On Thu, Mar 22, 2018 at 2:54 AM, Daniel Vetter <daniel@xxxxxxxx> wrote: > On Thu, Mar 22, 2018 at 9:03 AM, Greg Kroah-Hartman > <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: >> On Thu, Mar 22, 2018 at 07:59:59AM +0100, Daniel Vetter wrote: >>> Does anyone working on overflow-proof integers? That would make a lot of >>> this code so much simpler if we could just ask the compiler to carry the >>> oferflow bit around for a given expression and then check that and bail >>> with -EINVAL. >> >> That would be nice, but no, I don't think that's part of any C standard >> work that I have heard of :( > > Well we have refcount_t already, stitching something together that > would work and not suck too badly with performance should be possible. > But yeah direct compiler support would be better (and would allow > optimizing the carry flag checks I guess). I kinda hoped Kees&team > would be working on this eventually. refcount_t could be used if it happens to match the needed semantics. > Adding Kees+kernel-hardening, maybe he'll grow fond of this :-) Yeah, general integer overflow is on the list of things to get fixed in the kernel. It's a bit of a long road, though. Clang has -fsanitize=integer (and sub-options) which could be added for specific object or trees: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#ubsan-checks GCC seems to only support manual marking of overflow detections: https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html grsecurity/PaX has a gcc plugin for overflow detection, though it hasn't been upstreamed and comes with various caveats: http://forums.grsecurity.net/viewtopic.php?f=7&t=3043 https://github.com/ephox-gcc-plugins/size_overflow -Kees -- Kees Cook Pixel Security _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
