Re: [PATCH v2] lzo: fix ip overrun during compress.

From: Willy Tarreau
Date: Wed Nov 28 2018 - 09:16:04 EST


Hi David,

On Wed, Nov 28, 2018 at 02:52:42PM +0100, David Sterba wrote:
> The fix is adding a few branches to code that's supposed to be as fast
> as possible. The branches would be evaluated all the time while
> protecting against one signle bad page address. This does not look like
> a good performance tradeoff.

That was my concern as well, though the simplified test should be cheaper
especially since the branch is (almost) never taken and easily predicted.

> > +#define OVERFLOW_ADD_CHECK(a, b) \
> > + (((a) + (b)) < (a))
>
> I'm not sure if this is generally safe overflow check (never not
> optimized out). Here it depends on the types of 'a' and 'b' that are
> pointer (ip) and size_t (m_len). GCC has __builtin_add_overflow_p so
> that one should be used where possible.

Sure but that one came with gcc 7 which is not exactly a reasonable
prerequisite especially when it comes to stable kernels. However I'm
now seeing that we have include/linux/overflow.h which provides this.
I have not checked what versions support it though, but 4.14 already
doesn't have it. Thus a fallback will be needed anyway and maintaining
two versions is not exactly the best thing to have to do :-/

Willy