On Thu, Sep 1, 2022 at 12:49 PM Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > On Wed, 31 Aug 2022 23:27:08 -0700 Kees Cook wrote: > > This would catch corrupted values... > > > > Is the concern the growth in image size? The check_sub_overflow() isn't > > large at all -- it's just adding a single overflow bit test. The WARNs > > are heavier, but they're all out-of-line. > > It turns the most obvious function into a noodle bar :( > > Looking at this function in particular is quite useful, because > it clearly indicates that the nlmsg_len includes the header. > > How about we throw in a > > WARN_ON_ONCE(nlh->nlmsg_len < NLMSG_HDRLEN || > nlh->nlmsg_len > INT_MAX); > > but leave the actual calculation human readable C? This is inlined, and will add a lot of extra code. We are making the kernel slower at each release. What about letting fuzzers like syzbot find the potential issues ? DEBUG_NET_WARN_ON_ONCE(...);
