From nobody Sat Feb 7 10:16:10 2026 Received: from relay.smtp-ext.broadcom.com (relay.smtp-ext.broadcom.com [192.19.166.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 876EA2770B; Thu, 6 Mar 2025 01:15:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.19.166.231 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741223745; cv=none; b=Vw+lCIWyPnwfjbQO71NZgxTmdqpJAXy3mOM2liKFDkkSUiBtF8p0NDV+3vRYB6xiYukKE/C+D47T+nmeM8YMWe8SkyJ05c89+A3Rwf+czuABP9QQCf7FJmNWT2acU9AScg8M16DqaInYjB6TSqxkUIGjoBunWtb0laCYQkX5nlI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741223745; c=relaxed/simple; bh=F0XXb4iUPu1XvvOAobCBy9leql9n9yFjBaF8VWM6p3U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JGzLsH5wHE0jnYK2To7tBFihEjRiaOVWwgAwg6JwkWJ7UO1KqyxLHcT9nrzlkM0w7kfHzS1odTw4CBNN4oDk7fSQkKm9vSF+W9vsX8LAbWe31sWnnDuofe/bgFcDKrndV7tAkFkWKfn7qdvFP73uQj52p5ErSqhIX0IZDGzMpIU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=Ih2IGoUf; arc=none smtp.client-ip=192.19.166.231 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="Ih2IGoUf" Received: from mail-acc-it-01.broadcom.com (mail-acc-it-01.acc.broadcom.net [10.35.36.83]) by relay.smtp-ext.broadcom.com (Postfix) with ESMTP id A0481C0005C0; Wed, 5 Mar 2025 17:08:00 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 relay.smtp-ext.broadcom.com A0481C0005C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com; s=dkimrelay; t=1741223280; bh=F0XXb4iUPu1XvvOAobCBy9leql9n9yFjBaF8VWM6p3U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ih2IGoUflq6BpRs8Zqk57pkfrk0e+x1WG7rq29jmwoPzd9ENUCzwHZY9zKYsrgvRF 8UJvLvERq/UhDjBq8+f2jBbN74yYHOYyZdrkbjRXXJ90srprZoid0zFUMEMQuUEIdx 1+c9YGzdILwdezECIO8DCJ3bj2RzDPyYNM0CapQw= Received: from stbirv-lnx-1.igp.broadcom.net (stbirv-lnx-1.igp.broadcom.net [10.67.48.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-acc-it-01.broadcom.com (Postfix) with ESMTPSA id A5A394002F47; Wed, 5 Mar 2025 20:07:59 -0500 (EST) From: Florian Fainelli To: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Kees Cook , Rasmus Villemoes , Florian Fainelli , Greg Kroah-Hartman , Keith Busch , "Gustavo A. R. Silva" Subject: [PATCH stable 5.4 1/3] overflow: Add __must_check attribute to check_*() helpers Date: Wed, 5 Mar 2025 17:07:54 -0800 Message-Id: <20250306010756.719024-2-florian.fainelli@broadcom.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250306010756.719024-1-florian.fainelli@broadcom.com> References: <20250306010756.719024-1-florian.fainelli@broadcom.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Kees Cook commit 9b80e4c4ddaca3501177ed41e49d0928ba2122a8 upstream Since the destination variable of the check_*_overflow() helpers will contain a wrapped value on failure, it would be best to make sure callers really did check the return result of the helper. Adjust the macros to use a bool-wrapping static inline that is marked with __must_check. This means the macros can continue to have their type-agnostic behavior while gaining the function attribute (that cannot be applied directly to macros). Suggested-by: Rasmus Villemoes Link: https://lore.kernel.org/lkml/202008151007.EF679DF@keescook/ Signed-off-by: Kees Cook Signed-off-by: Florian Fainelli --- include/linux/overflow.h | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 63e7c77ba942..35af574d006f 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -44,6 +44,16 @@ #define is_non_negative(a) ((a) > 0 || (a) =3D=3D 0) #define is_negative(a) (!(is_non_negative(a))) =20 +/* + * Allows for effectively applying __must_check to a macro so we can have + * both the type-agnostic benefits of the macros while also being able to + * enforce that the return value is, in fact, checked. + */ +static inline bool __must_check __must_check_overflow(bool overflow) +{ + return unlikely(overflow); +} + #ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on @@ -53,32 +63,32 @@ * alias for __builtin_add_overflow, but add type checks similar to * below. */ -#define check_add_overflow(a, b, d) ({ \ +#define check_add_overflow(a, b, d) __must_check_overflow(({ \ typeof(a) __a =3D (a); \ typeof(b) __b =3D (b); \ typeof(d) __d =3D (d); \ (void) (&__a =3D=3D &__b); \ (void) (&__a =3D=3D __d); \ __builtin_add_overflow(__a, __b, __d); \ -}) +})) =20 -#define check_sub_overflow(a, b, d) ({ \ +#define check_sub_overflow(a, b, d) __must_check_overflow(({ \ typeof(a) __a =3D (a); \ typeof(b) __b =3D (b); \ typeof(d) __d =3D (d); \ (void) (&__a =3D=3D &__b); \ (void) (&__a =3D=3D __d); \ __builtin_sub_overflow(__a, __b, __d); \ -}) +})) =20 -#define check_mul_overflow(a, b, d) ({ \ +#define check_mul_overflow(a, b, d) __must_check_overflow(({ \ typeof(a) __a =3D (a); \ typeof(b) __b =3D (b); \ typeof(d) __d =3D (d); \ (void) (&__a =3D=3D &__b); \ (void) (&__a =3D=3D __d); \ __builtin_mul_overflow(__a, __b, __d); \ -}) +})) =20 #else =20 @@ -191,21 +201,20 @@ }) =20 =20 -#define check_add_overflow(a, b, d) \ +#define check_add_overflow(a, b, d) __must_check_overflow( \ __builtin_choose_expr(is_signed_type(typeof(a)), \ __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d)) + __unsigned_add_overflow(a, b, d))) =20 -#define check_sub_overflow(a, b, d) \ +#define check_sub_overflow(a, b, d) __must_check_overflow( \ __builtin_choose_expr(is_signed_type(typeof(a)), \ __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d)) + __unsigned_sub_overflow(a, b, d))) =20 -#define check_mul_overflow(a, b, d) \ +#define check_mul_overflow(a, b, d) __must_check_overflow( \ __builtin_choose_expr(is_signed_type(typeof(a)), \ __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d)) - + __unsigned_mul_overflow(a, b, d))) =20 #endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ =20 @@ -228,7 +237,7 @@ * '*d' will hold the results of the attempted shift, but is not * considered "safe for use" if false is returned. */ -#define check_shl_overflow(a, s, d) ({ \ +#define check_shl_overflow(a, s, d) __must_check_overflow(({ \ typeof(a) _a =3D a; \ typeof(s) _s =3D s; \ typeof(d) _d =3D d; \ @@ -238,7 +247,7 @@ *_d =3D (_a_full << _to_shift); \ (_to_shift !=3D _s || is_negative(*_d) || is_negative(_a) || \ (*_d >> _to_shift) !=3D _a); \ -}) +})) =20 /** * size_mul() - Calculate size_t multiplication with saturation at SIZE_MAX --=20 2.34.1 From nobody Sat Feb 7 10:16:10 2026 Received: from relay.smtp-ext.broadcom.com (relay.smtp-ext.broadcom.com [192.19.166.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33A7533FD; Thu, 6 Mar 2025 01:15:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.19.166.231 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741223744; cv=none; b=QzmdEVTGaILD3ezdFlRJJntxGFdZedp6iac5jgKsd0QMpO5qQnFoa0S3189J8dqnzDJjAMJXuOQCqNDlLoFg0qKbMZy64ltrV7tQGV0ShHW60E+c9617PTIm3fw+20SMA+4iSOIEvd9wDsPr1thIFSb40waCdxs22uBIXXmTQsw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741223744; c=relaxed/simple; bh=iQzTEFwfuVLsQKQGvQgXcDfAHyDsEP5Q3V6KiT0+yWE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mO1I5y43I7Xiz/bPLCfJRUQWHhRiqjXnnAHrvo7ONFZXmZNh4t5yzzj5gG9wZdCj8sRbCakOh5WkPLB602Ub31hllQdDMqNR45JsPlt6hcvf5ulFIXAe66rsqPklgjwDIhwvTrVfUlG6rKAIYSsovOsakAZAOG168quUbp2Yva4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=Gprx5ZKk; arc=none smtp.client-ip=192.19.166.231 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="Gprx5ZKk" Received: from mail-acc-it-01.broadcom.com (mail-acc-it-01.acc.broadcom.net [10.35.36.83]) by relay.smtp-ext.broadcom.com (Postfix) with ESMTP id 8996FC0005BB; Wed, 5 Mar 2025 17:08:01 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 relay.smtp-ext.broadcom.com 8996FC0005BB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com; s=dkimrelay; t=1741223281; bh=iQzTEFwfuVLsQKQGvQgXcDfAHyDsEP5Q3V6KiT0+yWE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Gprx5ZKk57lw1IWzRBfvdEGYT8jfsCtu1UPXkfSuwuJ1p35hjK0qJDogBaDZnW1At ysdUj4Bhj7WrGEkPMs5iYUkdcEY3lhZdrO4nBUhRt3TbBtH0uj+bb6J7EXksNNv4gZ iQDyc51NHw2qzep6+KOiq9lxNp0VhqSY5X6a16C4= Received: from stbirv-lnx-1.igp.broadcom.net (stbirv-lnx-1.igp.broadcom.net [10.67.48.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-acc-it-01.broadcom.com (Postfix) with ESMTPSA id 8E23D4002F44; Wed, 5 Mar 2025 20:08:00 -0500 (EST) From: Florian Fainelli To: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Keith Busch , Jason Gunthorpe , Kees Cook , Florian Fainelli , Greg Kroah-Hartman , "Gustavo A. R. Silva" Subject: [PATCH stable 5.4 2/3] overflow: Correct check_shl_overflow() comment Date: Wed, 5 Mar 2025 17:07:55 -0800 Message-Id: <20250306010756.719024-3-florian.fainelli@broadcom.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250306010756.719024-1-florian.fainelli@broadcom.com> References: <20250306010756.719024-1-florian.fainelli@broadcom.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Keith Busch commit 4578be130a6470d85ff05b13b75a00e6224eeeeb upstream A 'false' return means the value was safely set, so the comment should say 'true' for when it is not considered safe. Cc: Jason Gunthorpe Signed-off-by: Keith Busch Signed-off-by: Kees Cook Fixes: 0c66847793d1 ("overflow.h: Add arithmetic shift helper") Link: https://lore.kernel.org/r/20210401160629.1941787-1-kbusch@kernel.org Signed-off-by: Florian Fainelli --- include/linux/overflow.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 35af574d006f..d1dd039fe1c3 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -235,7 +235,7 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) * - 'a << s' sets the sign bit, if any, in '*d'. * * '*d' will hold the results of the attempted shift, but is not - * considered "safe for use" if false is returned. + * considered "safe for use" if true is returned. */ #define check_shl_overflow(a, s, d) __must_check_overflow(({ \ typeof(a) _a =3D a; \ --=20 2.34.1 From nobody Sat Feb 7 10:16:10 2026 Received: from relay.smtp-ext.broadcom.com (relay.smtp-ext.broadcom.com [192.19.144.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A0222E40B; Thu, 6 Mar 2025 01:13:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.19.144.205 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741223632; cv=none; b=L0ktDzbyo3phSm9oWC3hr2yWIfCHZiGWdYddgDLId/zfLPAUmBamSunH4+J0vsgnqNiQWysOW+DvByzYNGvfD5K5lJnhmchOEW/q5ACr9HhbYOlrMJpt5CPA3mq+TLDr0VCSo7XwhxylL+pzYENTO/9MH9C8QiD2WU3H5+atzhk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741223632; c=relaxed/simple; bh=QWaVP3lU5VkuEOVlItDoif8fyki3ruUbQgi/VV3pfbY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=uJI/X+T7bWFFj640U3krC90MtEPB8y0YuvRB0bLmeSalk/GLmLMVPjEgjh9jQHYeNDNOz/og17rFdNK9wjOknr/8A5VoGwZRt4iQf/K0zvbV9NbkNzUN/4gYIwVqqGGHWsqZ4LMDyM72/UeBvSedA0RKhOgWNOTpmJndrErIsFE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=QFejrRtK; arc=none smtp.client-ip=192.19.144.205 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="QFejrRtK" Received: from mail-acc-it-01.broadcom.com (mail-acc-it-01.acc.broadcom.net [10.35.36.83]) by relay.smtp-ext.broadcom.com (Postfix) with ESMTP id 830D7C002830; Wed, 5 Mar 2025 17:08:02 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 relay.smtp-ext.broadcom.com 830D7C002830 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com; s=dkimrelay; t=1741223282; bh=QWaVP3lU5VkuEOVlItDoif8fyki3ruUbQgi/VV3pfbY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QFejrRtKtRBsmKmCjqRwdBjMrilEe8DVmBVUq56y4e7MtD59H269h7J0e17vaO5u6 obDX+2v8MZw+PmxDCb8FbTpeaDfnsRsrfxej0NQewgKuG48aN3CC78dGAi43ZG8eaR o4dXEW4wC8w/C24zHrKBy805dGn4joqQAZpMNJBI= Received: from stbirv-lnx-1.igp.broadcom.net (stbirv-lnx-1.igp.broadcom.net [10.67.48.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-acc-it-01.broadcom.com (Postfix) with ESMTPSA id 7739D4002F47; Wed, 5 Mar 2025 20:08:01 -0500 (EST) From: Florian Fainelli To: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Kees Cook , Rasmus Villemoes , Gwan-gyeong Mun , "Gustavo A. R. Silva" , Nick Desaulniers , linux-hardening@vger.kernel.org, Andrzej Hajda , Florian Fainelli , Greg Kroah-Hartman , Keith Busch Subject: [PATCH stable 5.4 3/3] overflow: Allow mixed type arguments Date: Wed, 5 Mar 2025 17:07:56 -0800 Message-Id: <20250306010756.719024-4-florian.fainelli@broadcom.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250306010756.719024-1-florian.fainelli@broadcom.com> References: <20250306010756.719024-1-florian.fainelli@broadcom.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Kees Cook When the check_[op]_overflow() helpers were introduced, all arguments were required to be the same type to make the fallback macros simpler. However, now that the fallback macros have been removed[1], it is fine to allow mixed types, which makes using the helpers much more useful, as they can be used to test for type-based overflows (e.g. adding two large ints but storing into a u8), as would be handy in the drm core[2]. Remove the restriction, and add additional self-tests that exercise some of the mixed-type overflow cases, and double-check for accidental macro side-effects. [1] https://git.kernel.org/linus/4eb6bd55cfb22ffc20652732340c4962f3ac9a91 [2] https://lore.kernel.org/lkml/20220824084514.2261614-2-gwan-gyeong.mun@i= ntel.com Cc: Rasmus Villemoes Cc: Gwan-gyeong Mun Cc: "Gustavo A. R. Silva" Cc: Nick Desaulniers Cc: linux-hardening@vger.kernel.org Reviewed-by: Andrzej Hajda Reviewed-by: Gwan-gyeong Mun Tested-by: Gwan-gyeong Mun Signed-off-by: Kees Cook [florian: Drop changes to lib/test_overflow.c] Signed-off-by: Florian Fainelli --- include/linux/overflow.h | 72 +++++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index d1dd039fe1c3..54788a3cdcf5 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -55,40 +55,50 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) } =20 #ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW -/* - * For simplicity and code hygiene, the fallback code below insists on - * a, b and *d having the same type (similar to the min() and max() - * macros), whereas gcc's type-generic overflow checkers accept - * different types. Hence we don't just make check_add_overflow an - * alias for __builtin_add_overflow, but add type checks similar to - * below. +/** check_add_overflow() - Calculate addition with overflow checking + * + * @a: first addend + * @b: second addend + * @d: pointer to store sum + * + * Returns 0 on success. + * + * *@d holds the results of the attempted addition, but is not considered + * "safe for use" on a non-zero return value, which indicates that the + * sum has overflowed or been truncated. */ -#define check_add_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_add_overflow(__a, __b, __d); \ -})) +#define check_add_overflow(a, b, d) \ + __must_check_overflow(__builtin_add_overflow(a, b, d)) =20 -#define check_sub_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_sub_overflow(__a, __b, __d); \ -})) +/** check_sub_overflow() - Calculate subtraction with overflow checking + * + * @a: minuend; value to subtract from + * @b: subtrahend; value to subtract from @a + * @d: pointer to store difference + * + * Returns 0 on success. + * + * *@d holds the results of the attempted subtraction, but is not consider= ed + * "safe for use" on a non-zero return value, which indicates that the + * difference has underflowed or been truncated. + */ +#define check_sub_overflow(a, b, d) \ + __must_check_overflow(__builtin_sub_overflow(a, b, d)) =20 -#define check_mul_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_mul_overflow(__a, __b, __d); \ -})) +/** check_mul_overflow() - Calculate multiplication with overflow checking + * + * @a: first factor + * @b: second factor + * @d: pointer to store product + * + * Returns 0 on success. + * + * *@d holds the results of the attempted multiplication, but is not + * considered "safe for use" on a non-zero return value, which indicates + * that the product has overflowed or been truncated. + */ +#define check_mul_overflow(a, b, d) \ + __must_check_overflow(__builtin_mul_overflow(a, b, d)) =20 #else =20 --=20 2.34.1