Re: [PATCH v2 1/3] overflow.h: Add arithmetic shift helper

From: Kees Cook
Date: Wed Aug 01 2018 - 11:38:05 EST

Next message: Andy Shevchenko: "Re: kernel hang"
Previous message: Andy Shevchenko: "Re: [PATCH v5] staging: rts5208: add error handling into rtsx_probe"
In reply to: Dan Carpenter: "Re: [PATCH v2 1/3] overflow.h: Add arithmetic shift helper"
Next in thread: Jason Gunthorpe: "Re: [PATCH v2 1/3] overflow.h: Add arithmetic shift helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 1, 2018 at 1:07 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> On Wed, Aug 01, 2018 at 10:57:44AM +0300, Dan Carpenter wrote:
>> The idea is nice, but I don't like the API. The "_overflow" feels too
>> specific because maybe we could check for other things in the future.
>> Normally boolean macros should say they are boolean in the name and I
>> would prefer if it returned zero on failure.
>>
>> if (!checked_shift(dest, mask, shift)) {
>> if (!shift_ok(dest, mask, shift)) {
>> if (!safe_shift(dest, mask, shift)) {
>
> Huh... It turns out I put the argument order different as well.
>
> If we wanted to keep it returning 1 on failure then some other names
> are:
>
> if (shift_failed(dest, mask, shift)) {
> if (shift_error(dest, mask, shift)) {
> if (shift_overflow(dest, mask, shift)) {

This is following the existing check_{add,mul}_overflow() helpers,
which are based on the gcc helpers. I'd like to keep things
consistent.

-Kees

--
Kees Cook
Pixel Security

Next message: Andy Shevchenko: "Re: kernel hang"
Previous message: Andy Shevchenko: "Re: [PATCH v5] staging: rts5208: add error handling into rtsx_probe"
In reply to: Dan Carpenter: "Re: [PATCH v2 1/3] overflow.h: Add arithmetic shift helper"
Next in thread: Jason Gunthorpe: "Re: [PATCH v2 1/3] overflow.h: Add arithmetic shift helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]