From nobody Thu Oct 2 18:16:47 2025 Received: from fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com [18.199.210.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C179312817; Fri, 12 Sep 2025 15:31:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.199.210.3 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691083; cv=none; b=F5GmoTf5bZ9xBWXbh14Y5vp/wPjZdiKMQfHkdaP0j7As5hIy9Ah3bh7St5o9+7t2sGaygjV9JVJCKz6GsDPuGXnlDnchyrbVif2Zq0ii47iExMUz+8HS5jEXmmee6mG1rKWQIiK82tNpTAO4Yra0FhdMTBInCKtW2E+NWkL2s8c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691083; c=relaxed/simple; bh=4J4nVzSnRDQl6Hi05144Vtqwbow4HJsgS5XQf7jSKTk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=m8Y7CR3QAGwffglBTg85vMtkyymVTEu7DwHXGw3qa2dyOYA+I2hFJKAUMolLqkcplA6d2VsBVBdG2fbx9umjNN1fCdqR4s9S5AVKXF1e5WnNuRm/3JeoGkEMvO0XWFVyvJsLj5PoucJxPvDEe38fbtym2rFAMbXwnPX1Pmt3FJE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=moN7IVQb; arc=none smtp.client-ip=18.199.210.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="moN7IVQb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757691081; x=1789227081; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+E0SdUe2btJke4ZdaxwfLgznsTubVaVloEsW/aNSzW0=; b=moN7IVQbu6rbKhPpGncnafYAiv43qHm/56lI4emJ+K08yA9q7mZw3mER qY/GxYxJcf3qecDNsWNpRmDUYoTjD6V1Kecj+vycL5ecLNezev9ulPbDM SMegRPIrNDo57vfVyPEONzKXG+g4N8khJahyHQv8TgE2fEtNfsl1PwpPq 4m+1nZQ93kwav+dT+I2o630TuEEsaLuZmy6PMP+k34xRlIHfqOHhjvYZL oZwaJigSBrY+obN8ltk3vgtDwQ3WOk2RZetTplf/KhuA4V/SW2thnqKgg p1mAqOFEF6pEbW7s11DmKilyoCzjU4EhAxjhfPy9ALs/w9Cc6GVUnNxhv w==; X-CSE-ConnectionGUID: CnjIj+YCQ0e8vSol35abSA== X-CSE-MsgGUID: bs2gU8rKRsWu9ERM/B6h1Q== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="1926584" Received: from ip-10-6-3-216.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.3.216]) by internal-fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 15:31:00 +0000 Received: from EX19MTAEUB001.ant.amazon.com [54.240.197.234:12620] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.1.26:2525] with esmtp (Farcaster) id adc671f3-5191-4921-8b24-21cc0a914c45; Fri, 12 Sep 2025 15:30:59 +0000 (UTC) X-Farcaster-Flow-ID: adc671f3-5191-4921-8b24-21cc0a914c45 Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUB001.ant.amazon.com (10.252.51.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:30:58 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:30:52 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , Subject: [PATCH v2 1/4 5.10.y] overflow: Correct check_shl_overflow() comment Date: Fri, 12 Sep 2025 15:30:35 +0000 Message-ID: <20250912153040.26691-2-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912153040.26691-1-farbere@amazon.com> References: <20250912153040.26691-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D044UWA004.ant.amazon.com (10.13.139.7) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Keith Busch [ Upstream commit 4578be130a6470d85ff05b13b75a00e6224eeeeb ] A 'false' return means the value was safely set, so the comment should say 'true' for when it is not considered safe. Cc: Jason Gunthorpe Signed-off-by: Keith Busch Signed-off-by: Kees Cook Signed-off-by: Eliav Farber Fixes: 0c66847793d1 ("overflow.h: Add arithmetic shift helper") Link: https://lore.kernel.org/r/20210401160629.1941787-1-kbusch@kernel.org --- include/linux/overflow.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 35af574d006f..d1dd039fe1c3 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -235,7 +235,7 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) * - 'a << s' sets the sign bit, if any, in '*d'. * * '*d' will hold the results of the attempted shift, but is not - * considered "safe for use" if false is returned. + * considered "safe for use" if true is returned. */ #define check_shl_overflow(a, s, d) __must_check_overflow(({ \ typeof(a) _a =3D a; \ --=20 2.47.3 From nobody Thu Oct 2 18:16:47 2025 Received: from fra-out-009.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-009.esa.eu-central-1.outbound.mail-perimeter.amazon.com [3.64.237.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63BA51DE4CE; Fri, 12 Sep 2025 15:31:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=3.64.237.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691080; cv=none; b=CQCsJKyYMxWKyrel7cpblXxwfcLatoVpN407a3ikUu0udaNGBEgWqjnB2cGLA4AZdYzzLg2NSC+IdUI7hf8PwbqaafwUKTsP99cYqHKLK1L9oOjwrMEenJwK0h3LgYJesKoC7neXNgb2mweJ3s6uHZbDqdBVu8DRVV6iWk/kPAw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691080; c=relaxed/simple; bh=zIHVFRU7JOl0bYpSHV7NTHXlYG3ByO+E7astzdMeXcQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LamwJwH9fvTgczll/Y1lH4wXL0IPj7JX5StMTrl/irv0kaapxp3NioVdlBJgOZSbZpBN0v+kaaNe2tFEtI2MowX/JnjVbAu79ZpDfF1F3te0sVPTNegI8sA3YP8tDZKKLWbHhaZl0kc7IjFblJOPWxhK2KIh8RWayGtncwGVwHk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=Tln1Vm9p; arc=none smtp.client-ip=3.64.237.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="Tln1Vm9p" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757691077; x=1789227077; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=d96GNjWBbnS29dz3XYCBT3ot4b9kYSMNELBZmlAyWgg=; b=Tln1Vm9pnIjHgITxz8wlUqz5Dg4T6MLWriaVmfxclk6bJMu4RMY+vOHr Cu961Fn1kTx4nh7nM4OIHnfUzF8jM48G7R9IA2eW7o15MHLYF4gtimwmj 2vvk3KPGYIrdRZY6wMUiUDDIt5qMkhUW+VdKTVK4pKKfG1bZp9NHKLjea KHBeBSWAqIrFceCqIePBIB3xiQ52Yk4OTWmFy+pcTU7iZn7V08EcgE/FL gMZ0y/VjTlNVK2ailXQjB1iJYl9tVNLdM2/PIJEBHKkucRiUP/xOhE0nC uuwZp1bdYVwkEjPq9aBGD4zVTqRzi0F6vHw2mL+0EGP8jzBWqF5H2pLYX Q==; X-CSE-ConnectionGUID: 7TRs1BryQcSu/okj6nTc4A== X-CSE-MsgGUID: YE+EMdNjS+u9FwIKsY8nXg== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="1928867" Received: from ip-10-6-11-83.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.11.83]) by internal-fra-out-009.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 15:31:06 +0000 Received: from EX19MTAEUB002.ant.amazon.com [54.240.197.232:24448] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.1.255:2525] with esmtp (Farcaster) id 6341e120-1c53-481f-9e4d-f12be0e304ca; Fri, 12 Sep 2025 15:31:06 +0000 (UTC) X-Farcaster-Flow-ID: 6341e120-1c53-481f-9e4d-f12be0e304ca Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUB002.ant.amazon.com (10.252.51.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:31:05 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:30:58 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes , Nathan Chancellor Subject: [PATCH v2 2/4 5.10.y] compiler.h: drop fallback overflow checkers Date: Fri, 12 Sep 2025 15:30:36 +0000 Message-ID: <20250912153040.26691-3-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912153040.26691-1-farbere@amazon.com> References: <20250912153040.26691-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D044UWA004.ant.amazon.com (10.13.139.7) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Nick Desaulniers [ Upstream commit 4eb6bd55cfb22ffc20652732340c4962f3ac9a91 ] Once upgrading the minimum supported version of GCC to 5.1, we can drop the fallback code for !COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW. This is effectively a revert of commit f0907827a8a9 ("compiler.h: enable builtin overflow checkers and add fallback code") Link: https://github.com/ClangBuiltLinux/linux/issues/1438#issuecomment-916= 745801 Suggested-by: Rasmus Villemoes Signed-off-by: Nick Desaulniers Acked-by: Kees Cook Reviewed-by: Nathan Chancellor Signed-off-by: Linus Torvalds Signed-off-by: Eliav Farber --- include/linux/compiler-clang.h | 13 --- include/linux/compiler-gcc.h | 4 - include/linux/overflow.h | 138 +--------------------------- tools/include/linux/compiler-gcc.h | 4 - tools/include/linux/overflow.h | 140 +---------------------------- 5 files changed, 6 insertions(+), 293 deletions(-) diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 9ba951e3a6c2..928ec5c7776d 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -72,19 +72,6 @@ #define __no_sanitize_coverage #endif =20 -/* - * Not all versions of clang implement the type-generic versions - * of the builtin overflow checkers. Fortunately, clang implements - * __has_builtin allowing us to avoid awkward version - * checks. Unfortunately, we don't know which version of gcc clang - * pretends to be, so the macro may or may not be defined. - */ -#if __has_builtin(__builtin_mul_overflow) && \ - __has_builtin(__builtin_add_overflow) && \ - __has_builtin(__builtin_sub_overflow) -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif - #if __has_feature(shadow_call_stack) # define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) #endif diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 5b481a22b5fe..ae9a8e17287c 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -140,10 +140,6 @@ #define __no_sanitize_coverage #endif =20 -#if GCC_VERSION >=3D 50100 -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif - /* * Turn individual warnings and errors on and off locally, depending * on version. diff --git a/include/linux/overflow.h b/include/linux/overflow.h index d1dd039fe1c3..59d7228104d0 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -6,12 +6,9 @@ #include =20 /* - * In the fallback code below, we need to compute the minimum and - * maximum values representable in a given type. These macros may also - * be useful elsewhere, so we provide them outside the - * COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW block. - * - * It would seem more obvious to do something like + * We need to compute the minimum and maximum values representable in a gi= ven + * type. These macros may also be useful elsewhere. It would seem more obv= ious + * to do something like: * * #define type_min(T) (T)(is_signed_type(T) ? (T)1 << (8*sizeof(T)-1) : 0) * #define type_max(T) (T)(is_signed_type(T) ? ((T)1 << (8*sizeof(T)-1)) -= 1 : ~(T)0) @@ -54,7 +51,6 @@ static inline bool __must_check __must_check_overflow(boo= l overflow) return unlikely(overflow); } =20 -#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on * a, b and *d having the same type (similar to the min() and max() @@ -90,134 +86,6 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) __builtin_mul_overflow(__a, __b, __d); \ })) =20 -#else - - -/* Checking for unsigned overflow is relatively easy without causing UB. */ -#define __unsigned_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a + __b; \ - *__d < __a; \ -}) -#define __unsigned_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a - __b; \ - __a < __b; \ -}) -/* - * If one of a or b is a compile-time constant, this avoids a division. - */ -#define __unsigned_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a * __b; \ - __builtin_constant_p(__b) ? \ - __b > 0 && __a > type_max(typeof(__a)) / __b : \ - __a > 0 && __b > type_max(typeof(__b)) / __a; \ -}) - -/* - * For signed types, detecting overflow is much harder, especially if - * we want to avoid UB. But the interface of these macros is such that - * we must provide a result in *d, and in fact we must produce the - * result promised by gcc's builtins, which is simply the possibly - * wrapped-around value. Fortunately, we can just formally do the - * operations in the widest relevant unsigned type (u64) and then - * truncate the result - gcc is smart enough to generate the same code - * with and without the (u64) casts. - */ - -/* - * Adding two signed integers can overflow only if they have the same - * sign, and overflow has happened iff the result has the opposite - * sign. - */ -#define __signed_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a + (u64)__b; \ - (((~(__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Subtraction is similar, except that overflow can now happen only - * when the signs are opposite. In this case, overflow has happened if - * the result has the opposite sign of a. - */ -#define __signed_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a - (u64)__b; \ - ((((__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Signed multiplication is rather hard. gcc always follows C99, so - * division is truncated towards 0. This means that we can write the - * overflow check like this: - * - * (a > 0 && (b > MAX/a || b < MIN/a)) || - * (a < -1 && (b > MIN/a || b < MAX/a) || - * (a =3D=3D -1 && b =3D=3D MIN) - * - * The redundant casts of -1 are to silence an annoying -Wtype-limits - * (included in -Wextra) warning: When the type is u8 or u16, the - * __b_c_e in check_mul_overflow obviously selects - * __unsigned_mul_overflow, but unfortunately gcc still parses this - * code and warns about the limited range of __b. - */ - -#define __signed_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - typeof(a) __tmax =3D type_max(typeof(a)); \ - typeof(a) __tmin =3D type_min(typeof(a)); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a * (u64)__b; \ - (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) || \ - (__b < (typeof(__b))-1 && (__a > __tmin/__b || __a < __tmax/__b)) || \ - (__b =3D=3D (typeof(__b))-1 && __a =3D=3D __tmin); \ -}) - - -#define check_add_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d))) - -#define check_sub_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d))) - -#define check_mul_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d))) - -#endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ - /** check_shl_overflow() - Calculate a left-shifted value and check overfl= ow * * @a: Value to be shifted diff --git a/tools/include/linux/compiler-gcc.h b/tools/include/linux/compi= ler-gcc.h index 95c072b70d0e..a590a1dfafd9 100644 --- a/tools/include/linux/compiler-gcc.h +++ b/tools/include/linux/compiler-gcc.h @@ -38,7 +38,3 @@ #endif #define __printf(a, b) __attribute__((format(printf, a, b))) #define __scanf(a, b) __attribute__((format(scanf, a, b))) - -#if GCC_VERSION >=3D 50100 -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif diff --git a/tools/include/linux/overflow.h b/tools/include/linux/overflow.h index 8712ff70995f..dcb0c1bf6866 100644 --- a/tools/include/linux/overflow.h +++ b/tools/include/linux/overflow.h @@ -5,12 +5,9 @@ #include =20 /* - * In the fallback code below, we need to compute the minimum and - * maximum values representable in a given type. These macros may also - * be useful elsewhere, so we provide them outside the - * COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW block. - * - * It would seem more obvious to do something like + * We need to compute the minimum and maximum values representable in a gi= ven + * type. These macros may also be useful elsewhere. It would seem more obv= ious + * to do something like: * * #define type_min(T) (T)(is_signed_type(T) ? (T)1 << (8*sizeof(T)-1) : 0) * #define type_max(T) (T)(is_signed_type(T) ? ((T)1 << (8*sizeof(T)-1)) -= 1 : ~(T)0) @@ -36,8 +33,6 @@ #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) #define type_min(T) ((T)((T)-type_max(T)-(T)1)) =20 - -#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on * a, b and *d having the same type (similar to the min() and max() @@ -73,135 +68,6 @@ __builtin_mul_overflow(__a, __b, __d); \ }) =20 -#else - - -/* Checking for unsigned overflow is relatively easy without causing UB. */ -#define __unsigned_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a + __b; \ - *__d < __a; \ -}) -#define __unsigned_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a - __b; \ - __a < __b; \ -}) -/* - * If one of a or b is a compile-time constant, this avoids a division. - */ -#define __unsigned_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a * __b; \ - __builtin_constant_p(__b) ? \ - __b > 0 && __a > type_max(typeof(__a)) / __b : \ - __a > 0 && __b > type_max(typeof(__b)) / __a; \ -}) - -/* - * For signed types, detecting overflow is much harder, especially if - * we want to avoid UB. But the interface of these macros is such that - * we must provide a result in *d, and in fact we must produce the - * result promised by gcc's builtins, which is simply the possibly - * wrapped-around value. Fortunately, we can just formally do the - * operations in the widest relevant unsigned type (u64) and then - * truncate the result - gcc is smart enough to generate the same code - * with and without the (u64) casts. - */ - -/* - * Adding two signed integers can overflow only if they have the same - * sign, and overflow has happened iff the result has the opposite - * sign. - */ -#define __signed_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a + (u64)__b; \ - (((~(__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Subtraction is similar, except that overflow can now happen only - * when the signs are opposite. In this case, overflow has happened if - * the result has the opposite sign of a. - */ -#define __signed_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a - (u64)__b; \ - ((((__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Signed multiplication is rather hard. gcc always follows C99, so - * division is truncated towards 0. This means that we can write the - * overflow check like this: - * - * (a > 0 && (b > MAX/a || b < MIN/a)) || - * (a < -1 && (b > MIN/a || b < MAX/a) || - * (a =3D=3D -1 && b =3D=3D MIN) - * - * The redundant casts of -1 are to silence an annoying -Wtype-limits - * (included in -Wextra) warning: When the type is u8 or u16, the - * __b_c_e in check_mul_overflow obviously selects - * __unsigned_mul_overflow, but unfortunately gcc still parses this - * code and warns about the limited range of __b. - */ - -#define __signed_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - typeof(a) __tmax =3D type_max(typeof(a)); \ - typeof(a) __tmin =3D type_min(typeof(a)); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a * (u64)__b; \ - (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) || \ - (__b < (typeof(__b))-1 && (__a > __tmin/__b || __a < __tmax/__b)) || \ - (__b =3D=3D (typeof(__b))-1 && __a =3D=3D __tmin); \ -}) - - -#define check_add_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d)) - -#define check_sub_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d)) - -#define check_mul_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d)) - - -#endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ - /** * array_size() - Calculate size of 2-dimensional array. * --=20 2.47.3 From nobody Thu Oct 2 18:16:47 2025 Received: from fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com [18.199.210.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 966A3317708; Fri, 12 Sep 2025 15:31:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.199.210.3 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691086; cv=none; b=YVA6seFQvLkpBQMaMZT6eBpMiOpW7guRWSVT4cNQTNFXlQJ6HaYcfAjM1Iyuqk5IejEJ7aujO1F/DFIuXtCUgs/LsOHk/G7/uduNK7cpEeb5VvaJBkOR0pxJsJyNWqkwTyVmkR9baLjm6No00zbdtOFuUjszFdLTYzoQ3PqWpfI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691086; c=relaxed/simple; bh=0ZAuq1AeP2txNQ7DcSKMbLVlk6LKgVQRz0GMnBaYbvU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FJRDqjrH10xN3yW49tqRCvIYmSbc65xy8wYx6qmSqBo2UARhEIDiB3J/1BJAf1OA5CBGaeErDHhived21GDsYK2aD4KfjxdxkaMzEhxTwulKEIZYTc88eQD8dngcH3csxtBjrHRlJeY2i4aPukwT5KOcCQEAhW/3CP6vY9N40bI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=Z7hdhhrm; arc=none smtp.client-ip=18.199.210.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="Z7hdhhrm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757691084; x=1789227084; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mNZQBQctKZfrpwn21cF3GKidAAjq4amyeXpqNxgoRJI=; b=Z7hdhhrm5eB78M+9Fto5jg35y35OUyluwb1tX6tSEnHTZpVd66sOndAK Confvzb95hQUth316ldM75XMVj2uoHcU0zvkwg6cl44DFP802pQ5q4Ome Qage0YLFpVKubhZQlPsy6LPqNnGAgZ+TYNAlYucnS+5p+nZh3lD9Oegnk LRMX6lM98ie0gpY8kj0hKlsfWxthaDC8g63xnsFRHsDokq18ennd7iG92 DKEVTQCOjbxIuo2Y9LBxgiihPCs9Dk1rTQLVy0ExuB4L7Dclq+Qo/ehpO 3mP+ynwaokVq7x6/yrE4NXkkC8Fn3PJItT66xR+QhjsQKG11JPjI+Znuh w==; X-CSE-ConnectionGUID: 7HJlotdaQDe9hzRxj9Xhgg== X-CSE-MsgGUID: vzmFUeFfTLq6JhAyVvL6eQ== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="1926629" Received: from ip-10-6-11-83.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.11.83]) by internal-fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 15:31:13 +0000 Received: from EX19MTAEUC001.ant.amazon.com [54.240.197.225:20571] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.20.211:2525] with esmtp (Farcaster) id 90cf4a3a-92b1-40c8-8a77-c06977ed7ddd; Fri, 12 Sep 2025 15:31:13 +0000 (UTC) X-Farcaster-Flow-ID: 90cf4a3a-92b1-40c8-8a77-c06977ed7ddd Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:31:13 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:31:05 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes , Gwan-gyeong Mun , "Gustavo A. R. Silva" , , Andrzej Hajda Subject: [PATCH v2 3/4 5.10.y] overflow: Allow mixed type arguments Date: Fri, 12 Sep 2025 15:30:37 +0000 Message-ID: <20250912153040.26691-4-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912153040.26691-1-farbere@amazon.com> References: <20250912153040.26691-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D044UWA004.ant.amazon.com (10.13.139.7) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Kees Cook commit d219d2a9a92e39aa92799efe8f2aa21259b6dd82 upstream. When the check_[op]_overflow() helpers were introduced, all arguments were required to be the same type to make the fallback macros simpler. However, now that the fallback macros have been removed[1], it is fine to allow mixed types, which makes using the helpers much more useful, as they can be used to test for type-based overflows (e.g. adding two large ints but storing into a u8), as would be handy in the drm core[2]. Remove the restriction, and add additional self-tests that exercise some of the mixed-type overflow cases, and double-check for accidental macro side-effects. [1] https://git.kernel.org/linus/4eb6bd55cfb22ffc20652732340c4962f3ac9a91 [2] https://lore.kernel.org/lkml/20220824084514.2261614-2-gwan-gyeong.mun@i= ntel.com Cc: Rasmus Villemoes Cc: Gwan-gyeong Mun Cc: "Gustavo A. R. Silva" Cc: Nick Desaulniers Cc: linux-hardening@vger.kernel.org Reviewed-by: Andrzej Hajda Reviewed-by: Gwan-gyeong Mun Tested-by: Gwan-gyeong Mun Signed-off-by: Kees Cook [ dropped the test portion of the commit as that doesn't apply to 5.15.y - gregkh] Signed-off-by: Greg Kroah-Hartman Signed-off-by: Eliav Farber --- include/linux/overflow.h | 72 +++++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 59d7228104d0..73bc67ec2136 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -51,40 +51,50 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) return unlikely(overflow); } =20 -/* - * For simplicity and code hygiene, the fallback code below insists on - * a, b and *d having the same type (similar to the min() and max() - * macros), whereas gcc's type-generic overflow checkers accept - * different types. Hence we don't just make check_add_overflow an - * alias for __builtin_add_overflow, but add type checks similar to - * below. +/** check_add_overflow() - Calculate addition with overflow checking + * + * @a: first addend + * @b: second addend + * @d: pointer to store sum + * + * Returns 0 on success. + * + * *@d holds the results of the attempted addition, but is not considered + * "safe for use" on a non-zero return value, which indicates that the + * sum has overflowed or been truncated. */ -#define check_add_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_add_overflow(__a, __b, __d); \ -})) +#define check_add_overflow(a, b, d) \ + __must_check_overflow(__builtin_add_overflow(a, b, d)) =20 -#define check_sub_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_sub_overflow(__a, __b, __d); \ -})) +/** check_sub_overflow() - Calculate subtraction with overflow checking + * + * @a: minuend; value to subtract from + * @b: subtrahend; value to subtract from @a + * @d: pointer to store difference + * + * Returns 0 on success. + * + * *@d holds the results of the attempted subtraction, but is not consider= ed + * "safe for use" on a non-zero return value, which indicates that the + * difference has underflowed or been truncated. + */ +#define check_sub_overflow(a, b, d) \ + __must_check_overflow(__builtin_sub_overflow(a, b, d)) =20 -#define check_mul_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_mul_overflow(__a, __b, __d); \ -})) +/** check_mul_overflow() - Calculate multiplication with overflow checking + * + * @a: first factor + * @b: second factor + * @d: pointer to store product + * + * Returns 0 on success. + * + * *@d holds the results of the attempted multiplication, but is not + * considered "safe for use" on a non-zero return value, which indicates + * that the product has overflowed or been truncated. + */ +#define check_mul_overflow(a, b, d) \ + __must_check_overflow(__builtin_mul_overflow(a, b, d)) =20 /** check_shl_overflow() - Calculate a left-shifted value and check overfl= ow * --=20 2.47.3 From nobody Thu Oct 2 18:16:47 2025 Received: from fra-out-001.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-001.esa.eu-central-1.outbound.mail-perimeter.amazon.com [18.156.205.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E85931AF0E; Fri, 12 Sep 2025 15:31:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.156.205.64 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691092; cv=none; b=YtU/IPn2aXjkZDUwqy4vtEc4tg4UIs6S4zTfzExo+10EDhj6Mri7f++aBNkR0ZL0uGlzI7fWgJBP1H1Fm6GXmqJBUuUajEwVAIDqx7QKgC1/iPDkGMVVLooMD5eTVVRRqbvrXy/f14ahdywEMbDePLa5PSvJK/L7icGx5cMcgOU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757691092; c=relaxed/simple; bh=NSzvNrJAMUb9GfFJEBhQ9uNIUWa7KeQFbp7whiUmZTc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nk8lXse75mXeDM75J4a7ZhlAK0obv5OK2MGVEdD+R7maTUecvSIenG8HKn9kHeyPbMcM/7wlsanI/bkzhycP9c8SRNPuLnNzmPpt2bpRf/N15IVicw8qIYZqSVFDXAm0z76ZcIQlwMSjuxkVFtYmlQR9XTh1ZMrDUCIhBfOW9Gw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=TbTjTqdw; arc=none smtp.client-ip=18.156.205.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="TbTjTqdw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757691090; x=1789227090; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=x1XW1KMO+D5uSaQ8WeTblJJV7MJ293yX+nAqnx5MTkY=; b=TbTjTqdw2g0Bp1lq0r4wC3m3JRNj8q+7jwTpvBko7d0/rnzaW1UW2q2c bWwxxyDIcZ7CBGm8Sde73nPpDTx071vqRp/RhRLp7X21yuv3qBsUD0Aa5 JQ+Ver68ecB9ooZi51AfTi5qQHY5Vls8FhweFf+93DKcDD5avuIRukqsV Q2AKZidLLJSOx8K5nrlB6FzWTt00MfZBk0iSPaXrvxl7YfBR7wnJsF5PJ jD4zQ63Xp21BUbXNv6Pej7M5QQlmxNxrqZE9armB10nQ/UXh00uADbaEa WgdmWksie9MNXFonvYdFtS8L0CCuTwS5y2bipcMdJAdqbr+crjvPEUFii A==; X-CSE-ConnectionGUID: /yGqciskQ5qMFX1+5dZ7eg== X-CSE-MsgGUID: 9owVXk/KQpGgux3b9jlKhA== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="2028376" Received: from ip-10-6-11-83.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.11.83]) by internal-fra-out-001.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 15:31:19 +0000 Received: from EX19MTAEUA001.ant.amazon.com [54.240.197.233:29994] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.32.129:2525] with esmtp (Farcaster) id e80810c2-caec-4488-8f15-2e0fa38b0b4f; Fri, 12 Sep 2025 15:31:19 +0000 (UTC) X-Farcaster-Flow-ID: e80810c2-caec-4488-8f15-2e0fa38b0b4f Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUA001.ant.amazon.com (10.252.50.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:31:19 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 15:31:13 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes Subject: [PATCH v2 4/4 5.10.y] tracing: Define the is_signed_type() macro once Date: Fri, 12 Sep 2025 15:30:38 +0000 Message-ID: <20250912153040.26691-5-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912153040.26691-1-farbere@amazon.com> References: <20250912153040.26691-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D044UWA004.ant.amazon.com (10.13.139.7) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Bart Van Assche commit a49a64b5bf195381c09202c524f0f84b5f3e816f upstream. There are two definitions of the is_signed_type() macro: one in and a second definition in . As suggested by Linus, move the definition of the is_signed_type() macro into the header file. Change the definition of the is_signed_type() macro to make sure that it does not trigger any sparse warnings with future versions of sparse for bitwise types. Link: https://lore.kernel.org/all/CAHk-=3DwhjH6p+qzwUdx5SOVVHjS3WvzJQr6mDUw= hEyTf6pJWzaQ@mail.gmail.com/ Link: https://lore.kernel.org/all/CAHk-=3DwjQGnVfb4jehFR0XyZikdQvCZouE96xR_= nnf5kqaM5qqQ@mail.gmail.com/ Cc: Rasmus Villemoes Cc: Steven Rostedt Acked-by: Kees Cook Signed-off-by: Bart Van Assche Signed-off-by: Linus Torvalds (cherry picked from commit a49a64b5bf195381c09202c524f0f84b5f3e816f) Signed-off-by: SeongJae Park Signed-off-by: Greg Kroah-Hartman Signed-off-by: Eliav Farber --- include/linux/compiler.h | 6 ++++++ include/linux/overflow.h | 1 - include/linux/trace_events.h | 2 -- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/linux/compiler.h b/include/linux/compiler.h index bbd74420fa21..004a030d5ad2 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -245,6 +245,12 @@ static inline void *offset_to_ptr(const int *off) /* &a[0] degrades to a pointer: a different type from an array */ #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) =20 +/* + * Whether 'type' is a signed type or an unsigned type. Supports scalar ty= pes, + * bool and also pointer types. + */ +#define is_signed_type(type) (((type)(-1)) < (__force type)1) + /* * This is needed in functions which generate the stack canary, see * arch/x86/kernel/smpboot.c::start_secondary() for an example. diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 73bc67ec2136..e6bf14f462e9 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -29,7 +29,6 @@ * https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html - * credit to Christian Biere. */ -#define is_signed_type(type) (((type)(-1)) < (type)1) #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_= type(type))) #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) #define type_min(T) ((T)((T)-type_max(T)-(T)1)) diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h index 5af2acb9fb7d..0c8c3cf36f96 100644 --- a/include/linux/trace_events.h +++ b/include/linux/trace_events.h @@ -700,8 +700,6 @@ extern int trace_add_event_call(struct trace_event_call= *call); extern int trace_remove_event_call(struct trace_event_call *call); extern int trace_event_get_offsets(struct trace_event_call *call); =20 -#define is_signed_type(type) (((type)(-1)) < (type)1) - int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set); int trace_set_clr_event(const char *system, const char *event, int set); int trace_array_set_clr_event(struct trace_array *tr, const char *system, --=20 2.47.3