git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob

   1 From prvs=378230090=farbere@amazon.com Fri Oct 17 11:09:53 2025
   2 From: Eliav Farber <farbere@amazon.com>
   3 Date: Fri, 17 Oct 2025 09:05:04 +0000
   4 Subject: minmax: relax check to allow comparison between unsigned arguments and signed constants
   5 To: <gregkh@linuxfoundation.org>, <stable@vger.kernel.org>, <linux@armlinux.org.uk>, <jdike@addtoit.com>, <richard@nod.at>, <anton.ivanov@cambridgegreys.com>, <dave.hansen@linux.intel.com>, <luto@kernel.org>, <peterz@infradead.org>, <tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>, <x86@kernel.org>, <hpa@zytor.com>, <tony.luck@intel.com>, <qiuxu.zhuo@intel.com>, <mchehab@kernel.org>, <james.morse@arm.com>, <rric@kernel.org>, <harry.wentland@amd.com>, <sunpeng.li@amd.com>, <alexander.deucher@amd.com>, <christian.koenig@amd.com>, <airlied@linux.ie>, <daniel@ffwll.ch>, <evan.quan@amd.com>, <james.qian.wang@arm.com>, <liviu.dudau@arm.com>, <mihail.atanassov@arm.com>, <brian.starkey@arm.com>, <maarten.lankhorst@linux.intel.com>, <mripard@kernel.org>, <tzimmermann@suse.de>, <robdclark@gmail.com>, <sean@poorly.run>, <jdelvare@suse.com>, <linux@roeck-us.net>, <fery@cypress.com>, <dmitry.torokhov@gmail.com>, <agk@redhat.com>, <snitzer@redhat.com>, <dm-devel@redhat.com>, <rajur@chelsio.com>, <davem@davemloft.net>, <kuba@kernel.org>, <peppe.cavallaro@st.com>, <alexandre.torgue@st.com>, <joabreu@synopsys.com>, <mcoquelin.stm32@gmail.com>, <malattia@linux.it>, <hdegoede@redhat.com>, <mgross@linux.intel.com>, <intel-linux-scu@intel.com>, <artur.paszkiewicz@intel.com>, <jejb@linux.ibm.com>, <martin.petersen@oracle.com>, <sakari.ailus@linux.intel.com>, <clm@fb.com>, <josef@toxicpanda.com>, <dsterba@suse.com>, <xiang@kernel.org>, <chao@kernel.org>, <jack@suse.com>, <tytso@mit.edu>, <adilger.kernel@dilger.ca>, <dushistov@mail.ru>, <luc.vanoostenryck@gmail.com>, <rostedt@goodmis.org>, <pmladek@suse.com>, <sergey.senozhatsky@gmail.com>, <andriy.shevchenko@linux.intel.com>, <linux@rasmusvillemoes.dk>, <minchan@kernel.org>, <ngupta@vflare.org>, <akpm@linux-foundation.org>, <kuznet@ms2.inr.ac.ru>, <yoshfuji@linux-ipv6.org>, <pablo@netfilter.org>, <kadlec@netfilter.org>, <fw@strlen.de>, <jmaloy@redhat.com>, <ying.xue@windriver.com>, <willy@infradead.org>, <farbere@amazon.com>, <sashal@kernel.org>, <ruanjinjie@huawei.com>, <David.Laight@ACULAB.COM>, <herve.codina@bootlin.com>, <Jason@zx2c4.com>, <keescook@chromium.org>, <kbusch@kernel.org>, <nathan@kernel.org>, <bvanassche@acm.org>, <ndesaulniers@google.com>, <linux-arm-kernel@lists.infradead.org>, <linux-kernel@vger.kernel.org>, <linux-um@lists.infradead.org>, <linux-edac@vger.kernel.org>, <amd-gfx@lists.freedesktop.org>, <dri-devel@lists.freedesktop.org>, <linux-arm-msm@vger.kernel.org>, <freedreno@lists.freedesktop.org>, <linux-hwmon@vger.kernel.org>, <linux-input@vger.kernel.org>, <linux-media@vger.kernel.org>, <netdev@vger.kernel.org>, <linux-stm32@st-md-mailman.stormreply.com>, <platform-driver-x86@vger.kernel.org>, <linux-scsi@vger.kernel.org>, <linux-staging@lists.linux.dev>, <linux-btrfs@vger.kernel.org>, <linux-erofs@lists.ozlabs.org>, <linux-ext4@vger.kernel.org>, <linux-sparse@vger.kernel.org>, <linux-mm@kvack.org>, <netfilter-devel@vger.kernel.org>, <coreteam@netfilter.org>, <tipc-discussion@lists.sourceforge.net>
   6 Cc: Christoph Hellwig <hch@infradead.org>, Linus Torvalds <torvalds@linux-foundation.org>
   7 Message-ID: <20251017090519.46992-13-farbere@amazon.com>
   8
   9 From: David Laight <David.Laight@ACULAB.COM>
  10
  11 [ Upstream commit 867046cc7027703f60a46339ffde91a1970f2901 ]
  12
  13 Allow (for example) min(unsigned_var, 20).
  14
  15 The opposite min(signed_var, 20u) is still errored.
  16
  17 Since a comparison between signed and unsigned never makes the unsigned
  18 value negative it is only necessary to adjust the __types_ok() test.
  19
  20 Link: https://lkml.kernel.org/r/633b64e2f39e46bb8234809c5595b8c7@AcuMS.aculab.com
  21 Signed-off-by: David Laight <david.laight@aculab.com>
  22 Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
  23 Cc: Christoph Hellwig <hch@infradead.org>
  24 Cc: Jason A. Donenfeld <Jason@zx2c4.com>
  25 Cc: Linus Torvalds <torvalds@linux-foundation.org>
  26 Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
  27 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
  28 Signed-off-by: Eliav Farber <farbere@amazon.com>
  29 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  30 ---
  31  include/linux/minmax.h |   24 +++++++++++++++++-------
  32  1 file changed, 17 insertions(+), 7 deletions(-)
  33
  34 --- a/include/linux/minmax.h
  35 +++ b/include/linux/minmax.h
  36 @@ -10,13 +10,18 @@
  37  /*
  38   * min()/max()/clamp() macros must accomplish three things:
  39   *
  40 - * - avoid multiple evaluations of the arguments (so side-effects like
  41 + * - Avoid multiple evaluations of the arguments (so side-effects like
  42   *   "x++" happen only once) when non-constant.
  43 - * - perform signed v unsigned type-checking (to generate compile
  44 - *   errors instead of nasty runtime surprises).
  45 - * - retain result as a constant expressions when called with only
  46 + * - Retain result as a constant expressions when called with only
  47   *   constant expressions (to avoid tripping VLA warnings in stack
  48   *   allocation usage).
  49 + * - Perform signed v unsigned type-checking (to generate compile
  50 + *   errors instead of nasty runtime surprises).
  51 + * - Unsigned char/short are always promoted to signed int and can be
  52 + *   compared against signed or unsigned arguments.
  53 + * - Unsigned arguments can be compared against non-negative signed constants.
  54 + * - Comparison of a signed argument against an unsigned constant fails
  55 + *   even if the constant is below __INT_MAX__ and could be cast to int.
  56   */
  57  #define __typecheck(x, y) \
  58         (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
  59 @@ -26,9 +31,14 @@
  60         __builtin_choose_expr(__is_constexpr(is_signed_type(typeof(x))),        \
  61                 is_signed_type(typeof(x)), 0)
  62
  63 -#define __types_ok(x, y)                       \
  64 -       (__is_signed(x) == __is_signed(y) ||    \
  65 -               __is_signed((x) + 0) == __is_signed((y) + 0))
  66 +/* True for a non-negative signed int constant */
  67 +#define __is_noneg_int(x)      \
  68 +       (__builtin_choose_expr(__is_constexpr(x) && __is_signed(x), x, -1) >= 0)
  69 +
  70 +#define __types_ok(x, y)                                       \
  71 +       (__is_signed(x) == __is_signed(y) ||                    \
  72 +               __is_signed((x) + 0) == __is_signed((y) + 0) || \
  73 +               __is_noneg_int(x) || __is_noneg_int(y))
  74
  75  #define __cmp_op_min <
  76  #define __cmp_op_max >