[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5304dada-51d2-e955-b620-c5c97f3b0dbd@rasmusvillemoes.dk>
Date: Thu, 12 May 2022 14:10:40 +0200
From: Rasmus Villemoes <linux@...musvillemoes.dk>
To: Kees Cook <keescook@...omium.org>,
Nick Desaulniers <ndesaulniers@...gle.com>
Cc: kernel test robot <lkp@...el.com>,
Vitor Massaru Iha <vitor@...saru.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Daniel Latypov <dlatypov@...gle.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] lib: overflow: Always build 64-bit test cases
On 11/05/2022 19.45, Kees Cook wrote:
> There shouldn't be a reason to not build the 64-bit test cases on 32-bit
> systems; the types exist there too. Remove the #ifdefs.
>
> Reported-by: kernel test robot <lkp@...el.com>
> Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com
> Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions")
The patch is fine, but I disagree with that Fixes tag. Back then, i.e.
when the overflow checkers were implemented via macros on old enough
compilers, they simply didn't work for 64 bit types (because of the
usual 64 bit division problems) - so anybody trying to use the multiply
overflow checker, including of course the test suite, would get a build
error on old compilers. You yourself did that: "[kees: add output to
commit log, drop u64 tests on 32-bit]"
Nowadays, where they are always merely thin wrappers around the compiler
builtin because we assume gcc >= 5.1 and whatever new enough clang,
sure, I think the 64 bit ones always work (though I don't think I want
to know what horrible code the compiler must generate to do the multiply
overflow checks).
So please fix the commit message so that it instead says that this
restriction is no longer necessary because such and such history.
Rasmus
Powered by blists - more mailing lists