On Fri, 4 Aug 2023 at 17:59, Andrei Vagin avagin@gmail.com wrote:
On Thu, Aug 3, 2023 at 8:25 AM Michał Mirosław emmir@google.com wrote:
On Thu, 3 Aug 2023 at 17:09, Andrei Vagin avagin@gmail.com wrote:
On Thu, Jul 27, 2023 at 02:36:34PM +0500, Muhammad Usama Anjum wrote:
[...]
n_pages = (*end - addr) / PAGE_SIZE;if (check_add_overflow(p->found_pages, n_pages, &total_pages) ||total_pages > p->arg.max_pages) {why do we need to use check_add_overflow here?
size_t n_too_much = total_pages - p->arg.max_pages;it is unsafe to use total_pages if check_add_overflow returns non-zero.
Since we're adding unsigned integers, this is well defined even after overflow.
The description of check_add_overflow declares that is unsafe: https://elixir.bootlin.com/linux/latest/source/include/linux/overflow.h#L62
It actually doesn't matter, because it should be impossible to overflow total_pages and we can consider not to use check_add_overflow here.
It seems the doc warning is quite new (d219d2a9a92e / Mon Aug 29 13:37:17 2022 -0700). The underlying __builtin_add_overflow() is well-defined for any integer type, though. Even staying with C99, arithmetic on unsigned integers is always defined as being done modulo 2^n.
Best Regards Michał Mirosław