On Mon, Nov 24, 2025 at 09:44:16PM +0000, Matthew Wilcox wrote:
> On Mon, Nov 24, 2025 at 01:20:21PM -0800, Kees Cook wrote:
> > Yes, -Wconversion (W=3) is mind-blowingly noisy, unfortunately.
>
> This third one is interesting.
>
> include/linux/jump_label.h:126:44: error: conversion to ‘long unsigned int’
> from ‘s32’ {aka ‘int’} may change the sign of the result
> [-Werror=sign-conversion]
> 126 | return (unsigned long)&entry->code + entry->code;
>
> static inline unsigned long jump_entry_code(const struct jump_entry *entry)
> {
> return (unsigned long)&entry->code + entry->code;
> }
>
> The warning is ... not the best phrased, but in terms of divining the
> programmer's intent, I genuinely don't know if this code is supposed
> to zero-extend or sign-extend the s32 to unsigned long. I know what it
> *does*, but I don't know if it was *supposed to do that*.
This is my core frustration with C: we have SO many things where we have
ambiguous intent. Yes, C may do exactly 1 thing with a given construct,
but it isn't clear that the author's intent matches what actually
happens.
> So I wuold be
> in favour of enabling this warning ... if we have a small army of people
> on tap to get the kernel to build. There's 374 lines of errors to fix
> from the header files included by scripts/mod/devicetable-offsets.s alone.
I'm for it, but that is a LONG road. I have so many other hills to die
on first. ;)
--
Kees Cook
