On Tue, Sep 14, 2021 at 11:48 AM Kees Cook keescook@chromium.org wrote:
FWIW, it's probably better to avoid open-coding the check. There are helpers for shift-left too. :)
I actually looked for them.
But I only did so with a grep for "check_shift_overflow".
Which didn't find anything.
I didn't think anybody would call a shift overflow function "shl", since a right-shift by definition cannot overflow.
But no complaints about using the oddly named overflow function, though - it makes it more obvious that the patch is purely about changing 'blksize' to use a bit count.
Btw, these kinds of issues is exactly why I've been hardnosed about 64-bit divides for decades. 64-bit divides on 32-bit machines are *expensive*. It's why I don't like saying "just use '/' and we'll pick up the routines from libgcc".
In almost all real-life cases - at least in a kernel - the full divide is unnecessary. It's almost always people being silly and lazy, and the very expensive operation can be avoided entirely (or at least minimized to something like 64/32).
Linus