From: Boqun Feng <boqun.feng@gmail.com>
To: Thomas Gleixner <tglx@linutronix.de>, Miguel Ojeda <ojeda@kernel.org>
Cc: John Stultz <jstultz@google.com>, Stephen Boyd <sboyd@kernel.org>,
Alex Gaynor <alex.gaynor@gmail.com>,
Wedson Almeida Filho <wedsonaf@gmail.com>,
Gary Guo <gary@garyguo.net>,
bjorn3_gh@protonmail.com, Benno Lossin <benno.lossin@proton.me>,
Andreas Hindborg <a.hindborg@samsung.com>,
Alice Ryhl <aliceryhl@google.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()
Date: Tue, 23 Apr 2024 14:11:22 -0700 [thread overview]
Message-ID: <Zigj-lY5lnBSKuib@boqun-archlinux> (raw)
In-Reply-To: <20240411230801.1504496-3-boqun.feng@gmail.com>
On Thu, Apr 11, 2024 at 04:08:01PM -0700, Boqun Feng wrote:
> Currently since Rust code is compiled with "-Coverflow-checks=y", so a
> normal substraction may be compiled as an overflow checking and panic
> if overflow happens:
>
> subq %rsi, %rdi
> jo .LBB0_2
> movq %rdi, %rax
> retq
> .LBB0_2:
> pushq %rax
> leaq str.0(%rip), %rdi
> leaq .L__unnamed_1(%rip), %rdx
> movl $33, %esi
> callq *core::panicking::panic::h59297120e85ea178@GOTPCREL(%rip)
>
> although overflow detection is nice to have, however this makes
> `Ktime::sub()` behave differently than `ktime_sub()`, moreover it's not
> clear that the overflow checking is helpful, since for example, the
> current binder usage[1] doesn't have the checking.
>
Ping. Thomas, John and Stepthen. Could you take a look at this, and the
discussion between Miguel and me? The key question is the behavior when
ktime_sub() hits a overflow, I think. Thanks!
(Cc Kees as well)
Regards,
Boqun
> Therefore make `Ktime::sub()` have the same semantics as `ktime_sub()`:
> overflow behaves like 2s-complement wrapping sub.
>
> Link: https://lore.kernel.org/lkml/5ac8c0d09392290be789423f0dd78a520b830fab.1682333709.git.zhangchuang3@xiaomi.com/ [1]
> Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
> ---
> rust/kernel/time.rs | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/rust/kernel/time.rs b/rust/kernel/time.rs
> index e3bb5e89f88d..3cb15d3079f4 100644
> --- a/rust/kernel/time.rs
> +++ b/rust/kernel/time.rs
> @@ -77,7 +77,9 @@ impl core::ops::Sub for Ktime {
> #[inline]
> fn sub(self, other: Ktime) -> Ktime {
> Self {
> - inner: self.inner - other.inner,
> + // Mirrors `ktime_sub()`, kernel defines signed overflow to behave like 2s-complement,
> + // hence `wrapping_sub()` is used.
> + inner: self.inner.wrapping_sub(other.inner),
> }
> }
> }
> --
> 2.44.0
>
next prev parent reply other threads:[~2024-04-23 21:11 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 23:07 [PATCH 0/2] rust: time related cleanup Boqun Feng
2024-04-11 23:08 ` [PATCH 1/2] rust: time: doc: Add missing C header links Boqun Feng
2024-04-12 7:15 ` Miguel Ojeda
2024-04-12 11:04 ` Alice Ryhl
2024-04-30 22:10 ` [tip: timers/core] " tip-bot2 for Boqun Feng
2024-04-11 23:08 ` [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub() Boqun Feng
2024-04-12 7:14 ` Miguel Ojeda
2024-04-12 7:43 ` Philipp Stanner
2024-04-12 7:58 ` Miguel Ojeda
2024-04-15 17:08 ` Kees Cook
2024-04-12 13:34 ` Boqun Feng
2024-04-12 14:41 ` Miguel Ojeda
2024-04-13 1:30 ` Boqun Feng
2024-04-13 2:16 ` Miguel Ojeda
2024-04-12 8:36 ` Alice Ryhl
2024-04-12 13:18 ` Boqun Feng
2024-04-12 13:51 ` Alice Ryhl
2024-04-25 9:00 ` Andreas Hindborg
2024-04-25 14:28 ` Boqun Feng
2024-04-23 21:11 ` Boqun Feng [this message]
2024-04-23 23:37 ` Kees Cook
2024-04-24 10:21 ` Miguel Ojeda
2024-05-09 12:14 ` Thomas Gleixner
2024-05-13 14:06 ` Boqun Feng
2024-05-13 15:04 ` Miguel Ojeda
2024-05-14 13:12 ` Boqun Feng
2024-05-14 14:21 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zigj-lY5lnBSKuib@boqun-archlinux \
--to=boqun.feng@gmail.com \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=gary@garyguo.net \
--cc=jstultz@google.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sboyd@kernel.org \
--cc=tglx@linutronix.de \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.