From: David Brownell <david-b@pacbell.net>
To: Al Viro <viro@ftp.linux.org.uk>
Cc: Satyam Sharma <satyam@infradead.org>,
Anton Altaparmakov <aia21@cam.ac.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ptrdiff_t is not uintptr_t, damnit
Date: Sun, 19 Aug 2007 21:17:00 -0700 [thread overview]
Message-ID: <200708192117.00759.david-b@pacbell.net> (raw)
In-Reply-To: <20070820034043.GZ21089@ftp.linux.org.uk>
On Sunday 19 August 2007, Al Viro wrote:
> On Sun, Aug 19, 2007 at 08:26:24PM -0700, David Brownell wrote:
>
> > ISTR the warning was the other way around: about "cast from integer
> > to pointer of a different size". The __u64 came from userspace and
> > the kernel pointer was only 32 bits. Not really truncation, but GCC
> > could not know that directly ... ergo the extra non-pointer cast.
>
> And? Cast to integer type with the size equal to that of pointer.
> unsigned long is just that on all supported targets.
Some tool kept warning about that. Presumably then-current sparse.
I've certainly heard the conventional "unsigned long fits pointers"
wisdom, but tools disagreed. (Does ANSI C guarantee that? I'd think
not, or uintptr_t would not be needed.)
And ptrdiff_t was the closest relevant data type that passed both
gcc and sparse, since uintptr_t didn't previously exist everywhere.
> More interesting question is whether you want an error returned when
> pointers are 32bit and value doesn't fit into that...
Either access_ok() or copy_from_user() reports an error if the
pointer part of that u64 (N LSBs) is bad.
As a general policy, I think the other part is undefined and
irrelevant to the kernel ... it's a kind of explicit padding,
and padding isn't valdated. (At most it's zeroed to prevent
a covert channel, but that's not relevent here.)
- Dave
next prev parent reply other threads:[~2007-08-20 4:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-19 22:55 [PATCH] ptrdiff_t is not uintptr_t, damnit Al Viro
2007-08-20 0:19 ` David Brownell
2007-08-20 0:29 ` Anton Altaparmakov
2007-08-20 0:57 ` Al Viro
2007-08-20 0:57 ` David Brownell
2007-08-20 3:01 ` Satyam Sharma
2007-08-20 3:26 ` David Brownell
2007-08-20 3:40 ` Al Viro
2007-08-20 4:17 ` David Brownell [this message]
2007-08-20 0:27 ` Anton Altaparmakov
2007-08-20 0:52 ` Al Viro
2007-08-20 1:12 ` David Brownell
2007-08-21 18:53 ` David Brownell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200708192117.00759.david-b@pacbell.net \
--to=david-b@pacbell.net \
--cc=aia21@cam.ac.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=satyam@infradead.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.