On Tue, Mar 31, 2026 at 01:31:16PM -0700, Kees Cook wrote:
> int func()
> {
> ...
> u8 __ob_trap product = 5;
> ...
> product = a * b; // if store is truncated, goto __overflow
> ...
> return product;
>
> __overflow:
> pr_info("%u\n", product); // shows "5"
> return -1;
> }
>
> (Isn't this just an implicit "try"?)
So I like this implicit try with a default label, and mostly I expect
this will be fine.
But as Linus already mentioned, sometimes you might want more. Could we
perhaps also have an explicit version, something along the lines of:
int func()
{
int __ob_trap size;
size = try(count * flex_size, __mul_overflow);
size = try(size + base_size, __add_overflow);
obj = kzalloc(size,...);
}
where we have something like:
#define try(stmt, _label) ({ \
__label __overflow; \
if (0) { \
__overflow: \
goto _label; \
} \
stmt; })
That is, have the overflow trapped and confined in the
statement-expression by using the overflow label as a local label and
use this little trampoline to re-direct to a custom label.
