Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp641102rdb;
        Tue, 23 Jan 2024 10:03:42 -0800 (PST)
X-Google-Smtp-Source: AGHT+IH7N3TDwWcjF4VK19JMGIHT8Y7ChddT5qZjV4LNDHrfIXCzZ+XArLq2F4rEXbHZ9/brd3nb
X-Received: by 2002:ac2:4d97:0:b0:510:ca0:cd54 with SMTP id g23-20020ac24d97000000b005100ca0cd54mr271139lfe.102.1706033022405;
        Tue, 23 Jan 2024 10:03:42 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706033022; cv=pass;
        d=google.com; s=arc-20160816;
        b=WmWl6OWdTdBP/eyL/1zt93enE6KvMBw041ZXa+PbFPf6GQSooIGLBn3fJEAV+Wy5vV
         kZgPZ9vfkALpq1erOTBmASnyQ8NSjWjjJtMYtCwUfSYlBS283sr+YS6Jr+Kt3gEy4UKc
         XIsK25xcJr+e9MopaMnbz6vGalrlBcSOIiU9/zsbhsg0tIlvsTeMyXOo25sYYgLLHMNi
         zw8tHRfM+nUOQmAU/fuc5KhLxX2dPrykvdpgOaeNLJ6D13LHDE2dZXj4f+5dWccsw76L
         rsYH9vddnhiLNQFgK968eScDoWWnfdDxOs9SnRFMTF84z4mi5EJE3VvsX0yhSYOcvWZS
         zDdw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:references
         :message-id:subject:cc:to:from:date;
        bh=BjSKwSR5maIyeOZvSC71yyR52NgPvCBjvgZlPIb4UdY=;
        fh=j19kcWow1iZp33/BsxWD7qo9rC6Uujj8Nss1dL/LbMg=;
        b=gYB0gwC03K1BAZuf1t4xV7e2uZaO0jxM9HJD6RFnEd5dHRqBfZ7OZVoPhAiCMdYh4V
         UFeZ3IqEwkmS6SAUQomqGKoSskcjDjM6+4cQU1j5Zhi594EQLs2fynTr1q5PjNBlodWz
         lAiN+Pn+mRPrZ5to+jDh0eNEYrLcCGv3opSDIBL7xtmTqCheCPwENG9UX3gfIE0KJqSr
         DGgpey3IDlF9WOi2asrWuih/RPWe/vixJuYU8L309mc9DPG99YWth7MuBOSAWXpeRYyo
         yJ2nOICk3LyyHpAxiKOAgpkKzgmkoEepucq7o5ATdnpSNoj/NQ0x++foKpDbcDhlpB8M
         q5lA==
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=strlen.de);
       spf=pass (google.com: domain of linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id p1-20020a1709060e8100b00a2f78765764si4761673ejf.94.2024.01.23.10.03.42
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 23 Jan 2024 10:03:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=strlen.de);
       spf=pass (google.com: domain of linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-35840-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id E5F0B1F24B90
	for <linux.lists.archive@gmail.com>; Tue, 23 Jan 2024 18:03:41 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id BC72B81AC2;
	Tue, 23 Jan 2024 18:03:19 +0000 (UTC)
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [91.216.245.30])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E09481AA2;
	Tue, 23 Jan 2024 18:03:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.216.245.30
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1706032999; cv=none; b=WvAbV+RoOWp1IgL57f8hbG8urR787/fYtCgRg806wSLhdTCkxVpJ5EpzslMxsDVpVXhv1aRmiJPAq9D9xjkUsH61UP+41bDEjCvX7V7YMthb+UXeiIWZfk4lqMihwrlkDWKrR37d2EG+p18aYu5icDDkBnjElbrkX+nAXIUDpzs=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1706032999; c=relaxed/simple;
	bh=EL5p5c0hwl2jJMI3Rm+9efOqsd/1ZSKtNHzHsiSsBcI=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=Xqf7zaCXz0lmJ1D4DOShs/hZpH3vIZqgySF0DGiZL9xHBdf+Br1vkpUX4VRXNvaq0FESAoSMRJr5hzhcFk47uEVCO2VFEBBgUEhBAEeUzSbYzeMaXNiMpvme6aosBq2VQsN5Qc6bZBxir94oxipdruikEJbpGyVG6oEcXOlx1C8=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de; spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=strlen.de
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@strlen.de>)
	id 1rSL71-0002f0-JY; Tue, 23 Jan 2024 19:03:03 +0100
Date: Tue, 23 Jan 2024 19:03:03 +0100
From: Florian Westphal <fw@strlen.de>
To: Kees Cook <keescook@chromium.org>
Cc: linux-hardening@vger.kernel.org,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Jozsef Kadlecsik <kadlec@netfilter.org>,
	Florian Westphal <fw@strlen.de>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
	netdev@vger.kernel.org,
	"Gustavo A. R. Silva" <gustavoars@kernel.org>,
	Bill Wendling <morbo@google.com>,
	Justin Stitt <justinstitt@google.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 64/82] netfilter: Refactor intentional wrap-around test
Message-ID: <20240123180303.GB31645@breakpoint.cc>
References: <20240122235208.work.748-kees@kernel.org>
 <20240123002814.1396804-64-keescook@chromium.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240123002814.1396804-64-keescook@chromium.org>
User-Agent: Mutt/1.10.1 (2018-07-13)

Kees Cook <keescook@chromium.org> wrote:
> In an effort to separate intentional arithmetic wrap-around from
> unexpected wrap-around, we need to refactor places that depend on this
> kind of math. One of the most common code patterns of this is:
> 
> 	VAR + value < VAR

Acked-by: Florian Westphal <fw@strlen.de>