On Fri, 2025-08-29 at 20:46 +0300, Jani Nikula wrote:
> Document the macros in preparation for making them more generally
> available.
>
> Cc: Kees Cook <k...@kernel.org>
> Cc: Gustavo A. R. Silva <gustavo...@kernel.org>
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Jani Nikula <jani.nik...@intel.com>
Reviewed-by: Jouni Högander <jouni.hogan...@intel.com>
> ---
> drivers/gpu/drm/i915/i915_utils.h | 46
> +++++++++++++++++++++++++++++++
> 1 file changed, 46 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_utils.h
> b/drivers/gpu/drm/i915/i915_utils.h
> index fdac9a158b53..968dae941532 100644
> --- a/drivers/gpu/drm/i915/i915_utils.h
> +++ b/drivers/gpu/drm/i915/i915_utils.h
> @@ -67,6 +67,18 @@ bool i915_error_injected(void);
> drm_err(&(i915)->drm, fmt, ##__VA_ARGS__); \
> })
>
> +/**
> + * range_overflows() - Check if a range is out of bounds
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * A strict check to determine if the range [@start, @start + @size)
> is
> + * invalid with respect to the allowable range [0, @max). Any range
> + * starting at or beyond @max is considered an overflow, even if
> @size is 0.
> + *
> + * Returns: true if the range is out of bounds.
> + */
> #define range_overflows(start, size, max) ({ \
> typeof(start) start__ = (start); \
> typeof(size) size__ = (size); \
> @@ -76,9 +88,32 @@ bool i915_error_injected(void);
> start__ >= max__ || size__ > max__ - start__; \
> })
>
> +/**
> + * range_overflows_t() - Check if a range is out of bounds
> + * @type: Data type to use.
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * Same as range_overflows() but forcing the parameters to @type.
> + *
> + * Returns: true if the range is out of bounds.
> + */
> #define range_overflows_t(type, start, size, max) \
> range_overflows((type)(start), (type)(size), (type)(max))
>
> +/**
> + * range_end_overflows() - Check if a range's endpoint is out of
> bounds
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * Checks only if the endpoint of a range (@start + @size) exceeds
> @max.
> + * Unlike range_overflows(), a zero-sized range at the boundary
> (@start == @max)
> + * is not considered an overflow. Useful for iterator-style checks.
> + *
> + * Returns: true if the endpoint exceeds the boundary.
> + */
> #define range_end_overflows(start, size, max) ({ \
> typeof(start) start__ = (start); \
> typeof(size) size__ = (size); \
> @@ -88,6 +123,17 @@ bool i915_error_injected(void);
> start__ > max__ || size__ > max__ - start__; \
> })
>
> +/**
> + * range_end_overflows_t() - Check if a range's endpoint is out of
> bounds
> + * @type: Data type to use.
> + * @start: Start of the range.
> + * @size: Size of the range.
> + * @max: Exclusive upper boundary.
> + *
> + * Same as range_end_overflows() but forcing the parameters to
> @type.
> + *
> + * Returns: true if the endpoint exceeds the boundary.
> + */
> #define range_end_overflows_t(type, start, size, max) \
> range_end_overflows((type)(start), (type)(size),
> (type)(max))
>
