From nobody Thu Oct 2 18:19:35 2025 Received: from fra-out-007.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-007.esa.eu-central-1.outbound.mail-perimeter.amazon.com [3.75.33.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DCE033471C; Fri, 12 Sep 2025 18:55:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=3.75.33.185 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703351; cv=none; b=OnsWIz81QT/w0UKkN/p3oYRPPHYGmBMf+gCgJIBhgthcT1UuhPUwPKdsWGpGel0mhWZMGB04OLToXNcFH/wExeIag25SKSsxD8xqi+jAhYMB6FbpWiFcz2YnkYKIFj7d/GZyL/Kyf6NnOpAXBHnXPjwhTXwGE78huWF/B2HdPkE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703351; c=relaxed/simple; bh=4J4nVzSnRDQl6Hi05144Vtqwbow4HJsgS5XQf7jSKTk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=sgWNGmX/Gwhh0RuNref/K265DPyCKV7MoTomxdXSzLOkB2ATo9CBLFNx3HXW+ZQvG/IOW0fDelyvwZ/57oIvEvujIpnJG9dXntDup4/rrGFSbSxnnOlDDeUa5gfNiIK7MRGwxsXUdkHB6o/eDoJZVrIHf+JLBwnt4PcxXlc+uj0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=V99w5nmo; arc=none smtp.client-ip=3.75.33.185 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="V99w5nmo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757703349; x=1789239349; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+E0SdUe2btJke4ZdaxwfLgznsTubVaVloEsW/aNSzW0=; b=V99w5nmokYQaTY+OqgMf3vujA1xvntHkPEMJokmwl2eE3fywHzbeARse DzjRTfSep1ZaGSswR1e6VGmYVphowmDFL4yzbJ7lxZC/MC+SLPKbTrOpi tVxEJ1zxlBM5zvlhmxV/xSqKlsvYHfdIsaW/9SlNtXGly95kKQUiA5fxn 1by9g5zEr3rxSxlUjMY0YYbxKpgXnRExlv+ohkK9CofQQHyVYGllJp4T9 D8/FAiv4v17RrW7YUv4MjW3P3zk4NbGn9EK/yxesPwU9BfVKvzacfssrH a+N8g7tl3GQlVnmRiyr8+IwxfBmcIN2C02SIHJwoTeoR4Ev9L8C7BQ+5/ Q==; X-CSE-ConnectionGUID: QNbQIGb3QYK5qURAxOcSyw== X-CSE-MsgGUID: MUJ4iccQTvWZJY/GQLcDHg== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="2039083" Received: from ip-10-6-3-216.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.3.216]) by internal-fra-out-007.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 18:55:38 +0000 Received: from EX19MTAEUB002.ant.amazon.com [54.240.197.224:1578] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.46.95:2525] with esmtp (Farcaster) id 20a6b850-51c5-43a1-88cd-70e7bf45333a; Fri, 12 Sep 2025 18:55:37 +0000 (UTC) X-Farcaster-Flow-ID: 20a6b850-51c5-43a1-88cd-70e7bf45333a Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUB002.ant.amazon.com (10.252.51.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:37 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:31 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , Subject: [PATCH v3 1/4 5.10.y] overflow: Correct check_shl_overflow() comment Date: Fri, 12 Sep 2025 18:55:13 +0000 Message-ID: <20250912185518.39980-2-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912185518.39980-1-farbere@amazon.com> References: <20250912185518.39980-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D045UWA001.ant.amazon.com (10.13.139.83) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Keith Busch [ Upstream commit 4578be130a6470d85ff05b13b75a00e6224eeeeb ] A 'false' return means the value was safely set, so the comment should say 'true' for when it is not considered safe. Cc: Jason Gunthorpe Signed-off-by: Keith Busch Signed-off-by: Kees Cook Signed-off-by: Eliav Farber Fixes: 0c66847793d1 ("overflow.h: Add arithmetic shift helper") Link: https://lore.kernel.org/r/20210401160629.1941787-1-kbusch@kernel.org --- include/linux/overflow.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 35af574d006f..d1dd039fe1c3 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -235,7 +235,7 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) * - 'a << s' sets the sign bit, if any, in '*d'. * * '*d' will hold the results of the attempted shift, but is not - * considered "safe for use" if false is returned. + * considered "safe for use" if true is returned. */ #define check_shl_overflow(a, s, d) __must_check_overflow(({ \ typeof(a) _a =3D a; \ --=20 2.47.3 From nobody Thu Oct 2 18:19:35 2025 Received: from fra-out-015.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-015.esa.eu-central-1.outbound.mail-perimeter.amazon.com [18.158.153.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B3853375CD; Fri, 12 Sep 2025 18:55:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.158.153.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703360; cv=none; b=j9rnHqkZbtvCag3ogsD8pIlFbYIfd/tN6Z2i6leb6eTNbpg0GF2BX3to9sBW8/8KvfF7aQ3xx5Amc453so5w40PnpPGfye5k0dMZlONXf7a1RYFA+wr7GOvif3q4Q3mppKbP6YMGUmtOgJSBWemGaA41yt6bb9IdRRnXHbfegAo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703360; c=relaxed/simple; bh=zIHVFRU7JOl0bYpSHV7NTHXlYG3ByO+E7astzdMeXcQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FkTIyLGXibRbHFwv08Rw0XkRcc4daurQQ6RmOFlqPm5ooe79pJWIP/Wk3U+RiHi31nnY3XuS6Z4iVHsoJf2ExQ8kSEldeJP+1cX1lNY1fvGTdnWzcJWjAw6J75S1zQYu+c0yc7o2/V/G28nnlih7oMuAeJLUe+7rUozigidSAb8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=GbBYEK4m; arc=none smtp.client-ip=18.158.153.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="GbBYEK4m" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757703357; x=1789239357; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=d96GNjWBbnS29dz3XYCBT3ot4b9kYSMNELBZmlAyWgg=; b=GbBYEK4mfWBm3OluWKkUygle7OdZBoseZWaw09a1Rgq6FfNdhUxuvp49 Gf5+tQVk5bEF1b8vCLjw56tdlyd1Ra5mVGF+F/ApDNAtQ+AofWq7zsmIE F748rq8i+l7qjyFUXwKLr3bo/VKKJQbTGKJgvndrWqZvG6ZL/u0JYDMHD 3Pqe6omoF6uwXpLTZym0/+b8n4RAcOQXbn+4ZJw7pNeSnd40p4e5ufigM ieN49bgjHQFRRYMFWJAHGogG2piX2QYCFTC8CAgYrLu5NJhiTb12tdAdA XzHmuS+LNlQCV4DujqhJFQp12AYO0MfwEXZPIOOGLKUZQSoZswIyqtxDZ Q==; X-CSE-ConnectionGUID: W6Mo6hC7QaO0fjwB2iOOkw== X-CSE-MsgGUID: CRLr2vfHTmCF+1Ai3mxXfw== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="1923448" Received: from ip-10-6-3-216.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.3.216]) by internal-fra-out-015.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 18:55:45 +0000 Received: from EX19MTAEUC001.ant.amazon.com [54.240.197.225:23939] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.27.75:2525] with esmtp (Farcaster) id 162dab27-391a-492f-bf52-fdc1ee0d0a43; Fri, 12 Sep 2025 18:55:45 +0000 (UTC) X-Farcaster-Flow-ID: 162dab27-391a-492f-bf52-fdc1ee0d0a43 Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:44 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:37 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes , Nathan Chancellor Subject: [PATCH v3 2/4 5.10.y] compiler.h: drop fallback overflow checkers Date: Fri, 12 Sep 2025 18:55:14 +0000 Message-ID: <20250912185518.39980-3-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912185518.39980-1-farbere@amazon.com> References: <20250912185518.39980-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D045UWA001.ant.amazon.com (10.13.139.83) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Nick Desaulniers [ Upstream commit 4eb6bd55cfb22ffc20652732340c4962f3ac9a91 ] Once upgrading the minimum supported version of GCC to 5.1, we can drop the fallback code for !COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW. This is effectively a revert of commit f0907827a8a9 ("compiler.h: enable builtin overflow checkers and add fallback code") Link: https://github.com/ClangBuiltLinux/linux/issues/1438#issuecomment-916= 745801 Suggested-by: Rasmus Villemoes Signed-off-by: Nick Desaulniers Acked-by: Kees Cook Reviewed-by: Nathan Chancellor Signed-off-by: Linus Torvalds Signed-off-by: Eliav Farber --- include/linux/compiler-clang.h | 13 --- include/linux/compiler-gcc.h | 4 - include/linux/overflow.h | 138 +--------------------------- tools/include/linux/compiler-gcc.h | 4 - tools/include/linux/overflow.h | 140 +---------------------------- 5 files changed, 6 insertions(+), 293 deletions(-) diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 9ba951e3a6c2..928ec5c7776d 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -72,19 +72,6 @@ #define __no_sanitize_coverage #endif =20 -/* - * Not all versions of clang implement the type-generic versions - * of the builtin overflow checkers. Fortunately, clang implements - * __has_builtin allowing us to avoid awkward version - * checks. Unfortunately, we don't know which version of gcc clang - * pretends to be, so the macro may or may not be defined. - */ -#if __has_builtin(__builtin_mul_overflow) && \ - __has_builtin(__builtin_add_overflow) && \ - __has_builtin(__builtin_sub_overflow) -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif - #if __has_feature(shadow_call_stack) # define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) #endif diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 5b481a22b5fe..ae9a8e17287c 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -140,10 +140,6 @@ #define __no_sanitize_coverage #endif =20 -#if GCC_VERSION >=3D 50100 -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif - /* * Turn individual warnings and errors on and off locally, depending * on version. diff --git a/include/linux/overflow.h b/include/linux/overflow.h index d1dd039fe1c3..59d7228104d0 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -6,12 +6,9 @@ #include =20 /* - * In the fallback code below, we need to compute the minimum and - * maximum values representable in a given type. These macros may also - * be useful elsewhere, so we provide them outside the - * COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW block. - * - * It would seem more obvious to do something like + * We need to compute the minimum and maximum values representable in a gi= ven + * type. These macros may also be useful elsewhere. It would seem more obv= ious + * to do something like: * * #define type_min(T) (T)(is_signed_type(T) ? (T)1 << (8*sizeof(T)-1) : 0) * #define type_max(T) (T)(is_signed_type(T) ? ((T)1 << (8*sizeof(T)-1)) -= 1 : ~(T)0) @@ -54,7 +51,6 @@ static inline bool __must_check __must_check_overflow(boo= l overflow) return unlikely(overflow); } =20 -#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on * a, b and *d having the same type (similar to the min() and max() @@ -90,134 +86,6 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) __builtin_mul_overflow(__a, __b, __d); \ })) =20 -#else - - -/* Checking for unsigned overflow is relatively easy without causing UB. */ -#define __unsigned_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a + __b; \ - *__d < __a; \ -}) -#define __unsigned_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a - __b; \ - __a < __b; \ -}) -/* - * If one of a or b is a compile-time constant, this avoids a division. - */ -#define __unsigned_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a * __b; \ - __builtin_constant_p(__b) ? \ - __b > 0 && __a > type_max(typeof(__a)) / __b : \ - __a > 0 && __b > type_max(typeof(__b)) / __a; \ -}) - -/* - * For signed types, detecting overflow is much harder, especially if - * we want to avoid UB. But the interface of these macros is such that - * we must provide a result in *d, and in fact we must produce the - * result promised by gcc's builtins, which is simply the possibly - * wrapped-around value. Fortunately, we can just formally do the - * operations in the widest relevant unsigned type (u64) and then - * truncate the result - gcc is smart enough to generate the same code - * with and without the (u64) casts. - */ - -/* - * Adding two signed integers can overflow only if they have the same - * sign, and overflow has happened iff the result has the opposite - * sign. - */ -#define __signed_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a + (u64)__b; \ - (((~(__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Subtraction is similar, except that overflow can now happen only - * when the signs are opposite. In this case, overflow has happened if - * the result has the opposite sign of a. - */ -#define __signed_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a - (u64)__b; \ - ((((__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Signed multiplication is rather hard. gcc always follows C99, so - * division is truncated towards 0. This means that we can write the - * overflow check like this: - * - * (a > 0 && (b > MAX/a || b < MIN/a)) || - * (a < -1 && (b > MIN/a || b < MAX/a) || - * (a =3D=3D -1 && b =3D=3D MIN) - * - * The redundant casts of -1 are to silence an annoying -Wtype-limits - * (included in -Wextra) warning: When the type is u8 or u16, the - * __b_c_e in check_mul_overflow obviously selects - * __unsigned_mul_overflow, but unfortunately gcc still parses this - * code and warns about the limited range of __b. - */ - -#define __signed_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - typeof(a) __tmax =3D type_max(typeof(a)); \ - typeof(a) __tmin =3D type_min(typeof(a)); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a * (u64)__b; \ - (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) || \ - (__b < (typeof(__b))-1 && (__a > __tmin/__b || __a < __tmax/__b)) || \ - (__b =3D=3D (typeof(__b))-1 && __a =3D=3D __tmin); \ -}) - - -#define check_add_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d))) - -#define check_sub_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d))) - -#define check_mul_overflow(a, b, d) __must_check_overflow( \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d))) - -#endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ - /** check_shl_overflow() - Calculate a left-shifted value and check overfl= ow * * @a: Value to be shifted diff --git a/tools/include/linux/compiler-gcc.h b/tools/include/linux/compi= ler-gcc.h index 95c072b70d0e..a590a1dfafd9 100644 --- a/tools/include/linux/compiler-gcc.h +++ b/tools/include/linux/compiler-gcc.h @@ -38,7 +38,3 @@ #endif #define __printf(a, b) __attribute__((format(printf, a, b))) #define __scanf(a, b) __attribute__((format(scanf, a, b))) - -#if GCC_VERSION >=3D 50100 -#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 -#endif diff --git a/tools/include/linux/overflow.h b/tools/include/linux/overflow.h index 8712ff70995f..dcb0c1bf6866 100644 --- a/tools/include/linux/overflow.h +++ b/tools/include/linux/overflow.h @@ -5,12 +5,9 @@ #include =20 /* - * In the fallback code below, we need to compute the minimum and - * maximum values representable in a given type. These macros may also - * be useful elsewhere, so we provide them outside the - * COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW block. - * - * It would seem more obvious to do something like + * We need to compute the minimum and maximum values representable in a gi= ven + * type. These macros may also be useful elsewhere. It would seem more obv= ious + * to do something like: * * #define type_min(T) (T)(is_signed_type(T) ? (T)1 << (8*sizeof(T)-1) : 0) * #define type_max(T) (T)(is_signed_type(T) ? ((T)1 << (8*sizeof(T)-1)) -= 1 : ~(T)0) @@ -36,8 +33,6 @@ #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) #define type_min(T) ((T)((T)-type_max(T)-(T)1)) =20 - -#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW /* * For simplicity and code hygiene, the fallback code below insists on * a, b and *d having the same type (similar to the min() and max() @@ -73,135 +68,6 @@ __builtin_mul_overflow(__a, __b, __d); \ }) =20 -#else - - -/* Checking for unsigned overflow is relatively easy without causing UB. */ -#define __unsigned_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a + __b; \ - *__d < __a; \ -}) -#define __unsigned_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a - __b; \ - __a < __b; \ -}) -/* - * If one of a or b is a compile-time constant, this avoids a division. - */ -#define __unsigned_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D __a * __b; \ - __builtin_constant_p(__b) ? \ - __b > 0 && __a > type_max(typeof(__a)) / __b : \ - __a > 0 && __b > type_max(typeof(__b)) / __a; \ -}) - -/* - * For signed types, detecting overflow is much harder, especially if - * we want to avoid UB. But the interface of these macros is such that - * we must provide a result in *d, and in fact we must produce the - * result promised by gcc's builtins, which is simply the possibly - * wrapped-around value. Fortunately, we can just formally do the - * operations in the widest relevant unsigned type (u64) and then - * truncate the result - gcc is smart enough to generate the same code - * with and without the (u64) casts. - */ - -/* - * Adding two signed integers can overflow only if they have the same - * sign, and overflow has happened iff the result has the opposite - * sign. - */ -#define __signed_add_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a + (u64)__b; \ - (((~(__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Subtraction is similar, except that overflow can now happen only - * when the signs are opposite. In this case, overflow has happened if - * the result has the opposite sign of a. - */ -#define __signed_sub_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a - (u64)__b; \ - ((((__a ^ __b)) & (*__d ^ __a)) \ - & type_min(typeof(__a))) !=3D 0; \ -}) - -/* - * Signed multiplication is rather hard. gcc always follows C99, so - * division is truncated towards 0. This means that we can write the - * overflow check like this: - * - * (a > 0 && (b > MAX/a || b < MIN/a)) || - * (a < -1 && (b > MIN/a || b < MAX/a) || - * (a =3D=3D -1 && b =3D=3D MIN) - * - * The redundant casts of -1 are to silence an annoying -Wtype-limits - * (included in -Wextra) warning: When the type is u8 or u16, the - * __b_c_e in check_mul_overflow obviously selects - * __unsigned_mul_overflow, but unfortunately gcc still parses this - * code and warns about the limited range of __b. - */ - -#define __signed_mul_overflow(a, b, d) ({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - typeof(a) __tmax =3D type_max(typeof(a)); \ - typeof(a) __tmin =3D type_min(typeof(a)); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - *__d =3D (u64)__a * (u64)__b; \ - (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) || \ - (__b < (typeof(__b))-1 && (__a > __tmin/__b || __a < __tmax/__b)) || \ - (__b =3D=3D (typeof(__b))-1 && __a =3D=3D __tmin); \ -}) - - -#define check_add_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_add_overflow(a, b, d), \ - __unsigned_add_overflow(a, b, d)) - -#define check_sub_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_sub_overflow(a, b, d), \ - __unsigned_sub_overflow(a, b, d)) - -#define check_mul_overflow(a, b, d) \ - __builtin_choose_expr(is_signed_type(typeof(a)), \ - __signed_mul_overflow(a, b, d), \ - __unsigned_mul_overflow(a, b, d)) - - -#endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ - /** * array_size() - Calculate size of 2-dimensional array. * --=20 2.47.3 From nobody Thu Oct 2 18:19:35 2025 Received: from fra-out-001.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-001.esa.eu-central-1.outbound.mail-perimeter.amazon.com [18.156.205.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B60F337694; Fri, 12 Sep 2025 18:56:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.156.205.64 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703364; cv=none; b=aCByGL2G+FtHzmd1Ai2ydU4z+mhtm8oykUNTkFCYt2Q7t6ZP+0KCibQFQ5kLCtaHMFyu1rd9HlmCLMnOS2kuIzwudP5/w5B7S+EjXaDKxETqcGJ+5vGltn+H2f+8bfVtMm4PhcGfetTe/jV2a4tqqXmbbL55C3GvEeY20A5mCAw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703364; c=relaxed/simple; bh=0ZAuq1AeP2txNQ7DcSKMbLVlk6LKgVQRz0GMnBaYbvU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kuvUdxopSvfmzO0UmDwiwLC+b+ELtza/7YyArt+g6Y4RqICWXcR75GrshsE0IrrpmcZGZi9CGBa5iAw0KavOvxad30pqvWyino2nXgV6GJjIFPLSSioaY84CJHM270pLpgJ/6e4VlqsNW01LXYO2nhA6ZlTYYvmgdwIZ8GWlG3M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=bkH8ht8k; arc=none smtp.client-ip=18.156.205.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="bkH8ht8k" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757703362; x=1789239362; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mNZQBQctKZfrpwn21cF3GKidAAjq4amyeXpqNxgoRJI=; b=bkH8ht8kCmpkPnccnBVKDSyr8hjqrqSGpllyuB2CSBEeeEbTXcLUnWWT mmJ+4t6UAXZgCO6+7V8JKEaTJwFNbUqkaejNHtl5c1/zRJ2FPMJ6b/fQT iBPhVMiptDFdIYqR4o9cb54/JFyGfi72loufZttFgOAvCyOr6LbXX4jmL FHLfb3BIyOhbxBTHj4hPLaZQwPAryMf+o8bwd0aLXGt2ndmwZlW1D0ywZ tJlDmkMWSnMLnGh0GTbs4vNfx+xK6uJ7rNCPOmxtYgRL3LvRSHImKbTiY 2h1rRV61lZXVzCGJs27S8VFd42qDhl5Y7nACqTYqcz6GO6NWUkdnsj8IY A==; X-CSE-ConnectionGUID: nDIF5dbKTfWceOOdhg4FEw== X-CSE-MsgGUID: gdPDVpDjRouU7JRSMELRTA== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="2035514" Received: from ip-10-6-3-216.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.3.216]) by internal-fra-out-001.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 18:55:52 +0000 Received: from EX19MTAEUA001.ant.amazon.com [54.240.197.233:24025] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.11.107:2525] with esmtp (Farcaster) id e5ae6cb8-934c-4b30-b89c-9832205aefa6; Fri, 12 Sep 2025 18:55:52 +0000 (UTC) X-Farcaster-Flow-ID: e5ae6cb8-934c-4b30-b89c-9832205aefa6 Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUA001.ant.amazon.com (10.252.50.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:51 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:44 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes , Gwan-gyeong Mun , "Gustavo A. R. Silva" , , Andrzej Hajda Subject: [PATCH v3 3/4 5.10.y] overflow: Allow mixed type arguments Date: Fri, 12 Sep 2025 18:55:15 +0000 Message-ID: <20250912185518.39980-4-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912185518.39980-1-farbere@amazon.com> References: <20250912185518.39980-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D045UWA001.ant.amazon.com (10.13.139.83) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Kees Cook commit d219d2a9a92e39aa92799efe8f2aa21259b6dd82 upstream. When the check_[op]_overflow() helpers were introduced, all arguments were required to be the same type to make the fallback macros simpler. However, now that the fallback macros have been removed[1], it is fine to allow mixed types, which makes using the helpers much more useful, as they can be used to test for type-based overflows (e.g. adding two large ints but storing into a u8), as would be handy in the drm core[2]. Remove the restriction, and add additional self-tests that exercise some of the mixed-type overflow cases, and double-check for accidental macro side-effects. [1] https://git.kernel.org/linus/4eb6bd55cfb22ffc20652732340c4962f3ac9a91 [2] https://lore.kernel.org/lkml/20220824084514.2261614-2-gwan-gyeong.mun@i= ntel.com Cc: Rasmus Villemoes Cc: Gwan-gyeong Mun Cc: "Gustavo A. R. Silva" Cc: Nick Desaulniers Cc: linux-hardening@vger.kernel.org Reviewed-by: Andrzej Hajda Reviewed-by: Gwan-gyeong Mun Tested-by: Gwan-gyeong Mun Signed-off-by: Kees Cook [ dropped the test portion of the commit as that doesn't apply to 5.15.y - gregkh] Signed-off-by: Greg Kroah-Hartman Signed-off-by: Eliav Farber --- include/linux/overflow.h | 72 +++++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 59d7228104d0..73bc67ec2136 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -51,40 +51,50 @@ static inline bool __must_check __must_check_overflow(b= ool overflow) return unlikely(overflow); } =20 -/* - * For simplicity and code hygiene, the fallback code below insists on - * a, b and *d having the same type (similar to the min() and max() - * macros), whereas gcc's type-generic overflow checkers accept - * different types. Hence we don't just make check_add_overflow an - * alias for __builtin_add_overflow, but add type checks similar to - * below. +/** check_add_overflow() - Calculate addition with overflow checking + * + * @a: first addend + * @b: second addend + * @d: pointer to store sum + * + * Returns 0 on success. + * + * *@d holds the results of the attempted addition, but is not considered + * "safe for use" on a non-zero return value, which indicates that the + * sum has overflowed or been truncated. */ -#define check_add_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_add_overflow(__a, __b, __d); \ -})) +#define check_add_overflow(a, b, d) \ + __must_check_overflow(__builtin_add_overflow(a, b, d)) =20 -#define check_sub_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_sub_overflow(__a, __b, __d); \ -})) +/** check_sub_overflow() - Calculate subtraction with overflow checking + * + * @a: minuend; value to subtract from + * @b: subtrahend; value to subtract from @a + * @d: pointer to store difference + * + * Returns 0 on success. + * + * *@d holds the results of the attempted subtraction, but is not consider= ed + * "safe for use" on a non-zero return value, which indicates that the + * difference has underflowed or been truncated. + */ +#define check_sub_overflow(a, b, d) \ + __must_check_overflow(__builtin_sub_overflow(a, b, d)) =20 -#define check_mul_overflow(a, b, d) __must_check_overflow(({ \ - typeof(a) __a =3D (a); \ - typeof(b) __b =3D (b); \ - typeof(d) __d =3D (d); \ - (void) (&__a =3D=3D &__b); \ - (void) (&__a =3D=3D __d); \ - __builtin_mul_overflow(__a, __b, __d); \ -})) +/** check_mul_overflow() - Calculate multiplication with overflow checking + * + * @a: first factor + * @b: second factor + * @d: pointer to store product + * + * Returns 0 on success. + * + * *@d holds the results of the attempted multiplication, but is not + * considered "safe for use" on a non-zero return value, which indicates + * that the product has overflowed or been truncated. + */ +#define check_mul_overflow(a, b, d) \ + __must_check_overflow(__builtin_mul_overflow(a, b, d)) =20 /** check_shl_overflow() - Calculate a left-shifted value and check overfl= ow * --=20 2.47.3 From nobody Thu Oct 2 18:19:35 2025 Received: from fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com [18.199.210.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D614340DA3; Fri, 12 Sep 2025 18:56:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.199.210.3 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703371; cv=none; b=YkJaCSv7YoT98cRnYqkkgP7GAM2/4r46pUlHuF979A6q69UBJd6WVR36hvRlEP92x2K3lzLug2SbNAqynzPXl/qG/osgniDYxrGfcviLTDxOFCJ7UK4aqNOHRLv99oBbfjA39mboB/uK/3y0jItgo+ALRzihDmZWghL7v1kvhgI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757703371; c=relaxed/simple; bh=NSzvNrJAMUb9GfFJEBhQ9uNIUWa7KeQFbp7whiUmZTc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=H6wkBMl6Xe06YZHnqoiic+xVAnw1q/qMRco9642u689ke+x2jD4ES9zBcFtGaSdM7uuGF9uOKerhj5Q+TlVDoqRG0mHGci9PYvVLQMpNgMWaIY6McMZJAqD3EyiId4L6+wUmvjQO23z/Dm8iL7rkJe7f4+CyrLu2cfY+ymeAK30= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b=rh4kNkcj; arc=none smtp.client-ip=18.199.210.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.com header.i=@amazon.com header.b="rh4kNkcj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1757703369; x=1789239369; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=x1XW1KMO+D5uSaQ8WeTblJJV7MJ293yX+nAqnx5MTkY=; b=rh4kNkcjB2F0+9JHqYlZNQfUR258d0XZzLw99katIOpKolmCeI9wVByB uTWfAs/cINil8r1PajXMNLCjBkNQv/dNZd7najM58QKnqDGcYtn3YkZ5h vQauF910GI9C2ZXvnE/XCK5i9ZUbRUxL+6BFYH3tP8pOhy93BvZ7dfexc kewFSLcbWjMvGsNXgkmU5ACTgBDwou0l54B0DCnO20Wuu+XJZRt1ZhT3M 06c0BjRbjNm1waSWqFzv61Y/I+CbEh9gihDMDwFvKK3OLocE4SDs6r8JR NslzKzorOMZV5IwIDf7eFpfL63HPGY/8lakgeYdJd9qJMfbalqsrC+t8E A==; X-CSE-ConnectionGUID: NLXEt9cbQV+7Z7JKmCVcqQ== X-CSE-MsgGUID: eqUW6eokRQSh2HGkB5foZg== X-IronPort-AV: E=Sophos;i="6.18,259,1751241600"; d="scan'208";a="1934438" Received: from ip-10-6-6-97.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.6.97]) by internal-fra-out-014.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Sep 2025 18:55:59 +0000 Received: from EX19MTAEUA002.ant.amazon.com [54.240.197.232:10680] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.2.154:2525] with esmtp (Farcaster) id ee02e583-0df1-4526-aa56-21df92d9f2a1; Fri, 12 Sep 2025 18:55:59 +0000 (UTC) X-Farcaster-Flow-ID: ee02e583-0df1-4526-aa56-21df92d9f2a1 Received: from EX19D018EUA004.ant.amazon.com (10.252.50.85) by EX19MTAEUA002.ant.amazon.com (10.252.50.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:58 +0000 Received: from dev-dsk-farbere-1a-46ecabed.eu-west-1.amazon.com (172.19.116.181) by EX19D018EUA004.ant.amazon.com (10.252.50.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Fri, 12 Sep 2025 18:55:51 +0000 From: Eliav Farber To: , , , , , , , , , , , , , , , , , , , CC: , , Rasmus Villemoes Subject: [PATCH v3 4/4 5.10.y] tracing: Define the is_signed_type() macro once Date: Fri, 12 Sep 2025 18:55:16 +0000 Message-ID: <20250912185518.39980-5-farbere@amazon.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250912185518.39980-1-farbere@amazon.com> References: <20250912185518.39980-1-farbere@amazon.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EX19D045UWA001.ant.amazon.com (10.13.139.83) To EX19D018EUA004.ant.amazon.com (10.252.50.85) Content-Type: text/plain; charset="utf-8" From: Bart Van Assche commit a49a64b5bf195381c09202c524f0f84b5f3e816f upstream. There are two definitions of the is_signed_type() macro: one in and a second definition in . As suggested by Linus, move the definition of the is_signed_type() macro into the header file. Change the definition of the is_signed_type() macro to make sure that it does not trigger any sparse warnings with future versions of sparse for bitwise types. Link: https://lore.kernel.org/all/CAHk-=3DwhjH6p+qzwUdx5SOVVHjS3WvzJQr6mDUw= hEyTf6pJWzaQ@mail.gmail.com/ Link: https://lore.kernel.org/all/CAHk-=3DwjQGnVfb4jehFR0XyZikdQvCZouE96xR_= nnf5kqaM5qqQ@mail.gmail.com/ Cc: Rasmus Villemoes Cc: Steven Rostedt Acked-by: Kees Cook Signed-off-by: Bart Van Assche Signed-off-by: Linus Torvalds (cherry picked from commit a49a64b5bf195381c09202c524f0f84b5f3e816f) Signed-off-by: SeongJae Park Signed-off-by: Greg Kroah-Hartman Signed-off-by: Eliav Farber --- include/linux/compiler.h | 6 ++++++ include/linux/overflow.h | 1 - include/linux/trace_events.h | 2 -- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/linux/compiler.h b/include/linux/compiler.h index bbd74420fa21..004a030d5ad2 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -245,6 +245,12 @@ static inline void *offset_to_ptr(const int *off) /* &a[0] degrades to a pointer: a different type from an array */ #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) =20 +/* + * Whether 'type' is a signed type or an unsigned type. Supports scalar ty= pes, + * bool and also pointer types. + */ +#define is_signed_type(type) (((type)(-1)) < (__force type)1) + /* * This is needed in functions which generate the stack canary, see * arch/x86/kernel/smpboot.c::start_secondary() for an example. diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 73bc67ec2136..e6bf14f462e9 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -29,7 +29,6 @@ * https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html - * credit to Christian Biere. */ -#define is_signed_type(type) (((type)(-1)) < (type)1) #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_= type(type))) #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) #define type_min(T) ((T)((T)-type_max(T)-(T)1)) diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h index 5af2acb9fb7d..0c8c3cf36f96 100644 --- a/include/linux/trace_events.h +++ b/include/linux/trace_events.h @@ -700,8 +700,6 @@ extern int trace_add_event_call(struct trace_event_call= *call); extern int trace_remove_event_call(struct trace_event_call *call); extern int trace_event_get_offsets(struct trace_event_call *call); =20 -#define is_signed_type(type) (((type)(-1)) < (type)1) - int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set); int trace_set_clr_event(const char *system, const char *event, int set); int trace_array_set_clr_event(struct trace_array *tr, const char *system, --=20 2.47.3