From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jan Kara <jack@suse.cz>
Cc: Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: Re: [patch] ext4: underflow in alignment check
Date: Tue, 21 Jun 2016 13:06:44 +0000 [thread overview]
Message-ID: <20160621130644.GO32247@mwanda> (raw)
In-Reply-To: <20160621074353.GB3750@quack2.suse.cz>
On Tue, Jun 21, 2016 at 09:43:53AM +0200, Jan Kara wrote:
> On Mon 20-06-16 22:53:26, Dan Carpenter wrote:
> > On Mon, Jun 20, 2016 at 06:02:04PM +0200, Jan Kara wrote:
> > > On Thu 16-06-16 10:07:09, Dan Carpenter wrote:
> > > > My static checker complains that this can underflow if arg is negative
> > > > which is true.
> > > >
> > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > >
> > > How come? (1 << 30) fits even into 32-bit signed type. So where's the
> > > problem?
> >
> > Bad changelog... I was talking about a different issue. I was casting
> > it to unsigned to take advantage of type promototion. Assume we have:
> >
> > int arg = 1 << 31;
> >
> > (arg > (1 << 30)) // <-- this is false
> > (arg > (1U << 30)) // <-- this is true so there is no underflow.
>
> I see, but match_int() - or more precisely match_number() returns -ERANGE
> when the number is > INT_MAX, subsequently we check whether the number is <
> 0 (Opt_inode_readahead_blks has flag MOPT_GTE0 set) and bail out if yes. So
> at the place you are modifying we are sure the number is in [0, INT_MAX].
> So the condition (arg > (1 << 30)) is pointless - just defensive
> programming in case we decide e.g. to upgrade the type of 'arg' to long - but
> not wrong...
Ah. Smatch wasn't able to figure out that MOPT_GTE0 was set.
Thanks for reviewing this.
regards,
dan carpenter
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jan Kara <jack@suse.cz>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: Re: [patch] ext4: underflow in alignment check
Date: Tue, 21 Jun 2016 16:06:44 +0300 [thread overview]
Message-ID: <20160621130644.GO32247@mwanda> (raw)
In-Reply-To: <20160621074353.GB3750@quack2.suse.cz>
On Tue, Jun 21, 2016 at 09:43:53AM +0200, Jan Kara wrote:
> On Mon 20-06-16 22:53:26, Dan Carpenter wrote:
> > On Mon, Jun 20, 2016 at 06:02:04PM +0200, Jan Kara wrote:
> > > On Thu 16-06-16 10:07:09, Dan Carpenter wrote:
> > > > My static checker complains that this can underflow if arg is negative
> > > > which is true.
> > > >
> > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > >
> > > How come? (1 << 30) fits even into 32-bit signed type. So where's the
> > > problem?
> >
> > Bad changelog... I was talking about a different issue. I was casting
> > it to unsigned to take advantage of type promototion. Assume we have:
> >
> > int arg = 1 << 31;
> >
> > (arg > (1 << 30)) // <-- this is false
> > (arg > (1U << 30)) // <-- this is true so there is no underflow.
>
> I see, but match_int() - or more precisely match_number() returns -ERANGE
> when the number is > INT_MAX, subsequently we check whether the number is <
> 0 (Opt_inode_readahead_blks has flag MOPT_GTE0 set) and bail out if yes. So
> at the place you are modifying we are sure the number is in [0, INT_MAX].
> So the condition (arg > (1 << 30)) is pointless - just defensive
> programming in case we decide e.g. to upgrade the type of 'arg' to long - but
> not wrong...
Ah. Smatch wasn't able to figure out that MOPT_GTE0 was set.
Thanks for reviewing this.
regards,
dan carpenter
next prev parent reply other threads:[~2016-06-21 13:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-16 7:07 [patch] ext4: underflow in alignment check Dan Carpenter
2016-06-16 7:07 ` Dan Carpenter
2016-06-20 16:02 ` Jan Kara
2016-06-20 16:02 ` Jan Kara
2016-06-20 19:53 ` Dan Carpenter
2016-06-20 19:53 ` Dan Carpenter
2016-06-21 7:43 ` Jan Kara
2016-06-21 7:43 ` Jan Kara
2016-06-21 13:06 ` Dan Carpenter [this message]
2016-06-21 13:06 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160621130644.GO32247@mwanda \
--to=dan.carpenter@oracle.com \
--cc=adilger.kernel@dilger.ca \
--cc=jack@suse.cz \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.