Andrey Ryabinin
unread,Dec 4, 2015, 6:31:53 AM12/4/15Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Dmitry Vyukov, Hannes Frederic Sowa, Thomas Gleixner, LKML, syzkaller, Kostya Serebryany, Alexander Potapenko, Sasha Levin, Eric Dumazet, Linus Torvalds
I think we can workaround it this way:
diff --git a/include/linux/ktime.h b/include/linux/ktime.h
index 2b6a204..c768cc0 100644
--- a/include/linux/ktime.h
+++ b/include/linux/ktime.h
@@ -61,7 +61,7 @@ static inline ktime_t ktime_set(const s64 secs, const unsigned long nsecs)
/* Add two ktime_t variables. res = lhs + rhs: */
#define ktime_add(lhs, rhs) \
- ({ (ktime_t){ .tv64 = (lhs).tv64 + (rhs).tv64 }; })
+ ({ (ktime_t){ .tv64 = (s64)((u64)(lhs).tv64 + (u64)(rhs).tv64) }; })
/*
* Add a ktime_t variable and a scalar nanosecond value.
> compiler is within its rights to assume that res.tv64 < rhs.tv64 is
> always false (after inlining ktime_add). And compilers already do
> this.
Not with -fno-strict-overflow
> For example, if you compile the following program with clang -O2
> (clang version 3.8.0 (trunk 252895)), it does not print OVERFLOW:
>
> #include <stdio.h>
> #include <limits.h>
> int main() {
> volatile int x = 0;
> int a = INT_MAX + x;
> int b = 1 + x;
> if (a + b < a)
> printf("OVERFLOW\n");
> return 0;
> }
>
> Proper overflow checking for signed integers is quite hairy and easy
> to mess up. Do we have any helper functions for this? I've seen some
> patches from Hannes, not sure what's their status.
>
http://thread.gmane.org/gmane.linux.kernel/2072906/focus=2073073