From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EE44FC4345F for ; Thu, 25 Apr 2024 10:19:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=2peCmnSwkl8+3WXpoCQJdZhj/n7q8osznmfyQ+9pnlg=; b=Qurf8JkD3QWF2M ZrvDsNQ3E3RfUSHaRTMZ/Xk8s09Bhv565g8U2uAe9iSjFAWFcVflrontaTa1rDoBX0+oUaojiMMYX Cfn5iqSBNEfkrSkaeFawO3mzOyCv7VT8yXv6rrkzuEpyI2cKaVpv/5jGnM+KxxPlceG1ttcrpFKYe y0VWYjAb71EpGiIC0+ZDVPalFrlnFKtZhIQnlNICNwVedGm6BZ2S/Nc6SiJ0auI8PDCRrj7CnLHxX Ul/rMk4U5cCynwrjBDd3P/IkMxZk4EpexnUB1Ly5O+IR2rxyFrkOLg8aVQcwQgy+xTMZ2ayasY13a c94m8B/GCJ1OSMjfahDQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rzwCN-00000007nv8-3nQU; Thu, 25 Apr 2024 10:19:27 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rzwCL-00000007ntu-0uGl for linux-arm-kernel@lists.infradead.org; Thu, 25 Apr 2024 10:19:26 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A7F6F2F; Thu, 25 Apr 2024 03:19:50 -0700 (PDT) Received: from FVFF77S0Q05N (unknown [10.57.21.118]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 98E2B3F64C; Thu, 25 Apr 2024 03:19:18 -0700 (PDT) Date: Thu, 25 Apr 2024 11:19:15 +0100 From: Mark Rutland To: Peter Zijlstra Cc: Kees Cook , Will Deacon , Boqun Feng , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Jakub Kicinski , Catalin Marinas , Arnd Bergmann , Andrew Morton , "David S. Miller" , David Ahern , Eric Dumazet , Paolo Abeni , "Paul E. McKenney" , Uros Bizjak , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-arch@vger.kernel.org, netdev@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH 1/4] locking/atomic/x86: Silence intentional wrapping addition Message-ID: References: <20240424191225.work.780-kees@kernel.org> <20240424191740.3088894-1-keescook@chromium.org> <20240424224141.GX40213@noisy.programming.kicks-ass.net> <202404241542.6AFC3042C1@keescook> <20240424225436.GY40213@noisy.programming.kicks-ass.net> <20240424230500.GG12673@noisy.programming.kicks-ass.net> <202404241621.8286B8A@keescook> <20240425092812.GB21980@noisy.programming.kicks-ass.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240425092812.GB21980@noisy.programming.kicks-ass.net> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240425_031925_331733_73355227 X-CRM114-Status: GOOD ( 23.94 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Apr 25, 2024 at 11:28:12AM +0200, Peter Zijlstra wrote: > On Wed, Apr 24, 2024 at 04:30:50PM -0700, Kees Cook wrote: > > > > That is, anything that actively warns about signed overflow when build > > > with -fno-strict-overflow is a bug. If you want this warning you have to > > > explicitly mark things. > > > > This is confusing UB with "overflow detection". We're doing the latter. > > Well, all of this is confusing to me because it is not presented > coherently. > > The traditional 'must not let signed overflow' is because of the UB > nonsense, which we fixed. > > > > Signed overflow is not UB, is not a bug. > > > > > > Now, it might be unexpected in some places, but fundamentally we run on > > > 2s complement and expect 2s complement. If you want more, mark it so. > > > > Regular C never provided us with enough choice in types to be able to > > select the overflow resolution strategy. :( So we're stuck mixing > > expectations into our types. > > Traditionally C has explicit wrapping for unsigned and UB on signed. We > fixed the UB, so now expect wrapping for everything. > > You want to add overflow, so you should make that a special and preserve > semantics for existing code. > > Also I would very strongly suggest you add an overflow qualifier to the > type system and please provide sane means of qualifier manipulation -- > stripping qualifiers is painful :/ I agree that having an overflow/nooverflow qualifier that's separate from signed/unsigned would make more sense than inferring that from signed vs unsigned. Mark. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel