Hi David, On Wed, Nov 28, 2018 at 02:52:42PM +0100, David Sterba wrote: > The fix is adding a few branches to code that's supposed to be as fast > as possible. The branches would be evaluated all the time while > protecting against one signle bad page address. This does not look like > a good performance tradeoff.
That was my concern as well, though the simplified test should be cheaper especially since the branch is (almost) never taken and easily predicted. > > +#define OVERFLOW_ADD_CHECK(a, b) \ > > + (((a) + (b)) < (a)) > > I'm not sure if this is generally safe overflow check (never not > optimized out). Here it depends on the types of 'a' and 'b' that are > pointer (ip) and size_t (m_len). GCC has __builtin_add_overflow_p so > that one should be used where possible. Sure but that one came with gcc 7 which is not exactly a reasonable prerequisite especially when it comes to stable kernels. However I'm now seeing that we have include/linux/overflow.h which provides this. I have not checked what versions support it though, but 4.14 already doesn't have it. Thus a fallback will be needed anyway and maintaining two versions is not exactly the best thing to have to do :-/ Willy
