| Message ID | 20240123002814.1396804-23-keescook@chromium.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-34541-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:2553:b0:103:945f:af90 with SMTP id p19csp71071dyi;
Mon, 22 Jan 2024 17:58:20 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IE+aYYFFtARiJtLs/n9OcyQQkrSZ3GDYWlPlPIB3tT5GjI54FUz0Y9Ox48oFASwvqMwrX6L
X-Received: by 2002:a17:902:f80d:b0:1d4:cc36:e47 with SMTP id
ix13-20020a170902f80d00b001d4cc360e47mr2368105plb.52.1705975100319;
Mon, 22 Jan 2024 17:58:20 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705975100; cv=pass;
d=google.com; s=arc-20160816;
b=JdugiCk8kWZ12vpDEwzAkw7mG6P0L1ZUIZJWoM2g9PsngEtZEJPtvt6fnO9uxq5NbO
oltKTIoOSnwwC9zQ/ubEN5p1em8ChCLx3RCUX6SFN26UniabsHIez8ju4y/vDS62JnnO
dd0lZDlQ/ObrVOb1Q1w03zpb8H5UgseZkqQg2antXdRE+aNJlKtiWy3OlFX9zPjX0VMi
QPflEx5dOyGVtb0YM5OmNTnqvULPrmje751yP7+XkowpFIeHCTCgqCuzJGaIUlGrGb8o
+PvUVvUG01n8ElMbur6iVz6PexBAnyx0x75InjN2EOVC8qs5/03fKAhZ24UAL7J2nH55
ytnA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:references:in-reply-to:message-id
:date:subject:cc:to:from:dkim-signature;
bh=iBzwhtxHV7+0pkueVEdOMj16Ew6MX43q2RtCRgBYnfE=;
fh=SvkQi+5vagOYKyXAVlpTCLO4XfzJZAkra3B1KXoxhBE=;
b=W0TsAu4gxhpuz0fQktr+/RBgIuCILXrfKdhgu4L8XuYCqV/30BD1i8tBDo5x9h6FPf
gqsKZJcFouVT995WDq4nvupPEhqk/DJJSuU5bkkWpGDh2wwlWfWmVt6xXwNl5GMRFSIj
z6pDcgKQeF0Qjm9prNE+SCR999GtJvVMnxYZ/5MtgxPIt49zo4BTZhaBHNHxqytTOaVi
lHkOEXV66ygfICT8TACbvIpA6KXH83SmaOJYBS5V4ou+/vY6LmKwtrZrgBbmlNhKqxkC
ZFgJptGBKK4svjcloKdJ4dDH/xR0lC/UAeeI3pV7Fd9zswobWhBSGhn9Opiqrg1lTcei
n+nA==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=NdcyDFzU;
arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass
dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
spf=pass (google.com: domain of
linux-kernel+bounces-34541-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-34541-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
by mx.google.com with ESMTPS id
i6-20020a1709026ac600b001d4cea91cedsi8942324plt.285.2024.01.22.17.58.20
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 22 Jan 2024 17:58:20 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-34541-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=NdcyDFzU;
arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass
dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
spf=pass (google.com: domain of
linux-kernel+bounces-34541-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-34541-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sv.mirrors.kernel.org (Postfix) with ESMTPS id 48F58297FED
for <ouuuleilei@gmail.com>; Tue, 23 Jan 2024 01:43:49 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id D58C913B79B;
Tue, 23 Jan 2024 00:46:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
header.b="NdcyDFzU"
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
[209.85.214.175])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A57F6167A
for <linux-kernel@vger.kernel.org>; Tue, 23 Jan 2024 00:45:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=209.85.214.175
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1705970759; cv=none;
b=f67fzJu0QQs6WuuzGDa37HUOVKdpVBRRPEQRswUQxKP4WGJxz2ESq745o/elzj2K0QNxyhp6BpeQhUEOfCpDdKbWloUlg16iJJX7/dqqyJlZ6QJAAtltbMhdb4Ec7cVavrdD8/h8VeqFp9rh2S6cx8gt++X8WwjVIRh8GscW6kA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1705970759; c=relaxed/simple;
bh=7SK+CeaptbBP/v+CP2JEux9OatqqjJKzGmyq2Voqx04=;
h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
MIME-Version;
b=RoxGkoKvrkbjTU0M/kq9K+c0awSphaK5DJc7+9d0M3SwdyMaQV2tEQ5wvf4b98W7XaRaXvJ4E8LZaKs1UbiI4C+UvB8htC8CEuOXw3u8bPAEqbI9338q5EyAF6zL2aYC48/3zv1BS9d1j23KrDv/kwudItoDeiHSfroopryw/hc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=chromium.org;
spf=pass smtp.mailfrom=chromium.org;
dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
header.b=NdcyDFzU; arc=none smtp.client-ip=209.85.214.175
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=chromium.org
Received: by mail-pl1-f175.google.com with SMTP id
d9443c01a7336-1d7393de183so8820275ad.3
for <linux-kernel@vger.kernel.org>;
Mon, 22 Jan 2024 16:45:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1705970757; x=1706575557;
darn=vger.kernel.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=iBzwhtxHV7+0pkueVEdOMj16Ew6MX43q2RtCRgBYnfE=;
b=NdcyDFzUhvzwX4yoUH4hoUPRRbxPVswsvgSrjYNQ54x5uzW9pV54KelUvXlN97GcLf
LKSb1v1TQQEQ1HC134EB+87lJrhokCugQ1IC/LJwPjt0ndO4rBR7kCnNeaKMXfItHDYK
HyNNFIBlgVVW+LRphKpcKBrr6QAdLpoZz+XIs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1705970757; x=1706575557;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=iBzwhtxHV7+0pkueVEdOMj16Ew6MX43q2RtCRgBYnfE=;
b=IUM3Lu51opXi6gMryu0w18wXqQR0Gy40nzh51TNi2uLxLU8Fu7MM62gxUWMobgQvAi
84LDbXv/A45PSP1V2bLc3+SiVQakPFL8oJyweVUwLJQret6lddtHcnmpwQo+HDaPDFOu
UXdRE1A1VhL7NJd6x55ICGkafBi3Yp84QE2JC9nvgxyjAANt6zEkImk9C8HWU9gpVuPr
Ir+8z13pERoiKDmVelET+Tc3ANZa8zqwtGwivthyn+A9OHCn6fnLA3MChFM957nhJglG
LTynprqiiS/pk9S+uy0sYDv5zu/g8v7hU7fKCuFBBwmhJ67Vc+6CLlSkYsBaUUFXZDtE
fWew==
X-Gm-Message-State: AOJu0YwUeaM+iBys9wa28nWs3EgNrBoJpZSFvV4+aRSPtviU6AO+2JJa
gjveh2iecBx89+7eOfK98M9qmgPcPmd08pMW7WEo2JwCoOhioDIBgMTTgPcsLw==
X-Received: by 2002:a17:903:249:b0:1d7:4f6:931b with SMTP id
j9-20020a170903024900b001d704f6931bmr2578303plh.18.1705970757393;
Mon, 22 Jan 2024 16:45:57 -0800 (PST)
Received: from www.outflux.net ([198.0.35.241])
by smtp.gmail.com with ESMTPSA id
e6-20020a170902784600b001d66b134f53sm8013882pln.233.2024.01.22.16.45.54
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 22 Jan 2024 16:45:55 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH 23/82] KVM: Refactor intentional wrap-around calculation
Date: Mon, 22 Jan 2024 16:26:58 -0800
Message-Id: <20240123002814.1396804-23-keescook@chromium.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240122235208.work.748-kees@kernel.org>
References: <20240122235208.work.748-kees@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=2091; i=keescook@chromium.org;
h=from:subject; bh=7SK+CeaptbBP/v+CP2JEux9OatqqjJKzGmyq2Voqx04=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlrwgGMUghWI+PGsPguK5zp1jJTO9Udx8kDt3JM
m98iBkuTfCJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZa8IBgAKCRCJcvTf3G3A
JsIxEACt5a2RN2oZ+4JYd2ymbmpv5B6nOsrUIqOPauBUQY+OHeVN8nMnsBdASH58oAT8jCD9WVQ
7HAb+2ANB08IYc8/R0h6xkBqa2lCZk/3c5dpFUtpIlCTzY+hAfPnj3l7atArhXefRspVNbsJft8
hYD5qHs7sMR4xnQPCwbKLBjLn46735BXMxnSYAn9JYVGEL740vCDkxpqmQgFiSX23MaRZDi2p8U
v1qhycBB3BSMK6Lo8r85YYSK2XJ9x47dytKFlfuqi371X3bi2J4T1Zmf1zmU0ALDy4G3/NJIlX2
JhbQiOfH98N9+MtqcBMq3RWtHRqVRJsqM4nPVlbzO4D0Z5EKX7HzxzAg+wZOWXOJqZBUflBMu00
jbo8OBTZLfp9yRmymYTGlNNuanwYU4YZpdO9MQx9rvC1YQM+HdtO9YWpu+++sAgjyvdln94rlUO
sMJ9ZmFXRxInaysdaafEyQBh06ugVvFdamYsCf6FILZP9XmKMUKSGcyiRVCG0f2brI9Fuyw3SRn
cbpJzb9ATyxDFZyuhMI/7g3fuPMKee7yNNoMul1dOGNFcLCtwSAgsgOVJEGFdCgdgXj7MmvUulL
ZBQpjnBa8JFB3UeWkmEc5ex6AaaLMKyDaTl9rbXMZXXt2w178+78kcYV5TBWH9Pt2AyakcqiqaQ
C0S0f0g8Orqog+w==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1788844546706805083
X-GMAIL-MSGID: 1788844546706805083
|
| Series |
overflow: Refactor open-coded arithmetic wrap-around
|
|
Commit Message
Kees Cook
Jan. 23, 2024, 12:26 a.m. UTC
In an effort to separate intentional arithmetic wrap-around from
unexpected wrap-around, we need to refactor places that depend on this
kind of math. One of the most common code patterns of this is:
VAR + value < VAR
Notable, this is considered "undefined behavior" for signed and pointer
types, which the kernel works around by using the -fno-strict-overflow
option in the build[1] (which used to just be -fwrapv). Regardless, we
want to get the kernel source to the position where we can meaningfully
instrument arithmetic wrap-around conditions and catch them when they
are unexpected, regardless of whether they are signed, unsigned, or
pointer types.
Refactor open-coded unsigned wrap-around addition test to use
check_add_overflow(), retaining the result for later usage (which removes
the redundant open-coded addition). This paves the way to enabling the
unsigned wrap-around sanitizer[2] in the future.
Link: https://git.kernel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594 [1]
Link: https://github.com/KSPP/linux/issues/27 [2]
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
virt/kvm/coalesced_mmio.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c index 1b90acb6e3fe..0a3b706fbf4c 100644 --- a/virt/kvm/coalesced_mmio.c +++ b/virt/kvm/coalesced_mmio.c @@ -25,17 +25,19 @@ static inline struct kvm_coalesced_mmio_dev *to_mmio(struct kvm_io_device *dev) static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, gpa_t addr, int len) { + gpa_t sum; + /* is it in a batchable area ? * (addr,len) is fully included in * (zone->addr, zone->size) */ if (len < 0) return 0; - if (addr + len < addr) + if (check_add_overflow(addr, len, &sum)) return 0; if (addr < dev->zone.addr) return 0; - if (addr + len > dev->zone.addr + dev->zone.size) + if (sum > dev->zone.addr + dev->zone.size) return 0; return 1; }