Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753964Ab3G1Sr0 (ORCPT ); Sun, 28 Jul 2013 14:47:26 -0400 Received: from mail-pa0-f51.google.com ([209.85.220.51]:33065 "EHLO mail-pa0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753558Ab3G1SrC (ORCPT ); Sun, 28 Jul 2013 14:47:02 -0400 Message-ID: <1375037219.3669.34.camel@edumazet-glaptop> Subject: Re: [PATCH jiffies] Avoid undefined behavior from signed overflow From: Eric Dumazet To: paulmck@linux.vnet.ibm.com Cc: linux-kernel@vger.kernel.org, john.stultz@linaro.org, davem@davemloft.net, arnd@arndb.de, mingo@kernel.org, torvalds@linux-foundation.org Date: Sun, 28 Jul 2013 11:46:59 -0700 In-Reply-To: <20130727225828.GA11864@linux.vnet.ibm.com> References: <20130727225828.GA11864@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.2.3-0ubuntu6 Content-Transfer-Encoding: 7bit Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2309 Lines: 56 On Sat, 2013-07-27 at 15:58 -0700, Paul E. McKenney wrote: > According to the C standard 3.4.3p3, overflow of a signed integer results > in undefined behavior. This commit therefore changes the definitions > of time_after() and time_after_eq() to avoid this undefined behavior. > The trick is that the subtraction is done using unsigned arithmetic, > which according to 6.2.5p9 cannot overflow because it is defined as > modulo arithmetic. This has the added (though admittedly quite small) > benefit of shortening two lines of code by four characters each. > > Note that the C standard considers the cast from signed to > unsigned to be implementation-defined, see 6.3.1.3p3. However, on a > two-complement system, an implementation that defines anything other > than a reinterpretation of the bits is free come to me, and I will be > happy to act as a witness for its being committed to an insane asylum. > (Although I have nothing against saturating arithmetic or signals in > some cases, these things really should not be the default.) > > Signed-off-by: Paul E. McKenney > Cc: John Stultz > Cc: "David S. Miller" > Cc: Arnd Bergmann > Cc: Ingo Molnar > Cc: Linus Torvalds > > diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h > index 97ba4e7..97967ba 100644 > --- a/include/linux/jiffies.h > +++ b/include/linux/jiffies.h > @@ -101,13 +101,13 @@ static inline u64 get_jiffies_64(void) > #define time_after(a,b) \ > (typecheck(unsigned long, a) && \ > typecheck(unsigned long, b) && \ > - ((long)(b) - (long)(a) < 0)) > + ((long)((b) - (a)) < 0)) > #define time_before(a,b) time_after(b,a) > > #define time_after_eq(a,b) \ > (typecheck(unsigned long, a) && \ > typecheck(unsigned long, b) && \ > - ((long)(a) - (long)(b) >= 0)) > + ((long)((a) - (b)) >= 0)) > #define time_before_eq(a,b) time_after_eq(b,a) > time_after64() & time_after_eq64() probably need the same. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/