On Tue, Sep 14, 2021 at 11:48 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> FWIW, it's probably better to avoid open-coding the check. There are
> helpers for shift-left too. :)
I actually looked for them.
But I only did so with a grep for "check_shift_overflow".
Which didn't find anything.
I didn't think anybody would call a shift overflow function "shl",
since a right-shift by definition cannot overflow.
But no complaints about using the oddly named overflow function,
though - it makes it more obvious that the patch is purely about
changing 'blksize' to use a bit count.
Btw, these kinds of issues is exactly why I've been hardnosed about
64-bit divides for decades. 64-bit divides on 32-bit machines are
*expensive*. It's why I don't like saying "just use '/' and we'll pick
up the routines from libgcc".
In almost all real-life cases - at least in a kernel - the full divide
is unnecessary. It's almost always people being silly and lazy, and
the very expensive operation can be avoided entirely (or at least
minimized to something like 64/32).
Linus
