diff options
| author | Kees Cook <keescook@chromium.org> | 2022-08-29 22:37:17 +0200 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2022-09-08 01:37:14 +0200 |
| commit | d219d2a9a92e39aa92799efe8f2aa21259b6dd82 (patch) | |
| tree | 0e0f7ec56354495af3c2b01c06ac26333bc1d81b /io_uring/io_uring.h | |
| parent | overflow, tracing: Define the is_signed_type() macro once (diff) | |
| download | linux-d219d2a9a92e39aa92799efe8f2aa21259b6dd82.tar.xz linux-d219d2a9a92e39aa92799efe8f2aa21259b6dd82.zip | |
overflow: Allow mixed type arguments
When the check_[op]_overflow() helpers were introduced, all arguments
were required to be the same type to make the fallback macros simpler.
However, now that the fallback macros have been removed[1], it is fine
to allow mixed types, which makes using the helpers much more useful,
as they can be used to test for type-based overflows (e.g. adding two
large ints but storing into a u8), as would be handy in the drm core[2].
Remove the restriction, and add additional self-tests that exercise
some of the mixed-type overflow cases, and double-check for accidental
macro side-effects.
[1] https://git.kernel.org/linus/4eb6bd55cfb22ffc20652732340c4962f3ac9a91
[2] https://lore.kernel.org/lkml/20220824084514.2261614-2-gwan-gyeong.mun@intel.com
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: linux-hardening@vger.kernel.org
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Reviewed-by: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com>
Tested-by: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'io_uring/io_uring.h')
0 files changed, 0 insertions, 0 deletions