Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types

Next message: Damon Ding: "[PATCH v12 03/17] drm/exynos: exynos_dp: Remove &amp;exynos_dp_device.ptn_bridge"
Previous message: Florian Eckert: "[PATCH v3 7/7] dt-bindings: PCI: intel,lgm-pcie: Add atu resource"
In reply to: Kees Cook: "Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types"
Next in thread: Kees Cook: "Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Zijlstra

Date: Wed Apr 01 2026 - 05:44:25 EST

On Tue, Mar 31, 2026 at 01:31:16PM -0700, Kees Cook wrote:

> int func()
> {
> ...
> u8 __ob_trap product = 5;
> ...
> product = a * b; // if store is truncated, goto __overflow
> ...
> return product;
>
> __overflow:
> pr_info("%u\n", product); // shows "5"
> return -1;
> }
>
> (Isn't this just an implicit "try"?)

So I like this implicit try with a default label, and mostly I expect
this will be fine.

But as Linus already mentioned, sometimes you might want more. Could we
perhaps also have an explicit version, something along the lines of:

int func()
{
int __ob_trap size;

size = try(count * flex_size, __mul_overflow);
size = try(size + base_size, __add_overflow);

obj = kzalloc(size,...);

}

where we have something like:

#define try(stmt, _label) ({ \
__label __overflow; \
if (0) { \
__overflow: \
goto _label; \
} \
stmt; })

That is, have the overflow trapped and confined in the
statement-expression by using the overflow label as a local label and
use this little trampoline to re-direct to a custom label.