| Message ID | 20240123002814.1396804-21-keescook@chromium.org |
|---|---|
| State | New |
| Headers | show
Return-Path:
<linux-fsi-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=permerror header.d=chromium.org header.i=@chromium.org header.a=rsa-sha1
header.s=google header.b=gJwUFqOE;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org
(client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org;
envelope-from=linux-fsi-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org;
receiver=patchwork.ozlabs.org)
Received: from lists.ozlabs.org (lists.ozlabs.org
[IPv6:2404:9400:2:0:216:3eff:fee1:b9f1])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1))
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4VVrB7426jz23td
for <incoming@patchwork.ozlabs.org>; Fri, 3 May 2024 09:44:15 +1000 (AEST)
Authentication-Results: lists.ozlabs.org;
dkim=permerror header.d=chromium.org header.i=@chromium.org header.a=rsa-sha1
header.s=google header.b=gJwUFqOE;
dkim-atps=neutral
Received: from boromir.ozlabs.org (localhost [IPv6:::1])
by lists.ozlabs.org (Postfix) with ESMTP id 4VVrB72T0Rz3bPM
for <incoming@patchwork.ozlabs.org>; Fri, 3 May 2024 09:44:15 +1000 (AEST)
X-Original-To: linux-fsi@lists.ozlabs.org
Delivered-To: linux-fsi@lists.ozlabs.org
Authentication-Results: lists.ozlabs.org;
dkim=pass (1024-bit key;
unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256
header.s=google header.b=gJwUFqOE;
dkim-atps=neutral
Authentication-Results: lists.ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=chromium.org
(client-ip=2607:f8b0:4864:20::c29; helo=mail-oo1-xc29.google.com;
envelope-from=keescook@chromium.org; receiver=lists.ozlabs.org)
Received: from mail-oo1-xc29.google.com (mail-oo1-xc29.google.com
[IPv6:2607:f8b0:4864:20::c29])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
SHA256)
(No client certificate requested)
by lists.ozlabs.org (Postfix) with ESMTPS id 4TJnyV6VRZz30fM
for <linux-fsi@lists.ozlabs.org>; Tue, 23 Jan 2024 11:29:04 +1100 (AEDT)
Received: by mail-oo1-xc29.google.com with SMTP id
006d021491bc7-59927972125so1949159eaf.3
for <linux-fsi@lists.ozlabs.org>;
Mon, 22 Jan 2024 16:29:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1705969740; x=1706574540;
darn=lists.ozlabs.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=iYPePh3YDAX5XeUL0YItedWtvGPjAEL8L/FW2KUYqQo=;
b=gJwUFqOE5N5qTL7abmLkJXUwE9AVvllk6hr+eWDLNLQudQyTLjpeix7yL0KwqO3ryg
ztF97dopq+rCQCxnZ8/nD80zajSv6NbPjIoEdOZXz0FIdmj90OK5s3NuaQxB7JPeuuFL
HD3eX0mi+KCROvMqo72gmHU/u6u8MX/q8Be8w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1705969740; x=1706574540;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=iYPePh3YDAX5XeUL0YItedWtvGPjAEL8L/FW2KUYqQo=;
b=VcRcr8gg/k4b7SspkUOGGDkuLEx2xq2W7gaDpg7kKDTLcSQqGjZHo9e7EZYrL+b0RP
cAddAOya7/p0gmubnucYbzvAab0wsOOI/NkRT68a+yYz58Ep34Fm3RV1bbpFskc26Jxw
r5YqhqvrBjE9eIZBvSc0OWJvrl43X6P/JMg6HHr8gU5Ny0pBBVtVaXmoaRArhS+TT1mY
U7hUMBGkKGH2NYUGR+8zWjYi6RBTvunvbGy7fm5A4GPzwdSiXDTO62r//8G6RQujYThS
8utRLH0bkVWOD9asYzb7hZ3TfZfkqSYTYuFzmdzK9xpQYeXSyQ5qANf9KTXY+hZZ45k9
CsCA==
X-Gm-Message-State: AOJu0YwE9l2K9nXMCX3OCZEqrbeqMmAZxKmdM39LWeDGl7d7cWEnUaiY
nknT6dXw0R3HgxufgHYUxQ0zr6do65TCMpU4VKobsxbczUjqoTwiN6zYmGgVeQ==
X-Google-Smtp-Source:
AGHT+IFMstEscoBrN0aJQvkfd72cl9+1Jfzh5pj8esCqjdIwXGP0lIWzK3WICAOAdiZSyvHClGKcsw==
X-Received: by 2002:a05:6358:d142:b0:176:5364:4c11 with SMTP id
jz2-20020a056358d14200b0017653644c11mr1705146rwb.18.1705969740238;
Mon, 22 Jan 2024 16:29:00 -0800 (PST)
Received: from www.outflux.net ([198.0.35.241])
by smtp.gmail.com with ESMTPSA id
sr4-20020a17090b4e8400b00290d1fe7004sm1125pjb.27.2024.01.22.16.28.40
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 22 Jan 2024 16:28:49 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: linux-hardening@vger.kernel.org
Subject: [PATCH 21/82] drivers/fsi: Refactor intentional wrap-around
calculation
Date: Mon, 22 Jan 2024 16:26:56 -0800
Message-Id: <20240123002814.1396804-21-keescook@chromium.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240122235208.work.748-kees@kernel.org>
References: <20240122235208.work.748-kees@kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=2068; i=keescook@chromium.org;
h=from:subject; bh=KXulPh4t4RiYFM61WwrsfgMxfDXtkwo2mrzOGlAVyok=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlrwgGVuv+cx3dly309OCp0+qc8WOYsn33imp7w
Era4ZtrnxCJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZa8IBgAKCRCJcvTf3G3A
JpxaD/wP0LVNx2em0pfpaFXC0tZD/FxxSF459U6XlRqkrqEKIO6/XBj3CX9EWp/TE005lzpc2N8
+Lc4PJNwg6U/eOU70DhuzHbs8D4nlr4wf3TTdZrsyXO0gCVwv5qrfsz3rm69M4EflEjIN2dRsoJ
T5hnFI3MQO4+iyiyBwSTAeEN1zN5PfiNBZyJQ/RbxU6y9hNJcfeaygZQLNELazPfzJg1gfA7h+X
M9AH608Ag7OMHnQ/4P1gxYCwXpBF4fndGeeZW0aUW52myuvy3UBHiDNy6FnGILcAjJLe1lewKma
K5K0wRZNO07RRdU71tSQDU5z8S6HhYWUQGHqMx11ubZamRt1q+ElS4USRGPyEogYbr08zGG5XNJ
j8y1M6rdhGvpoO8GGjcNVeboA9LLCmkVNB4M+gN8yVtF8Dczbyl0sWbYvoesORKqvr2+t7VZELV
AaSQmDgSAOTHrbYNZDGrZVxfowG/eHplD+Fw9oZIHuXHD4w2FuKcbOUzlq81MVW0/cgoejXmh/4
0KUkG/jAHr0SfhYT0xvd015htl2LisW1Ma9fki+q2+kVV2h1Na7pn2PkxHlQ2pDDL8KVci3x/6H
HttpHX/GSMfBm9LWUvZmaY0DRHHgMo7l1f9pb1A6YSdSejyOiQRR47YeFnuIbj4Wi2MfKXSZYKs
bbHmMsPpbu9phdQ==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Fri, 03 May 2024 09:44:12 +1000
X-BeenThere: linux-fsi@lists.ozlabs.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-fsi.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/linux-fsi>,
<mailto:linux-fsi-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/linux-fsi/>
List-Post: <mailto:linux-fsi@lists.ozlabs.org>
List-Help: <mailto:linux-fsi-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/linux-fsi>,
<mailto:linux-fsi-request@lists.ozlabs.org?subject=subscribe>
Cc: Kees Cook <keescook@chromium.org>, Alistar Popple <alistair@popple.id.au>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>, linux-kernel@vger.kernel.org,
Justin Stitt <justinstitt@google.com>, Bill Wendling <morbo@google.com>,
linux-fsi@lists.ozlabs.org
Errors-To: linux-fsi-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "linux-fsi"
<linux-fsi-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
|
| Series |
None
|
expand
|
diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c index 097d5a780264..46b24d0aadc6 100644 --- a/drivers/fsi/fsi-core.c +++ b/drivers/fsi/fsi-core.c @@ -381,10 +381,12 @@ EXPORT_SYMBOL_GPL(fsi_slave_write); int fsi_slave_claim_range(struct fsi_slave *slave, uint32_t addr, uint32_t size) { - if (addr + size < addr) + uint32_t sum; + + if (check_add_overflow(addr, size, &sum)) return -EINVAL; - if (addr + size > slave->size) + if (sum > slave->size) return -EINVAL; /* todo: check for overlapping claims */
In an effort to separate intentional arithmetic wrap-around from unexpected wrap-around, we need to refactor places that depend on this kind of math. One of the most common code patterns of this is: VAR + value < VAR Notably, this is considered "undefined behavior" for signed and pointer types, which the kernel works around by using the -fno-strict-overflow option in the build[1] (which used to just be -fwrapv). Regardless, we want to get the kernel source to the position where we can meaningfully instrument arithmetic wrap-around conditions and catch them when they are unexpected, regardless of whether they are signed[2], unsigned[3], or pointer[4] types. Refactor open-coded unsigned wrap-around addition test to use check_add_overflow(), retaining the result for later usage (which removes the redundant open-coded addition). This paves the way to enabling the wrap-around sanitizers in the future. Link: https://git.kernel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594 [1] Link: https://github.com/KSPP/linux/issues/26 [2] Link: https://github.com/KSPP/linux/issues/27 [3] Link: https://github.com/KSPP/linux/issues/344 [4] Cc: Jeremy Kerr <jk@ozlabs.org> Cc: Joel Stanley <joel@jms.id.au> Cc: Alistar Popple <alistair@popple.id.au> Cc: Eddie James <eajames@linux.ibm.com> Cc: linux-fsi@lists.ozlabs.org Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/fsi/fsi-core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)