| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250926124555.009bfcd6@pumpkin> Date: Fri, 26 Sep 2025 12:45:55 +0100 From: David Laight <david.laight.linux@...il.com> To: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com> Cc: andrii@...nel.org, eddyz87@...il.com, ast@...nel.org, daniel@...earbox.net, martin.lau@...ux.dev, song@...nel.org, yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, shuah@...nel.org, matttbe@...nel.org, martineau@...nel.org, geliang@...nel.org, davem@...emloft.net, kuba@...nel.org, hawk@...nel.org, linux@...danrome.com, ameryhung@...il.com, toke@...hat.com, houtao1@...wei.com, emil@...alapatis.com, yatsenko@...a.com, isolodrai@...a.com, a.s.protopopov@...il.com, dxu@...uu.xyz, memxor@...il.com, vmalik@...hat.com, bigeasy@...utronix.de, tj@...nel.org, gregkh@...uxfoundation.org, paul@...l-moore.com, bboscaccy@...ux.microsoft.com, James.Bottomley@...senPartnership.com, mrpre@....com, jakub@...udflare.com, bpf@...r.kernel.org, linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org, netdev@...r.kernel.org, mptcp@...ts.linux.dev, linux-kernel-mentees@...ts.linuxfoundation.org, skhan@...uxfoundation.org, david.hunter.linux@...il.com Subject: Re: [PATCH] selftests/bpf: Add -Wsign-compare C compilation flag On Wed, 24 Sep 2025 17:23:49 +0100 Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com> wrote: > -Change all the source files and the corresponding headers > to having matching sign comparisons. 'Fixing' -Wsign-compare by adding loads of casts doesn't seem right. The only real way is to change all the types to unsigned ones. But it is of questionable benefit and make the code harder to read. Consider the following: int x = read(fd, buf, len); if (x < 0) return -1; if (x > sizeof (struct fubar)) return -1; That will generate a 'sign-compare' error, but min(x, sizeof (struct fubar)) doesn't generate an error because the compiler knows 'x' isn't negative. A well known compiler also rejects: unsigned char a; unsigned int b; if (b > a) return; because 'a' is promoted to 'signed int' before it does the check. So until the compilers start looking at the known domain of the value (not just the type) I enabling -Wsign-compare' is pretty pointless. As a matter of interest did you actually find any bugs? David > > Signed-off-by: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com> > --- > As suggested by the TODO, -Wsign-compare was added to the C compilation > flags for the selftests/bpf/Makefile and all corresponding files in > selftests and a single file under tools/lib/bpf/usdt.bpf.h have been > carefully changed to account for correct sign comparisons either by > explicit casting or changing the variable type.Only local variables > and variables which are in limited scope have been changed in cases > where it doesn't break the code.Other struct variables or global ones > have left untouched to avoid other conflicts and opted to explicit > casting in this case.This change will help avoid implicit type > conversions and have predictable behavior. > > I have already compiled all bpf tests with no errors as well as the > kernel and have ran all the selftests with no obvious side effects. > I would like to know if it's more convinient to have all changes as > a single patch like here or if it needs to be divided in some way > and sent as a patch series. > > Best Regards, > Mehdi Ben Hadj Khelifa ...
Powered by blists - more mailing lists