From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A5BA27F006; Fri, 17 Oct 2025 13:49:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760708972; cv=none; b=m8xetao7CMLR0aeuqx3MQLQyxKjenwyZ7XdY62Vx+p5z42f+uur98NOGFBZ80oNVTLm0L3CleAEWCIsOeUWUpswso3rj6JrT5iIHlh/U6AvhTm8yBDDYeHw1XZhpRP/2qHNDwLrq44kzQP0tGTKDtR8ZtXtkYx0CtD6KEUxqy0g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760708972; c=relaxed/simple; bh=C4SzgmKRE06gjdbVP9S3zeoEfakcGE72FYSgstJTWko=; h=Subject:To:Cc:From:Date:In-Reply-To:Message-ID:MIME-Version: Content-Type; b=E8ohta2VH3rciLK86wjU0LcHVXFPJlqh8xJ4F2aJOFBo211FhYQoyI+j1xdXmmh8GUneBHP4501WTI3C1WZhnKCnw7ihKh+DkGmMdpBOSMySxZDeWO2T/OVFthkKaUNQRRkRrjV24r193mGurj1/VQF2fVZ3oYDAtCkRU8ndXNw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=k7BKk/J+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="k7BKk/J+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CD758C4CEFE; Fri, 17 Oct 2025 13:49:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1760708972; bh=C4SzgmKRE06gjdbVP9S3zeoEfakcGE72FYSgstJTWko=; h=Subject:To:Cc:From:Date:In-Reply-To:From; b=k7BKk/J+YheiXrEDuIn++bF+Qm4flIGkIrK7ul7+IuO5OZW88JhojCPovXU8GBaq9 oOLQtT3qi9nM6hefhAf8QLy9HVPd7SocYic8+sZXqMXLRlfqdSjf+Buc8uzEoO986B bFHefq3pARjF1CNIScIHqzf1El9QhWpsLu9083hE= Subject: Patch "minmax: sanity check constant bounds when clamping" has been added to the 5.10-stable tree To: David.Laight@ACULAB.COM,Jason@zx2c4.com,adilger.kernel@dilger.ca,agk@redhat.com,airlied@linux.ie,akpm@linux-foundation.org,alexander.deucher@amd.com,alexandre.torgue@st.com,amd-gfx@lists.freedesktop.org,andriy.shevchenko@linux.intel.com,anton.ivanov@cambridgegreys.com,artur.paszkiewicz@intel.com,bp@alien8.de,brian.starkey@arm.com,bvanassche@acm.org,chao@kernel.org,christian.koenig@amd.com,clm@fb.com,coreteam@netfilter.org,daniel@ffwll.ch,dave.hansen@linux.intel.com,davem@davemloft.net,dm-devel@redhat.com,dmitry.torokhov@gmail.com,dri-devel@lists.freedesktop.org,dsterba@suse.com,dushistov@mail.ru,evan.quan@amd.com,farbere@amazon.com,fery@cypress.com,freedreno@lists.freedesktop.org,fw@strlen.de,gregkh@linuxfoundation.org,harry.wentland@amd.com,hdegoede@redhat.com,herve.codina@bootlin.com,hpa@zytor.com,intel-linux-scu@intel.com,jack@suse.com,james.morse@arm.com,james.qian.wang@arm.com,jdelvare@suse.com,jdike@addtoit.com,jejb@linux.ibm.com,jmaloy@redhat.com,joabreu@synopsys.com,josef@toxicpanda.com,kadlec@netfilter.org,kbusch@kernel.org,keescook@chromium.org,kuba@kernel.org,kuznet@ms2.inr.ac.ru,linux-arm-kernel@lists.infradead.org,linux-erofs@lists.ozlabs.org,linux-mm@kvack.org,linux-staging@lists.linux.dev,linux-stm32@st-md-mailman.stormreply.com,linux-um@lists.infradead.org,linux@armlinux.org.uk,linux@rasmusvillemoes.dk,linux@roeck-us.net,liviu.dudau@arm.com,luc.vanoostenryck@gmail.com,luto@kernel.org,maarten.lankhorst@linux.intel.com,malattia@linux.it,martin.petersen@oracle.com,mchehab@kernel.org,mcoquelin.stm32@gmail.com,mgross@linux.intel.com,mihail.atanassov@arm.com,minchan@kernel.org,mingo@redhat.com,mripard@kernel.org,nathan@kernel.org,ndesaulniers@google.com,ngupta@vflare.org,pablo@netfilter.org,peppe.cavallaro@st.com,peterz@infradead.org,pmladek@suse.com,qiuxu.zhuo@intel.com,rajur@chelsio.com,richard@nod.at,robdclark@gmail.com,rostedt@goodmis.org,rric@kernel.org,ruanjinjie@huawei.com,sakari.ailus@linux.intel.com,sashal@kernel.org,sean@poorly.run,sergey.senozhatsky@gmail.com,snitzer@redhat.com,sunpeng.li@amd.com,tglx@linutronix.de,tipc-discussion@lists.sourceforge.net,tony.luck@intel.com,tytso@mit.edu,tzimmermann@suse.de,willy@infradead.org,x86@kernel.org,xiang@kernel.org,ying.xue@windriver.com,yoshfuji@linux-ipv6.org Cc: From: Date: Fri, 17 Oct 2025 15:48:31 +0200 In-Reply-To: <20251017090519.46992-4-farbere@amazon.com> Message-ID: <2025101731-unholy-bulginess-e51e@gregkh> Precedence: bulk X-Mailing-List: linux-staging@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore This is a note to let you know that I've just added the patch titled minmax: sanity check constant bounds when clamping to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: minmax-sanity-check-constant-bounds-when-clamping.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From linux-staging+bounces-34941-greg=kroah.com@lists.linux.dev Fri Oct 17 11:08:22 2025 From: Eliav Farber Date: Fri, 17 Oct 2025 09:04:55 +0000 Subject: minmax: sanity check constant bounds when clamping To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Message-ID: <20251017090519.46992-4-farbere@amazon.com> From: "Jason A. Donenfeld" [ Upstream commit 5efcecd9a3b18078d3398b359a84c83f549e22cf ] The clamp family of functions only makes sense if hi>=lo. If hi and lo are compile-time constants, then raise a build error. Doing so has already caught buggy code. This also introduces the infrastructure to improve the clamping function in subsequent commits. [akpm@linux-foundation.org: coding-style cleanups] [akpm@linux-foundation.org: s@&&\@&& \@] Link: https://lkml.kernel.org/r/20220926133435.1333846-1-Jason@zx2c4.com Signed-off-by: Jason A. Donenfeld Reviewed-by: Andy Shevchenko Cc: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Eliav Farber Signed-off-by: Greg Kroah-Hartman --- include/linux/minmax.h | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) --- a/include/linux/minmax.h +++ b/include/linux/minmax.h @@ -37,6 +37,28 @@ __cmp(x, y, op), \ __cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op)) +#define __clamp(val, lo, hi) \ + __cmp(__cmp(val, lo, >), hi, <) + +#define __clamp_once(val, lo, hi, unique_val, unique_lo, unique_hi) ({ \ + typeof(val) unique_val = (val); \ + typeof(lo) unique_lo = (lo); \ + typeof(hi) unique_hi = (hi); \ + __clamp(unique_val, unique_lo, unique_hi); }) + +#define __clamp_input_check(lo, hi) \ + (BUILD_BUG_ON_ZERO(__builtin_choose_expr( \ + __is_constexpr((lo) > (hi)), (lo) > (hi), false))) + +#define __careful_clamp(val, lo, hi) ({ \ + __clamp_input_check(lo, hi) + \ + __builtin_choose_expr(__typecheck(val, lo) && __typecheck(val, hi) && \ + __typecheck(hi, lo) && __is_constexpr(val) && \ + __is_constexpr(lo) && __is_constexpr(hi), \ + __clamp(val, lo, hi), \ + __clamp_once(val, lo, hi, __UNIQUE_ID(__val), \ + __UNIQUE_ID(__lo), __UNIQUE_ID(__hi))); }) + /** * min - return minimum of two values of the same or compatible types * @x: first value @@ -103,7 +125,7 @@ * This macro does strict typechecking of @lo/@hi to make sure they are of the * same type as @val. See the unnecessary pointer comparisons. */ -#define clamp(val, lo, hi) min((typeof(val))max(val, lo), hi) +#define clamp(val, lo, hi) __careful_clamp(val, lo, hi) /* * ..and if you can't take the strict @@ -138,7 +160,7 @@ * This macro does no typechecking and uses temporary variables of type * @type to make all the comparisons. */ -#define clamp_t(type, val, lo, hi) min_t(type, max_t(type, val, lo), hi) +#define clamp_t(type, val, lo, hi) __careful_clamp((type)(val), (type)(lo), (type)(hi)) /** * clamp_val - return a value clamped to a given range using val's type Patches currently in stable-queue which might be from farbere@amazon.com are queue-5.10/minmax-allow-comparisons-of-int-against-unsigned-char-short.patch queue-5.10/minmax-add-a-few-more-min_t-max_t-users.patch queue-5.10/minmax-improve-macro-expansion-and-type-checking.patch queue-5.10/minmax-fix-indentation-of-__cmp_once-and-__clamp_once.patch queue-5.10/minmax.h-simplify-the-variants-of-clamp.patch queue-5.10/minmax-add-in_range-macro.patch queue-5.10/minmax.h-move-all-the-clamp-definitions-after-the-min-max-ones.patch queue-5.10/minmax-allow-min-max-clamp-if-the-arguments-have-the-same-signedness.patch queue-5.10/minmax-don-t-use-max-in-situations-that-want-a-c-constant-expression.patch queue-5.10/minmax.h-remove-some-defines-that-are-only-expanded-once.patch queue-5.10/minmax.h-use-build_bug_on_msg-for-the-lo-hi-test-in-clamp.patch queue-5.10/minmax-simplify-min-max-clamp-implementation.patch queue-5.10/minmax-deduplicate-__unconst_integer_typeof.patch queue-5.10/minmax-simplify-and-clarify-min_t-max_t-implementation.patch queue-5.10/minmax.h-add-whitespace-around-operators-and-after-commas.patch queue-5.10/minmax-sanity-check-constant-bounds-when-clamping.patch queue-5.10/minmax-avoid-overly-complicated-constant-expressions-in-vm-code.patch queue-5.10/minmax-make-generic-min-and-max-macros-available-everywhere.patch queue-5.10/minmax-fix-up-min3-and-max3-too.patch queue-5.10/minmax.h-reduce-the-define-expansion-of-min-max-and-clamp.patch queue-5.10/minmax-fix-header-inclusions.patch queue-5.10/minmax-introduce-min-max-_array.patch queue-5.10/btrfs-remove-duplicated-in_range-macro.patch queue-5.10/overflow-tracing-define-the-is_signed_type-macro-once.patch queue-5.10/minmax-relax-check-to-allow-comparison-between-unsigned-arguments-and-signed-constants.patch queue-5.10/minmax-clamp-more-efficiently-by-avoiding-extra-comparison.patch queue-5.10/minmax.h-update-some-comments.patch