[PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[Chuck Lever]

The (int) type cast in skb_truesize_check() is unneeded: without it, all
the variable types in the conditional expression are unsigned integers.  As
it stands, the type cast causes a comparison between a signed and an
unsigned integer, which can produce unexpected results.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 include/linux/skbuff.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 94e4991..7965216 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -387,7 +387,7 @@ extern void	      skb_truesize_bug(struct sk_buff *skb);
 
 static inline void skb_truesize_check(struct sk_buff *skb)
 {
-	if (unlikely((int)skb->truesize < sizeof(struct sk_buff) + skb->len))
+	if (unlikely(skb->truesize < sizeof(struct sk_buff) + skb->len))
 		skb_truesize_bug(skb);
 }
 

Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[David Miller]

From: Chuck Lever <chuck.lever@oracle.com>
Date: Fri, 02 Nov 2007 15:14:26 -0400

> The (int) type cast in skb_truesize_check() is unneeded: without it, all
> the variable types in the conditional expression are unsigned integers.  As
> it stands, the type cast causes a comparison between a signed and an
> unsigned integer, which can produce unexpected results.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

This is checking for skb->truesize being decremented too much by other
code, which could cause a wraparound below zero, so we do want
negaitve checks here.

Please stop these mindless signedness conversions without first trying
to think about what the code might be trying to do.

Thank you.

Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[Chuck Lever]

[-- Attachment #1: Type: text/plain, Size: 1170 bytes --]

David Miller wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> Date: Fri, 02 Nov 2007 15:14:26 -0400
> 
>> The (int) type cast in skb_truesize_check() is unneeded: without it, all
>> the variable types in the conditional expression are unsigned integers.  As
>> it stands, the type cast causes a comparison between a signed and an
>> unsigned integer, which can produce unexpected results.
>>
>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> 
> This is checking for skb->truesize being decremented too much by other
> code, which could cause a wraparound below zero, so we do want
> negaitve checks here.

If that's truly the case, document the requirement (perhaps using
something the compiler itself can verify) instead of using a clever
type cast trick.

Here's the problem with leaving these little surprises in commonly used 
kernel headers.  Suppose the developer of a network driver or network 
file system that uses one of these headers wants to employ static code 
analysis to identify issues introduced by new patches to their 
subsystem.  The tool warnings generated in kernel headers are just 
noise, and make using such code analysis difficult.

[-- Attachment #2: chuck.lever.vcf --]
[-- Type: text/x-vcard, Size: 259 bytes --]

begin:vcard
fn:Chuck Lever
n:Lever;Chuck
org:Oracle Corporation;Corporate Architecture: Linux Projects Group
adr:;;1015 Granger Avenue;Ann Arbor;MI;48104;USA
title:Principal Member of Staff
tel;work:+1 248 614 5091
x-mozilla-html:FALSE
version:2.1
end:vcard

Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[David Miller]

From: Chuck Lever <chuck.lever@oracle.com>
Date: Mon, 05 Nov 2007 18:59:26 -0500

> If that's truly the case, document the requirement (perhaps using
> something the compiler itself can verify) instead of using a clever
> type cast trick.

Feel free to submit such a change.

> Here's the problem with leaving these little surprises in commonly used 
> kernel headers.  Suppose the developer of a network driver or network 
> file system that uses one of these headers wants to employ static code 
> analysis to identify issues introduced by new patches to their 
> subsystem.  The tool warnings generated in kernel headers are just 
> noise, and make using such code analysis difficult.

Here's the problem with submitting patches fixing non-bugs and
removing useful assertions from kernel.  I won't apply them.

Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[Chuck Lever]

[-- Attachment #1: Type: text/plain, Size: 1976 bytes --]

David Miller wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> Date: Mon, 05 Nov 2007 18:59:26 -0500
> 
>> If that's truly the case, document the requirement (perhaps using
>> something the compiler itself can verify) instead of using a clever
>> type cast trick.
> 
> Feel free to submit such a change.

Here's what I propose.

skb->truesize should be an int, not an unsigned int, since you expect 
that it may go below zero.

Explicitly assert that skb->truesize is greater than zero in 
skb_truesize_check().

Explicitly assert that skb->len + sizeof(sk_buff) is less than INT_MAX.

Leave the assertion that's already there, but ensure that the types on 
both side of the comparison are as we expect.

Thoughts?

>> Here's the problem with leaving these little surprises in commonly used 
>> kernel headers.  Suppose the developer of a network driver or network 
>> file system that uses one of these headers wants to employ static code 
>> analysis to identify issues introduced by new patches to their 
>> subsystem.  The tool warnings generated in kernel headers are just 
>> noise, and make using such code analysis difficult.
> 
> Here's the problem with submitting patches fixing non-bugs and
> removing useful assertions from kernel.  I won't apply them.

"removing useful assertions"

The (int) type cast in that assertion is nothing more than a comment. 
The compiler promotes that side of the comparison to match the type on 
the right side, and the explicit type cast is entirely ignored.  So in 
fact, my patch removed nothing but a mistaken assumption.  The assertion 
behaves the same after my patch as it did before.

Thus anyone might be confused at what exactly was being asserted in 
skb_truesize_check().  It's not a question of whether or not I reviewed 
the logic that uses skb->truesize before crafting my patch; I did review 
it.  The fact that skb_truesize_check() never before asserted that 
skb->truesize is greater than zero is not my fault.

[-- Attachment #2: chuck.lever.vcf --]
[-- Type: text/x-vcard, Size: 315 bytes --]

begin:vcard
fn:Chuck Lever
n:Lever;Chuck
org:Oracle Corporation;Corporate Architecture: Linux Projects Group
adr:;;1015 Granger Avenue;Ann Arbor;MI;48104;USA
email;internet:chuck dot lever at nospam oracle dot com
title:Principal Member of Staff
tel;work:+1 248 614 5091
x-mozilla-html:FALSE
version:2.1
end:vcard

Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

[David Miller]

From: Chuck Lever <chuck.lever@oracle.com>
Date: Wed, 07 Nov 2007 10:11:28 -0500

> The (int) type cast in that assertion is nothing more than a comment. 
> The compiler promotes that side of the comparison to match the type on 
> the right side, and the explicit type cast is entirely ignored.  So in 
> fact, my patch removed nothing but a mistaken assumption.  The assertion 
> behaves the same after my patch as it did before.

Then please post a patch that makes the assertion work
instead of removing it, by casting both branches of the
comparison to be signed.