Hi,

This is the spiritual successor to the "Mitigating unexpected arithmetic
overflow" thread from 2024[1]. After a long discussion there, and
subsequent discussions with Peter at Linux Plumbers, Justin went off to
build a type-based solution. After more than a year of RFCs and feedback
from compiler folks and with an eye toward potentially making this part
of the C Standard in the future, what has evolved is Overflow Behavior
Types[2], which are first-class native types that mirror the existing
native scalar types in C. They are created using a type qualifier
("__ob_trap" and "__ob_wrap"), but they are their own distinct
types. e.g. "int" and "int __ob_trap" are different types, though
they are mostly interchangable (e.g. format strings, implicit casts,
etc), with some specific instrumentation in cases where wrap-around or
truncation is possible.

This series provides support for building with them enabled, adds
documentation, adds tests, and proposes the new typedefs (see the last
patch in the series) for the corresponding kernel scalar types. With this,
we can start converting variables (and types) that are never supposed
to overflow/underflow to these new types[3]. (Or types that are always
supposed to overflow/underflow.)

Enjoy! :)

-Kees

Link: https://lore.kernel.org/lkml/202404291502.612E0A10@keescook/ [1]
Link: https://clang.llvm.org/docs/OverflowBehaviorTypes.html [2]


Justin Stitt (2):
  hardening: Introduce Overflow Behavior Types support
  compiler_attributes: Add overflow_behavior macros __ob_trap and
    __ob_wrap

Kees Cook (3):
  refcount: Remove unused __signed_wrap function annotations
  lkdtm/bugs: Add basic Overflow Behavior Types test
  types: Add standard __ob_trap and __ob_wrap scalar types

 lib/Kconfig.ubsan                             |  18 -
 security/Kconfig.hardening                    |  50 ++-
 Makefile                                      |   1 +
 scripts/basic/Makefile                        |   2 +-
 scripts/Makefile.lib                          |   7 +-
 scripts/Makefile.obt                          |  28 ++
 scripts/Makefile.ubsan                        |  10 -
 scripts/Makefile.warn                         |   7 +
 scripts/integer-wrap-ignore.scl               |   3 +-
 Documentation/dev-tools/ubsan.rst             |  13 +
 Documentation/process/arithmetic-overflow.rst | 323 ++++++++++++++++++
 Documentation/process/deprecated.rst          |  39 +++
 Documentation/process/index.rst               |   1 +
 include/linux/compiler-version.h              |   2 +-
 include/linux/compiler_attributes.h           |  12 +
 include/linux/compiler_types.h                |   9 +-
 include/linux/refcount.h                      |  10 +-
 include/linux/sched.h                         |   3 +-
 include/linux/types.h                         |  24 ++
 include/linux/ubsan.h                         |  12 +-
 drivers/misc/lkdtm/bugs.c                     | 253 ++++++++++++++
 lib/ubsan.c                                   |  17 +-
 MAINTAINERS                                   |  10 +
 kernel/configs/hardening.config               |   1 -
 tools/testing/selftests/lkdtm/tests.txt       |  10 +
 25 files changed, 807 insertions(+), 58 deletions(-)
 create mode 100644 scripts/Makefile.obt
 create mode 100644 Documentation/process/arithmetic-overflow.rst

-- 
2.34.1