Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp219854rdb; Mon, 22 Jan 2024 18:30:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IExyanHLOltMgM66UI5aTHtVXB8T1d7fCXAWdbpfJLeTm049X4AOFCpaMqqazb+HChm4JXG X-Received: by 2002:a17:903:2349:b0:1d7:3d3c:c83a with SMTP id c9-20020a170903234900b001d73d3cc83amr2495347plh.8.1705977027787; Mon, 22 Jan 2024 18:30:27 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705977027; cv=pass; d=google.com; s=arc-20160816; b=ZzffBYT3Q7AKsiGgugLdG/9bGbWefxjrbXPrVBE47Aiv/wP+mFqqtrwuvEkCiCM5em 4TkTVQwHFXtMLJeUUUffk0sFtVJaL7lhdUGVA+IQcXqCkQw7B3Vf6XbYb1kTuFcZmzcq qn2ggnkWYKHmIsfsRYBoF7YSsfRlWH4RiQX3LeMEpSVeonsWUJ3jtcnfUtnYmsvv94O8 orYBlBC01mVFRdTDHMLElG+OXBy6YUsO1e5weS4XaJTQYmE5rKKKoLqJIvhTnotuRjFq hYZKN3Cc7iwC+WGEexfl4iVMrWxyxztzqWvsOavOejWdlRB5oHSxY537gMGDLThuqS7Q YnSA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=FqBTpX0vWqNsF5lS1C9n4e9u8Ca0XIeIP2mzdNVJ8OY=; fh=ZUN0agJ1/5bEeK6s4pWPkMkxGTBtVOR/yf7EYmeNjKI=; b=IepjKd9FA6kEF9onccvXKs+YE9msPpJh7pKFbKyJ2wlooFpPHtDce+7JvEKmQttS8l iofD75Bakxn5cajgJZ7iRxC2H1UcrmULl5gkwc9GEUbJySylIT+natH+4OlEKPEkbdiH 5rVxAPaP/BCdFdz6eVeQMKDD/74QGZj8kZFep4UOxiD801e/hTAmnGw0Ar61+/+HfgNE 4bDp/43E8vO+BGKMNQBpfPZwDoIABljAGdcNQO3AHjxvWoc/QXoRR1fiSXJbmwbhDdGf pjUWEs1qxgTAP7YAPC4EOa6qxsop6TiSQ4g01S4tm9HFXjyez201bMGUtMMnHXHbUK1y 0e9g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hyJk89p0; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-34571-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34571-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 1-20020a170902c10100b001d72f5be468si4993393pli.554.2024.01.22.18.30.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 18:30:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34571-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hyJk89p0; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-34571-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34571-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 47503B237FF for ; Tue, 23 Jan 2024 02:06:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B9D661487DF; Tue, 23 Jan 2024 01:08:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="hyJk89p0" Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 202EA1487D4 for ; Tue, 23 Jan 2024 01:08:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.45 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705972081; cv=none; b=uTydSia4t1vcEQBBTC1HX3/6QWp2o05h4vNbZh3MEW5nAyjK54agoPHRgJ0Mh/FD7dUasVQbCWG7Z4imVbw3I0QDi8nNHZkcyGm+71aP8UTV8zqvqQM+c1zWNKdiO+uqwrn6JbqXx/x1MgRBKcREW/a5qSJHWA3BfTAaU6A8+Rg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705972081; c=relaxed/simple; bh=uDChScHA8/keZbVJoSWpHzwdBcCCYoYhS7GeA9recLs=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=TzHmwfGkp6v4ged5ido1z0AnV8dLR5ittQ3gJsjM12nI89vrFjIFMyuqiS7nuv6LIQ/6ka4vFqTC80wL25Q/xsOiyJczC1LQah5iHXxTdZPs2m6AGCMmLtEb5q4jTUcGgiZLSGgkoycaTs9GYBsuVOb+EpZ9AP39oM86/4/jAPA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org; spf=pass smtp.mailfrom=linuxfoundation.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=hyJk89p0; arc=none smtp.client-ip=209.85.208.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-559edcee47eso3179891a12.0 for ; Mon, 22 Jan 2024 17:07:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1705972078; x=1706576878; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FqBTpX0vWqNsF5lS1C9n4e9u8Ca0XIeIP2mzdNVJ8OY=; b=hyJk89p0lr7D4H5IFrTlLMSqx0IE3sCmggufqrn8Dc2/LW9zYTjwJxt+NIHMocrV3e YtVei/DbgGr5T4XeTuBl9VUVSXTXVwvessH2G7uIgMYY2Q6EpqaR7ZKegGwEAD6ZPkXN heto7ZrQk0iB8EK7mOUUgiRlvqR4LIEWayrQM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705972078; x=1706576878; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FqBTpX0vWqNsF5lS1C9n4e9u8Ca0XIeIP2mzdNVJ8OY=; b=P6QpgdvgltIL79gp43gcY+6qUrZyqUmNz1/CWoPvYNtjDCDL3LSPIAxNRg9HHF2WQt CfE+x09/JVwFCS0eQ7VColgr8Ox3cJ+vBp1/cpYImWBZK/XFI4YYMHGQ0uoRlSiJQDbb JgLn+ZzCwMuIpIz4PfUQdC9AXmHJFvOaJV11D1WnY/hlUanOOzZxOloAbKN7uRemgtu9 GkEBnLBHchc4YMZCN48kbQU0qYqLBu6Jzp22do0tuNDBNfckBmF32mpUK18HAT+vtVkt +v04ke6wLqv8XFMqbBXIJG+YBZVBlMHEj9WK8gGREqxgrGYhwfCDxjJCLTZeD6MQRFe7 GAHw== X-Gm-Message-State: AOJu0YwX7VEFhE4XOo1NRTrOnUrhM5N6z0P7jwHLqQxbXR49SlXzZYxK 70+8hgLkMLP5GkZMo0WzPxuw70L6HqeA5dJxlya/bvdcH86ZfuPqnNw0ePPUJCgNBOw5ITAxkFL x7hspkQ== X-Received: by 2002:a17:907:1689:b0:a30:7362:a654 with SMTP id cx9-20020a170907168900b00a307362a654mr966992ejd.43.1705972078129; Mon, 22 Jan 2024 17:07:58 -0800 (PST) Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com. [209.85.208.47]) by smtp.gmail.com with ESMTPSA id e4-20020a170906c00400b00a298adde5a1sm13847791ejz.189.2024.01.22.17.07.57 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 22 Jan 2024 17:07:57 -0800 (PST) Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-55a035669d5so4270476a12.2 for ; Mon, 22 Jan 2024 17:07:57 -0800 (PST) X-Received: by 2002:a05:6402:14d4:b0:55a:553c:a987 with SMTP id f20-20020a05640214d400b0055a553ca987mr474350edx.79.1705972077074; Mon, 22 Jan 2024 17:07:57 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240122235208.work.748-kees@kernel.org> <20240123002814.1396804-34-keescook@chromium.org> In-Reply-To: <20240123002814.1396804-34-keescook@chromium.org> From: Linus Torvalds Date: Mon, 22 Jan 2024 17:07:40 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 34/82] ipc: Refactor intentional wrap-around calculation To: Kees Cook Cc: linux-hardening@vger.kernel.org, Andrew Morton , "Liam R. Howlett" , Mark Brown , Mike Kravetz , Vasily Averin , Alexander Mikhalitsyn , "Gustavo A. R. Silva" , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" On Mon, 22 Jan 2024 at 16:46, Kees Cook wrote: > > Refactor open-coded unsigned wrap-around addition test to use > check_add_overflow(), NAK. First off, none of this has anything to do with -fno-strict-overflow. We do that, because without it gcc ends up doing various odd and surprising things, the same way it does with strict-aliasing. IOW, you should think of -fno-strict-overflow as a hardening thing. Any optimization that depends on "this can overflow, so I can do anything I want" is just a dangerous optimization for the kernel. It matches -fno-strict-aliasing and -fno-delete-null-pointer-checks, in other words. And I do not understand why you mention it in the first place, since this code USES UNSIGNED INTEGER ARITHMETIC, and thus has absolutely nothing to do with that no-strict-overflow flag. So the commit message is actively misleading and broken. Unsigned arithmetic has very well-defined behavior, and the code uses that with a very traditional and valid test. The comment about "redundant open-coded addition" is also PURE GARBAGE, since the compiler will trivially do the CSE - and on the source code level your modified code is actively bigger and uglier. So your patch improves neither code generation or source code. And if there's some unsigned wrap-around checker that doesn't understand this traditional way of doing overflow checking, that piece of crap needs fixing. I don't want to see mindless conversion patches that work around some broken tooling. I want to see them even less when pretty much EVERY SINGLE WORD in the commit message seems to be actively misleading and irrelevant garbage. Stop making the world a worse place. Linus