Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp121920lqo; Thu, 16 May 2024 00:45:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX79nPopJfN7krxrIvBh2B2c8EjDgmKeyPEM8iX323Iopz5BmO0ER/tWdL81JcxmQststOPGi3aAloKVMx3lK1rUIhcxDlLbMAuNKebfg== X-Google-Smtp-Source: AGHT+IHbC4BLDm2GyerkbSdBT3deWBc/ae9h9Zzx7j7DUyfIDJp+schZVFPaV/b8famh7iUFAhcY X-Received: by 2002:a17:906:2bc4:b0:a59:ac10:9be5 with SMTP id a640c23a62f3a-a5a2d292b1dmr1655357966b.27.1715845541204; Thu, 16 May 2024 00:45:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715845541; cv=pass; d=google.com; s=arc-20160816; b=IRsTNWWhDigOPAP7mwcD40YJ2YNXnDjecHJ5VAAraetaIVCZpZqqYQSMtZY6XU9juC /bfF4QypgeU0+ojB06dXPNjwtO5XfVrHrq0iwwwjuOVzksbzaAhTo+CUGKrq4JdKH9yf k5lNdvpBlvoQmyT32f1qPf0CSVb4sYoALv2R3oDCtYGm4peWaMpN/A8vTlMZHj/BScig JGuZ0FdD/ncHOfnSMwMIpGVHMqt9uFSW1mTWU+Ty10rEL3D33b4Dx4YeUOqBFqEtPQn7 Yzn4OtH8jdXUKYB0oisl74DkD0Npyx3HE+QlqmuzmD+hoVd63aPoPdYwQcjn2hiKgiDK lZ9Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=8b+oRtdQ0X9yL9vuTV6GpzpK7D3Wqhggin4wXJLyF8I=; fh=PNklDAUq98L84CUtKcRdFqYuqyGafhYPIEOsVrYrtAI=; b=NHPtuGcH+9EF5Ww7yNmlcCbMyrBOcclaTkCwzhjNKgvqw58DwT9fCL6C6aZkFVtM4a yV56dDWfr6xfdNf9dO0uDXCe6gt6Fg3I9avNjlc71JUgSENXx5Gy+tyR118ssOD/5S7/ 5eU730puWaTA07PFwpZJQHXApOjroOmLurf1811LYrzWwfHNa3XBUzoOPH2yAW4bNvPy G7jby7HC+SyVpDxgRDLyit0BgbwG1CiUVLkHYM9keMdXcCey1GLVB7QM1FdaWkReQlvX ZnIpe1knf36Sje3cca9L/sJVWKbQDWjQHVm9OHAoaKmKt6fGZAVnb/I1jfFguspCUIwl zTXA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=bzg1TJqF; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-180717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-180717-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a5a1797be18si833145966b.217.2024.05.16.00.45.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 May 2024 00:45:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-180717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=bzg1TJqF; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-180717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-180717-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E6B221F21E2A for ; Thu, 16 May 2024 07:45:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 378CC53372; Thu, 16 May 2024 07:45:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="bzg1TJqF" Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB7D73B297; Thu, 16 May 2024 07:45:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.50.34 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715845533; cv=none; b=Y3ZIjPRbKfoKeTYx7Av+FP3DT1ANiUq8IPL5SFJYPkhjKjyCwU2ROPHie5AhXqxooY3NTs90hadTYM3BtwRugrX+h8If8bBXIpUjd9Tzr1tlFUMBc5u4iNcIhMWZ4EgU9v0zmoo+iXUJoaERhyMSmbox3jRPAD1daazv74siuAQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715845533; c=relaxed/simple; bh=Jjv0qoO9pCCiZ8DgraPgwD+Ddurfi+cYw9BcEW/I0WA=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=abY4Xl49a7fTdrU3qTB21ZJKSLfK+3Y8F3LPmaDeFXVdZWi08POSJz1P3D9gpAjvbIZLtGwbCwuxKV8vhQZ7Wau4cKVqchKYlgR7yxeaZeymOXDPonpcboGgOjkpFTKqe3YPpYQSV08WulGiCw7pjzUbXiioFYTrNwPZjZKStRY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=bzg1TJqF; arc=none smtp.client-ip=90.155.50.34 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=8b+oRtdQ0X9yL9vuTV6GpzpK7D3Wqhggin4wXJLyF8I=; b=bzg1TJqF/Ez5dJqxMoXFpqiCqD D2klMN3LrvcHM1hA0P+cqx8bHKznRjJew51iMOXvlWMyAW3+GoifaBmnRhtu39qMGCKYzejmnc89p WgedVpFNCkjiqs/KRtZk6J2jibsKuVf3y+RWp0xPE6LHrC7v/k3UQAHmpOHsfhEgUDMStvDXrFPX3 rRGCE+WKnsel3vGw9UhUendi8pG6PxpEE4sIvz+chIM6VeUJ8gqaIOu18As419o+VIQe0TaUC+xo0 r2tV1MjC4xl04+/J0gpQ+G9GcweM6SWhaXmiMMM1Sy+VWu+UezuTFbgh1XlyCvbl/HoI85+63dk3I v5DbbnhA==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.97.1 #2 (Red Hat Linux)) id 1s7Vnk-0000000BWIH-264v; Thu, 16 May 2024 07:45:22 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 1000) id 1087A30068B; Thu, 16 May 2024 09:45:20 +0200 (CEST) Date: Thu, 16 May 2024 09:45:19 +0200 From: Peter Zijlstra To: Justin Stitt Cc: Linus Torvalds , Kees Cook , Mark Rutland , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [RFC] Mitigating unexpected arithmetic overflow Message-ID: <20240516074519.GB22557@noisy.programming.kicks-ass.net> References: <202404291502.612E0A10@keescook> <202405081144.D5FCC44A@keescook> <202405081354.B0A8194B3C@keescook> <20240515073636.GY40213@noisy.programming.kicks-ass.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Wed, May 15, 2024 at 10:12:20AM -0700, Justin Stitt wrote: > Hi Peter, > > On Wed, May 15, 2024 at 12:36 AM Peter Zijlstra wrote: > > > > On Wed, May 08, 2024 at 04:47:25PM -0700, Linus Torvalds wrote: > > > For example, the most common case of overflow we've ever had has very > > > much been array indexing. Now, sometimes that has actually been actual > > > undefined behavior, because it's been overflow in signed variables, > > > and those are "easy" to find in the sense that you just say "no, can't > > > do that". UBSAN finds them, and that's good. > > > > We build with -fno-strict-overflow, which implies -fwrapv, which removes > > the UB from signed overflow by mandating 2s complement. > > FWIW, > > Clang-19 allows -fwrapv and -fsanitize=signed-integer-overflow to work > together [1] > > And the sanitizer was re-introduced with Commit 557f8c582a9ba8ab > ("ubsan: Reintroduce signed overflow sanitizer"). Urgh, that's the exact kind of drugs we don't need. I detest that commit. Both unsigned and signed have well defined semantics. And since (with -fwrapv) there is no UB, UBSAN is not the right place. > > With the exception of an UBSAN bug prior to GCC-8, UBSAN will not, and > > should not, warn about signed overflow when using either of these flags. > > [1]: https://clang.llvm.org/docs/ReleaseNotes.html#sanitizers That link doesn't seem to work for me...