Re: [RFC v2 1/2] compiler: use compiler to detect integer overflows

[Sasha Levin]

On 11/26/2014 10:13 PM, Linus Torvalds wrote:
> .. which I didn't actually validate. And I suspect gcc won't be good
> enough to optimize, so it probably generates horrendous code.

That's correct. It's pretty bad.

> And the thing is, I think it's just *wrong* to do "overflow in signed
> type". The code that does it shouldn't be helped to do it, it should
> be fixed to use an unsigned type.
> 
> In other words - in this case, the lofft_t should probably just be a u64.

In this case it's very tied to userspace. One caller is the space allocation
ioctl, which gets this from userspace:

struct space_resv {
	[...]
        __s64           l_start;
        __s64           l_len;          /* len == 0 means until end of file */
        [...]
};

Since we can't just change those to unsigned, we'd still need to do an overflow
check with signed integers somewhere.


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/