From patchwork Wed Oct 30 17:23:42 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesper Dangaard Brouer X-Patchwork-Id: 287305 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id D82312C0337 for ; Thu, 31 Oct 2013 04:18:21 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753102Ab3J3RSS (ORCPT ); Wed, 30 Oct 2013 13:18:18 -0400 Received: from mx1.redhat.com ([209.132.183.28]:6869 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750865Ab3J3RSR (ORCPT ); Wed, 30 Oct 2013 13:18:17 -0400 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r9UHHeNo031954 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 30 Oct 2013 13:17:40 -0400 Received: from dragon.localdomain (ovpn-116-59.ams2.redhat.com [10.36.116.59]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id r9UHHdZc029724; Wed, 30 Oct 2013 13:17:39 -0400 Received: from [127.0.0.1] (localhost [IPv6:::1]) by dragon.localdomain (Postfix) with ESMTP id 2FCDDE4040F; Wed, 30 Oct 2013 18:23:42 +0100 (CET) From: Jesper Dangaard Brouer Subject: [net-next PATCH] net: codel: Avoid undefined behavior from signed overflow To: netdev@vger.kernel.org Cc: Eric Dumazet , "Paul E. McKenney" , Dave Taht , Jesper Dangaard Brouer Date: Wed, 30 Oct 2013 18:23:42 +0100 Message-ID: <20131030172341.19203.93490.stgit@dragon> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jesper Dangaard Brouer As described in commit 5a581b367 (jiffies: Avoid undefined behavior from signed overflow), according to the C standard 3.4.3p3, overflow of a signed integer results in undefined behavior. To fix this, do as the above commit, and do an unsigned subtraction, and interpreting the result as a signed two's-complement number. This is based on the theory from RFC 1982 and is nicely described in wikipedia here: https://en.wikipedia.org/wiki/Serial_number_arithmetic#General_Solution A side-note, I have seen practical issues with the previous logic when dealing with 16-bit, on a 64-bit machine (gcc version 4.4.5). This were 32-bit, which I have not observed issues with. Cc: Paul E. McKenney Signed-off-by: Jesper Dangaard Brouer --- include/net/codel.h | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/include/net/codel.h b/include/net/codel.h index 389cf62..700fcdf 100644 --- a/include/net/codel.h +++ b/include/net/codel.h @@ -72,10 +72,10 @@ static inline codel_time_t codel_get_time(void) return ns >> CODEL_SHIFT; } -#define codel_time_after(a, b) ((s32)(a) - (s32)(b) > 0) -#define codel_time_after_eq(a, b) ((s32)(a) - (s32)(b) >= 0) -#define codel_time_before(a, b) ((s32)(a) - (s32)(b) < 0) -#define codel_time_before_eq(a, b) ((s32)(a) - (s32)(b) <= 0) +#define codel_time_after(a, b) ((s32)((a) - (b)) > 0) +#define codel_time_after_eq(a, b) ((s32)((a) - (b)) >= 0) +#define codel_time_before(a, b) ((s32)((a) - (b)) < 0) +#define codel_time_before_eq(a, b) ((s32)((a) - (b)) <= 0) /* Qdiscs using codel plugin must use codel_skb_cb in their own cb[] */ struct codel_skb_cb {