[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9p+SKTHzniw=TsC=vnQsyCuBa08+LcK-CsFcjA58K+ifA@mail.gmail.com>
Date: Fri, 23 Sep 2022 12:48:48 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] minmax: clamp more efficiently by avoiding extra comparison
Hey again,
On Fri, Sep 23, 2022 at 12:40 PM Jason A. Donenfeld <Jason@...c4.com> wrote:
>
> Hi Andy,
>
> On Fri, Sep 23, 2022 at 12:36 PM Andy Shevchenko
> <andriy.shevchenko@...ux.intel.com> wrote:
> >
> > On Fri, Sep 23, 2022 at 12:06:21PM +0200, Jason A. Donenfeld wrote:
> > > Currently the clamp algorithm does:
> > >
> > > if (val > hi)
> > > val = hi;
> > > if (val < lo)
> > > val = lo;
> > >
> > > But since hi > lo by definition, this can be made more efficient with:
> >
> > It's strongly speaking, but we have to proof that, right?
> > So, while I haven't checked the code, this change should also
> > include (does it?) the corresponding compile-time checks (for
> > constant arguments) in similar way how it's done for GENMASK().
> >
> > Otherwise I have no objections.
>
> I think most cases are with compile time constants, but some cases are
> with variables. What should we do in that case? Checking variables at
> runtime incurs the same cost as the old code. I guess we could do this
> fast thing for constants and the slower old thing for non-constants?
> Or not do either, keep this commit as is, and just accept that if you
> pass bogus bounds to clamp, you're going to end up with something
> weird, which is already the case now so not a big deal?
Actually, yea, I think we should keep this commit as-is and not add
additional checking becauseeeee not only is hi>lo by definition, but
both for the old code and for the new code, the result of lo>hi is
total nonsense:
Assuming hi > lo, these snippets all yield the same result:
if (val > hi)
val = hi;
if (val < lo)
val = lo;
if (val > hi)
val = hi;
else if (val < lo)
val = lo;
if (val < lo)
val = lo;
if (val > hi)
val = hi;
if (val < lo)
val = lo;
else if (val > hi)
val = hi;
Assuming lo > hi, and the first condition triggers, these snippets all
yield different results, all of which are undefined nonsense:
if (val > hi)
val = hi;
if (val < lo)
val = lo;
--> val is lo
if (val > hi)
val = hi;
else if (val < lo)
val = lo;
--> val is hi
if (val < lo)
val = lo;
if (val > hi)
val = hi;
--> val is hi
if (val < lo)
val = lo;
else if (val > hi)
val = hi;
--> val is lo
Jason
Powered by blists - more mailing lists