lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aIXWOgTWdSODz7EH@google.com>
Date: Sun, 27 Jul 2025 07:33:14 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: Lyude Paul <lyude@...hat.com>
Cc: rust-for-linux@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>, 
	Boqun Feng <boqun.feng@...il.com>, linux-kernel@...r.kernel.org, 
	Andreas Hindborg <a.hindborg@...nel.org>, FUJITA Tomonori <fujita.tomonori@...il.com>, 
	Frederic Weisbecker <frederic@...nel.org>, Anna-Maria Behnsen <anna-maria@...utronix.de>, 
	John Stultz <jstultz@...gle.com>, Stephen Boyd <sboyd@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Gary Guo <gary@...yguo.net>, 
	"Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>, 
	Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>
Subject: Re: [PATCH 1/2] rust: time: Implement Add<Delta>/Sub<Delta> for Instant

On Thu, Jul 24, 2025 at 02:54:06PM -0400, Lyude Paul wrote:
> In order to maintain the invariants of Instant, we use saturating
> addition/subtraction that is clamped to the valid value range for a
> non-negative Ktime.
> 
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> +impl<T: ClockSource> ops::Add<Delta> for Instant<T> {
> +    type Output = Self;
> +
> +    #[inline]
> +    fn add(self, rhs: Delta) -> Self::Output {
> +        // INVARIANT: We clamp the resulting value to be between `0` and `KTIME_MAX`.
> +        Self {
> +            inner: self.inner.saturating_add(rhs.nanos).clamp(0, i64::MAX),
> +            _c: PhantomData,
> +        }
> +    }
> +}
> +
> +impl<T: ClockSource> ops::Sub<Delta> for Instant<T> {
> +    type Output = Self;
> +
> +    #[inline]
> +    fn sub(self, rhs: Delta) -> Self::Output {
> +        // INVARIANT: We clamp the resulting value to be between `0` and `KTIME_MAX`.
> +        Self {
> +            inner: self.inner.saturating_sub(rhs.nanos).clamp(0, i64::MAX),
> +            _c: PhantomData,
> +        }
> +    }
> +}

I'm not so sure what to think about this clamp logic. Maybe it is the
best way to go ...

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ