[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6f55c3f0-7c10-1697-17da-79b4807c2498@rasmusvillemoes.dk>
Date: Mon, 16 May 2022 13:16:12 +0200
From: Rasmus Villemoes <linux@...musvillemoes.dk>
To: Kees Cook <keescook@...omium.org>,
Nick Desaulniers <ndesaulniers@...gle.com>
Cc: kernel test robot <lkp@...el.com>,
Vitor Massaru Iha <vitor@...saru.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Daniel Latypov <dlatypov@...gle.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] lib: overflow: Always build 64-bit test cases
On 12/05/2022 14.10, Rasmus Villemoes wrote:
> On 11/05/2022 19.45, Kees Cook wrote:
>> There shouldn't be a reason to not build the 64-bit test cases on 32-bit
>> systems; the types exist there too. Remove the #ifdefs.
>>
>> Reported-by: kernel test robot <lkp@...el.com>
>> Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com
>> Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions")
>
> The patch is fine, but I disagree with that Fixes tag. Back then, i.e.
> when the overflow checkers were implemented via macros on old enough
> compilers, they simply didn't work for 64 bit types (because of the
> usual 64 bit division problems) - so anybody trying to use the multiply
> overflow checker, including of course the test suite, would get a build
> error on old compilers. You yourself did that: "[kees: add output to
> commit log, drop u64 tests on 32-bit]"
>
And if you want something that can be backported, getting rid of that
"defined but unused" warning while also enabling checking of the
overflow fallbacks that were actually usable (the add and sub ones), you
could do a two-step thing, the first step being something like
(completely untested)
diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c
index 475f0c064bf6..f46c0f6e26c4 100644
--- a/lib/overflow_kunit.c
+++ b/lib/overflow_kunit.c
@@ -236,8 +236,10 @@ static void do_test_ ## t(struct kunit *test, const
struct test_ ## t *p) \
check_one_op(t, fmt, add, "+", p->a, p->b, p->sum, p->s_of); \
check_one_op(t, fmt, add, "+", p->b, p->a, p->sum, p->s_of); \
check_one_op(t, fmt, sub, "-", p->a, p->b, p->diff, p->d_of); \
- check_one_op(t, fmt, mul, "*", p->a, p->b, p->prod, p->p_of); \
- check_one_op(t, fmt, mul, "*", p->b, p->a, p->prod, p->p_of); \
+ if (BITS_PER_LONG == 64 || sizeof(t) < 8) { \
+ check_one_op(t, fmt, mul, "*", p->a, p->b, p->prod,
p->p_of); \
+ check_one_op(t, fmt, mul, "*", p->b, p->a, p->prod,
p->p_of); \
+ } \
} \
\
static void t ## _overflow_test(struct kunit *test) { \
@@ -255,10 +257,8 @@ DEFINE_TEST_FUNC(u16, "%d");
DEFINE_TEST_FUNC(s16, "%d");
DEFINE_TEST_FUNC(u32, "%u");
DEFINE_TEST_FUNC(s32, "%d");
-#if BITS_PER_LONG == 64
DEFINE_TEST_FUNC(u64, "%llu");
DEFINE_TEST_FUNC(s64, "%lld");
-#endif
static void overflow_shift_test(struct kunit *test)
{
and then in a second, not-for-backporting, patch remove that if() again.
Rasmus
Powered by blists - more mailing lists