lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Feb 2016 07:16:47 -0800
From:	Guenter Roeck <linux@...ck-us.net>
To:	Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:	Andrzej Hajda <a.hajda@...sung.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
	Marek Szyprowski <m.szyprowski@...sung.com>,
	open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3] err.h: allow IS_ERR_VALUE to handle properly more
 types

On Fri, Feb 05, 2016 at 12:37:00AM +0100, Rasmus Villemoes wrote:
> On Wed, Feb 03 2016, Andrzej Hajda <a.hajda@...sung.com> wrote:
> 
> > Current implementation of IS_ERR_VALUE works correctly only with
> > following types:
> > - unsigned long,
> > - short, int, long.
> > Other types are handled incorrectly either on 32-bit either on 64-bit
> > either on both architectures.
> > The patch fixes it by comparing argument with MAX_ERRNO casted
> > to argument's type for unsigned types and comparing with zero for signed
> > types. As a result all integer types bigger than char are handled properly.
> >
> >
> > Signed-off-by: Andrzej Hajda <a.hajda@...sung.com>
> > ---
> > v3:
> >  - use '<= -1' instead of '< 0' to silence verbose warnings for gcc
> >    older than 4.8,
> > v2:
> >  - use '<= 0' instead of '< 0' to silence gcc verbose warnings,
> >  - expand commit message.
> > ---
> >  include/linux/err.h | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/linux/err.h b/include/linux/err.h
> > index 56762ab..b7d4a9f 100644
> > --- a/include/linux/err.h
> > +++ b/include/linux/err.h
> > @@ -18,7 +18,9 @@
> >  
> >  #ifndef __ASSEMBLY__
> >  
> > -#define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)
> > +#define IS_ERR_VALUE(x) ((typeof(x))(-1) <= 0 \
> > +				? unlikely((x) <= -1) \
> > +				: unlikely((x) >= (typeof(x))-MAX_ERRNO))
> >  
> 
> I'm a bit worried that you consider any negative value an error when x
> is signed - at least that's a change which deserves some comment why
> that's ok. For example, I could imagine someone using e.g. INT_MIN as a
> sentinel return value meaning 'not an error, but something special
> still'.
> 
Theoretically maybe, but I think that is quite unlikely in the real world.

It turns out that

	if (-22 >= (unsigned long)-MAX_ERRNO)
            printf("This is odd\n");

actually does print "This is odd" (because -22 is promoted to unsigned long).

Instead of relying on such behavior, I think it would be better to convert
uses of IS_ERR_VALUE() on integer values to direct comparisons.
A coccinelle script to do that conversion that is already available for
pm functions (scripts/coccinelle/api/pm_runtime.cocci). Such a conversion
would make the code easier to read, and reduce code size instead of
(at least potentially) increasing it.

Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ