On 2019-09-26, Christian Brauner <[email protected]> wrote: > On Thu, Sep 26, 2019 at 01:03:29AM +0200, Aleksa Sarai wrote: > > +int is_zeroed_user(const void __user *from, size_t size) > > +{ > > + unsigned long val; > > + uintptr_t align = (uintptr_t) from % sizeof(unsigned long); > > + > > + if (unlikely(!size)) > > + return true; > > You're returning "true" and another implicit boolean with (val == 0) > down below but -EFAULT in other places. But that function is int > is_zeroed_user() Would probably be good if you either switch to bool > is_zeroed_user() as the name suggests or rename the function and have > it return an int everywhere.
I just checked, and in C11 (and presumably in older specs) it is
guaranteed that "true" and "false" from <stdbool.h> have the values 1
and 0 (respectively) [ยง7.18]. So this is perfectly well-defined.
Personally, I think it's more readable to have:
if (unlikely(size == 0))
return true;
/* ... */
return (val == 0);
compared to:
if (unlikely(size == 0))
return 1;
/* ... */
return val ? 0 : 1;
But I will change the function name (to check_zeroed_user) to make it
clearer that it isn't returning a boolean and that you need to check for
negative returns.
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
signature.asc
Description: PGP signature
