From 8fc851b7b5315c9cae92557be6c32e1ee236201f Mon Sep 17 00:00:00 2001 From: Jason Zaman Date: Sat, 24 Oct 2015 14:15:58 +0800 Subject: [PATCH] sysmacros: Make P2ROUNDUP not trigger int overflow The original P2ROUNDUP and P2ROUNDUP_TYPED macros contain -x which triggers PaX's integer overflow detection for unsigned integers. Replace the macros with an equivalent version that does not trigger the overflow. Axioms: A. (-(x)) === (~((x) - 1)) === (~(x) + 1) under two's complement. B. ~(x & y) === ((~(x)) | (~(y))) under De Morgan's law. C. ~(~x) === x under the law of excluded middle. Proof: 0. (-(-(x) & -(align))) original 1. (~(-(x) & -(align)) + 1) by A 2. (((~(-(x))) | (~(-(align)))) + 1) by B 3. (((~(~((x) - 1))) | (~(~((align) - 1)))) + 1) by A 4. (((((x) - 1)) | (((align) - 1))) + 1) by C Q.E.D. Signed-off-by: Jason Zaman Reviewed-by: Chris Dunlop Reviewed-by: Richard Yao Signed-off-by: Brian Behlendorf Closes zfsonlinux/zfs#2505 Closes #488 --- include/sys/sysmacros.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/sys/sysmacros.h b/include/sys/sysmacros.h index 4dc7cd85..4a96e075 100644 --- a/include/sys/sysmacros.h +++ b/include/sys/sysmacros.h @@ -186,7 +186,7 @@ extern void spl_cleanup(void); */ #define P2ALIGN(x, align) ((x) & -(align)) #define P2CROSS(x, y, align) (((x) ^ (y)) > (align) - 1) -#define P2ROUNDUP(x, align) (-(-(x) & -(align))) +#define P2ROUNDUP(x, align) ((((x) - 1) | ((align) - 1)) + 1) #define P2PHASE(x, align) ((x) & ((align) - 1)) #define P2NPHASE(x, align) (-(x) & ((align) - 1)) #define ISP2(x) (((x) & ((x) - 1)) == 0) @@ -213,7 +213,7 @@ extern void spl_cleanup(void); #define P2NPHASE_TYPED(x, align, type) \ (-(type)(x) & ((type)(align) - 1)) #define P2ROUNDUP_TYPED(x, align, type) \ - (-(-(type)(x) & -(type)(align))) + ((((type)(x) - 1) | ((type)(align) - 1)) + 1) #define P2END_TYPED(x, align, type) \ (-(~(type)(x) & -(type)(align))) #define P2PHASEUP_TYPED(x, align, phase, type) \