From: David Laight <david.laight.linux@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Askar Safin <safinaskar@gmail.com>,
metze@samba.org, akpm@linux-foundation.org, axboe@kernel.dk,
brauner@kernel.org, david@kernel.org, dhowells@redhat.com,
hch@infradead.org, jack@suse.cz, linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, miklos@szeredi.hu, netdev@vger.kernel.org,
patches@lists.linux.dev, pfalcato@suse.de,
viro@zeniv.linux.org.uk, willy@infradead.org
Subject: Re: [PATCH 2/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2
Date: Thu, 4 Jun 2026 22:32:16 +0100 [thread overview]
Message-ID: <20260604223216.73468830@pumpkin> (raw)
In-Reply-To: <CAHk-=wip3mwLOHOYJ9TtjDxOaq9YUXmuCg2AycyASGgeY6qqUw@mail.gmail.com>
On Thu, 4 Jun 2026 12:30:30 -0700
Linus Torvalds <torvalds@linux-foundation.org> wrote:
> On Thu, 4 Jun 2026 at 10:38, David Laight <david.laight.linux@gmail.com> wrote:
> >
> > Bool is another matter entirely, (IIRC from a couple of weeks ago)
> > gcc will assume that the low 8 bits of the parameter register are
> > either 0 or 1 and clang assumes that the low 32 bits are 0 or 1.
> > You can't even check with 'if ((u32)bool_param > 1) error()' because
> > the compiler 'knows' it can't be false.
>
> Nobody should ever use 'bool' as a system call argument. Anything that
> takes a boolean should take a 'flags' field with bits.
I was thinking of more generally, not syscall arguments.
In C you can't really guarantee that a 'bool' variable will always
contain 0 or 1.
Even if you write: https://godbolt.org/z/81P87vv7o
int f(char *p, _Bool b)
{
return p[b ? 1 : 0];
}
you get *(p + b), neither (int)b, !!b or (b & 1) make any difference.
Talking of broken compilers, had you noticed that:
struct foo {
int a;
char c[32];
};
int b(struct foo *f)
{
return __builtin_object_size(f->c, 1);
}
returns -1 (size unknown/indefinite).
You can't use __builtin_object_size() to stop code running off the end
of anything referenced by address - even when the size is constant.
> But this is basically what a lot of the SYSCALL_DEFINEx() macros are
> all about - sorting out ABI assumptions.
>
> For example, on powerpc (iirc - maybe it was 390), a 32-bit argument
> is always sign-extended by the ABI, and the compiler *depends* on
> that.
I think riscv might sign extend 32bit values in 64bit registers.
x86 and arm both zero extend.
Zero extending is more friendly to the kernel where pretty much
all values are non-negative.
I think I've used signed variables slightly more often than fp in the
last 47+ years.
-- David
> But at system call boundaries we can't trust that the user side
> actually follows the ABI, so SYSCALL_DEFINEx() will actually take a
> 'unsigned long' and turn it into a 32-bit argument so that things like
> this are well-defined and you can't fool the kernel by not following
> the ABI rules.
>
> The same would be the case if some system call actually takes bool
> (but I don't think such garbage exists). The SYSCALL_DEFINE() macro
> magic would take the full register content and *force* it to follow
> the ABI conventions, whatever they are on that platform.
>
> Linus
next prev parent reply other threads:[~2026-06-04 21:32 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-31 1:01 [PATCH 0/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2 Askar Safin
2026-05-31 1:01 ` [PATCH 1/3] tee: fs/splice.c: remove unused parameter "flags" from "link_pipe" Askar Safin
2026-05-31 1:01 ` [PATCH 2/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2 Askar Safin
2026-06-03 20:56 ` Stefan Metzmacher
2026-06-03 21:17 ` Askar Safin
2026-06-04 9:06 ` David Laight
2026-06-04 14:17 ` Linus Torvalds
2026-06-04 17:38 ` David Laight
2026-06-04 19:30 ` Linus Torvalds
2026-06-04 21:32 ` David Laight [this message]
2026-06-04 21:42 ` Linus Torvalds
2026-06-05 1:57 ` Nathan Chancellor
2026-06-04 23:25 ` Askar Safin
2026-05-31 1:01 ` [PATCH 3/3] splice: remove PIPE_BUF_FLAG_GIFT Askar Safin
2026-05-31 8:54 ` [PATCH 0/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2 Pedro Falcato
2026-05-31 21:21 ` Askar Safin
2026-06-01 16:16 ` Christian Brauner
2026-06-02 21:12 ` Askar Safin
2026-06-02 21:37 ` Pedro Falcato
2026-06-02 22:06 ` Linus Torvalds
2026-06-02 22:41 ` Pedro Falcato
2026-06-02 23:07 ` Askar Safin
2026-06-02 22:54 ` Askar Safin
2026-06-03 0:05 ` Linus Torvalds
2026-06-03 1:08 ` Askar Safin
2026-06-03 3:51 ` Andy Lutomirski
2026-06-03 4:20 ` Linus Torvalds
2026-06-03 6:45 ` Christian Brauner
2026-06-03 13:40 ` Christian Brauner
2026-06-03 15:26 ` Linus Torvalds
2026-06-03 18:10 ` Andy Lutomirski
2026-06-03 18:28 ` Linus Torvalds
2026-06-03 19:22 ` David Howells
2026-06-03 19:59 ` Linus Torvalds
2026-06-03 21:31 ` Andy Lutomirski
2026-06-03 21:36 ` Linus Torvalds
2026-06-03 21:38 ` Linus Torvalds
2026-06-03 22:23 ` Andy Lutomirski
2026-06-03 22:53 ` Linus Torvalds
2026-06-03 22:43 ` Askar Safin
2026-06-03 22:49 ` Andy Lutomirski
2026-06-03 23:00 ` Askar Safin
2026-06-04 0:01 ` Linus Torvalds
2026-06-03 18:12 ` Jakub Kicinski
2026-06-03 11:43 ` Pedro Falcato
2026-06-03 18:14 ` Jakub Kicinski
2026-06-01 3:11 ` Andy Lutomirski
2026-06-01 15:36 ` Matthew Wilcox
2026-06-01 15:50 ` Linus Torvalds
2026-06-01 16:17 ` Christian Brauner
2026-06-01 16:22 ` Linus Torvalds
2026-06-03 19:24 ` David Howells
2026-06-01 16:23 ` Christian Brauner
2026-06-01 17:17 ` Linus Torvalds
2026-06-01 17:33 ` Al Viro
2026-06-01 20:04 ` Steven Rostedt
2026-06-02 0:28 ` Andrew Morton
2026-06-02 8:25 ` David Hildenbrand (Arm)
2026-06-02 18:44 ` Eric Biggers
2026-06-03 7:50 ` David Hildenbrand (Arm)
2026-06-04 6:32 ` Willy Tarreau
2026-06-04 14:31 ` Linus Torvalds
2026-06-04 15:53 ` Willy Tarreau
2026-06-04 15:58 ` Linus Torvalds
2026-06-04 16:15 ` Willy Tarreau
2026-06-04 15:53 ` Andy Lutomirski
2026-06-04 16:09 ` Willy Tarreau
2026-06-04 17:25 ` Andy Lutomirski
2026-06-03 9:57 ` Miklos Szeredi
2026-06-04 0:45 ` Askar Safin
2026-06-04 1:52 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260604223216.73468830@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=david@kernel.org \
--cc=dhowells@redhat.com \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=metze@samba.org \
--cc=miklos@szeredi.hu \
--cc=netdev@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=pfalcato@suse.de \
--cc=safinaskar@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox