From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFBC0C3DA4A for ; Thu, 8 Aug 2024 22:45:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 800C16B008A; Thu, 8 Aug 2024 18:45:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7B04B6B0092; Thu, 8 Aug 2024 18:45:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 679786B0095; Thu, 8 Aug 2024 18:45:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 4B2BE6B008A for ; Thu, 8 Aug 2024 18:45:04 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id EC81C1C25DA for ; Thu, 8 Aug 2024 22:45:03 +0000 (UTC) X-FDA: 82430560086.01.E377718 Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) by imf08.hostedemail.com (Postfix) with ESMTP id 1A7F7160013 for ; Thu, 8 Aug 2024 22:45:01 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=l92Wttd+; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf08.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.208.43 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723157049; a=rsa-sha256; cv=none; b=xcrLbjDaX2dgi0ZUn2Ot78s5IEKuQ0thGzijxTxnhOb1cQ/dvJl7DpCs0FPudAgc0J9OTY Z30jKfpaZ2yhiqWsvi3oar6YBdD25hCqvd1AC4XBeAtUJWzFVXOuTz3FiZ/PjAn4khRjyw n2eZC1IVmUETEqB9P/1OLiBgwRQWGIs= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=l92Wttd+; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf08.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.208.43 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1723157049; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qZV5WCkf7CasIKV2LJxpurqw99P9KzsH3qsMPPbtVRI=; b=2aU4GxCJ34zsjjSGw/hVXx+LxSKOFWrp6+8RAIOqa0jo7bKQR+sd2wtQyu1t3UtQVX4YRR 0XK2+n1v7z7HJuqB7jvHLIrUWYmoMqKk7XOzFP+yiSnSYjZovarbEbc6qOgVAT/BOWp8sk O6Xwt6m0DLzv4nj+mB6RsUmy7XyewV8= Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-5a10835487fso1957365a12.1 for ; Thu, 08 Aug 2024 15:45:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723157100; x=1723761900; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=qZV5WCkf7CasIKV2LJxpurqw99P9KzsH3qsMPPbtVRI=; b=l92Wttd+ruKsxCnABodwxbidfvMq7BwVkmmVn/S1IjfSfZsH3hmr6yrEAK0V1xZyg9 GtbDq1RerypDJkRQiriaBFz4rLeJvIew0U3usMoq0/K5XiaStdo+E5fzWxzP7CMZw8QM 0FtHtzRJCvVT8E5h1auWzH6nbkBUIckS6SvdxE9ug1sXIwI8+LIGOq+1cpTfND9FpNNY WN6pE3l1/xWfRSX1wtANTnWs+aVtRKeyGKE0Z1SdOc0cxWI7P2YhMwBRoObF4SNhZmly +fJfFqXq+40Eq1zT2tJZrXsdKS2qDxqJoHiyzByJiDaf89q/yNRLX+nFv/N5UrNgSF6A a12A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723157100; x=1723761900; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qZV5WCkf7CasIKV2LJxpurqw99P9KzsH3qsMPPbtVRI=; b=IY6qaK/KoRa0gz+CgCDr/OZLcPHEydcW/Pogx/VALKs2FcPoIvJYlHXxxVt7VRXdAI DIF3eWjQo4/KeRcS7qsDJkFyKDKDclmzJi2gT8+RvUMFvslZUXPjiuoFEI/6lNMJCDeg mfb9SBJtwXcXueq1u4uVVnjVu41BWGX0MnB/dXzCyAAH7u0JPsysaq0tzujlQVqf54lS ojBY6wp7OxJErPWfNM9avFwC1GA2qIzWNoY9QUyKbx3l/unjaFuqg/PRoXORd7+NqUh2 URxKewKFt+jDIttx62SaJEeDE1Zv48ywCSMWdZCKLlkZsCjOHGjwK7Y6aEGmvVSdFo5y mWuQ== X-Forwarded-Encrypted: i=1; AJvYcCXttHotcHzV08F0tJlaYH89y2REMM/MUlaibB2K1XZPGktktn5DskJuj1sEMh9QHnVNQGltleRkew==@kvack.org X-Gm-Message-State: AOJu0YzUe7oDFRXxupVfQ6vdGBMAegh72OiVwTtHoB+czv/COnVETT4u fpjPrqW1qw2i407Sh9zS1+ibQttORjyY3cBNHUYdKy/NJu9jsg4vXuyALQ7g6XRooV3C390dIaG jEkWhfc4kIjy51Zgl2S+8y+KSDD8= X-Google-Smtp-Source: AGHT+IG/YPRxcC08HkH67Q3Vq+I5hXDvlyQUZ1pzgMt0KKq2oynlYrGf2/7uSVAo1l9iKrWNS7rEEGkGkR9WxP1kyuA= X-Received: by 2002:a17:907:d2ce:b0:a7a:acae:340c with SMTP id a640c23a62f3a-a8090c23031mr243233666b.13.1723157100106; Thu, 08 Aug 2024 15:45:00 -0700 (PDT) MIME-Version: 1.0 References: <20240807234029.456316-1-andrii@kernel.org> <20240807234029.456316-2-andrii@kernel.org> In-Reply-To: From: Andrii Nakryiko Date: Thu, 8 Aug 2024 15:44:44 -0700 Message-ID: Subject: Re: [PATCH v4 bpf-next 01/10] lib/buildid: harden build ID parsing logic To: Andi Kleen Cc: Andrii Nakryiko , bpf@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, adobriyan@gmail.com, shakeel.butt@linux.dev, hannes@cmpxchg.org, osandov@osandov.com, song@kernel.org, jannh@google.com, linux-fsdevel@vger.kernel.org, willy@infradead.org, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 1A7F7160013 X-Stat-Signature: 8gmesqpmomxjjdses3pxdx7bqd15awt3 X-Rspam-User: X-HE-Tag: 1723157101-130376 X-HE-Meta: U2FsdGVkX18BDG4Y30rp13n3T+i10rGSm3btJE16265kCn2PAFGyo2s/jfV+xG3WDMEH7vEYKMfUfpF0EufExyloykSvvi1HJR9kf94DXw26xISZITeUdl0nRBSmHpTxitK8/c0pc7WPGUvW1YslzY4u2QUzcQpTg9JBCYlnVbpixJ7ytybb1y0O/sRm7eRrinYagGvPuVD3YbxDL/IEmkgjcQQLOQiZhN9dKO3SCSWnetVivpqVnc5ONv4mP35GKI16UhbUQxAATpesxHOVG17HMpcnc/iJUfMK/EDMoPpkikmUBjdgi8kMnLI0W6oBZRGCzXBMf695EF/NwL9muC4x/zcNw20GtIOcTSmgFBdVK8C78iQXATt/bU7jr6+AjHrRZ3aB1mXWKdhQrSV8+WM9GG6YUcqQnYClkAAf+XUijVV677zna2lzsC9zJqmR8Yluhxj8urYihZeXmgTz7cS1JCGx6m9xS76bkmrd6xjOHPzCny0o10VCA4o8c7mbQ8igFcFCUUbW00Q62TteFi9SFhuJb12oLoqMYtFLlyH3N0uTwwbl7f2JlquCmMHUtRqO4Mh8fI7QzzQFk6vXII56ihiiSfLNyWR8PeG7yiWl2Ys23goS2Zm7WWsviOieNLd6DnDWbMGTQ/voyAPWw4gN/VL3bKWr2ZLUbYYNSs3vNm80N/oc6EMktXaPNWwfMazrnkqa7YJWmxTcm/jYdrk742ZrpWpowU7N/EzGMNG8oEZsdNhw2DeFe3aCvW6TiXJA+Tm2dHlyrwCQRRegG2IydqNXaz+Fn2Yilhb0lw2vEZVihfpm//7HaJZwa1vDS6TG9RtDyyt0Z/Nuza90+jLtK4NuFfWXIreeZlmBzE5w70pvPtsdE5kK4dk0cJxlgaN6aX9u1dY7c7XzPP4SP9Kv6eeaW5ofdosqQmO5HQ9CAUFi8iIB7MPk7fK8kyY+jilBNb9+fNoinOez25X WFa3zgeL GVIZN7m4iJukhuDiPUz+o1z+J2FAp8FFU/Ik6XoXwMAyipW2hK4hDFbxHZYbM9qmPdGGNoom1rzhTP73dj3nGh2Lix/3/YkYVioBiD08hy7zxbt+0Mf9ghwzxxogHDmsxmoDHyvpkXsBlqVOosAXcm1vmmq3nnbZ/7gak05XJ1V8uUB06/upvIsZBKYPnqjOTRSclYegJryht5ONofXgDJslP+cm9G7YUzp1VpGQmbJqqkA+bKcdjYl1f/5x+EK1e/BAfgkXumkeANnSlpWHM63iyJ/0wZUQF21SrZ+G7X/znEz2l2ukaPz8mglAi5FOx1wIOk3iZgCFpaEr/f4aBSJIBKFhP7FqJg+5L X-Bogosity: Ham, tests=bogofilter, spamicity=0.000835, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Aug 8, 2024 at 3:24=E2=80=AFPM Andi Kleen wrot= e: > > > + name_sz =3D READ_ONCE(nhdr->n_namesz); > > + desc_sz =3D READ_ONCE(nhdr->n_descsz); > > + new_offs =3D note_offs + sizeof(Elf32_Nhdr) + ALIGN(name_= sz, 4) + ALIGN(desc_sz, 4); > > Don't you need to check the name_sz and desc_sz overflows separately? > > Otherwise name_sz could be ~0 and desc_sz small (or reversed) and the che= ck > below wouldn't trigger, but still bad things could happen. Yes, both sizes are full u32, so yes, they could technically both overflow resulting in final non-overflown new_offs. I'll switch the additions to be done step by step. > > > > + if (new_offs <=3D note_offs /* overflow */ || new_offs > = note_size) > > + break; > > -Andi