lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f53f28de489f4c209776e404323ef5a1@AcuMS.aculab.com>
Date:   Sat, 10 Jun 2023 20:09:28 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Lorenzo Stoakes' <lstoakes@...il.com>,
        Lu Hongfei <luhongfei@...o.com>
CC:     Andrew Morton <akpm@...ux-foundation.org>,
        Uladzislau Rezki <urezki@...il.com>,
        Christoph Hellwig <hch@...radead.org>,
        "open list:VMALLOC" <linux-mm@...ck.org>,
        open list <linux-kernel@...r.kernel.org>,
        "opensource.kernel@...o.com" <opensource.kernel@...o.com>
Subject: RE: [PATCH] mm/vmalloc: Replace the ternary conditional operator with
 min()

From: Lorenzo Stoakes
> Sent: 09 June 2023 09:49
> On Fri, Jun 09, 2023 at 08:09:45AM +0100, Lorenzo Stoakes wrote:
> > On Fri, Jun 09, 2023 at 02:13:09PM +0800, Lu Hongfei wrote:
> > > It would be better to replace the traditional ternary conditional
> > > operator with min() in zero_iter
> > >
> > > Signed-off-by: Lu Hongfei <luhongfei@...o.com>
> > > ---
> > >  mm/vmalloc.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> > > index 29077d61ff81..42df032e6c27
> > > --- a/mm/vmalloc.c
> > > +++ b/mm/vmalloc.c
> > > @@ -3571,7 +3571,7 @@ static size_t zero_iter(struct iov_iter *iter, size_t count)
> > >  	while (remains > 0) {
> > >  		size_t num, copied;
> > >
> > > -		num = remains < PAGE_SIZE ? remains : PAGE_SIZE;
> > > +		num = min(remains, PAGE_SIZE);
> 
> OK, as per the pedantic test bot, you'll need to change this to:-
> 
> num = min_t(size_t, remains, PAGE_SIZE);

There has to be a valid reason why min/max have strong type checks.
Using min_t() all the time is just subverting them and means that
bugs are more likely than if the extra tests in min() were absent.

The problem here is that size_t is 'unsigned int' but PAGE_SIZE
'unsigned long'.
A 'safe' change is min(remains + 0ULL, PAGE_SIZE).

But, in reality, min/max should always be valid when one
value is a constant between 0 and MAX_INT.
The constant just needs forcing to 'signed int' (eg assigning
to a temporary on that type) before the comparison (etc).

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ