Hi Kees,
The changes in this patch series are as follows:
- Add a unit test for the is_signed_type() macro.
- Define the is_signed_type() macro once.
Please consider these patches for the next merge window.
Thanks,
Bart.
Bart Van Assche (2):
testing/selftests: Add tests for the is_signed_type() macro
overflow, tracing: Define the is_signed_type() macro once
include/linux/compiler.h | 6 +++++
include/linux/overflow.h | 1 -
include/linux/trace_events.h | 2 --
lib/Kconfig.debug | 12 +++++++++
lib/Makefile | 1 +
lib/is_signed_type_test.c | 48 ++++++++++++++++++++++++++++++++++++
6 files changed, 67 insertions(+), 3 deletions(-)
create mode 100644 lib/is_signed_type_test.c
There are two definitions of the is_signed_type() macro: one in
<linux/overflow.h> and a second definition in <linux/trace_events.h>.
As suggested by Linus Torvalds, move the definition of the
is_signed_type() macro into the <linux/compiler.h> header file. Change
the definition of the is_signed_type() macro to make sure that it does
not trigger any sparse warnings with future versions of sparse for
bitwise types. See also:
https://lore.kernel.org/all/CAHk-=whjH6p+qzwUdx5SOVVHjS3WvzJQr6mDUwhEyTf6pJWzaQ@mail.gmail.com/
https://lore.kernel.org/all/CAHk-=wjQGnVfb4jehFR0XyZikdQvCZouE96xR_nnf5kqaM5qqQ@mail.gmail.com/
Cc: Andrew Morton <[email protected]>
Cc: Arnd Bergmann <[email protected]>
Cc: Dan Williams <[email protected]>
Cc: Eric Dumazet <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Isabella Basso <[email protected]>
Cc: "Jason A. Donenfeld" <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Luc Van Oostenryck <[email protected]>
Cc: Masami Hiramatsu <[email protected]>
Cc: Nathan Chancellor <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Rasmus Villemoes <[email protected]>
Cc: Sander Vanheule <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Yury Norov <[email protected]>
Signed-off-by: Bart Van Assche <[email protected]>
---
include/linux/compiler.h | 6 ++++++
include/linux/overflow.h | 1 -
include/linux/trace_events.h | 2 --
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 01ce94b58b42..7713d7bcdaea 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -239,6 +239,12 @@ static inline void *offset_to_ptr(const int *off)
/* &a[0] degrades to a pointer: a different type from an array */
#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
+/*
+ * Whether 'type' is a signed type or an unsigned type. Supports scalar types,
+ * bool and also pointer types.
+ */
+#define is_signed_type(type) (((type)(-1)) < (__force type)1)
+
/*
* This is needed in functions which generate the stack canary, see
* arch/x86/kernel/smpboot.c::start_secondary() for an example.
diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index f1221d11f8e5..0eb3b192f07a 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -30,7 +30,6 @@
* https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html -
* credit to Christian Biere.
*/
-#define is_signed_type(type) (((type)(-1)) < (type)1)
#define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type)))
#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
#define type_min(T) ((T)((T)-type_max(T)-(T)1))
diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h
index b18759a673c6..8401dec93c15 100644
--- a/include/linux/trace_events.h
+++ b/include/linux/trace_events.h
@@ -814,8 +814,6 @@ extern int trace_add_event_call(struct trace_event_call *call);
extern int trace_remove_event_call(struct trace_event_call *call);
extern int trace_event_get_offsets(struct trace_event_call *call);
-#define is_signed_type(type) (((type)(-1)) < (type)1)
-
int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set);
int trace_set_clr_event(const char *system, const char *event, int set);
int trace_array_set_clr_event(struct trace_array *tr, const char *system,
On Fri, 26 Aug 2022 09:21:14 -0700, Bart Van Assche wrote:
> The changes in this patch series are as follows:
> - Add a unit test for the is_signed_type() macro.
> - Define the is_signed_type() macro once.
>
> Please consider these patches for the next merge window.
>
> Thanks,
>
> [...]
Applied to for-next/hardening, thanks!
[1/2] testing/selftests: Add tests for the is_signed_type() macro
https://git.kernel.org/kees/c/5e3ad11bfc5a
[2/2] overflow, tracing: Define the is_signed_type() macro once
https://git.kernel.org/kees/c/6bf7edc1e6f0
I tweaked the kunit test to have a matching filename to the other kunit
tests (i.e. ending with _kunit.c instead of _test.c)
--
Kees Cook
On Fri, Aug 26, 2022 at 09:21:16AM -0700, Bart Van Assche wrote:
> There are two definitions of the is_signed_type() macro: one in
> <linux/overflow.h> and a second definition in <linux/trace_events.h>.
>
> As suggested by Linus Torvalds, move the definition of the
> is_signed_type() macro into the <linux/compiler.h> header file. Change
> the definition of the is_signed_type() macro to make sure that it does
> not trigger any sparse warnings with future versions of sparse for
> bitwise types. See also:
> https://lore.kernel.org/all/CAHk-=whjH6p+qzwUdx5SOVVHjS3WvzJQr6mDUwhEyTf6pJWzaQ@mail.gmail.com/
> https://lore.kernel.org/all/CAHk-=wjQGnVfb4jehFR0XyZikdQvCZouE96xR_nnf5kqaM5qqQ@mail.gmail.com/
>
> Cc: Andrew Morton <[email protected]>
> Cc: Arnd Bergmann <[email protected]>
> Cc: Dan Williams <[email protected]>
> Cc: Eric Dumazet <[email protected]>
> Cc: Ingo Molnar <[email protected]>
> Cc: Isabella Basso <[email protected]>
> Cc: "Jason A. Donenfeld" <[email protected]>
> Cc: Josh Poimboeuf <[email protected]>
> Cc: Luc Van Oostenryck <[email protected]>
> Cc: Masami Hiramatsu <[email protected]>
> Cc: Nathan Chancellor <[email protected]>
> Cc: Peter Zijlstra <[email protected]>
> Cc: Rasmus Villemoes <[email protected]>
> Cc: Sander Vanheule <[email protected]>
> Cc: Steven Rostedt <[email protected]>
> Cc: Vlastimil Babka <[email protected]>
> Cc: Yury Norov <[email protected]>
> Signed-off-by: Bart Van Assche <[email protected]>
> ---
> include/linux/compiler.h | 6 ++++++
> include/linux/overflow.h | 1 -
> include/linux/trace_events.h | 2 --
> 3 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index 01ce94b58b42..7713d7bcdaea 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -239,6 +239,12 @@ static inline void *offset_to_ptr(const int *off)
> /* &a[0] degrades to a pointer: a different type from an array */
> #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
>
> +/*
> + * Whether 'type' is a signed type or an unsigned type. Supports scalar types,
> + * bool and also pointer types.
> + */
> +#define is_signed_type(type) (((type)(-1)) < (__force type)1)
> +
> /*
> * This is needed in functions which generate the stack canary, see
> * arch/x86/kernel/smpboot.c::start_secondary() for an example.
> diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> index f1221d11f8e5..0eb3b192f07a 100644
> --- a/include/linux/overflow.h
> +++ b/include/linux/overflow.h
> @@ -30,7 +30,6 @@
> * https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html -
> * credit to Christian Biere.
> */
> -#define is_signed_type(type) (((type)(-1)) < (type)1)
> #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type)))
> #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
> #define type_min(T) ((T)((T)-type_max(T)-(T)1))
> diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h
> index b18759a673c6..8401dec93c15 100644
> --- a/include/linux/trace_events.h
> +++ b/include/linux/trace_events.h
> @@ -814,8 +814,6 @@ extern int trace_add_event_call(struct trace_event_call *call);
> extern int trace_remove_event_call(struct trace_event_call *call);
> extern int trace_event_get_offsets(struct trace_event_call *call);
>
> -#define is_signed_type(type) (((type)(-1)) < (type)1)
> -
> int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set);
> int trace_set_clr_event(const char *system, const char *event, int set);
> int trace_array_set_clr_event(struct trace_array *tr, const char *system,
Yeah, this looks good. I'll take these as part of the hardening tree
since it's touching overflow.h, unless I hear otherwise. :)
--
Kees Cook