Received: by 2002:ab2:7041:0:b0:1f4:bcc8:f211 with SMTP id x1csp6481lql; Fri, 12 Apr 2024 01:36:29 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVTPAH5VcqF1WvaHTLiclYp0n8Z01rHGhzk+pzP/iwF+v3CtAEcs4Sd5QtBq7KupBBRJ+JwMiLVdK0Xku69MEwUjzfFh2C4RR8k3LTCRg== X-Google-Smtp-Source: AGHT+IHJVQ1Muvntl/hXMjfvKEJz7s5qe8wrTBUpbftB2NvaM8zBSggDZGzHfY6UrwAmgnwB6W5c X-Received: by 2002:a0c:c385:0:b0:696:7c8e:e636 with SMTP id o5-20020a0cc385000000b006967c8ee636mr1947548qvi.63.1712910988846; Fri, 12 Apr 2024 01:36:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712910988; cv=pass; d=google.com; s=arc-20160816; b=Fq4o9lxc8EuDfEcACwHK64FGUbAKTEgL8Q8WRDuuJaFyAAQtdeF1Y1UHfxF59P+WPZ MtvcsQ9sx1WsPCEmVZiwNP8xVGVSs+86Pz7XLMrtuBUrcIHcZlwTJfvUJ87CuglEijja peB9psyqNuJjPElzeI5MVInjOCwOWDOzVODYBb2l/XNoHt4QHLXlwoZwPVapE9+golLt gE0BaXAssa61U3znL0eqCKIQZXi94Sf58rV63xn0V0JBbeoXNEptNWKOfsM6R/WewIR3 ZUxV3kE72hBDqR9tqLMibPhcypnf16pzgrFbJtItW184w72YbaJdnhmPW9k4CZAX6X4m Wj2w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=ZwTW8iE9nJVGzJXr2vldh3noIwLG2G8OB3Efo+SZIqE=; fh=V8+rwciO+kYYzbiSUH36aUsRu2h0gslrxcxFRVEU36Q=; b=dnYI53kXZiRt7gsNjfcxfodZvtOwif8nyGWE85fSq8tkHhO1hyuybOVwIw+yltyYb5 JSQW/uqDU6oSRIyZ5EwVFauHk+w1ZMtzqN9yPDR6CHaw5F9iyw9VkhE+9TOk3u2pM+8z HAF/q/Iqy+8HrL7mefwIErjjre02KraQBrsFFzdu+w7dV4Idhakzn1uyR4RZc/uC0cX3 akjxlr5YLQuTkIDu1QG7YMqr8YjqBBYv1FsjWiTUvlvSsKne7UWn4fL4vhNtO28nPK5E 9yeZHSp2oiVP+6gYpO8klqqSVgamSUhn5MCqFrQ9B2fLe63tDXJDwgJ3QwcvlJde655S IDGA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qxf+OBHG; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-142242-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-142242-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d3-20020a0ce703000000b00699361cbd68si3143958qvn.256.2024.04.12.01.36.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Apr 2024 01:36:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-142242-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qxf+OBHG; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-142242-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-142242-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 81C2B1C21934 for ; Fri, 12 Apr 2024 08:36:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C15B13A1A3; Fri, 12 Apr 2024 08:36:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qxf+OBHG" Received: from mail-ua1-f46.google.com (mail-ua1-f46.google.com [209.85.222.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0A3F1B81F for ; Fri, 12 Apr 2024 08:36:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712910980; cv=none; b=pR3KXLWGSHaD+Xwqe0R6YcEa/9+eKWcp/65A+aii2b2kIb4KmhEO7UZ83k6RPgij1WhlU1v5Td0vo6D8M5lk8DGKoukY5SXXqoRwbUxzs2tqFJaONkVVpw3fOiKoA0oapdUtwFAwUA0H8oaV88FyeSQhst8QzRymwd7liu5k59I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712910980; c=relaxed/simple; bh=icsXkT0xOb6e+1xr9g6dtXExIPMijW/K98732uk8zLA=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Hav4X29Wb9OD+D829t+NmLFYyMNR42wOcCZhvym2LjVwkeU71Ft7eBlorYkpxtm155EWw3cPtzd46MOQ3PlRjWE/Gi6Co/9E9VwaSqnmXMP1TBGba0IgMjdb7TkcFX2Gfwzn6rZUcHi8nNmoOUjRvGqG1A9tjjO1xrQPN2eXWJk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qxf+OBHG; arc=none smtp.client-ip=209.85.222.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-ua1-f46.google.com with SMTP id a1e0cc1a2514c-7e7bd3e7d0aso180645241.1 for ; Fri, 12 Apr 2024 01:36:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712910977; x=1713515777; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ZwTW8iE9nJVGzJXr2vldh3noIwLG2G8OB3Efo+SZIqE=; b=qxf+OBHGRqPwF/JjAr1m9zngOp3YGqbpB9PJS3wXxpOIl+WjESNKURUeOJc3MJB5ud HTrCOSTbFGKPTb08+q0cfy3D6qZBLHPg4B+2ZktQ6hvdHFueDc9GNB2N3gHTHAtKWd55 y+IgDqZ86a+JkQW+JbqTPBAsDGQ8VhGG9N1MxUMLN4ALhU43V72vkbarIXhVDBJUwPqb +FYXuM51KItRspYIaHftajaqNHl8YJGUSIP9SXzQB/6YHa24nVpcs/mrPZetgPkaxljX j+PsdzZQT1A9z4FuaZrz99A+9HM84SYNaJ0jlifIpj8t06w95TZNIMmqIxxkx4h5FMF2 qF4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712910977; x=1713515777; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZwTW8iE9nJVGzJXr2vldh3noIwLG2G8OB3Efo+SZIqE=; b=DOpY9yg9r+8RKTv4mfUWfBobB7+3h2j/UqhxmF1x9TI0LBLFbpr+arUiJmp6l71Mo9 JeBET/m8I953P0emYRNUGzQ4cXz4i7d0NhtxKQF7hAxV0CHSTjQx/+ARLYiShz3Suvh6 MmymmI4KBcTI5ZMke4zOHATM9CKoEz8c+YdxJKdrgbDe1K70DDab5EKseFzikctoS8KU eMhfV8jCS+qOaPjGoL/HxeqQHZWlFWKY+kTAm3Gndb8ymGQtJYos092myll5fMkG8My2 4ipUCyHc30LWfDiJAcc4Ivsz6wt9eNvRQdyUOrX6mPEYkgIXmQOH3n3FxLxXhlWn3QGd ChGA== X-Forwarded-Encrypted: i=1; AJvYcCXAKX0gtG61FFknYfIdYUaGrq557TycNxfXvuJETP3JTmf4/ljEvliQ3gYjq3ulZJ5btjrFZYbpSUdrVRfCxu+1YVTF1NFfO1cU6ksT X-Gm-Message-State: AOJu0YwUhEclR52YHdaz8X8BiUSzFkCCgEcVDbhxzAqN57OK1Q0TTuN7 KrZdohyb/vW0CjI7TN+TVlBcH2k+JoqHw8lhHar7xfcNR8cEGtlzNlSt2rp9i6vrqMiSlL0PpSI FUTEWfP+xY8t1jPH0WPx6kXcxI+W6Sxr4FZ2G X-Received: by 2002:a05:6122:16a4:b0:4da:e977:1fb7 with SMTP id 36-20020a05612216a400b004dae9771fb7mr2234667vkl.15.1712910977298; Fri, 12 Apr 2024 01:36:17 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240411230801.1504496-1-boqun.feng@gmail.com> <20240411230801.1504496-3-boqun.feng@gmail.com> In-Reply-To: <20240411230801.1504496-3-boqun.feng@gmail.com> From: Alice Ryhl Date: Fri, 12 Apr 2024 10:36:05 +0200 Message-ID: Subject: Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub() To: Boqun Feng Cc: Thomas Gleixner , Miguel Ojeda , John Stultz , Stephen Boyd , Alex Gaynor , Wedson Almeida Filho , Gary Guo , bjorn3_gh@protonmail.com, Benno Lossin , Andreas Hindborg , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Apr 12, 2024 at 1:08=E2=80=AFAM Boqun Feng w= rote: > > Currently since Rust code is compiled with "-Coverflow-checks=3Dy", so a > normal substraction may be compiled as an overflow checking and panic > if overflow happens: > > subq %rsi, %rdi > jo .LBB0_2 > movq %rdi, %rax > retq > .LBB0_2: > pushq %rax > leaq str.0(%rip), %rdi > leaq .L__unnamed_1(%rip), %rdx > movl $33, %esi > callq *core::panicking::panic::h59297120e85ea178@GOTPCREL(%rip) > > although overflow detection is nice to have, however this makes > `Ktime::sub()` behave differently than `ktime_sub()`, moreover it's not > clear that the overflow checking is helpful, since for example, the > current binder usage[1] doesn't have the checking. I don't think this is a good idea at all. Any code that triggers an overflow in Ktime::sub is wrong, and anyone who enables CONFIG_RUST_OVERFLOW_CHECKS does so because they want such bugs to be caught. You may have been able to find one example of a subtraction that doesn't have a risk of overflow, but overflow bugs really do happen in the real world. I have seen real examples of bugs in Rust code, where overflow checks were the reason the bug was not a security vulnerability. > Therefore make `Ktime::sub()` have the same semantics as `ktime_sub()`: > overflow behaves like 2s-complement wrapping sub. From Miguel's reply, it sounds like 2s-complement wrapping is not even the semantics of ktime_sub. The semantics are just UB. Alice