From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Zijlstra Subject: Re: [RFC PATCH] lib: Introduce generic __cmpxchg_u64() and use it where needed Date: Thu, 1 Nov 2018 22:45:29 +0100 Message-ID: <20181101214529.GB3339@worktop.programming.kicks-ass.net> References: <20181031220253.GA15505@roeck-us.net> <20181031233235.qbedw3pinxcuk7me@pburton-laptop> <4e2438a23d2edf03368950a72ec058d1d299c32e.camel@hammerspace.com> <20181101131846.biyilr2msonljmij@lakrids.cambridge.arm.com> <20181101145926.GE3178@hirez.programming.kicks-ass.net> <20181101163212.GF3159@hirez.programming.kicks-ass.net> <20181101170146.GQ4170@linux.ibm.com> <20181101171846.GI3178@hirez.programming.kicks-ass.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Paul E. McKenney" , Trond Myklebust , "mark.rutland@arm.com" , "linux-kernel@vger.kernel.org" , "ralf@linux-mips.org" , "jlayton@kernel.org" , "linuxppc-dev@lists.ozlabs.org" , "bfields@fieldses.org" , "linux-mips@linux-mips.org" , "linux@roeck-us.net" , "linux-nfs@vger.kernel.org" , "akpm@linux-foundation.org" , "will.deacon@arm.com" , "boqun.feng@gmail.com" , "paul.burton@mips.com" , "anna.schumaker@netapp.com To: Dmitry Vyukov Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Thu, Nov 01, 2018 at 06:46:50PM +0100, Dmitry Vyukov wrote: > If there is a warning that we don't want to see at all, then we can > disable it. It supposed to be a useful tool, rather than a thing in > itself that lives own life. We already I think removed 1 particularly > noisy warning and made another optional via a config. > But the thing with overflows is that, even if it's defined, it's not > necessary the intended behavior. For example, take allocation size > calculation done via unsigned size_t. If it overflows it does not help > if C defines result or not, it still gives a user controlled write > primitive. We've seen similar cases with timeout/deadline calculation > in kernel, we really don't want it to just wrap modulo-2, right. Some > user-space projects even test with unsigned overflow warnings or > implicit truncation warnings, which are formally legal, but frequently > bugs. Sure; but then don't call it UB. If we want to have an additional integer over/underflow checker (ideally with a gcc plugin that has explicit annotations like __wrap to make it go away) that is fine; and it can be done on unsigned and signed.