClVXj2EE9KrAd2zlGAY/cSwJJVxLkZUwJq7aU2Ai92fTHF3cezoq7qe NlNwQsKVhVKgiipCaNgwLa87FOBGRSvXcKpVF60cdWyEGzEkjl9E+ezkovWAkBlVKo99 OC8Fsc+BpaDPQnSlFImbDKYud97uGellQIAz1YHRg/CEQjD5TxM3m2P+8TERiyPC/5Dk IQCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ESaZCkLe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k8-20020aa788c8000000b005377d71e81esi22966320pff.379.2022.09.16.14.58.31; Fri, 16 Sep 2022 14:58:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ESaZCkLe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229458AbiIPVbc (ORCPT + 99 others); Fri, 16 Sep 2022 17:31:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229450AbiIPVba (ORCPT ); Fri, 16 Sep 2022 17:31:30 -0400 Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1039BA157 for ; Fri, 16 Sep 2022 14:31:25 -0700 (PDT) Received: by mail-pf1-x42e.google.com with SMTP id e68so22442126pfe.1 for ; Fri, 16 Sep 2022 14:31:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date; bh=gAOpf4VaiyzuyzEgBlSDI/rb/mxIT2fGVc3O4sRyz8Q=; b=ESaZCkLet+Qy6/RvuyqCTnQHokSf4VLHnPureVwo7ogYklmGP1Sztila7n66Rd4Rpx p8mM7GZYSPEVPVnneskMYs3iQhwxLf9yo9KPvmptyMHSHdIHgLLpttwzX2mDEzYLLpST vioqg93hpJQCo9Uc4aIg3ueQPLLjc07hHzXxk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date; bh=gAOpf4VaiyzuyzEgBlSDI/rb/mxIT2fGVc3O4sRyz8Q=; b=zMeXpFXv5tN8OPRt2cH0egAwegtWwBPWCriYFvF3L/yw05NByQPrzwjcQVhlm0Pbv9 Ub6NfrsT90+crzko/SmjCrYOqDJydW8BQoKX6OCyNmf6jszRIxOlfv8+rq9yrysLd9I5 EkW+pYeiWxXTzTzc28u8/DBmsSdhTWa4H0W98b9zq9C2xOaDqvQn5PwWuYXZLZRs/Yt3 LtaaD2e3rqFjHy/ye6SM6l+modFntCAaoLv7g16ERQqqp5TJrCGP8wUaAfUtdpH1QHAP g3TakY5jCi0e2oxlZDCCdLZwRoeA3TzdxjjWVUI4CAKub3u9PvYaqASRmuzbq5JcuRE5 xxPg== X-Gm-Message-State: ACrzQf390LxNlVOlziD1vuW0ECdaXep970ZaKdNSuBpyIs6HRh8Jpuqa 2LRgAgtwCik5Y92IhyX0Qfg9VA== X-Received: by 2002:a05:6a02:309:b0:434:d151:639e with SMTP id bn9-20020a056a02030900b00434d151639emr6100944pgb.124.1663363885331; Fri, 16 Sep 2022 14:31:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id z11-20020a170902cccb00b00173cfaed233sm15307582ple.62.2022.09.16.14.31.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Sep 2022 14:31:23 -0700 (PDT) Date: Fri, 16 Sep 2022 14:31:22 -0700 From: Kees Cook To: Dan Carpenter Cc: "Gustavo A. R. Silva" , Peter Rosin , Wolfram Sang , "Gustavo A. R. Silva" , linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] i2c: mux: harden i2c_mux_alloc() against integer overflows Message-ID: <202209160812.2B4AB7FC@keescook> References: <202209160101.2A240E9@keescook> <202209160630.CF7AE9708D@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 16, 2022 at 05:55:55PM +0300, Dan Carpenter wrote: > On Fri, Sep 16, 2022 at 06:31:45AM -0700, Kees Cook wrote: > > On Fri, Sep 16, 2022 at 11:23:25AM +0300, Dan Carpenter wrote: > > > [...] > > > net/ipv6/mcast.c:450 ip6_mc_source() saving 'size_add' to type 'int' > > > > Interesting! Are you able to report the consumer? e.g. I think a bunch > > of these would be fixed by: > > > > Are you asking if I can add "passed to sock_kmalloc()" to the report? Yeah. > It's possible but it's kind of a headache the way this code is written. Okay, no worries -- I was curious if it would be "easy". I can happily just spit out the source line. -- Kees Cook