From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82647C47DDF for ; Tue, 23 Jan 2024 00:29:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 030C66B007E; Mon, 22 Jan 2024 19:29:19 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EFB856B0081; Mon, 22 Jan 2024 19:29:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D9C826B0082; Mon, 22 Jan 2024 19:29:18 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id C7B416B007E for ; Mon, 22 Jan 2024 19:29:18 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 7E9B216067B for ; Tue, 23 Jan 2024 00:29:18 +0000 (UTC) X-FDA: 81708691596.21.CF998E4 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by imf18.hostedemail.com (Postfix) with ESMTP id 88BE21C0004 for ; Tue, 23 Jan 2024 00:29:15 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Tgij7o5+; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf18.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.171 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705969755; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=tNWz3k2XvGRlF46qJEs9zgm+bcxMnCT9t6UFjEF9Av0=; b=nKbYkePqoJLoq4FPwObF+komvRlScUqDMDJeGNl8E0zdVu1ZNvD5o9bgEWTEKa8TTfk6zx 8Ta+0lUmghFPsEOnPNamOQNDxaRg7zc0QQLD/SONI8x4nPbCr/L00XskdjU88qsZO17q5U 9jSRv8jcNCL0Nx2sX4jh/OyyPqSchVE= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Tgij7o5+; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf18.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.171 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705969755; a=rsa-sha256; cv=none; b=vRpxnALKDT3n6fxSFmL/Th1aJZUiveGQrlISNeJ8gDtqxdkmEe90+c6EIEJ9fVizxcdPDt 1S8B7vc43t8R05nBkZ1wjZUG43UWlMpo+Yp5enllckT2F+aupbBzi9/Vjl4sm1cBOka+ng 7/YxKdZ1BF+DNu4G4RSzzuIJYsXVAzI= Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1d75c97ea6aso8724365ad.1 for ; Mon, 22 Jan 2024 16:29:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1705969754; x=1706574554; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tNWz3k2XvGRlF46qJEs9zgm+bcxMnCT9t6UFjEF9Av0=; b=Tgij7o5+4o3PKTIxuTiuhcyEvluMrMJhVSXP1yiM8kgQlxGESVzSikGfQCT8a7OrKS P3/ennbExpcOou63MRSKMW/p8VGOiS0oaUuu0I0ZskKr2KXciol9nLA7UlDSz35RAO3z bV8LbRKJtqlScVkiODeGFFeHjnsSqujMZogWk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705969754; x=1706574554; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tNWz3k2XvGRlF46qJEs9zgm+bcxMnCT9t6UFjEF9Av0=; b=s2u2/qr8v7qbgbflvQeK9VNzEg991aP9i9q/dTpxhVSYru5U3W2ICEe3saVjpenESO h+aJTVJ+pQXb+krbiBQL69E/5BcBSjVXK4Z/QsqmEFBJlJ1sW1BKIM87jqp0Clh2AsIk zf7vBAkLO20lEfWzNnfWnYwZ2RiNCUYoSX9NNcHeIZNVIgS29oYIp9mAAUqUj6/iJb3G RldIwN9RtpHXsWsoAnxy661HZsBkpoatg6Yh3pzXYstiwXeST9RXp7TsNQHdW1IS2aVm 1HuUvgIUWg43RLWX9Dmjm0De0pGYbH2ZL+D/f4ncVpaiSHMYPtDM9/E5wBvhcv3iJKe+ 4HZA== X-Gm-Message-State: AOJu0YxaUkhbfj/jgXFhnzuEwzzdPhme6yegtu1ahm/4x0uXCYXmZ1S+ /MHxeD84cvmB4BhVMoDhUpZVbkVk6JbFf1neRmIM3SWPzrUR/IDygHdFBRsr1w== X-Google-Smtp-Source: AGHT+IGk12zskdqlbqb5d9/uS1ti1uac3FysGuFpOh6Y0g8EhOVnqrhzaYTVMUmTV/zjIhj9HOnRUA== X-Received: by 2002:a17:902:76c8:b0:1d4:52f6:e046 with SMTP id j8-20020a17090276c800b001d452f6e046mr4743580plt.58.1705969754414; Mon, 22 Jan 2024 16:29:14 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id m20-20020a170902f21400b001d74ca3a89asm2622159plc.293.2024.01.22.16.28.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 16:29:08 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org, "Gustavo A. R. Silva" , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org Subject: [PATCH 55/82] kasan: Refactor intentional wrap-around test Date: Mon, 22 Jan 2024 16:27:30 -0800 Message-Id: <20240123002814.1396804-55-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240122235208.work.748-kees@kernel.org> References: <20240122235208.work.748-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2504; i=keescook@chromium.org; h=from:subject; bh=6qOMhh3G8d7Y+vBH+FchTOnAwDno8ofs9WTRkK8e+v0=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlrwgJb7T0nkCbfHMK37KL55oiDeDfmOiEx7q5q XThjlEKQk+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZa8ICQAKCRCJcvTf3G3A JoqqEACE/4PoGFKLHpVkenKHgiwQeIuxCim9QWJGC+MdId7RYwearFTzkOQl8zglCUIZNl7fW9d KYyBu2j590qTJ3ins8G5kTpojs3DwiSG7NIjlDCuYemtfGOEDj4muFXpG5DpNNB/SXKfge3xXDy 5WYmb/fU/J7+bo64TYtiSNKLR2K8Gp8i7ImUFx3yHYAWZufYCVg181wkAjQdVE9QDYyvZ7sGJoD mZvg2FSl8NJ5gNh6/n8lFHjoebiowaqz9rHfRIb9H0ruQMkeqFkKXhx4aTH16qMPf0eWME+Y+7J ogiYkcB141OqPEDQ2iR46G4NeG4lrsoMCZKzlBhmUT7RxPtYuZcvsCqZSAzAa3UF1RWmwdNOHWT QKCM3+s+mU5c7hXehiPzTXpwMMhUbnuW9WVWuFQzVH5K8RvofBCN7bnZZCKdDAoEN9Cc/sKYxEr q/BRzB2azJPyZ7AETk4B2xCLsuXEYrgz4hMVtO0QV6idTMpfIjNn4IgVm1nNoQUli5kyJqdcnf8 gpz7+LeZbIwoIm4heS/k35pUDdcJOIRgPHC9zHqEIgxOE5/Jcu/+iMwplKoCiC7xP29btiDDmns OugXywD0SNhQjOaJt1krhL+j3HJZvwk7kx1o6FV+/GJoBK7sRO3WFjkmaJ8winj+Z4BPzvkMYuJ +inWzkA20S9t7Pg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 88BE21C0004 X-Stat-Signature: rsh1dmmmf8wr633arwabkk8dnap4wnuw X-HE-Tag: 1705969755-528300 X-HE-Meta: U2FsdGVkX18d1HBmzjX4nIUOEupD1JSu+Ke/BjJfCtM+5brzZiNKJPVkLsPiXeideyQ07rUfJwhHQiVUOefpUA0xEUkpBeFbLXzXEgG7j4bF72h8g2ZotMlF6VunEr4QUS/Xh3fsj0Od4Znwe/hICKDz7yNQJJ3tTYDtbki3+AeWGlVhRabg/AZZL0cdku1nm0Smchk2ChxZRZpx1viQ3g2nHQRCkBtPtUC9ph8yOosnjCX6V+uTXDzu7/yAMUBPbZgVdyigQR059RVFsd8Q3QLlC0U3tVTPl3mpHfEeJsOmZpIqz6TOwfg7JkkfRnud6tEdPqTaUctYNpDlljG2Uk1v2u8fRi+VlFAcR2ab6MJT+R1LIabYssGuqRGEueLDwb3TX+dPuibk+6dBTpMEBLgdVZWGoA53dHIacg7zQnkjmKd2FrGxxWkewVeV9KJy7hWNUk3h4iBJ0J8NYoWuL/Qb1OW/su3uLL9EGyWWSf84X1hj8IoRii4R3cJV4KLMtbvEdNoZDvd/ymA5/CvLpPLxVhLGoEhWEcS/sOz1xRFqbfqvtkPeCxrL06NiXmur5LYqwUtnnUscLaVh88edCL7MVAZH2/WvzYJ2/lzLhcuvYbgR2mryJJBnvsW4S1OW8KXb2LphlGojSNo2Vac6baDPFq93Ez1oD+0Hy4PPzYBZcWKD8gRqXu/ehv1+zabVo0pduB1TvNIkgXTfLS8HCauZkVO5viE4j84yobltPnT9jDirpZeK/Mq4LDhsRESC12xNAx9pNu+o4SZSByN4H9jarxQ6f3Nk6cJVM0ebuS7cqG13EBgaNtNcI1UR3f1j2zDXDYWroGEnpNb9Y84mh+LNjL7gVeDcgcMtAgr5ceummI0DCTNUU/YBBzPlmWxpDEeFNxupakNuO8eQrGHMpAquX52GVS2oebSe2HTIVa0nYlJD0GwIHVqPZXg0NZw6GheagDs/JxB3nC4Kx7+ yHVob/N2 t0/NYzSDzrcz9EyOzgbGGA3glmy+Y0JpEF02jrUtAUmJtwtABD3MUrT4608qzUSv+9yq6aBdlgGjsEJvbal6gWwnbRPKaS9P9rxVPTtRixN3dzuysJsd4xI1VlqoP4pqjGTRSYpylppP/6hgxxBgnnmmuABK6gxUQrFCly1j2F/aMtV1lYMtDrk+mWukC4ON1jweJ+8LrH0QQ/NZwjI/YgBig7FONFUpiF22XSmLEKlngIXyQMOLyOcXN3ixsza6LZeGTtyTfx+4ClNyS1OOKIu7UCq11DxJ1vrNnE3MxjrZaeR0irIAGPZIFnGT1QAXM4ISdNtdlXTj8GsmlYs4c5enyaLhmPSxgbN1sdg5JZahD+oiKPsRl2LtQqj9gcBNJMGkjU4NOreQMWriQ2dzgl8Hem5EKjpEIkj846RUmKWbZ3IA+Y4udkZDJevqMdqaA203mKJRFogD+ziqiVpjC4vlTgBg7T+dMhlha/BbBgJgpcuUacFI8RXO6MbVRV4sB05pNx1UUhV6fBsAcJiq7XpNnI6NLQUbGRVnwB6JyGq9f3SoSpvBK7mR4xbBODgV4O/gMqsV816mu2wY/zUPnw6a2MZz8g81st5AoKyPfExbqJa58woZg7EBrdseicu2CBxD9yenGHVyisqdERpY6WoEkoDA5Sr/r+A/Ek7otZWGNtBLS/7VQExaNNbnanXLGYM7t0magTkx879MlU3VWYwNEN5+lJieMWCAFmEva670WnQb1CXhDW5T3O+udm9K+DN5wFQJfqUkOAcvTSmBWi/MynW+5bBtQfUW7Sl31lHD/h1mc7TjB+j+lSaQneqOEjPAgChzabGS949bBSHh2TGuo19Ma+fVjUaENf+Q+eHZC3wHZKQioT8xOZH2bgvmlP62lG30OtAlwOkg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In an effort to separate intentional arithmetic wrap-around from unexpected wrap-around, we need to refactor places that depend on this kind of math. One of the most common code patterns of this is: VAR + value < VAR Notably, this is considered "undefined behavior" for signed and pointer types, which the kernel works around by using the -fno-strict-overflow option in the build[1] (which used to just be -fwrapv). Regardless, we want to get the kernel source to the position where we can meaningfully instrument arithmetic wrap-around conditions and catch them when they are unexpected, regardless of whether they are signed[2], unsigned[3], or pointer[4] types. Refactor open-coded wrap-around addition test to use add_would_overflow(). This paves the way to enabling the wrap-around sanitizers in the future. Link: https://git.kernel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594 [1] Link: https://github.com/KSPP/linux/issues/26 [2] Link: https://github.com/KSPP/linux/issues/27 [3] Link: https://github.com/KSPP/linux/issues/344 [4] Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Dmitry Vyukov Cc: Vincenzo Frascino Cc: Andrew Morton Cc: kasan-dev@googlegroups.com Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- mm/kasan/generic.c | 2 +- mm/kasan/sw_tags.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index df6627f62402..f9bc29ae09bd 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -171,7 +171,7 @@ static __always_inline bool check_region_inline(const void *addr, if (unlikely(size == 0)) return true; - if (unlikely(addr + size < addr)) + if (unlikely(add_would_overflow(addr, size))) return !kasan_report(addr, size, write, ret_ip); if (unlikely(!addr_has_metadata(addr))) diff --git a/mm/kasan/sw_tags.c b/mm/kasan/sw_tags.c index 220b5d4c6876..79a3bbd66c32 100644 --- a/mm/kasan/sw_tags.c +++ b/mm/kasan/sw_tags.c @@ -80,7 +80,7 @@ bool kasan_check_range(const void *addr, size_t size, bool write, if (unlikely(size == 0)) return true; - if (unlikely(addr + size < addr)) + if (unlikely(add_would_overflow(addr, size))) return !kasan_report(addr, size, write, ret_ip); tag = get_tag((const void *)addr); -- 2.34.1