From nobody Sat Feb 7 10:15:17 2026 Received: from relay.smtp-ext.broadcom.com (relay.smtp-ext.broadcom.com [192.19.144.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C470C219E98; Fri, 7 Mar 2025 13:10:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.19.144.205 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741353004; cv=none; b=E2uHlbcJwS6JWY+LbNCBWMyBxCm/2tS1OV/yfcwdL8LQtWyzAllw4S2jx4+J0mSG6e9TYAwIjBveBCULzLb/xI2LmmsisokGFiNbH1a7FpoGvKCitBoNcGksc660Qg8+89i8+l04TwziywT83Wvw+FaaCmJLU/D/NqUgqtbisTY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741353004; c=relaxed/simple; bh=F0XXb4iUPu1XvvOAobCBy9leql9n9yFjBaF8VWM6p3U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=boiC93c+IE44UAIui5bFq3kMaarzlBytugrNo2K4bvqGhi4ETuY6DsmK/Fz5Hjo4ADEI3MTf5Q8xuxA4y6wXrqlDXNn2CFcFp0E++XXFEocoWP8yru3o2Lc1R9KEMbXVX7YeLWRXi+uFQeRX37AuiF1s2qah4ExnQgjOmgENl6Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=OlWzZZ71; arc=none smtp.client-ip=192.19.144.205 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="OlWzZZ71" Received: from mail-acc-it-01.broadcom.com (mail-acc-it-01.acc.broadcom.net [10.35.36.83]) by relay.smtp-ext.broadcom.com (Postfix) with ESMTP id B339AC0042EB; Fri, 7 Mar 2025 05:09:56 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 relay.smtp-ext.broadcom.com B339AC0042EB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com; s=dkimrelay; t=1741352996; bh=F0XXb4iUPu1XvvOAobCBy9leql9n9yFjBaF8VWM6p3U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OlWzZZ71Ll8PI/nRS7cLu2lAeHjRZr2vjwiH4KV1yJJfxUzCptrWFw1SzWyYc+Xi5 i4dDwWbIZhsqEM8R3acDwcKpNtG1iI4+Komw0KSf9xVcTTA6DnaXp42maFDi3jXrTz GXbPKyk4XTbh4000WwHwUJUCzBF4UEzNWb9PdM+c= Received: from stbirv-lnx-1.igp.broadcom.net (stbirv-lnx-1.igp.broadcom.net [10.67.48.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-acc-it-01.broadcom.com (Postfix) with ESMTPSA id 12B0C4003021; Fri, 7 Mar 2025 08:09:56 -0500 (EST) From: Florian Fainelli To: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Kees Cook , Rasmus Villemoes , Florian Fainelli , Greg Kroah-Hartman , Keith Busch , "Gustavo A. R. Silva" Subject: [PATCH stable v5.4 v2 1/3] overflow: Add __must_check attribute to check_*() helpers Date: Fri, 7 Mar 2025 05:09:51 -0800 Message-Id: <20250307130953.3427986-2-florian.fainelli@broadcom.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250307130953.3427986-1-florian.fainelli@broadcom.com> References: <20250307130953.3427986-1-florian.fainelli@broadcom.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Kees Cook commit 9b80e4c4ddaca3501177ed41e49d0928ba2122a8 upstream Since the destination variable of the check_*_overflow() helpers will contain a wrapped value on failure, it would be best to make sure callers really did check the return result of the helper. Adjust the macros to use a bool-wrapping static inline that is marked with __must_check. This means the macros can continue to have their type-agnostic behavior while gaining the function attribute (that cannot be applied directly to macros). Suggested-by: Rasmus Villemoes Link: https://lore.kernel.org/lkml/202008151007.EF679DF@keescook/ Signed-off-by: Kees Cook Signed-off-by: Florian Fainelli --- include/linux/overflow.h | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 63e7c77ba942..35af574d006f 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -44,6 +44,16 @@ #define is_non_negative(a) ((a) > 0 || (a) =3D=3D 0) #define is_negative(a) (!(is_non_negative(a))) =20 +/* + * Allows for effectively applying __must_check to a macro so we can have + * both the type-agnostic benefits of the macros while also being able to + * enforce that the return value is, in fact, checked. + */ +static inline bool __must_check __must_check_overflow(bool overflow) +{ + return unlikely(overflow); +} + #ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on @@ -53,32 +63,32 @@ * alias for __builtin_add_overflow, but add type checks similar to * below. */ -#define check_add_overflow(a, b, d) ({ \ +#define check_add_overflow(a, b, d) __must_check_overflow(({ \ typeof(a) __a =3D (a); \ typeof(b) __b =3D (b); \ typeof(d) __d =3D (d); \ (void) (&__a =3D=3D &__b); \ (void) (&__a =3D=3D __d); \ __builtin_add_overflow(__a, __b, __d); \ -}) +})) =20 -#define check_sub_overflow(a, b, d) ({ \ +#define check_sub_overflow(a, b, d) __must_check_overflow(({ \ typeof(a) __a =3D (a); \ typeof(b) __b =3D (b); \ typeof(d) __d =3D (d); \ (void) (&__a =3D=3D &__b); \ (void) (&__a =3D=3D __d); \ __builtin_sub_overflow(__a, __b, __d); \ -}) +})) =20 -#define check_mul_overflow(a, b, d) ({ \ +#define check_mul_overflow(a, b, d) __must_check_overflow(({ \ typeof(a) __a =3D (a); \ typeof(b) __b =3D (b); \ typeof(d) __d =3D (d); \ (void) (&__a =3D=3D &__b); \ (void) (&__a =3D=3D __d); \ __builtin_mul_overflow(__a, __b, __d); \ -}) +})) =20 #else =20 @@ -191,21 +201,20 @@ }) =20 =20 -#define check_add_overflow(a, b, d) \ +#define check_add_overflow(a, b, d) __must_check_overflow( \ __builtin_choose_expr(is_signed_type(typeof(a)), \ __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d)) + __unsigned_add_overflow(a, b, d))) =20 -#define check_sub_overflow(a, b, d) \ +#define check_sub_overflow(a, b, d) __must_check_overflow( \ __builtin_choose_expr(is_signed_type(typeof(a)), \ __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d)) + __unsigned_sub_overflow(a, b, d))) =20 -#define check_mul_overflow(a, b, d) \ +#define check_mul_overflow(a, b, d) __must_check_overflow( \ __builtin_choose_expr(is_signed_type(typeof(a)), \ __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d)) - + __unsigned_mul_overflow(a, b, d))) =20 #endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ =20 @@ -228,7 +237,7 @@ * '*d' will hold the results of the attempted shift, but is not * considered "safe for use" if false is returned. */ -#define check_shl_overflow(a, s, d) ({ \ +#define check_shl_overflow(a, s, d) __must_check_overflow(({ \ typeof(a) _a =3D a; \ typeof(s) _s =3D s; \ typeof(d) _d =3D d; \ @@ -238,7 +247,7 @@ *_d =3D (_a_full << _to_shift); \ (_to_shift !=3D _s || is_negative(*_d) || is_negative(_a) || \ (*_d >> _to_shift) !=3D _a); \ -}) +})) =20 /** * size_mul() - Calculate size_t multiplication with saturation at SIZE_MAX --=20 2.34.1 From nobody Sat Feb 7 10:15:17 2026 Received: from relay.smtp-ext.broadcom.com (relay.smtp-ext.broadcom.com [192.19.166.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F6DA21A43D; Fri, 7 Mar 2025 13:10:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.19.166.231 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741353006; cv=none; b=c89I4Oqm1aK9ZzTRQJCZ5Ua0mdIsLSFI8Gvg75tzQ2pR58LJbO+XHfKhmT+jE1MAk4Uf0AfbklhRTP2aXpcD3dMbbzOsdAIxwR70GwCW/ifJ6Zcfp50o1ufZP3fALEO5ERCT9ejxx54qo7kMX03Zo2g2jWrYLL3igeSyhWti8GE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741353006; c=relaxed/simple; bh=iQzTEFwfuVLsQKQGvQgXcDfAHyDsEP5Q3V6KiT0+yWE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fy8egLsy+2iTH7fXgXLylppF2/eHVqXOEZknkail0vUUGnaP+L88EG5A3dyZTN+wzmLTu+1xUse5C3SN7cZt7YPBi/mRj5jHCc6vzZ/Bo9L35hSLVz5vK8fpN/yuufTsjiPoNUfp7Hz2Dqkwwn3jtArVBZt0Z3bjaMhydZFCELw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=poC9lxf/; arc=none smtp.client-ip=192.19.166.231 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="poC9lxf/" Received: from mail-acc-it-01.broadcom.com (mail-acc-it-01.acc.broadcom.net [10.35.36.83]) by relay.smtp-ext.broadcom.com (Postfix) with ESMTP id B2754C0000F4; Fri, 7 Mar 2025 05:09:57 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 relay.smtp-ext.broadcom.com B2754C0000F4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com; s=dkimrelay; t=1741352997; bh=iQzTEFwfuVLsQKQGvQgXcDfAHyDsEP5Q3V6KiT0+yWE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=poC9lxf/6UDfgmIgvoB+t+Og+Eb+K3kvoToG6sjeKm9UhKg1V9/EWKvBZBLpqg5Sg nJ7cwcrKK1q6aCWH+I0r1nTn2oKtyto5J+YjCFJQeCX8JSh+JZoNOA48w5NLmgyUsZ cFWOfTXUsmqs1fj3UHXofnHJWfvkPHfC3cuNfwrI= Received: from stbirv-lnx-1.igp.broadcom.net (stbirv-lnx-1.igp.broadcom.net [10.67.48.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-acc-it-01.broadcom.com (Postfix) with ESMTPSA id D388D4003010; Fri, 7 Mar 2025 08:09:56 -0500 (EST) From: Florian Fainelli To: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Keith Busch , Jason Gunthorpe , Kees Cook , Florian Fainelli , Greg Kroah-Hartman , "Gustavo A. R. Silva" Subject: [PATCH stable v5.4 v2 2/3] overflow: Correct check_shl_overflow() comment Date: Fri, 7 Mar 2025 05:09:52 -0800 Message-Id: <20250307130953.3427986-3-florian.fainelli@broadcom.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250307130953.3427986-1-florian.fainelli@broadcom.com> References: <20250307130953.3427986-1-florian.fainelli@broadcom.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Keith Busch commit 4578be130a6470d85ff05b13b75a00e6224eeeeb upstream A 'false' return means the value was safely set, so the comment should say 'true' for when it is not considered safe. Cc: Jason Gunthorpe Signed-off-by: Keith Busch Signed-off-by: Kees Cook Fixes: 0c66847793d1 ("overflow.h: Add arithmetic shift helper") Link: https://lore.kernel.org/r/20210401160629.1941787-1-kbusch@kernel.org Signed-off-by: Florian Fainelli --- include/linux/overflow.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 35af574d006f..d1dd039fe1c3 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -235,7 +235,7 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) * - 'a << s' sets the sign bit, if any, in '*d'. * * '*d' will hold the results of the attempted shift, but is not - * considered "safe for use" if false is returned. + * considered "safe for use" if true is returned. */ #define check_shl_overflow(a, s, d) __must_check_overflow(({ \ typeof(a) _a =3D a; \ --=20 2.34.1 From nobody Sat Feb 7 10:15:17 2026 Received: from relay.smtp-ext.broadcom.com (relay.smtp-ext.broadcom.com [192.19.166.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFAC028E8; Fri, 7 Mar 2025 13:09:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.19.166.228 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741353001; cv=none; b=lFuRXEzKK8S67p0gg5Qj9RjU2GnSdImQW2FE054ddEgK88ePlGHS4b5A86MBix7Zme9jFYXvW2+d2IuNPvgUKHZL3oetcvz31XgOVxun4EEr5UWoEihaNqOCJ7SYviyyFWRAkgynQxOLeAxZbWgAQ4vq0jp+JI53ZLsVu1WxXhs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741353001; c=relaxed/simple; bh=61W0DVgUYGDHwdQnl98upOBa9S56v+QGmP8p3pP1OVA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=kTZ9SF1vEfvgXR3gDhx/wYfwjXnsBYjLK070vVN2qgxZccURobaf6Ni5D3w44OT6gZMTWb1o40Ry/hRe9YM6M+He42l/wqUawk47gEV1eqvdKnBZtfZXwsbdTevQd37f6jlerv7RUr0LospWDajYblf4tSFKt/qP6TaappdcY6Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=Yl1wTmCw; arc=none smtp.client-ip=192.19.166.228 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="Yl1wTmCw" Received: from mail-acc-it-01.broadcom.com (mail-acc-it-01.acc.broadcom.net [10.35.36.83]) by relay.smtp-ext.broadcom.com (Postfix) with ESMTP id C1DF7C0000F6; Fri, 7 Mar 2025 05:09:58 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 relay.smtp-ext.broadcom.com C1DF7C0000F6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com; s=dkimrelay; t=1741352998; bh=61W0DVgUYGDHwdQnl98upOBa9S56v+QGmP8p3pP1OVA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Yl1wTmCw9hus0D2UYql7XBFu5cOykadRflAEKL5Cp+L1CX9xi4zdtPjOjj0b8q4Nj vtKaJMZcm0uScvNW68mdfhjf1+4NOXgXce/MpGhgI16Gf4yksVIq3STnZRAniI7xiM kz/PsFwT0GGKWpuNiPb2ZE9tEqbltWjcX9ZsYAKs= Received: from stbirv-lnx-1.igp.broadcom.net (stbirv-lnx-1.igp.broadcom.net [10.67.48.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-acc-it-01.broadcom.com (Postfix) with ESMTPSA id A15C94003021; Fri, 7 Mar 2025 08:09:57 -0500 (EST) From: Florian Fainelli To: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Kees Cook , Rasmus Villemoes , Gwan-gyeong Mun , "Gustavo A. R. Silva" , Nick Desaulniers , linux-hardening@vger.kernel.org, Andrzej Hajda , Florian Fainelli , Greg Kroah-Hartman , Keith Busch Subject: [PATCH stable v5.4 v2 3/3] overflow: Allow mixed type arguments Date: Fri, 7 Mar 2025 05:09:53 -0800 Message-Id: <20250307130953.3427986-4-florian.fainelli@broadcom.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250307130953.3427986-1-florian.fainelli@broadcom.com> References: <20250307130953.3427986-1-florian.fainelli@broadcom.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Kees Cook commit d219d2a9a92e39aa92799efe8f2aa21259b6dd82 upstream When the check_[op]_overflow() helpers were introduced, all arguments were required to be the same type to make the fallback macros simpler. However, now that the fallback macros have been removed[1], it is fine to allow mixed types, which makes using the helpers much more useful, as they can be used to test for type-based overflows (e.g. adding two large ints but storing into a u8), as would be handy in the drm core[2]. Remove the restriction, and add additional self-tests that exercise some of the mixed-type overflow cases, and double-check for accidental macro side-effects. [1] https://git.kernel.org/linus/4eb6bd55cfb22ffc20652732340c4962f3ac9a91 [2] https://lore.kernel.org/lkml/20220824084514.2261614-2-gwan-gyeong.mun@i= ntel.com Cc: Rasmus Villemoes Cc: Gwan-gyeong Mun Cc: "Gustavo A. R. Silva" Cc: Nick Desaulniers Cc: linux-hardening@vger.kernel.org Reviewed-by: Andrzej Hajda Reviewed-by: Gwan-gyeong Mun Tested-by: Gwan-gyeong Mun Signed-off-by: Kees Cook [florian: Drop changes to lib/test_overflow.c] Signed-off-by: Florian Fainelli --- include/linux/overflow.h | 72 +++++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index d1dd039fe1c3..54788a3cdcf5 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -55,40 +55,50 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) } =20 #ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW -/* - * For simplicity and code hygiene, the fallback code below insists on - * a, b and *d having the same type (similar to the min() and max() - * macros), whereas gcc's type-generic overflow checkers accept - * different types. Hence we don't just make check_add_overflow an - * alias for __builtin_add_overflow, but add type checks similar to - * below. +/** check_add_overflow() - Calculate addition with overflow checking + * + * @a: first addend + * @b: second addend + * @d: pointer to store sum + * + * Returns 0 on success. + * + * *@d holds the results of the attempted addition, but is not considered + * "safe for use" on a non-zero return value, which indicates that the + * sum has overflowed or been truncated. */ -#define check_add_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_add_overflow(__a, __b, __d); \ -})) +#define check_add_overflow(a, b, d) \ + __must_check_overflow(__builtin_add_overflow(a, b, d)) =20 -#define check_sub_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_sub_overflow(__a, __b, __d); \ -})) +/** check_sub_overflow() - Calculate subtraction with overflow checking + * + * @a: minuend; value to subtract from + * @b: subtrahend; value to subtract from @a + * @d: pointer to store difference + * + * Returns 0 on success. + * + * *@d holds the results of the attempted subtraction, but is not consider= ed + * "safe for use" on a non-zero return value, which indicates that the + * difference has underflowed or been truncated. + */ +#define check_sub_overflow(a, b, d) \ + __must_check_overflow(__builtin_sub_overflow(a, b, d)) =20 -#define check_mul_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_mul_overflow(__a, __b, __d); \ -})) +/** check_mul_overflow() - Calculate multiplication with overflow checking + * + * @a: first factor + * @b: second factor + * @d: pointer to store product + * + * Returns 0 on success. + * + * *@d holds the results of the attempted multiplication, but is not + * considered "safe for use" on a non-zero return value, which indicates + * that the product has overflowed or been truncated. + */ +#define check_mul_overflow(a, b, d) \ + __must_check_overflow(__builtin_mul_overflow(a, b, d)) =20 #else =20 --=20 2.34.1