<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/Documentation/process/deprecated.rst, branch linux-5.4.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>overflow: Implement size_t saturating arithmetic helpers</title>
<updated>2024-09-04T11:14:51+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2021-09-18T22:17:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1ab137a90eeaea265fa205538e28f3a54f7fd730'/>
<id>1ab137a90eeaea265fa205538e28f3a54f7fd730</id>
<content type='text'>
commit e1be43d9b5d0d1310dbd90185a8e5c7145dde40f upstream.

In order to perform more open-coded replacements of common allocation
size arithmetic, the kernel needs saturating (SIZE_MAX) helpers for
multiplication, addition, and subtraction. For example, it is common in
allocators, especially on realloc, to add to an existing size:

    p = krealloc(map-&gt;patch,
                 sizeof(struct reg_sequence) * (map-&gt;patch_regs + num_regs),
                 GFP_KERNEL);

There is no existing saturating replacement for this calculation, and
just leaving the addition open coded inside array_size() could
potentially overflow as well. For example, an overflow in an expression
for a size_t argument might wrap to zero:

    array_size(anything, something_at_size_max + 1) == 0

Introduce size_mul(), size_add(), and size_sub() helpers that
implicitly promote arguments to size_t and saturated calculations for
use in allocations. With these helpers it is also possible to redefine
array_size(), array3_size(), flex_array_size(), and struct_size() in
terms of the new helpers.

As with the check_*_overflow() helpers, the new helpers use __must_check,
though what is really desired is a way to make sure that assignment is
only to a size_t lvalue. Without this, it's still possible to introduce
overflow/underflow via type conversion (i.e. from size_t to int).
Enforcing this will currently need to be left to static analysis or
future use of -Wconversion.

Additionally update the overflow unit tests to force runtime evaluation
for the pathological cases.

Cc: Rasmus Villemoes &lt;linux@rasmusvillemoes.dk&gt;
Cc: Gustavo A. R. Silva &lt;gustavoars@kernel.org&gt;
Cc: Nathan Chancellor &lt;nathan@kernel.org&gt;
Cc: Jason Gunthorpe &lt;jgg@ziepe.ca&gt;
Cc: Nick Desaulniers &lt;ndesaulniers@google.com&gt;
Cc: Leon Romanovsky &lt;leon@kernel.org&gt;
Cc: Keith Busch &lt;kbusch@kernel.org&gt;
Cc: Len Baker &lt;len.baker@gmx.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit e1be43d9b5d0d1310dbd90185a8e5c7145dde40f upstream.

In order to perform more open-coded replacements of common allocation
size arithmetic, the kernel needs saturating (SIZE_MAX) helpers for
multiplication, addition, and subtraction. For example, it is common in
allocators, especially on realloc, to add to an existing size:

    p = krealloc(map-&gt;patch,
                 sizeof(struct reg_sequence) * (map-&gt;patch_regs + num_regs),
                 GFP_KERNEL);

There is no existing saturating replacement for this calculation, and
just leaving the addition open coded inside array_size() could
potentially overflow as well. For example, an overflow in an expression
for a size_t argument might wrap to zero:

    array_size(anything, something_at_size_max + 1) == 0

Introduce size_mul(), size_add(), and size_sub() helpers that
implicitly promote arguments to size_t and saturated calculations for
use in allocations. With these helpers it is also possible to redefine
array_size(), array3_size(), flex_array_size(), and struct_size() in
terms of the new helpers.

As with the check_*_overflow() helpers, the new helpers use __must_check,
though what is really desired is a way to make sure that assignment is
only to a size_t lvalue. Without this, it's still possible to introduce
overflow/underflow via type conversion (i.e. from size_t to int).
Enforcing this will currently need to be left to static analysis or
future use of -Wconversion.

Additionally update the overflow unit tests to force runtime evaluation
for the pathological cases.

Cc: Rasmus Villemoes &lt;linux@rasmusvillemoes.dk&gt;
Cc: Gustavo A. R. Silva &lt;gustavoars@kernel.org&gt;
Cc: Nathan Chancellor &lt;nathan@kernel.org&gt;
Cc: Jason Gunthorpe &lt;jgg@ziepe.ca&gt;
Cc: Nick Desaulniers &lt;ndesaulniers@google.com&gt;
Cc: Leon Romanovsky &lt;leon@kernel.org&gt;
Cc: Keith Busch &lt;kbusch@kernel.org&gt;
Cc: Len Baker &lt;len.baker@gmx.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Documentation/process: Add fallthrough pseudo-keyword</title>
<updated>2019-10-11T16:26:05+00:00</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2019-10-05T16:46:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b9918bdcac1ff7bf11f1ab64708267c73f9b2552'/>
<id>b9918bdcac1ff7bf11f1ab64708267c73f9b2552</id>
<content type='text'>
Describe the fallthrough pseudo-keyword.

Convert the coding-style.rst example to the keyword style.
Add description and links to deprecated.rst.

Miguel Ojeda comments on the eventual [[fallthrough]] syntax:
 "Note that C17/C18 does not have [[fallthrough]].

  C++17 introduced it, as it is mentioned above. I would keep the
  __attribute__((fallthrough)) -&gt; [[fallthrough]] change you did,
  though, since that is indeed the standard syntax (given the paragraph
  references C++17).

  I was told by Aaron Ballman (who is proposing them for C) that it is
  more or less likely that it becomes standardized in C2x. However, it
  is still not added to the draft (other attributes are already,
  though). See N2268 and N2269:

     http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2268.pdf (fallthrough)
     http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2269.pdf (attributes in general)"

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Acked-by: Nick Desaulniers &lt;ndesaulniers@google.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Describe the fallthrough pseudo-keyword.

Convert the coding-style.rst example to the keyword style.
Add description and links to deprecated.rst.

Miguel Ojeda comments on the eventual [[fallthrough]] syntax:
 "Note that C17/C18 does not have [[fallthrough]].

  C++17 introduced it, as it is mentioned above. I would keep the
  __attribute__((fallthrough)) -&gt; [[fallthrough]] change you did,
  though, since that is indeed the standard syntax (given the paragraph
  references C++17).

  I was told by Aaron Ballman (who is proposing them for C) that it is
  more or less likely that it becomes standardized in C2x. However, it
  is still not added to the draft (other attributes are already,
  though). See N2268 and N2269:

     http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2268.pdf (fallthrough)
     http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2269.pdf (attributes in general)"

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Acked-by: Nick Desaulniers &lt;ndesaulniers@google.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Makefile: Globally enable fall-through warning</title>
<updated>2019-07-26T01:13:54+00:00</updated>
<author>
<name>Gustavo A. R. Silva</name>
<email>gustavo@embeddedor.com</email>
</author>
<published>2019-06-07T00:46:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a035d552a93bb9ef6048733bb9f2a0dc857ff869'/>
<id>a035d552a93bb9ef6048733bb9f2a0dc857ff869</id>
<content type='text'>
Now that all the fall-through warnings have been addressed in the
kernel, enable the fall-through warning globally.

Also, update the deprecated.rst file to include implicit fall-through
as 'deprecated' so people can be pointed to a single location for
justification.

Cc: Masahiro Yamada &lt;yamada.masahiro@socionext.com&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Michal Marek &lt;michal.lkml@markovi.net&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: linux-kbuild@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva &lt;gustavo@embeddedor.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Now that all the fall-through warnings have been addressed in the
kernel, enable the fall-through warning globally.

Also, update the deprecated.rst file to include implicit fall-through
as 'deprecated' so people can be pointed to a single location for
justification.

Cc: Masahiro Yamada &lt;yamada.masahiro@socionext.com&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Michal Marek &lt;michal.lkml@markovi.net&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: linux-kbuild@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva &lt;gustavo@embeddedor.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>doc:it_IT: translations for documents in process/</title>
<updated>2019-03-18T18:03:45+00:00</updated>
<author>
<name>Federico Vaga</name>
<email>federico.vaga@vaga.pv.it</email>
</author>
<published>2019-02-24T20:05:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9834857754fffde7008123503fe8f1d66f526eb5'/>
<id>9834857754fffde7008123503fe8f1d66f526eb5</id>
<content type='text'>
Translated documents:
- stable-kernel-rules.rst
- deprecated.rst
- kernel-enforcement-statement.rst
- license-rules.rst

Added document to have valid links
- netdev-FAQ.rst

Modifications to main documentation
- add label in deprecated.rst

Signed-off-by: Federico Vaga &lt;federico.vaga@vaga.pv.it&gt;
Signed-off-by: Jonathan Corbet &lt;corbet@lwn.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Translated documents:
- stable-kernel-rules.rst
- deprecated.rst
- kernel-enforcement-statement.rst
- license-rules.rst

Added document to have valid links
- netdev-FAQ.rst

Modifications to main documentation
- add label in deprecated.rst

Signed-off-by: Federico Vaga &lt;federico.vaga@vaga.pv.it&gt;
Signed-off-by: Jonathan Corbet &lt;corbet@lwn.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>docs: Introduce deprecated APIs list</title>
<updated>2018-10-18T18:22:43+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2018-10-17T23:45:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=84253c8be37d5f0b54d624be1bd1b90bbbfe14b3'/>
<id>84253c8be37d5f0b54d624be1bd1b90bbbfe14b3</id>
<content type='text'>
As discussed in the "API replacement/deprecation" thread[1], this makes
an effort to document what things shouldn't get (re)added to the kernel,
by introducing Documentation/process/deprecated.rst.

[1] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2018-September/005282.html

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Jonathan Corbet &lt;corbet@lwn.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As discussed in the "API replacement/deprecation" thread[1], this makes
an effort to document what things shouldn't get (re)added to the kernel,
by introducing Documentation/process/deprecated.rst.

[1] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2018-September/005282.html

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Jonathan Corbet &lt;corbet@lwn.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
