WSL2-Linux-Kernel/lib
Kees Cook 30f20ceb87 overflow: Implement size_t saturating arithmetic helpers
[ Upstream commit e1be43d9b5 ]

In order to perform more open-coded replacements of common allocation
size arithmetic, the kernel needs saturating (SIZE_MAX) helpers for
multiplication, addition, and subtraction. For example, it is common in
allocators, especially on realloc, to add to an existing size:

    p = krealloc(map->patch,
                 sizeof(struct reg_sequence) * (map->patch_regs + num_regs),
                 GFP_KERNEL);

There is no existing saturating replacement for this calculation, and
just leaving the addition open coded inside array_size() could
potentially overflow as well. For example, an overflow in an expression
for a size_t argument might wrap to zero:

    array_size(anything, something_at_size_max + 1) == 0

Introduce size_mul(), size_add(), and size_sub() helpers that
implicitly promote arguments to size_t and saturated calculations for
use in allocations. With these helpers it is also possible to redefine
array_size(), array3_size(), flex_array_size(), and struct_size() in
terms of the new helpers.

As with the check_*_overflow() helpers, the new helpers use __must_check,
though what is really desired is a way to make sure that assignment is
only to a size_t lvalue. Without this, it's still possible to introduce
overflow/underflow via type conversion (i.e. from size_t to int).
Enforcing this will currently need to be left to static analysis or
future use of -Wconversion.

Additionally update the overflow unit tests to force runtime evaluation
for the pathological cases.

Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Leon Romanovsky <leon@kernel.org>
Cc: Keith Busch <kbusch@kernel.org>
Cc: Len Baker <len.baker@gmx.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Stable-dep-of: e001e60869 ("fs/ntfs3: Harden against integer overflows")
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-31 13:14:33 +01:00
..
842 kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
crypto crypto: lib - remove unneeded selection of XOR_BLOCKS 2022-09-05 10:30:03 +02:00
dim dim: initialize all struct fields 2022-05-18 10:26:49 +02:00
fonts lib/fonts: fix undefined behavior in bit shift for get_default_font 2022-12-31 13:14:02 +01:00
kunit kunit: fix debugfs code to use enum kunit_status, not bool 2022-06-09 10:22:53 +02:00
livepatch selftests/livepatch: better synchronize test_klp_callbacks_busy 2022-08-17 14:24:03 +02:00
lz4 lz4: fix LZ4_decompress_safe_partial read out of bound 2022-04-13 20:59:21 +02:00
lzo lib/lzo/lzo1x_compress.c: make lzogeneric1x_1_compress() static 2020-12-15 22:46:19 -08:00
math math: make RATIONAL tristate 2021-09-08 11:50:26 -07:00
mpi lib/mpi: Add the return value check of kcalloc() 2022-01-27 11:03:58 +01:00
pldmfw lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
raid6 lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 2022-04-08 14:23:56 +02:00
reed_solomon lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
vdso lib/vdso: use "grep -E" instead of "egrep" 2022-12-02 17:41:08 +01:00
xz lib/xz: Validate the value before assigning it to an enum variable 2021-11-18 19:16:17 +01:00
zlib_deflate kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
zlib_dfltcc zlib: move EXPORT_SYMBOL() and MODULE_LICENSE() out of dfltcc_syms.c 2020-12-29 15:36:49 -08:00
zlib_inflate lib/zlib_inflate/inffast: check config in C to avoid unused function warning 2021-09-24 16:13:35 -07:00
zstd lib/decompressors: fix spelling mistakes 2021-07-01 11:06:05 -07:00
.gitignore .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
Kconfig crypto: memneq - move into lib/ 2022-06-22 14:22:03 +02:00
Kconfig.debug Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled 2022-12-08 11:28:44 +01:00
Kconfig.kasan kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS 2021-09-24 16:13:34 -07:00
Kconfig.kcsan kcsan: Make strict mode imply interruptible watchers 2021-07-20 13:49:44 -07:00
Kconfig.kfence kfence: default to dynamic branch instead of static keys mode 2021-11-12 15:05:49 +01:00
Kconfig.kgdb kgdb: Honour the kprobe blocklist when setting breakpoints 2020-09-28 12:14:08 +01:00
Kconfig.ubsan ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-04-13 20:59:27 +02:00
Makefile crypto: memneq - move into lib/ 2022-06-22 14:22:03 +02:00
argv_split.c
ashldi3.c
ashrdi3.c
asn1_decoder.c Revert "lib: Revert use of fallthrough pseudo-keyword in lib/" 2020-11-18 14:15:17 -06:00
asn1_encoder.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
assoc_array.c assoc_array: Fix BUG_ON during garbage collect 2022-06-06 08:43:37 +02:00
atomic64.c locking/atomic: atomic64: support ARCH_ATOMIC 2021-05-26 13:20:50 +02:00
atomic64_test.c
audit.c
bcd.c
bch.c lib/bch.c: fix a typo in the file bch.c 2021-05-06 19:24:12 -07:00
bitfield_kunit.c lib: kunit: Fix compilation test when using TEST_BIT_FIELD_COMPILE 2020-10-16 13:25:14 -06:00
bitmap.c bitmap: extend comment to bitmap_print_bitmask/list_to_buf 2021-08-13 10:27:50 +02:00
bitrev.c
bootconfig.c memblock: introduce saner 'memblock_free_ptr()' interface 2021-09-14 13:23:22 -07:00
bsearch.c lib/bsearch: Provide __always_inline variant 2020-06-11 15:14:53 +02:00
btree.c
bucket_locks.c
bug.c bug: Assign values once in bug_get_file_line() 2021-04-01 09:54:37 +01:00
build_OID_registry
buildid.c kdump: use vmlinux_build_id to simplify 2021-07-08 11:48:22 -07:00
bust_spinlocks.c
check_signature.c
checksum.c unify generic instances of csum_partial_copy_nocheck() 2020-08-20 15:45:14 -04:00
clz_ctz.c
clz_tab.c
cmdline.c lib/cmdline: Export next_arg() for being used in modules 2021-05-05 16:07:40 +02:00
cmdline_kunit.c lib/cmdline_kunit: Remove a cast which are no-longer required 2021-06-23 16:41:41 -06:00
cmpdi2.c
compat_audit.c
cpu_rmap.c
cpumask.c Revert "lib: Restrict cpumask_local_spread to houskeeping CPUs" 2021-02-05 23:28:29 +01:00
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c crc-t10dif: clean up some more things 2020-06-18 17:26:43 +10:00
crc4.c
crc7.c lib/crc7: fix a kernel-doc markup 2021-01-21 14:06:00 -07:00
crc8.c lib: crc8: pointer to data block should be const 2021-05-06 19:24:12 -07:00
crc16.c
crc32.c lib/crc32.c: fix trivial typo in preprocessor condition 2020-10-16 11:11:20 -07:00
crc32defs.h
crc32test.c lib/crc32test: remove extra local_irq_disable/enable 2020-11-02 12:14:19 -08:00
crc64.c lib: crc64: fix kernel-doc warning 2021-06-05 08:58:12 -07:00
ctype.c
debug_info.c isystem: ship and use stdarg.h 2021-08-19 09:02:55 +09:00
debug_locks.c locking/lockdep: Improve noinstr vs errors 2021-06-22 13:56:43 +02:00
debugobjects.c lib/debugobjects: fix stat count and optimize debug_objects_mem_init 2022-12-31 13:14:01 +01:00
dec_and_lock.c
decompress.c lib: Add zstd support to decompress 2020-07-31 11:49:08 +02:00
decompress_bunzip2.c lib/decompressors: fix spelling mistakes 2021-07-01 11:06:05 -07:00
decompress_inflate.c
decompress_unlz4.c lib/decompress_unlz4.c: correctly handle zero-padding around initrds. 2021-07-01 11:06:06 -07:00
decompress_unlzma.c lib: fix inconsistent indenting in process_bit1() 2021-05-06 19:24:12 -07:00
decompress_unlzo.c lib/decompressors: remove set but not used variabled 'level' 2021-07-01 11:06:06 -07:00
decompress_unxz.c lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression 2021-11-18 19:16:17 +01:00
decompress_unzstd.c lib/decompressors: fix spelling mistakes 2021-07-01 11:06:05 -07:00
devmem_is_allowed.c lib: use PFN_PHYS() in devmem_is_allowed() 2021-08-13 14:09:32 -10:00
devres.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
digsig.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
dump_stack.c lib/dump_stack: correct kernel-doc notation 2021-09-08 11:50:26 -07:00
dynamic_debug.c dyndbg: drop EXPORTed dynamic_debug_exec_queries 2022-10-26 12:35:08 +02:00
dynamic_queue_limits.c lib: dynamic_queue_limits: delete duplicated words + fix typo 2020-10-16 11:11:20 -07:00
earlycpio.c lib: remove "expecting prototype" kernel-doc warnings 2021-04-16 16:10:37 -07:00
errname.c kernel.h: split out mathematical helpers 2020-12-15 22:46:15 -08:00
error-inject.c fault-injection: handle EI_ETYPE_TRUE 2020-12-15 22:46:19 -08:00
errseq.c kernel.h: split out mathematical helpers 2020-12-15 22:46:15 -08:00
extable.c sparc32: switch to generic extables 2021-01-03 20:05:18 -05:00
fault-inject-usercopy.c lib, include/linux: add usercopy failure capability 2020-10-16 11:11:22 -07:00
fault-inject.c fault_inject: Don't rely on "return value" from WRITE_ONCE() 2020-04-15 21:36:41 +01:00
fdt.c
fdt_addresses.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
find_bit.c lib: add fast path for find_first_*_bit() and find_last_bit() 2021-05-06 19:24:12 -07:00
find_bit_benchmark.c
flex_proportions.c lib/flex_proportions.c: cleanup __fprop_inc_percpu_max 2020-06-04 19:06:25 -07:00
gen_crc32table.c
gen_crc64table.c
genalloc.c lib/genalloc: add parameter description to fix doc compile warning 2021-05-06 19:24:12 -07:00
generic-radix-tree.c
glob.c Revert "lib: Revert use of fallthrough pseudo-keyword in lib/" 2020-11-18 14:15:17 -06:00
globtest.c
hexdump.c hex2bin: fix access beyond string end 2022-05-09 09:14:30 +02:00
hweight.c
idr.c ida: don't use BUG_ON() for debugging 2022-07-12 16:35:18 +02:00
inflate.c
interval_tree.c
interval_tree_test.c
iomap.c iomap: constify ioreadX() iomem argument (as in generic implementation) 2020-08-14 19:56:57 -07:00
iomap_copy.c
iommu-helper.c
iov_iter.c fix short copy handling in copy_mc_pipe_to_iter() 2022-08-17 14:22:51 +02:00
irq_poll.c
irq_regs.c
is_single_threaded.c
kasprintf.c isystem: ship and use stdarg.h 2021-08-19 09:02:55 +09:00
kfifo.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
klist.c
kobject.c kobject: Drop unneeded conditional in __kobject_del() 2020-09-07 11:24:17 +02:00
kobject_uevent.c kobject_uevent: remove warning in init_uevent_argv() 2021-04-10 11:09:41 +02:00
kstrtox.c Merge branch 'akpm' (patches from Andrew) 2021-07-02 12:08:10 -07:00
kstrtox.h lib: vsprintf: Fix handling of number field widths in vsscanf 2021-05-19 15:05:11 +02:00
libcrc32c.c lib: libcrc32c: delete duplicated words 2020-10-16 11:11:19 -07:00
linear_ranges.c lib: add linear range get selector within 2021-08-13 18:37:38 +02:00
list-test.c list: test: Add a test for list_is_head() 2022-06-09 10:23:31 +02:00
list_debug.c lib/list_debug.c: Detect uninitialized lists 2022-08-25 11:40:40 +02:00
list_sort.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-rtmutex.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c lockdep/selftest: Remove wait-type RCU_CALLBACK tests 2021-06-22 16:42:08 +02:00
lockref.c
logic_iomem.c lib/logic_iomem: correct fallback config references 2022-04-13 20:58:59 +02:00
logic_pio.c PCI: Fix pci_register_io_range() memory leak 2021-02-17 17:31:06 -06:00
lru_cache.c lib: remove "expecting prototype" kernel-doc warnings 2021-04-16 16:10:37 -07:00
lshrdi3.c
memcat_p.c
memneq.c crypto: memneq - move into lib/ 2022-06-22 14:22:03 +02:00
memory-notifier-error-inject.c
memregion.c lib/memregion.c: include memregion.h 2020-09-26 10:33:57 -07:00
memweight.c
muldi3.c
net_utils.c
netdev-notifier-error-inject.c
nlattr.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
nmi_backtrace.c printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces 2021-11-25 09:48:45 +01:00
nodemask.c nodemask: Fix return values to be unsigned 2022-06-14 18:36:24 +02:00
notifier-error-inject.c lib/notifier-error-inject: fix error when writing -errno to debugfs file 2022-12-31 13:14:03 +01:00
notifier-error-inject.h
objagg.c
of-reconfig-notifier-error-inject.c
oid_registry.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
once.c once: add DO_ONCE_SLOW() for sleepable contexts 2022-10-26 12:34:49 +02:00
packing.c net: update NXP copyright text 2021-09-17 13:52:17 +01:00
parman.c lib: remove "expecting prototype" kernel-doc warnings 2021-04-16 16:10:37 -07:00
parser.c kernel.h: split out kstrtox() and simple_strtox() to a separate header 2021-07-01 11:06:05 -07:00
pci_iomap.c pci_iounmap'2: Electric Boogaloo: try to make sense of it all 2021-09-19 17:13:35 -07:00
percpu-refcount.c percpu_ref_init(): clean ->percpu_count_ref on failure 2022-06-06 08:43:36 +02:00
percpu_counter.c lib/percpu_counter: tame kernel-doc compile warning 2021-05-06 19:24:12 -07:00
percpu_test.c
plist.c
pm-notifier-error-inject.c
radix-tree.c lib: remove "expecting prototype" kernel-doc warnings 2021-04-16 16:10:37 -07:00
random32.c random: replace custom notifier chain with standard one 2022-05-30 09:29:10 +02:00
ratelimit.c ratelimit: Fix data-races in ___ratelimit(). 2022-08-31 17:16:43 +02:00
rbtree.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00
rbtree_test.c
refcount.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
rhashtable.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
sbitmap.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
scatterlist.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
seq_buf.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
sg_pool.c lib/scatterlist: Fix wrong update of orig_nents 2021-08-24 19:52:40 -03:00
sg_split.c
sha1.c lib/crypto: sha1: re-roll loops to reduce code size 2022-05-30 09:28:59 +02:00
show_mem.c
siphash.c siphash: use one source of truth for siphash permutations 2022-05-30 09:29:15 +02:00
slub_kunit.c mm/slub, kunit: add a KUnit test for SLUB debugging functionality 2021-06-29 10:53:46 -07:00
smp_processor_id.c lib/smp_processor_id: fix imbalanced instrumentation_end() call 2022-08-17 14:24:08 +02:00
sort.c lib: fix spelling mistakes 2021-07-08 11:48:20 -07:00
stackdepot.c stacktrace: move filter_irq_stacks() to kernel/stacktrace.c 2022-04-13 20:59:28 +02:00
stmp_device.c
string.c string: improve default out-of-line memcmp() implementation 2021-08-30 07:50:56 -07:00
string_helpers.c string: uninline memcpy_and_pad 2021-11-21 13:44:12 +01:00
strncpy_from_user.c lib/strncpy_from_user.c: Mask out bytes after NUL terminator. 2020-11-19 11:56:16 -08:00
strnlen_user.c uaccess: Selectively open read or write user access 2020-05-01 12:35:21 +10:00
syscall.c sched: Change task_struct::state 2021-06-18 11:43:09 +02:00
test-kstrtox.c
test-string_helpers.c string_helpers: Escape double quotes in escape_special 2021-07-19 11:39:28 +02:00
test_bitmap.c lib: test_bitmap: add bitmap_print_bitmask/list_to_buf test cases 2021-08-13 10:27:49 +02:00
test_bitops.c lib/test: fix spelling mistakes 2021-07-08 11:48:20 -07:00
test_bits.c lib/test_bits.c: add tests of GENMASK 2020-08-12 10:58:00 -07:00
test_blackhole_dev.c
test_bpf.c test_bpf: fix incorrect netdev features 2022-08-17 14:23:23 +02:00
test_debug_virtual.c
test_firmware.c test_firmware: fix memory leak in test_firmware_init() 2022-12-31 13:14:29 +01:00
test_fpu.c selftests/fpu: Fix debugfs_simple_attr.cocci warning 2021-01-18 11:03:26 +01:00
test_free_pages.c lib/test_free_pages.c: add basic progress indicators 2020-12-15 22:46:16 -08:00
test_hash.c
test_hexdump.c
test_hmm.c lib/test_hmm: avoid accessing uninitialized pages 2022-08-17 14:23:43 +02:00
test_hmm_uapi.h mm: selftests for exclusive device memory 2021-07-01 11:06:03 -07:00
test_ida.c
test_kasan.c kasan: test: Silence GCC 12 warnings 2022-08-17 14:23:05 +02:00
test_kasan_module.c kasan: test: avoid corrupting memory in kasan_rcu_uaf 2021-09-03 09:58:15 -07:00
test_kmod.c lib/test: use after free in register_test_dev_kmod() 2022-04-08 14:23:54 +02:00
test_linear_ranges.c lib/test_linear_ranges: add a test for the 'linear_ranges' 2020-05-08 18:18:12 +01:00
test_list_sort.c lib/test: convert lib/test_list_sort.c to use KUnit 2021-06-25 11:31:03 -06:00
test_lockup.c lib/test_lockup: fix kernel pointer check for separate address spaces 2022-04-08 14:24:01 +02:00
test_memcat_p.c
test_meminit.c lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test 2022-01-27 11:05:44 +01:00
test_min_heap.c
test_module.c
test_objagg.c test_objagg: Fix potential memory leak in error handling 2020-06-15 13:32:11 -07:00
test_overflow.c overflow: Implement size_t saturating arithmetic helpers 2022-12-31 13:14:33 +01:00
test_parman.c
test_printf.c Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
test_rhashtable.c rhashtable: avoid -Wrestrict warning on overlapping sprintf output 2021-03-24 15:16:09 -07:00
test_scanf.c lib/test_scanf: split up number parsing test routines 2021-09-06 11:04:03 -07:00
test_siphash.c
test_sort.c lib/test: convert test_sort.c to use KUnit 2021-09-08 11:50:26 -07:00
test_stackinit.c lib/test_stackinit: Add assigned initializers 2021-08-22 00:21:36 -07:00
test_static_key_base.c
test_static_keys.c
test_string.c lib/test_string.c: allow module removal 2021-07-01 11:06:05 -07:00
test_strscpy.c
test_sysctl.c lib: test_sysctl: delete duplicated words 2020-10-16 11:11:20 -07:00
test_ubsan.c ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-04-13 20:59:27 +02:00
test_user_copy.c
test_uuid.c
test_vmalloc.c lib/test_vmalloc.c: add a new 'nr_pages' parameter 2021-09-03 09:58:14 -07:00
test_xarray.c XArray: Fix xas_create_range() when multi-order entry present 2022-04-08 14:24:09 +02:00
textsearch.c
timerqueue.c rbtree, timerqueue: Use rb_add_cached() 2021-02-17 14:08:01 +01:00
ts_bm.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00
ts_fsm.c Revert "lib: Revert use of fallthrough pseudo-keyword in lib/" 2020-11-18 14:15:17 -06:00
ts_kmp.c lib/ts_kmp.c: replace zero-length array with flexible-array member 2020-04-07 10:43:43 -07:00
ubsan.c kunit: ubsan integration 2021-08-13 13:19:06 -06:00
ubsan.h ubsan: implement __ubsan_handle_alignment_assumption 2021-02-05 11:03:47 -08:00
ucmpdi2.c
ucs2_string.c
usercopy.c lib, uaccess: add failure injection to usercopy functions 2020-10-16 11:11:22 -07:00
uuid.c uuid: Provide a GUID generator for raw buffer 2020-03-23 17:01:47 +01:00
vsprintf.c random: replace custom notifier chain with standard one 2022-05-30 09:29:10 +02:00
win_minmax.c
xarray.c XArray: Update the LRU list in xas_split() 2022-04-08 14:24:09 +02:00
xxhash.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00