From nobody Thu Oct 2 18:16:48 2025 Received: from fra-out-003.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-003.esa.eu-central-1.outbound.mail-perimeter.amazon.com [3.72.182.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D24B3305079; Fri, 12 Sep 2025 12:56:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=3.72.182.33 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681800; cv=none; b=IMbFVElhGvHN6u4eo8Jolk7Cvou+qIsV6rb4EKOH/o7nDYq75m+rvJIOoV50KSEQA488T5LbMjhocSh2+Kc77StSE1SbTBVBv1V+dpgq3gyyMOKVb86SygEzaAL6MiR5pw25ydzVPjKZrGkTtdRrV8DRFSPwhOjHFblkWMouhh8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681800; c=relaxed/simple; bh=rNEuTJdGvb53iWCh3gQ4DB6yH3hHITEJ+g43y1RCJmA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fQ/G8mgr9DuZw5SEibC6nlSKVK2GCgYImp9eMrrfIVAgcWoGh22TjKze2zCIHdPJpscwX1t5bLPhNZcVqYhQtVTWV65d3t8xOwZlRQ8q3l2xI4stZUYD005/NLbsaCOe7PapPwEPAdHQ9gE8b2GQR2DwUGLvtKdr+h7Jh5XTM7U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=bVhrkJOm; arc=none smtp.client-ip=3.72.182.33 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="bVhrkJOm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757681798; x=1789217798; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Xp984FdbcHoEGhiR9gh4tur1oqr0Sh4+pzFALfMqSC4=; b=bVhrkJOmeSIiDbNxvxDlMilmCHi+W4gLWbUoKlx1UGA8RPmtpIzEdd84 UGLzFjQlmyIp8p9+ysuSTRbu6CEXfc1UaO81N4OTy7ibsKeoThxaTJIEP XRQVgPHYtphJ5Vv76veHleM7rgUYSpqca2m2Yyx/Kf8H5F7pEL/FAclkY Hg6BIMIOQ7FIVSTfX+y4YL0mkorni5QTO+BHRB1b3Z6TlOmVtlACofPBz d3NOVgmCHKhTVT8bqp0MAmSirdsh8U5L4pp60AXRGqnEgAzVYFj4Vv5Be 4t58sx4Py9S5jNX26aflKBMTPf2VY9GeEjstTX2+UtVmuCfP15EPguhnw A==; X-CSE-ConnectionGUID: X10yDwi6TgiUpRmoGLpiQQ== X-CSE-MsgGUID: 3QvjZYoGQiWJRIHL9Cdn0g== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="2020371" Received: from ip-10-6-3-216.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.3.216]) by internal-fra-out-003.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 12:56:27 +0000 Received: from EX19MTAEUB002.ant.amazon.com [54.240.197.232:23913] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.11.107:2525] with esmtp (Farcaster) id 138c3595-7e63-4a87-91bc-27777f485fde; Fri, 12 Sep 2025 12:56:27 +0000 (UTC) X-Farcaster-Flow-ID: 138c3595-7e63-4a87-91bc-27777f485fde Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUB002.ant.amazon.com (10.252.51.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:25 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:19 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , Subject: [PATCH 1/4 5.10.y] overflow: Correct check_shl_overflow() comment Date: Fri, 12 Sep 2025 12:56:02 +0000 Message-ID: <20250912125606.13262-2-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912125606.13262-1-farbere@amazon.com> References: <20250912125606.13262-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D038UWC001.ant.amazon.com (10.13.139.213) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Keith Busch [ Upstream commit 4578be130a6470d85ff05b13b75a00e6224eeeeb ] A 'false' return means the value was safely set, so the comment should say 'true' for when it is not considered safe. Cc: Jason Gunthorpe Signed-off-by: Keith Busch Signed-off-by: Kees Cook Fixes: 0c66847793d1 ("overflow.h: Add arithmetic shift helper") Link: https://lore.kernel.org/r/20210401160629.1941787-1-kbusch@kernel.org --- include/linux/overflow.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 35af574d006f..d1dd039fe1c3 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -235,7 +235,7 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) * - 'a << s' sets the sign bit, if any, in '*d'. * * '*d' will hold the results of the attempted shift, but is not - * considered "safe for use" if false is returned. + * considered "safe for use" if true is returned. */ #define check_shl_overflow(a, s, d) __must_check_overflow(({ \ typeof(a) _a =3D a; \ --=20 2.47.3 From nobody Thu Oct 2 18:16:49 2025 Received: from fra-out-015.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-015.esa.eu-central-1.outbound.mail-perimeter.amazon.com [18.158.153.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D3CB30BB8E; Fri, 12 Sep 2025 12:56:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.158.153.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681805; cv=none; b=Lc6OmSIZTv+t7DOGQScz1COjFF/SvOblHVaHl2WhrAsQroWNs/0Rh7yMA8L+x0uh09DrjPxvImO1QYo34Y999l2ciRV/f9Hwy4Su6O635Y+eoYGtHrAsL6R0UsUrgzLclx8/8Fss0WE9nzgOQ9ZmaHLNgSEQMNdaVNgYWophFsk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681805; c=relaxed/simple; bh=swWGI/iuXB2HlicTToaLJr4iNqhhtriByzMmXD01l64=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hF3G7oDlA6nzOE/zaQ0lFntLkVf034+65oPd+ZA5qHbajqL3Bbw5fxi7fGzeW9Slzo91mCxpTSEMZpmxdJEffvsarJBtIr/16b+UbgphaxrQY01zIjFfeObK9lyAqLBOTOSm2awSmFgx5RgxIDZkkw3uL1AOe7UlwQQmjrr0NPk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=kgH74Ygl; arc=none smtp.client-ip=18.158.153.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="kgH74Ygl" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757681803; x=1789217803; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=IOuNUQwEWj5FOGisnPn2jX9TlrGfSaKV6LuhB6AHF04=; b=kgH74Ygl9E/pIFrnjOysaWIxB70KCIlB0eD3UBeFcMC1SZjEJmnA+49M J93JASLL1t7oNd3fn2Hak6P1PabLHZRaeKsWTwiKhnowiI9TqVwIrNo2G jqNLWv16ueBMKPJp+yNSkFBy+jflZYUftJKC6X6l4rGw6tKEoGfYHLqhV iymrVUlqAWB7bx+TKViJravZ9oYAQ/2HIO9RTqJisStpMOfRcwl6/UNyK YLnRM89vQAvrcYdftHWkF7GngHDKyjRENdiTDS/wmxlNhaDZ0jWAOSYYI vZ73BgYaJkl5Kbg7aq5/IpKcgfXl16C3HFYZ99e76gRAC3R3c0DYgI1VL w==; X-CSE-ConnectionGUID: t97anB6gQbqsNIchGGH2nA== X-CSE-MsgGUID: lAvWwd9zQu+Mo/5eNRs77Q== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="1907717" Received: from ip-10-6-6-97.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.6.97]) by internal-fra-out-015.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 12:56:32 +0000 Received: from EX19MTAEUC002.ant.amazon.com [54.240.197.228:25605] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.1.26:2525] with esmtp (Farcaster) id 61b18e6f-a9ba-4ce3-b2aa-3a942596cea7; Fri, 12 Sep 2025 12:56:32 +0000 (UTC) X-Farcaster-Flow-ID: 61b18e6f-a9ba-4ce3-b2aa-3a942596cea7 Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUC002.ant.amazon.com (10.252.51.245) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:32 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:25 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes , Nathan Chancellor Subject: [PATCH 2/4 5.10.y] compiler.h: drop fallback overflow checkers Date: Fri, 12 Sep 2025 12:56:03 +0000 Message-ID: <20250912125606.13262-3-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912125606.13262-1-farbere@amazon.com> References: <20250912125606.13262-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D038UWC001.ant.amazon.com (10.13.139.213) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Nick Desaulniers [ Upstream commit 4eb6bd55cfb22ffc20652732340c4962f3ac9a91 ] Once upgrading the minimum supported version of GCC to 5.1, we can drop the fallback code for !COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW. This is effectively a revert of commit f0907827a8a9 ("compiler.h: enable builtin overflow checkers and add fallback code") Link: https://github.com/ClangBuiltLinux/linux/issues/1438#issuecomment-916= 745801 Suggested-by: Rasmus Villemoes Signed-off-by: Nick Desaulniers Acked-by: Kees Cook Reviewed-by: Nathan Chancellor Signed-off-by: Linus Torvalds --- include/linux/compiler-clang.h | 13 --- include/linux/compiler-gcc.h | 4 - include/linux/overflow.h | 138 +--------------------------- tools/include/linux/compiler-gcc.h | 4 - tools/include/linux/overflow.h | 140 +---------------------------- 5 files changed, 6 insertions(+), 293 deletions(-) diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 9ba951e3a6c2..928ec5c7776d 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -72,19 +72,6 @@ #define __no_sanitize_coverage #endif =20 -/* - * Not all versions of clang implement the type-generic versions - * of the builtin overflow checkers. Fortunately, clang implements - * __has_builtin allowing us to avoid awkward version - * checks. Unfortunately, we don't know which version of gcc clang - * pretends to be, so the macro may or may not be defined. - */ -#if __has_builtin(__builtin_mul_overflow) && \ - __has_builtin(__builtin_add_overflow) && \ - __has_builtin(__builtin_sub_overflow) -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif - #if __has_feature(shadow_call_stack) # define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) #endif diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 5b481a22b5fe..ae9a8e17287c 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -140,10 +140,6 @@ #define __no_sanitize_coverage #endif =20 -#if GCC_VERSION >=3D 50100 -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif - /* * Turn individual warnings and errors on and off locally, depending * on version. diff --git a/include/linux/overflow.h b/include/linux/overflow.h index d1dd039fe1c3..59d7228104d0 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -6,12 +6,9 @@ #include =20 /* - * In the fallback code below, we need to compute the minimum and - * maximum values representable in a given type. These macros may also - * be useful elsewhere, so we provide them outside the - * COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW block. - * - * It would seem more obvious to do something like + * We need to compute the minimum and maximum values representable in a gi= ven + * type. These macros may also be useful elsewhere. It would seem more obv= ious + * to do something like: * * #define type_min(T) (T)(is_signed_type(T) ? (T)1 << (8*sizeof(T)-1) : 0) * #define type_max(T) (T)(is_signed_type(T) ? ((T)1 << (8*sizeof(T)-1)) -= 1 : ~(T)0) @@ -54,7 +51,6 @@ static inline bool __must_check __must_check_overflow(boo= l overflow) return unlikely(overflow); } =20 -#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on * a, b and *d having the same type (similar to the min() and max() @@ -90,134 +86,6 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) __builtin_mul_overflow(__a, __b, __d); \ })) =20 -#else - - -/* Checking for unsigned overflow is relatively easy without causing UB. */ -#define __unsigned_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a + __b; \ - *__d < __a; \ -}) -#define __unsigned_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a - __b; \ - __a < __b; \ -}) -/* - * If one of a or b is a compile-time constant, this avoids a division. - */ -#define __unsigned_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a * __b; \ - __builtin_constant_p(__b) ? \ - __b > 0 && __a > type_max(typeof(__a)) / __b : \ - __a > 0 && __b > type_max(typeof(__b)) / __a; \ -}) - -/* - * For signed types, detecting overflow is much harder, especially if - * we want to avoid UB. But the interface of these macros is such that - * we must provide a result in *d, and in fact we must produce the - * result promised by gcc's builtins, which is simply the possibly - * wrapped-around value. Fortunately, we can just formally do the - * operations in the widest relevant unsigned type (u64) and then - * truncate the result - gcc is smart enough to generate the same code - * with and without the (u64) casts. - */ - -/* - * Adding two signed integers can overflow only if they have the same - * sign, and overflow has happened iff the result has the opposite - * sign. - */ -#define __signed_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a + (u64)__b; \ - (((~(__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Subtraction is similar, except that overflow can now happen only - * when the signs are opposite. In this case, overflow has happened if - * the result has the opposite sign of a. - */ -#define __signed_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a - (u64)__b; \ - ((((__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Signed multiplication is rather hard. gcc always follows C99, so - * division is truncated towards 0. This means that we can write the - * overflow check like this: - * - * (a > 0 && (b > MAX/a || b < MIN/a)) || - * (a < -1 && (b > MIN/a || b < MAX/a) || - * (a =3D=3D -1 && b =3D=3D MIN) - * - * The redundant casts of -1 are to silence an annoying -Wtype-limits - * (included in -Wextra) warning: When the type is u8 or u16, the - * __b_c_e in check_mul_overflow obviously selects - * __unsigned_mul_overflow, but unfortunately gcc still parses this - * code and warns about the limited range of __b. - */ - -#define __signed_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - typeof(a) __tmax =3D type_max(typeof(a)); \ - typeof(a) __tmin =3D type_min(typeof(a)); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a * (u64)__b; \ - (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) || \ - (__b < (typeof(__b))-1 && (__a > __tmin/__b || __a < __tmax/__b)) || \ - (__b =3D=3D (typeof(__b))-1 && __a =3D=3D __tmin); \ -}) - - -#define check_add_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d))) - -#define check_sub_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d))) - -#define check_mul_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d))) - -#endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ - /** check_shl_overflow() - Calculate a left-shifted value and check overfl= ow * * @a: Value to be shifted diff --git a/tools/include/linux/compiler-gcc.h b/tools/include/linux/compi= ler-gcc.h index 95c072b70d0e..a590a1dfafd9 100644 --- a/tools/include/linux/compiler-gcc.h +++ b/tools/include/linux/compiler-gcc.h @@ -38,7 +38,3 @@ #endif #define __printf(a, b) __attribute__((format(printf, a, b))) #define __scanf(a, b) __attribute__((format(scanf, a, b))) - -#if GCC_VERSION >=3D 50100 -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif diff --git a/tools/include/linux/overflow.h b/tools/include/linux/overflow.h index 8712ff70995f..dcb0c1bf6866 100644 --- a/tools/include/linux/overflow.h +++ b/tools/include/linux/overflow.h @@ -5,12 +5,9 @@ #include =20 /* - * In the fallback code below, we need to compute the minimum and - * maximum values representable in a given type. These macros may also - * be useful elsewhere, so we provide them outside the - * COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW block. - * - * It would seem more obvious to do something like + * We need to compute the minimum and maximum values representable in a gi= ven + * type. These macros may also be useful elsewhere. It would seem more obv= ious + * to do something like: * * #define type_min(T) (T)(is_signed_type(T) ? (T)1 << (8*sizeof(T)-1) : 0) * #define type_max(T) (T)(is_signed_type(T) ? ((T)1 << (8*sizeof(T)-1)) -= 1 : ~(T)0) @@ -36,8 +33,6 @@ #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) #define type_min(T) ((T)((T)-type_max(T)-(T)1)) =20 - -#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on * a, b and *d having the same type (similar to the min() and max() @@ -73,135 +68,6 @@ __builtin_mul_overflow(__a, __b, __d); \ }) =20 -#else - - -/* Checking for unsigned overflow is relatively easy without causing UB. */ -#define __unsigned_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a + __b; \ - *__d < __a; \ -}) -#define __unsigned_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a - __b; \ - __a < __b; \ -}) -/* - * If one of a or b is a compile-time constant, this avoids a division. - */ -#define __unsigned_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a * __b; \ - __builtin_constant_p(__b) ? \ - __b > 0 && __a > type_max(typeof(__a)) / __b : \ - __a > 0 && __b > type_max(typeof(__b)) / __a; \ -}) - -/* - * For signed types, detecting overflow is much harder, especially if - * we want to avoid UB. But the interface of these macros is such that - * we must provide a result in *d, and in fact we must produce the - * result promised by gcc's builtins, which is simply the possibly - * wrapped-around value. Fortunately, we can just formally do the - * operations in the widest relevant unsigned type (u64) and then - * truncate the result - gcc is smart enough to generate the same code - * with and without the (u64) casts. - */ - -/* - * Adding two signed integers can overflow only if they have the same - * sign, and overflow has happened iff the result has the opposite - * sign. - */ -#define __signed_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a + (u64)__b; \ - (((~(__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Subtraction is similar, except that overflow can now happen only - * when the signs are opposite. In this case, overflow has happened if - * the result has the opposite sign of a. - */ -#define __signed_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a - (u64)__b; \ - ((((__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Signed multiplication is rather hard. gcc always follows C99, so - * division is truncated towards 0. This means that we can write the - * overflow check like this: - * - * (a > 0 && (b > MAX/a || b < MIN/a)) || - * (a < -1 && (b > MIN/a || b < MAX/a) || - * (a =3D=3D -1 && b =3D=3D MIN) - * - * The redundant casts of -1 are to silence an annoying -Wtype-limits - * (included in -Wextra) warning: When the type is u8 or u16, the - * __b_c_e in check_mul_overflow obviously selects - * __unsigned_mul_overflow, but unfortunately gcc still parses this - * code and warns about the limited range of __b. - */ - -#define __signed_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - typeof(a) __tmax =3D type_max(typeof(a)); \ - typeof(a) __tmin =3D type_min(typeof(a)); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a * (u64)__b; \ - (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) || \ - (__b < (typeof(__b))-1 && (__a > __tmin/__b || __a < __tmax/__b)) || \ - (__b =3D=3D (typeof(__b))-1 && __a =3D=3D __tmin); \ -}) - - -#define check_add_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d)) - -#define check_sub_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d)) - -#define check_mul_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d)) - - -#endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ - /** * array_size() - Calculate size of 2-dimensional array. * --=20 2.47.3 From nobody Thu Oct 2 18:16:49 2025 Received: from fra-out-004.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-004.esa.eu-central-1.outbound.mail-perimeter.amazon.com [3.74.81.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A643830C37C; Fri, 12 Sep 2025 12:56:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=3.74.81.189 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681813; cv=none; b=qwd2B4XIjmLHbp3GTcLAl2ezEpcmIGHqcMHp/aU0t1iYvRixPQAzLg2xjFfzMrZ8BBiuShl78wmBi4+EOy4J+E+s5VKYiPZSlwD7rMB4y+Bpv+0SaW0ExtPpo7Pt0IECO9uhYBBJ5OacdDtU0jkvMc1bggAKY7UjgD7J0Bc1kww= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681813; c=relaxed/simple; bh=XkYc1Zt6J0NzTmfcHOONg09KwT4+9rrv2iPtz9vlrA0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DNLn/s+kN0tA94R2r6jzZlQHBrFg6lcirj+oyvnIZuJ5Lrl8IKgpYdYjpM8F2/l5fmFyeUb7/V1xS0t8PlbmfQRyVoC8uTH6shhBHkxeiuFWJ2+xeOxb5qnzj2OIdWtkiMj7kB4X6+plfJ9NOz4gbSFvGmBR6t7XouFdw2gXGsI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=m+aro9OW; arc=none smtp.client-ip=3.74.81.189 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="m+aro9OW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757681811; x=1789217811; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4KC6vYT1rrGSGkh8oCKzkoDrWDBygdGFVfl2XxxyCII=; b=m+aro9OWK5/5Q28omN1g0fhMdjODxfkxSxGQ8vX7gOLK/8LiuBrpupxx SZ+JF2o7zlJkx/2zZTBJNRQYWub77XIwoPc0auKznbX9VYEBQzYH/0xzY AN4+wMllNO6ipNBcq0uVjDWGx5jFMV5odUyuwNC3O79gOERgI2KRQ6Z3S WZCoc9X7cATVIu0O3a7IJfaKzMQVt6ZHIkQClmgpD2eBOKh0RmyigNJiz 2V+1VMfWG0qXaKTWsMP47HVxB/ZiowwCf72UUlXbRapaciFDaM5/PtXta osVjIjorxrUERX+9TWd5efrrJe/2ENYe3eX5+43SnYkcQn+46FlUZEe7y w==; X-CSE-ConnectionGUID: qLwfvNg0Sdy+FcETBrJsWw== X-CSE-MsgGUID: YYQsWqGrS0CduBY4qDVGfg== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="2019049" Received: from ip-10-6-11-83.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.11.83]) by internal-fra-out-004.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 12:56:40 +0000 Received: from EX19MTAEUC001.ant.amazon.com [54.240.197.225:12744] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.11.107:2525] with esmtp (Farcaster) id 266059fc-9bf2-46ba-9cba-505c8f1c70f9; Fri, 12 Sep 2025 12:56:40 +0000 (UTC) X-Farcaster-Flow-ID: 266059fc-9bf2-46ba-9cba-505c8f1c70f9 Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:39 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:32 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes , Gwan-gyeong Mun , "Gustavo A. R. Silva" , , Andrzej Hajda Subject: [PATCH 3/4 5.10.y] overflow: Allow mixed type arguments Date: Fri, 12 Sep 2025 12:56:04 +0000 Message-ID: <20250912125606.13262-4-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912125606.13262-1-farbere@amazon.com> References: <20250912125606.13262-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D038UWC001.ant.amazon.com (10.13.139.213) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Kees Cook commit d219d2a9a92e39aa92799efe8f2aa21259b6dd82 upstream. When the check_[op]_overflow() helpers were introduced, all arguments were required to be the same type to make the fallback macros simpler. However, now that the fallback macros have been removed[1], it is fine to allow mixed types, which makes using the helpers much more useful, as they can be used to test for type-based overflows (e.g. adding two large ints but storing into a u8), as would be handy in the drm core[2]. Remove the restriction, and add additional self-tests that exercise some of the mixed-type overflow cases, and double-check for accidental macro side-effects. [1] https://git.kernel.org/linus/4eb6bd55cfb22ffc20652732340c4962f3ac9a91 [2] https://lore.kernel.org/lkml/20220824084514.2261614-2-gwan-gyeong.mun@i= ntel.com Cc: Rasmus Villemoes Cc: Gwan-gyeong Mun Cc: "Gustavo A. R. Silva" Cc: Nick Desaulniers Cc: linux-hardening@vger.kernel.org Reviewed-by: Andrzej Hajda Reviewed-by: Gwan-gyeong Mun Tested-by: Gwan-gyeong Mun Signed-off-by: Kees Cook [ dropped the test portion of the commit as that doesn't apply to 5.15.y - gregkh] Signed-off-by: Greg Kroah-Hartman --- include/linux/overflow.h | 72 +++++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 59d7228104d0..73bc67ec2136 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -51,40 +51,50 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) return unlikely(overflow); } =20 -/* - * For simplicity and code hygiene, the fallback code below insists on - * a, b and *d having the same type (similar to the min() and max() - * macros), whereas gcc's type-generic overflow checkers accept - * different types. Hence we don't just make check_add_overflow an - * alias for __builtin_add_overflow, but add type checks similar to - * below. +/** check_add_overflow() - Calculate addition with overflow checking + * + * @a: first addend + * @b: second addend + * @d: pointer to store sum + * + * Returns 0 on success. + * + * *@d holds the results of the attempted addition, but is not considered + * "safe for use" on a non-zero return value, which indicates that the + * sum has overflowed or been truncated. */ -#define check_add_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_add_overflow(__a, __b, __d); \ -})) +#define check_add_overflow(a, b, d) \ + __must_check_overflow(__builtin_add_overflow(a, b, d)) =20 -#define check_sub_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_sub_overflow(__a, __b, __d); \ -})) +/** check_sub_overflow() - Calculate subtraction with overflow checking + * + * @a: minuend; value to subtract from + * @b: subtrahend; value to subtract from @a + * @d: pointer to store difference + * + * Returns 0 on success. + * + * *@d holds the results of the attempted subtraction, but is not consider= ed + * "safe for use" on a non-zero return value, which indicates that the + * difference has underflowed or been truncated. + */ +#define check_sub_overflow(a, b, d) \ + __must_check_overflow(__builtin_sub_overflow(a, b, d)) =20 -#define check_mul_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_mul_overflow(__a, __b, __d); \ -})) +/** check_mul_overflow() - Calculate multiplication with overflow checking + * + * @a: first factor + * @b: second factor + * @d: pointer to store product + * + * Returns 0 on success. + * + * *@d holds the results of the attempted multiplication, but is not + * considered "safe for use" on a non-zero return value, which indicates + * that the product has overflowed or been truncated. + */ +#define check_mul_overflow(a, b, d) \ + __must_check_overflow(__builtin_mul_overflow(a, b, d)) =20 /** check_shl_overflow() - Calculate a left-shifted value and check overfl= ow * --=20 2.47.3 From nobody Thu Oct 2 18:16:49 2025 Received: from fra-out-008.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-008.esa.eu-central-1.outbound.mail-perimeter.amazon.com [35.158.23.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F11A730E0CD; Fri, 12 Sep 2025 12:56:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=35.158.23.94 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681819; cv=none; b=K/RiRYuyx3v2bQ8E1W6b4/oJc+f57Bzzz8K9ARNhIPDvHNh5/YhxWMwOVASKXsJV2uJOUDqMPU+0PjgdeOdmhM8fyUpMK9dWCc5rDAkdB9qoy0MbI6wIxp3cQPrlx1ka0tK5t4sHQO9Rmq60B8FbTsQYVa4aPddE4vskUy19EFk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757681819; c=relaxed/simple; bh=t0YLY8EiinGEmdO39qs/0vr8Y4OdLgym4zLPBz0ZjIY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=uwCqGPpxA+nwYdYOXElB5hE6/mqIYmOn9eroNOpltq4gXbQmUbqwSDIy3bdTLds1YZPcNq7db87Gu0qKXZyhAs3V90sA17kbAT7p04p0k84+I2G4Vpp8UihiEJj721Oo2xdc/eCnkN2aYJiYNku9I/IVgzCWNDeB5asdO1JIRB8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=f8guYVpd; arc=none smtp.client-ip=35.158.23.94 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="f8guYVpd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757681817; x=1789217817; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=82mFA+mEQjheUnk2vX45eaE13KVipYmy0vxoxzfkwSk=; b=f8guYVpdavy4yzPQXX94s+8qksvfz/9kM/eIgiYmLYib2RMzILmqe+TH 6R3DZ4RCd/czLHhNT3ez7JFS7PYR2bCt9Z8DAMdAHDGQoXTsSuzN6g5iB TULpRC3ekBprsAl8aJcoUYvgw9RK73Z9NyojixEu8a7F8vqsqxzG7v0e9 9VUmZlOcQMfS8J1Zf6BI/QJ/k9TmbI4PgO3T+GwDzNtAiKL3PL4jpIWVk P4MqlC8Dqo6niiNUzVexIKp0NiWrjXDyNFkPUCuBM7HxkuEHzdF15M1Ap 5/Hey+cTPhCdG8N393dvW/ojIq8EIAiBxPCu1zneAoInbPV6mjkki7V2i w==; X-CSE-ConnectionGUID: KM2YLXIVSUC+c3pgswx9pg== X-CSE-MsgGUID: R3q6q5afQRizGeg+ej46Jg== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="2022278" Received: from ip-10-6-11-83.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.11.83]) by internal-fra-out-008.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 12:56:46 +0000 Received: from EX19MTAEUA002.ant.amazon.com [54.240.197.232:23913] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.11.107:2525] with esmtp (Farcaster) id c0e44276-4d55-4045-bc66-3e54ff42c2d9; Fri, 12 Sep 2025 12:56:46 +0000 (UTC) X-Farcaster-Flow-ID: c0e44276-4d55-4045-bc66-3e54ff42c2d9 Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUA002.ant.amazon.com (10.252.50.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:46 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 12:56:39 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes Subject: [PATCH 4/4 5.10.y] tracing: Define the is_signed_type() macro once Date: Fri, 12 Sep 2025 12:56:05 +0000 Message-ID: <20250912125606.13262-5-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912125606.13262-1-farbere@amazon.com> References: <20250912125606.13262-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D038UWC001.ant.amazon.com (10.13.139.213) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Bart Van Assche commit a49a64b5bf195381c09202c524f0f84b5f3e816f upstream. There are two definitions of the is_signed_type() macro: one in and a second definition in . As suggested by Linus, move the definition of the is_signed_type() macro into the header file. Change the definition of the is_signed_type() macro to make sure that it does not trigger any sparse warnings with future versions of sparse for bitwise types. Link: https://lore.kernel.org/all/CAHk-=3DwhjH6p+qzwUdx5SOVVHjS3WvzJQr6mDUw= hEyTf6pJWzaQ@mail.gmail.com/ Link: https://lore.kernel.org/all/CAHk-=3DwjQGnVfb4jehFR0XyZikdQvCZouE96xR_= nnf5kqaM5qqQ@mail.gmail.com/ Cc: Rasmus Villemoes Cc: Steven Rostedt Acked-by: Kees Cook Signed-off-by: Bart Van Assche Signed-off-by: Linus Torvalds (cherry picked from commit a49a64b5bf195381c09202c524f0f84b5f3e816f) Signed-off-by: SeongJae Park Signed-off-by: Greg Kroah-Hartman --- include/linux/compiler.h | 6 ++++++ include/linux/overflow.h | 1 - include/linux/trace_events.h | 2 -- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/linux/compiler.h b/include/linux/compiler.h index bbd74420fa21..004a030d5ad2 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -245,6 +245,12 @@ static inline void *offset_to_ptr(const int *off) /* &a[0] degrades to a pointer: a different type from an array */ #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) =20 +/* + * Whether 'type' is a signed type or an unsigned type. Supports scalar ty= pes, + * bool and also pointer types. + */ +#define is_signed_type(type) (((type)(-1)) < (__force type)1) + /* * This is needed in functions which generate the stack canary, see * arch/x86/kernel/smpboot.c::start_secondary() for an example. diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 73bc67ec2136..e6bf14f462e9 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -29,7 +29,6 @@ * https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html - * credit to Christian Biere. */ -#define is_signed_type(type) (((type)(-1)) < (type)1) #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_= type(type))) #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) #define type_min(T) ((T)((T)-type_max(T)-(T)1)) diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h index 5af2acb9fb7d..0c8c3cf36f96 100644 --- a/include/linux/trace_events.h +++ b/include/linux/trace_events.h @@ -700,8 +700,6 @@ extern int trace_add_event_call(struct trace_event_call= *call); extern int trace_remove_event_call(struct trace_event_call *call); extern int trace_event_get_offsets(struct trace_event_call *call); =20 -#define is_signed_type(type) (((type)(-1)) < (type)1) - int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set); int trace_set_clr_event(const char *system, const char *event, int set); int trace_array_set_clr_event(struct trace_array *tr, const char *system, --=20 2.47.3