On Wed, Nov 19, 2025 at 10:40:56PM +0000, [email protected] wrote: > From: David Laight <[email protected]> > > It in not uncommon for code to use min_t(uint, a, b) when one of a or b > is 64bit and can have a value that is larger than 2^32; > This is particularly prevelant with: > uint_var = min_t(uint, uint_var, uint64_expression); > > Casts to u8 and u16 are very likely to discard significant bits. > > These can be detected at compile time by changing min_t(), for example: > #define CHECK_SIZE(fn, type, val) \ > BUILD_BUG_ON_MSG(sizeof (val) > sizeof (type) && \ > !statically_true(((val) >> 8 * (sizeof (type) - 1)) < 256), \ > fn "() significant bits of '" #val "' may be discarded") > > #define min_t(type, x, y) ({ \ > CHECK_SIZE("min_t", type, x); \ > CHECK_SIZE("min_t", type, y); \ > __cmp_once(min, type, x, y); }) > > (and similar changes to max_t() and clamp_t().)
Have we made sure that the introduction of these don't cause a combinatorial explosion like previous min()/max() changes did? > > This shows up some real bugs, some unlikely bugs and some false positives. > In most cases both arguments are unsigned type (just different ones) > and min_t() can just be replaced by min(). > > The patches are all independant and are most of the ones needed to > get the x86-64 kernel I build to compile. > I've not tried building an allyesconfig or allmodconfig kernel. Well I have a beefy box at my disposal so tried thiese for you :) Both allyesconfig & allmodconfig works fine for x86-64 (I tried both for good measure) > I've also not included the patch to minmax.h itself. > > I've tried to put the patches that actually fix things first. > The last one is 0009. > > I gave up on fixing sched/fair.c - it is too broken for a single patch! > The patch for net/ipv4/tcp.c is also absent because do_tcp_getsockopt() > needs multiple/larger changes to make it 'sane'. I guess this isn't broken per se there just retain min_t()/max_t() right? > > I've had to trim the 124 maintainers/lists that get_maintainer.pl finds > from 124 to under 100 to be able to send the cover letter. > The individual patches only go to the addresses found for the associated > files. > That reduces the number of emails to a less unsane number. > > David Laight (44): > x86/asm/bitops: Change the return type of variable__ffs() to unsigned > int > ext4: Fix saturation of 64bit inode times for old filesystems > perf: Fix branch stack callchain limit > io_uring/net: Change some dubious min_t() > ipc/msg: Fix saturation of percpu counts in msgctl_info() > bpf: Verifier, remove some unusual uses of min_t() and max_t() > net/core/flow_dissector: Fix cap of __skb_flow_dissect() return value. > net: ethtool: Use min3() instead of nested min_t(u16,...) > ipv6: __ip6_append_data() don't abuse max_t() casts > x86/crypto: ctr_crypt() use min() instead of min_t() > arch/x96/kvm: use min() instead of min_t() > block: use min() instead of min_t() > drivers/acpi: use min() instead of min_t() > drivers/char/hw_random: use min3() instead of nested min_t() > drivers/char/tpm: use min() instead of min_t() > drivers/crypto/ccp: use min() instead of min_t() > drivers/cxl: use min() instead of min_t() > drivers/gpio: use min() instead of min_t() > drivers/gpu/drm/amd: use min() instead of min_t() > drivers/i2c/busses: use min() instead of min_t() > drivers/net/ethernet/realtek: use min() instead of min_t() > drivers/nvme: use min() instead of min_t() > arch/x86/mm: use min() instead of min_t() > drivers/nvmem: use min() instead of min_t() > drivers/pci: use min() instead of min_t() > drivers/scsi: use min() instead of min_t() > drivers/tty/vt: use umin() instead of min_t(u16, ...) for row/col > limits > drivers/usb/storage: use min() instead of min_t() > drivers/xen: use min() instead of min_t() > fs: use min() or umin() instead of min_t() > block: bvec.h: use min() instead of min_t() > nodemask: use min() instead of min_t() > ipc: use min() instead of min_t() > bpf: use min() instead of min_t() > bpf_trace: use min() instead of min_t() > lib/bucket_locks: use min() instead of min_t() > lib/crypto/mpi: use min() instead of min_t() > lib/dynamic_queue_limits: use max() instead of max_t() > mm: use min() instead of min_t() > net: Don't pass bitfields to max_t() > net/core: Change loop conditions so min() can be used > net: use min() instead of min_t() > net/netlink: Use umin() to avoid min_t(int, ...) discarding high bits > net/mptcp: Change some dubious min_t(int, ...) to min() > > arch/x86/crypto/aesni-intel_glue.c | 3 +- > arch/x86/include/asm/bitops.h | 18 +++++------- > arch/x86/kvm/emulate.c | 3 +- > arch/x86/kvm/lapic.c | 2 +- > arch/x86/kvm/mmu/mmu.c | 2 +- > arch/x86/mm/pat/set_memory.c | 12 ++++---- > block/blk-iocost.c | 6 ++-- > block/blk-settings.c | 2 +- > block/partitions/efi.c | 3 +- > drivers/acpi/property.c | 2 +- > drivers/char/hw_random/core.c | 2 +- > drivers/char/tpm/tpm1-cmd.c | 2 +- > drivers/char/tpm/tpm_tis_core.c | 4 +-- > drivers/crypto/ccp/ccp-dev.c | 2 +- > drivers/cxl/core/mbox.c | 2 +- > drivers/gpio/gpiolib-acpi-core.c | 2 +- > .../gpu/drm/amd/amdgpu/amdgpu_doorbell_mgr.c | 4 +-- > drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +- > .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- > drivers/i2c/busses/i2c-designware-master.c | 2 +- > drivers/net/ethernet/realtek/r8169_main.c | 3 +- > drivers/nvme/host/pci.c | 3 +- > drivers/nvme/host/zns.c | 3 +- > drivers/nvmem/core.c | 2 +- > drivers/pci/probe.c | 3 +- > drivers/scsi/hosts.c | 2 +- > drivers/tty/vt/selection.c | 9 +++--- > drivers/usb/storage/protocol.c | 3 +- > drivers/xen/grant-table.c | 2 +- > fs/buffer.c | 2 +- > fs/exec.c | 2 +- > fs/ext4/ext4.h | 2 +- > fs/ext4/mballoc.c | 3 +- > fs/ext4/resize.c | 2 +- > fs/ext4/super.c | 2 +- > fs/fat/dir.c | 4 +-- > fs/fat/file.c | 3 +- > fs/fuse/dev.c | 2 +- > fs/fuse/file.c | 8 ++--- > fs/splice.c | 2 +- > include/linux/bvec.h | 3 +- > include/linux/nodemask.h | 9 +++--- > include/linux/perf_event.h | 2 +- > include/net/tcp_ecn.h | 5 ++-- > io_uring/net.c | 6 ++-- > ipc/mqueue.c | 4 +-- > ipc/msg.c | 6 ++-- > kernel/bpf/core.c | 4 +-- > kernel/bpf/log.c | 2 +- > kernel/bpf/verifier.c | 29 +++++++------------ > kernel/trace/bpf_trace.c | 2 +- > lib/bucket_locks.c | 2 +- > lib/crypto/mpi/mpicoder.c | 2 +- > lib/dynamic_queue_limits.c | 2 +- > mm/gup.c | 4 +-- > mm/memblock.c | 2 +- > mm/memory.c | 2 +- > mm/percpu.c | 2 +- > mm/truncate.c | 3 +- > mm/vmscan.c | 2 +- > net/core/datagram.c | 6 ++-- > net/core/flow_dissector.c | 7 ++--- > net/core/net-sysfs.c | 3 +- > net/core/skmsg.c | 4 +-- > net/ethtool/cmis_cdb.c | 7 ++--- > net/ipv4/fib_trie.c | 2 +- > net/ipv4/tcp_input.c | 4 +-- > net/ipv4/tcp_output.c | 5 ++-- > net/ipv4/tcp_timer.c | 4 +-- > net/ipv6/addrconf.c | 8 ++--- > net/ipv6/ip6_output.c | 7 +++-- > net/ipv6/ndisc.c | 5 ++-- > net/mptcp/protocol.c | 8 ++--- > net/netlink/genetlink.c | 9 +++--- > net/packet/af_packet.c | 2 +- > net/unix/af_unix.c | 4 +-- > 76 files changed, 141 insertions(+), 176 deletions(-) > > -- > 2.39.5 >
