On Mon, Nov 24, 2025 at 01:20:21PM -0800, Kees Cook wrote:
> > Maybe such a warning already exists and it's just too noisy to even
> > start thinking about turning it on?
>
> Yes, -Wconversion (W=3) is mind-blowingly noisy, unfortunately.
It looks like GCC isn't smart enough. The first warning I saw was legit
and easy to fix. The second one is bogus:
include/linux/err.h: In function ‘PTR_ERR_OR_ZERO’:
include/linux/err.h:120:24: error: conversion from ‘long int’ to ‘int’ may
change value [-Werror=conversion]
120 | return PTR_ERR(ptr);
But GCC can prove that this isn't true; it just chooses not to:
#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned
long)-MAX_ERRNO)
static inline bool __must_check IS_ERR(__force const void *ptr)
{
return IS_ERR_VALUE((unsigned long)ptr);
}
static inline int __must_check PTR_ERR_OR_ZERO(__force const void *ptr)
{
if (IS_ERR(ptr))
return PTR_ERR(ptr);
So GCC knows in this path that 'ptr' is in the range [-4095..-1] and
the conversion from long to int will not change the value.
I imagine that fixing this is not high on the GCC developer priority
list, but if we filed a bug that might change?
