On 2019-09-26, Christian Brauner <christian.brauner@xxxxxxxxxx> wrote: > On Thu, Sep 26, 2019 at 01:03:29AM +0200, Aleksa Sarai wrote: > > +int is_zeroed_user(const void __user *from, size_t size) > > +{ > > + unsigned long val; > > + uintptr_t align = (uintptr_t) from % sizeof(unsigned long); > > + > > + if (unlikely(!size)) > > + return true; > > You're returning "true" and another implicit boolean with (val == 0) > down below but -EFAULT in other places. But that function is int > is_zeroed_user() Would probably be good if you either switch to bool > is_zeroed_user() as the name suggests or rename the function and have > it return an int everywhere. I just checked, and in C11 (and presumably in older specs) it is guaranteed that "true" and "false" from <stdbool.h> have the values 1 and 0 (respectively) [§7.18]. So this is perfectly well-defined. Personally, I think it's more readable to have: if (unlikely(size == 0)) return true; /* ... */ return (val == 0); compared to: if (unlikely(size == 0)) return 1; /* ... */ return val ? 0 : 1; But I will change the function name (to check_zeroed_user) to make it clearer that it isn't returning a boolean and that you need to check for negative returns. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature