On Fri, 2025-08-29 at 20:46 +0300, Jani Nikula wrote:
> Move the range_overflows() and range_end_overflows() along with the
> _t
> variants over from drm/i915 and drm/buddy to overflow.h.
>
> Cc: Kees Cook <k...@kernel.org>
> Cc: Gustavo A. R. Silva <gustavo...@kernel.org>
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Jani Nikula <jani.nik...@intel.com>
Reviewed-by: Jouni Högander <jouni.hogan...@intel.com>
> ---
> drivers/gpu/drm/i915/i915_utils.h | 70 -----------------------------
> --
> include/drm/drm_buddy.h | 9 ----
> include/linux/overflow.h | 70
> +++++++++++++++++++++++++++++++
> 3 files changed, 70 insertions(+), 79 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/i915_utils.h
> b/drivers/gpu/drm/i915/i915_utils.h
> index 968dae941532..eb4d43c40009 100644
> --- a/drivers/gpu/drm/i915/i915_utils.h
> +++ b/drivers/gpu/drm/i915/i915_utils.h
> @@ -67,76 +67,6 @@ bool i915_error_injected(void);
> drm_err(&(i915)->drm, fmt, ##__VA_ARGS__); \
> })
>
> -/**
> - * range_overflows() - Check if a range is out of bounds
> - * @start: Start of the range.
> - * @size: Size of the range.
> - * @max: Exclusive upper boundary.
> - *
> - * A strict check to determine if the range [@start, @start + @size)
> is
> - * invalid with respect to the allowable range [0, @max). Any range
> - * starting at or beyond @max is considered an overflow, even if
> @size is 0.
> - *
> - * Returns: true if the range is out of bounds.
> - */
> -#define range_overflows(start, size, max) ({ \
> - typeof(start) start__ = (start); \
> - typeof(size) size__ = (size); \
> - typeof(max) max__ = (max); \
> - (void)(&start__ == &size__); \
> - (void)(&start__ == &max__); \
> - start__ >= max__ || size__ > max__ - start__; \
> -})
> -
> -/**
> - * range_overflows_t() - Check if a range is out of bounds
> - * @type: Data type to use.
> - * @start: Start of the range.
> - * @size: Size of the range.
> - * @max: Exclusive upper boundary.
> - *
> - * Same as range_overflows() but forcing the parameters to @type.
> - *
> - * Returns: true if the range is out of bounds.
> - */
> -#define range_overflows_t(type, start, size, max) \
> - range_overflows((type)(start), (type)(size), (type)(max))
> -
> -/**
> - * range_end_overflows() - Check if a range's endpoint is out of
> bounds
> - * @start: Start of the range.
> - * @size: Size of the range.
> - * @max: Exclusive upper boundary.
> - *
> - * Checks only if the endpoint of a range (@start + @size) exceeds
> @max.
> - * Unlike range_overflows(), a zero-sized range at the boundary
> (@start == @max)
> - * is not considered an overflow. Useful for iterator-style checks.
> - *
> - * Returns: true if the endpoint exceeds the boundary.
> - */
> -#define range_end_overflows(start, size, max) ({ \
> - typeof(start) start__ = (start); \
> - typeof(size) size__ = (size); \
> - typeof(max) max__ = (max); \
> - (void)(&start__ == &size__); \
> - (void)(&start__ == &max__); \
> - start__ > max__ || size__ > max__ - start__; \
> -})
> -
> -/**
> - * range_end_overflows_t() - Check if a range's endpoint is out of
> bounds
> - * @type: Data type to use.
> - * @start: Start of the range.
> - * @size: Size of the range.
> - * @max: Exclusive upper boundary.
> - *
> - * Same as range_end_overflows() but forcing the parameters to
> @type.
> - *
> - * Returns: true if the endpoint exceeds the boundary.
> - */
> -#define range_end_overflows_t(type, start, size, max) \
> - range_end_overflows((type)(start), (type)(size),
> (type)(max))
> -
> #define ptr_mask_bits(ptr, n)
> ({ \
> unsigned long __v = (unsigned
> long)(ptr); \
> (typeof(ptr))(__v & -
> BIT(n)); \
> diff --git a/include/drm/drm_buddy.h b/include/drm/drm_buddy.h
> index 513837632b7d..04afd7c21a82 100644
> --- a/include/drm/drm_buddy.h
> +++ b/include/drm/drm_buddy.h
> @@ -13,15 +13,6 @@
>
> #include <drm/drm_print.h>
>
> -#define range_overflows(start, size, max) ({ \
> - typeof(start) start__ = (start); \
> - typeof(size) size__ = (size); \
> - typeof(max) max__ = (max); \
> - (void)(&start__ == &size__); \
> - (void)(&start__ == &max__); \
> - start__ >= max__ || size__ > max__ - start__; \
> -})
> -
> #define DRM_BUDDY_RANGE_ALLOCATION BIT(0)
> #define DRM_BUDDY_TOPDOWN_ALLOCATION BIT(1)
> #define DRM_BUDDY_CONTIGUOUS_ALLOCATION BIT(2)
> diff --git a/include/linux/overflow.h b/include/linux/overflow.h
> index 154ed0dbb43f..725f95f7e416 100644
> --- a/include/linux/overflow.h
> +++ b/include/linux/overflow.h
> @@ -238,6 +238,76 @@ static inline bool __must_check
> __must_check_overflow(bool overflow)
> __overflows_type_constexpr(n,
> T), \
> __overflows_type(n, T))
>
> +/**
> + * range_overflows() - Check if a range is out of bounds
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * A strict check to determine if the range [@start, @start + @size)
> is
> + * invalid with respect to the allowable range [0, @max). Any range
> + * starting at or beyond @max is considered an overflow, even if
> @size is 0.
> + *
> + * Returns: true if the range is out of bounds.
> + */
> +#define range_overflows(start, size, max) ({ \
> + typeof(start) start__ = (start); \
> + typeof(size) size__ = (size); \
> + typeof(max) max__ = (max); \
> + (void)(&start__ == &size__); \
> + (void)(&start__ == &max__); \
> + start__ >= max__ || size__ > max__ - start__; \
> +})
> +
> +/**
> + * range_overflows_t() - Check if a range is out of bounds
> + * @type: Data type to use.
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * Same as range_overflows() but forcing the parameters to @type.
> + *
> + * Returns: true if the range is out of bounds.
> + */
> +#define range_overflows_t(type, start, size, max) \
> + range_overflows((type)(start), (type)(size), (type)(max))
> +
> +/**
> + * range_end_overflows() - Check if a range's endpoint is out of
> bounds
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * Checks only if the endpoint of a range (@start + @size) exceeds
> @max.
> + * Unlike range_overflows(), a zero-sized range at the boundary
> (@start == @max)
> + * is not considered an overflow. Useful for iterator-style checks.
> + *
> + * Returns: true if the endpoint exceeds the boundary.
> + */
> +#define range_end_overflows(start, size, max) ({ \
> + typeof(start) start__ = (start); \
> + typeof(size) size__ = (size); \
> + typeof(max) max__ = (max); \
> + (void)(&start__ == &size__); \
> + (void)(&start__ == &max__); \
> + start__ > max__ || size__ > max__ - start__; \
> +})
> +
> +/**
> + * range_end_overflows_t() - Check if a range's endpoint is out of
> bounds
> + * @type: Data type to use.
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * Same as range_end_overflows() but forcing the parameters to
> @type.
> + *
> + * Returns: true if the endpoint exceeds the boundary.
> + */
> +#define range_end_overflows_t(type, start, size, max) \
> + range_end_overflows((type)(start), (type)(size),
> (type)(max))
> +
> /**
> * castable_to_type - like __same_type(), but also allows for casted
> literals
> *
