On Fri, 4 Aug 2023 at 17:59, Andrei Vagin <avagin@xxxxxxxxx> wrote:
>
> On Thu, Aug 3, 2023 at 8:25 AM Michał Mirosław <emmir@xxxxxxxxxx> wrote:
> >
> > On Thu, 3 Aug 2023 at 17:09, Andrei Vagin <avagin@xxxxxxxxx> wrote:
> > > On Thu, Jul 27, 2023 at 02:36:34PM +0500, Muhammad Usama Anjum wrote:
> > [...]
> > > > + n_pages = (*end - addr) / PAGE_SIZE;
> > > > + if (check_add_overflow(p->found_pages, n_pages, &total_pages) ||
> > > > + total_pages > p->arg.max_pages) {
> > >
> > > why do we need to use check_add_overflow here?
> > >
> > > > + size_t n_too_much = total_pages - p->arg.max_pages;
> > >
> > > it is unsafe to use total_pages if check_add_overflow returns non-zero.
> >
> > Since we're adding unsigned integers, this is well defined even after overflow.
>
> The description of check_add_overflow declares that is unsafe:
> https://elixir.bootlin.com/linux/latest/source/include/linux/overflow.h#L62
>
> It actually doesn't matter, because it should be impossible to
> overflow total_pages
> and we can consider not to use check_add_overflow here.
It seems the doc warning is quite new (d219d2a9a92e / Mon Aug 29
13:37:17 2022 -0700). The underlying __builtin_add_overflow() is
well-defined for any integer type, though. Even staying with C99,
arithmetic on unsigned integers is always defined as being done modulo
2^n.
Best Regards
Michał Mirosław
