Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp641102rdb; Tue, 23 Jan 2024 10:03:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IH7N3TDwWcjF4VK19JMGIHT8Y7ChddT5qZjV4LNDHrfIXCzZ+XArLq2F4rEXbHZ9/brd3nb X-Received: by 2002:ac2:4d97:0:b0:510:ca0:cd54 with SMTP id g23-20020ac24d97000000b005100ca0cd54mr271139lfe.102.1706033022405; Tue, 23 Jan 2024 10:03:42 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706033022; cv=pass; d=google.com; s=arc-20160816; b=WmWl6OWdTdBP/eyL/1zt93enE6KvMBw041ZXa+PbFPf6GQSooIGLBn3fJEAV+Wy5vV kZgPZ9vfkALpq1erOTBmASnyQ8NSjWjjJtMYtCwUfSYlBS283sr+YS6Jr+Kt3gEy4UKc XIsK25xcJr+e9MopaMnbz6vGalrlBcSOIiU9/zsbhsg0tIlvsTeMyXOo25sYYgLLHMNi zw8tHRfM+nUOQmAU/fuc5KhLxX2dPrykvdpgOaeNLJ6D13LHDE2dZXj4f+5dWccsw76L rsYH9vddnhiLNQFgK968eScDoWWnfdDxOs9SnRFMTF84z4mi5EJE3VvsX0yhSYOcvWZS zDdw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date; bh=BjSKwSR5maIyeOZvSC71yyR52NgPvCBjvgZlPIb4UdY=; fh=j19kcWow1iZp33/BsxWD7qo9rC6Uujj8Nss1dL/LbMg=; b=gYB0gwC03K1BAZuf1t4xV7e2uZaO0jxM9HJD6RFnEd5dHRqBfZ7OZVoPhAiCMdYh4V UFeZ3IqEwkmS6SAUQomqGKoSskcjDjM6+4cQU1j5Zhi594EQLs2fynTr1q5PjNBlodWz lAiN+Pn+mRPrZ5to+jDh0eNEYrLcCGv3opSDIBL7xtmTqCheCPwENG9UX3gfIE0KJqSr DGgpey3IDlF9WOi2asrWuih/RPWe/vixJuYU8L309mc9DPG99YWth7MuBOSAWXpeRYyo yJ2nOICk3LyyHpAxiKOAgpkKzgmkoEepucq7o5ATdnpSNoj/NQ0x++foKpDbcDhlpB8M q5lA== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=strlen.de); spf=pass (google.com: domain of linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id p1-20020a1709060e8100b00a2f78765764si4761673ejf.94.2024.01.23.10.03.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 10:03:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=strlen.de); spf=pass (google.com: domain of linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E5F0B1F24B90 for ; Tue, 23 Jan 2024 18:03:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BC72B81AC2; Tue, 23 Jan 2024 18:03:19 +0000 (UTC) Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [91.216.245.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E09481AA2; Tue, 23 Jan 2024 18:03:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.216.245.30 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706032999; cv=none; b=WvAbV+RoOWp1IgL57f8hbG8urR787/fYtCgRg806wSLhdTCkxVpJ5EpzslMxsDVpVXhv1aRmiJPAq9D9xjkUsH61UP+41bDEjCvX7V7YMthb+UXeiIWZfk4lqMihwrlkDWKrR37d2EG+p18aYu5icDDkBnjElbrkX+nAXIUDpzs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706032999; c=relaxed/simple; bh=EL5p5c0hwl2jJMI3Rm+9efOqsd/1ZSKtNHzHsiSsBcI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Xqf7zaCXz0lmJ1D4DOShs/hZpH3vIZqgySF0DGiZL9xHBdf+Br1vkpUX4VRXNvaq0FESAoSMRJr5hzhcFk47uEVCO2VFEBBgUEhBAEeUzSbYzeMaXNiMpvme6aosBq2VQsN5Qc6bZBxir94oxipdruikEJbpGyVG6oEcXOlx1C8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de; spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=strlen.de Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1rSL71-0002f0-JY; Tue, 23 Jan 2024 19:03:03 +0100 Date: Tue, 23 Jan 2024 19:03:03 +0100 From: Florian Westphal To: Kees Cook Cc: linux-hardening@vger.kernel.org, Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, "Gustavo A. R. Silva" , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org Subject: Re: [PATCH 64/82] netfilter: Refactor intentional wrap-around test Message-ID: <20240123180303.GB31645@breakpoint.cc> References: <20240122235208.work.748-kees@kernel.org> <20240123002814.1396804-64-keescook@chromium.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240123002814.1396804-64-keescook@chromium.org> User-Agent: Mutt/1.10.1 (2018-07-13) Kees Cook wrote: > In an effort to separate intentional arithmetic wrap-around from > unexpected wrap-around, we need to refactor places that depend on this > kind of math. One of the most common code patterns of this is: > > VAR + value < VAR Acked-by: Florian Westphal