Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[Chuck Lever <chuck.lever@oracle.com>]

[-- Attachment #1: Type: text/plain, Size: 1976 bytes --]

David Miller wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> Date: Mon, 05 Nov 2007 18:59:26 -0500
> 
>> If that's truly the case, document the requirement (perhaps using
>> something the compiler itself can verify) instead of using a clever
>> type cast trick.
> 
> Feel free to submit such a change.

Here's what I propose.

skb->truesize should be an int, not an unsigned int, since you expect 
that it may go below zero.

Explicitly assert that skb->truesize is greater than zero in 
skb_truesize_check().

Explicitly assert that skb->len + sizeof(sk_buff) is less than INT_MAX.

Leave the assertion that's already there, but ensure that the types on 
both side of the comparison are as we expect.

Thoughts?

>> Here's the problem with leaving these little surprises in commonly used 
>> kernel headers.  Suppose the developer of a network driver or network 
>> file system that uses one of these headers wants to employ static code 
>> analysis to identify issues introduced by new patches to their 
>> subsystem.  The tool warnings generated in kernel headers are just 
>> noise, and make using such code analysis difficult.
> 
> Here's the problem with submitting patches fixing non-bugs and
> removing useful assertions from kernel.  I won't apply them.

"removing useful assertions"

The (int) type cast in that assertion is nothing more than a comment. 
The compiler promotes that side of the comparison to match the type on 
the right side, and the explicit type cast is entirely ignored.  So in 
fact, my patch removed nothing but a mistaken assumption.  The assertion 
behaves the same after my patch as it did before.

Thus anyone might be confused at what exactly was being asserted in 
skb_truesize_check().  It's not a question of whether or not I reviewed 
the logic that uses skb->truesize before crafting my patch; I did review 
it.  The fact that skb_truesize_check() never before asserted that 
skb->truesize is greater than zero is not my fault.

[-- Attachment #2: chuck.lever.vcf --]
[-- Type: text/x-vcard, Size: 315 bytes --]

begin:vcard
fn:Chuck Lever
n:Lever;Chuck
org:Oracle Corporation;Corporate Architecture: Linux Projects Group
adr:;;1015 Granger Avenue;Ann Arbor;MI;48104;USA
email;internet:chuck dot lever at nospam oracle dot com
title:Principal Member of Staff
tel;work:+1 248 614 5091
x-mozilla-html:FALSE
version:2.1
end:vcard