Re: [RFC v2 1/2] compiler: use compiler to detect integer overflows
From: Sasha Levin
Date: Sat Nov 29 2014 - 10:07:48 EST
On 11/26/2014 10:13 PM, Linus Torvalds wrote:
> .. which I didn't actually validate. And I suspect gcc won't be good
> enough to optimize, so it probably generates horrendous code.
That's correct. It's pretty bad.
> And the thing is, I think it's just *wrong* to do "overflow in signed
> type". The code that does it shouldn't be helped to do it, it should
> be fixed to use an unsigned type.
>
> In other words - in this case, the lofft_t should probably just be a u64.
In this case it's very tied to userspace. One caller is the space allocation
ioctl, which gets this from userspace:
struct space_resv {
[...]
__s64 l_start;
__s64 l_len; /* len == 0 means until end of file */
[...]
};
Since we can't just change those to unsigned, we'd still need to do an overflow
check with signed integers somewhere.
Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/