Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types

Next message: Suneel Garapati: "[PATCH 3/3] arm64: tegra: Add GTE nodes for Tegra264"
Previous message: Suneel Garapati: "[PATCH 2/3] hte: tegra194: Add Tegra264 GTE support"
In reply to: Peter Zijlstra: "Re: [PATCH 5/5] types: Add standard __ob_trap and __ob_wrap scalar types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kees Cook

Date: Wed Apr 01 2026 - 17:42:35 EST

On Wed, Apr 01, 2026 at 11:38:20AM +0200, Peter Zijlstra wrote:
> On Tue, Mar 31, 2026 at 01:31:16PM -0700, Kees Cook wrote:
>
> > int func()
> > {
> > ...
> > u8 __ob_trap product = 5;
> > ...
> > product = a * b; // if store is truncated, goto __overflow
> > ...
> > return product;
> >
> > __overflow:
> > pr_info("%u\n", product); // shows "5"
> > return -1;
> > }
> >
> > (Isn't this just an implicit "try"?)
>
> So I like this implicit try with a default label, and mostly I expect
> this will be fine.
>
> But as Linus already mentioned, sometimes you might want more. Could we
> perhaps also have an explicit version, something along the lines of:
>
> int func()
> {
> int __ob_trap size;
>
> size = try(count * flex_size, __mul_overflow);
> size = try(size + base_size, __add_overflow);
>
> obj = kzalloc(size,...);
>
> }
>
> where we have something like:
>
> #define try(stmt, _label) ({ \
> __label __overflow; \
> if (0) { \
> __overflow: \
> goto _label; \
> } \
> stmt; })
>
> That is, have the overflow trapped and confined in the
> statement-expression by using the overflow label as a local label and
> use this little trampoline to re-direct to a custom label.

Yeah, that should work, and gives us a nice way to create handler
overrides. We've have to make sure the "locally defined" labels (with
__label__) and __ob_trap worked together sanely.

--
Kees Cook