From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93022C46CD2 for ; Tue, 23 Jan 2024 01:03:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E363B6B0085; Mon, 22 Jan 2024 20:03:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id DE6976B0087; Mon, 22 Jan 2024 20:03:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CAE1C6B0089; Mon, 22 Jan 2024 20:03:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id BC2866B0085 for ; Mon, 22 Jan 2024 20:03:43 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 59E8FC05AC for ; Tue, 23 Jan 2024 01:03:43 +0000 (UTC) X-FDA: 81708778326.26.AE1B5F2 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by imf16.hostedemail.com (Postfix) with ESMTP id 8A23A180002 for ; Tue, 23 Jan 2024 01:03:41 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=V7gcEPo2; spf=pass (imf16.hostedemail.com: domain of keescook@chromium.org designates 209.85.215.173 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705971821; a=rsa-sha256; cv=none; b=YciNtDGaO1/RF+tKSNEHigzVjNn48UfSJvr0PHDIl03FsYlvr8QQNhdA7761sh8w1pfcwm 6rV8e+mKk7leKm33Dp2chkMItFqy3yh9Bsj1L2t9DsMihMaJzdoATfu/NT+68LeHgFwqQV SBVqu/dM0W473hhNrckgHe3rpxg7sFY= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=V7gcEPo2; spf=pass (imf16.hostedemail.com: domain of keescook@chromium.org designates 209.85.215.173 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705971821; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xnep1Nz3UUWk+A97sey3opJKdGJPhXQxINirZ47tsts=; b=l9zUpJ1JSordjkv1Tge5oRa6HYxPRJ0SVMzQIYQT+t4920kF1Kksk4ETxmXNAWDKQSW5i7 AAAdn19B4ciM1vqiLILS8fY2GLlaBM7JStLj5FPQL805umcolBdHSIWEN957T5lFqCUGEG h+joB+55fsbgvIW4QakMwA8irn+YpWI= Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-517ab9a4a13so2973995a12.1 for ; Mon, 22 Jan 2024 17:03:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1705971820; x=1706576620; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xnep1Nz3UUWk+A97sey3opJKdGJPhXQxINirZ47tsts=; b=V7gcEPo27ghGizkexJ1V9jnN16Hx8tKSoqWeLJtZrl3q0/8Jb8rLDjP4Q8qKyFfbtX p+vjPiSnd9+xZjy03/+c5j8gV1UqkfonFjEEYwIFferEV1J5H4GINPiP0x+X0CoyBC1h 8DtYhHqTJWpT+R0koMAGo86nq+Cpx5hTdLrdg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705971820; x=1706576620; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xnep1Nz3UUWk+A97sey3opJKdGJPhXQxINirZ47tsts=; b=GRrI5/u0dMrC1hygcjNvB9C4HgPFC25hXa6UpdrxA0/SqYdPpqhDDe7I5DCXFOrn5J tw8niQddPzZK5MLtCmD1xzfkOqBN4J7rnpC9YPmk4jN6YqowpyPInEQD7HB3tF9FEmSB WQScZ3oRqpIvmxS9FKAyJzvinF6OEtmyTy+rfBrWkML0C8+WQhtz7CWch02ltGIOoi9T urcKyIX+H3U3xrn6/BT/2Y5lcEIqx3Yspptv2DSwsCWhew/Q9q6Ea/lLya4zh50QTj2D zgHw6rltzDWvM/yRpJznFQ9ZntCTboCKe0l4H6NTpBL/7OPVumpn23Bj/oEWBZPjT5CC aXiQ== X-Gm-Message-State: AOJu0YwUB/aIQfOFQUTNhnmzvUZxO3dpLWnVVYyUCyEnrG1Dl7TBX4wE GdHbL3jZ+FBKzZ2sOSNUu2R1h+jmC1u98a4fawzNp6KzxQZdximgfr839AAfqQ== X-Google-Smtp-Source: AGHT+IHtDT1yrq6PLJdBjifV6sVndraNqQcRTaZ6r3kszvNUHhuC9VOVEAQ7fl/+G79Q0TkuxmIxEQ== X-Received: by 2002:a17:90a:bb85:b0:290:2f93:610 with SMTP id v5-20020a17090abb8500b002902f930610mr2563687pjr.43.1705971820287; Mon, 22 Jan 2024 17:03:40 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id m1-20020a17090b068100b0028d53043053sm10363069pjz.50.2024.01.22.17.03.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 17:03:38 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , Andrew Morton , Uladzislau Rezki , Christoph Hellwig , Lorenzo Stoakes , linux-mm@kvack.org, "Gustavo A. R. Silva" , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org Subject: [PATCH 78/82] mm/vmalloc: Refactor intentional wrap-around test Date: Mon, 22 Jan 2024 16:27:53 -0800 Message-Id: <20240123002814.1396804-78-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240122235208.work.748-kees@kernel.org> References: <20240122235208.work.748-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1848; i=keescook@chromium.org; h=from:subject; bh=nJ/Dbne7d4x17jpkuEGwBkY4HOJHaHOZVri7BDLojVU=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlrwgMYqbiC9CfEEv7H4hKDed0Ckaf1Z1VbaYnE qoWkPaOgCiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZa8IDAAKCRCJcvTf3G3A JoAFEACV8xbsMUxa2NDUN1xXMDrXI740/x4qynm76Y5yHDXd8g4dDNlV6TgPgaKrMcZxegbZ2QU R5cRYG/J7JglC10FqOIhwD6AtUxi84C/xDwgUdTjMekuyQtf8oDx7YLLgAKw8bq0t4X3rpW6CvQ 789Dm5r/bO09y037XiiADu+c0Kfca0kz4l4hsD3wqzySP4Ha6OvsDs8CBNbY6tRlGGUthfub7II tb1WtKY1ZinjdC4ghifbgFhlRrCOgj7biFA8ou8CciPsdg7rnA7965zlYbuVFdMDC7AsDA5W/0t iCmgY4z2UsX2FErJx60tBeyjU5boRyhss2AYcsWP/7W0bNE3DeDbwIi91im5pXaPnnnh++xW9ie viskQzEHVGCp9fzX5vKIf8jWzSJ7kshlSMNsQ0O4SzwcFPvVJk/escQgdR6K+1QBoVAorEWDOhx EsxeHB0NO1Ze8mw6jGQTqe83Ccv2wJrRp3YX2kRVqeK/+4OnQ/uXFWUnnKJD4RNds5YD7tAxgIQ 3J2yAO+sh6kXYGC+2QQd0JG9eMTxuQbNeW3l6pbJpV4Ar0Hkhq3u7dOEqgZrnciBM9n0pEUPmza VmlL1fSQYFD2oTO8q5g9EePyBH83lEZSENHLTs6nrCpzpCdeFQQTfsTySvMG6AFuxAd+iNZc0Q8 3j9NIiBzvjukfKw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 8A23A180002 X-Stat-Signature: muky1qsa9hfe7sadfw7szfmd9nxwbdpc X-Rspam-User: X-HE-Tag: 1705971821-312632 X-HE-Meta: U2FsdGVkX18v0+rfJsXo3ae8+RSZ3ocK7gU3d09YnFoOGl5NwjBrrLqYvU6Zbu31ZT2NRRGu4oPf9W6+60Eb9vIEwbP1WnUfeqC+kzIZLo29/GatK+mHEyFsckqLb4t9lO1hvAR9EQC2VPUJr5LYJOUl9P1cIx5lwInOwJsypPjfwbDiY4ZnZks3UI3MTTf8IPeq3VW2nNWZwgMsZjPbFVo1FIYRdoiY8k6LmoLy9tlChss9J3i9B9+4T9DoGbamnyibim2tl4cqnuwt++XLoYihDYt0C7wX1moEYssX7IhHx4nIYxwElIYuZSbXsOAxBZ5cDN0aRHu6N/mL0/DFz+6uZeh1CBIbJ5vZ7os63CRlkujwOmliGUKKMGE708D/nQVfc7lSZsEIPRJk7uovIvx/CrdayFVY+vfxIn26I8icOTGwnu4LeSDHZYet5V+ARCeMv8BOGiyI5y3riwzg6g7I1HonML4QfLLwebZekiboN9p9lQMy0f8ewBPgqkNUQwQK3zh1DXmOfclcoVhCQd+07I8dvjOWlBTZEwsqe2QHqF36ExBMvIXgTojLO9ksf3bHFInVhnMdviCKHIG/AwpIYhMU6r089aoB9ORmJ7qViSEGlS91ESMCo0fkCyJJ9GKUZxTZ+DFuVAFIIOSv0QZsExisSruX03G6PWi/tbHVmIMqA7ptI9ecmrqSm3lCMGvJ06jn6W4EXSLt4vLFgKVNcGYJNdSlInxzQYYr2SHRCrK+v3K9idVjuuBphkla7jvuWIbitJRT52yAgkjkchE7xein3GEr90xI7T0NV2USJnXrENi4SwYKhvxctG0dT5j23ke1HAx/JTHiKcGFmgV6EdUxo83/A1DLk2oZpexSVg5dlCqoPTPO2T7/6Wbat2hG1z7j+zLRU2ioqd2oS4KVdC6Pk4HDEopB27y2t7WyOZgdLkT/bCzLunj8PT32UsJaMnQ5MEhImYqQuBT wziuHwSB LDGXyQY0U19HwV5k1V11y2sRyPTszuMF8R9Xz+20IaX9blcYUXfzbeXSRMUmmRyS1deS3+hQKSuKfpNPqatTVFLxa8sApOQvIRD9+LwZ6jUJOxB0X0nlj4DP18A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In an effort to separate intentional arithmetic wrap-around from unexpected wrap-around, we need to refactor places that depend on this kind of math. One of the most common code patterns of this is: VAR + value < VAR Notably, this is considered "undefined behavior" for signed and pointer types, which the kernel works around by using the -fno-strict-overflow option in the build[1] (which used to just be -fwrapv). Regardless, we want to get the kernel source to the position where we can meaningfully instrument arithmetic wrap-around conditions and catch them when they are unexpected, regardless of whether they are signed[2], unsigned[3], or pointer[4] types. Refactor open-coded wrap-around addition test to use add_would_overflow(). This paves the way to enabling the wrap-around sanitizers in the future. Link: https://git.kernel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594 [1] Link: https://github.com/KSPP/linux/issues/26 [2] Link: https://github.com/KSPP/linux/issues/27 [3] Link: https://github.com/KSPP/linux/issues/344 [4] Cc: Andrew Morton Cc: Uladzislau Rezki Cc: Christoph Hellwig Cc: Lorenzo Stoakes Cc: linux-mm@kvack.org Signed-off-by: Kees Cook --- mm/vmalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 7932ac99e9d3..3d73f2ac6957 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3750,7 +3750,7 @@ long vread_iter(struct iov_iter *iter, const char *addr, size_t count) addr = kasan_reset_tag(addr); /* Don't allow overflow */ - if ((unsigned long) addr + count < count) + if (add_would_overflow(count, (unsigned long)addr)) count = -(unsigned long) addr; remains = count; -- 2.34.1