On Mon, Jan 22, 2024 at 04:26:38PM -0800, Kees Cook wrote: > Provide a helper that will perform wrapping addition without tripping > the arithmetic wrap-around sanitizers. > > Cc: "Gustavo A. R. Silva" <gustavo...@kernel.org> > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Kees Cook <keesc...@chromium.org> > --- > include/linux/overflow.h | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/include/linux/overflow.h b/include/linux/overflow.h > index ac088f73e0fd..30779905a77a 100644 > --- a/include/linux/overflow.h > +++ b/include/linux/overflow.h > @@ -124,6 +124,22 @@ static inline bool __must_check > __must_check_overflow(bool overflow) > check_add_overflow(a, b, &__result);\ > })) > > +/** > + * add_wrap() - Intentionally perform a wrapping addition > + * @a: first addend > + * @b: second addend > + * > + * Return the potentially wrapped-around addition without > + * tripping any overflow sanitizers that may be enabled. > + */ > +#define add_wrap(a, b) \ > + ({ \ > + typeof(a) __sum; \ > + if (check_add_overflow(a, b, &__sum)) \ > + /* do nothing */; \ > + __sum; \ > + })
It's really difficult to see the semicolon for the empty statement here; could we make that part: if ((check_add_overflow(a, b, &__sum)) { \ /* do nothing */ \ } \ ... to be a little clearer (and less at risk of breakage in a refactoring)? I realise coding style says not to use braces for a single statement, but IMO it's far clearer in this instance with the braces. Mark. > + > /** > * check_sub_overflow() - Calculate subtraction with overflow checking > * @a: minuend; value to subtract from > -- > 2.34.1 > >