patches/old/minmaxh-update-some-comments.patch - pub/scm/linux/kernel/git/akpm/25-new - Git at Google

 From: David Laight <David.Laight@ACULAB.COM>
 Subject: minmax.h: update some comments
 Date: Mon, 18 Nov 2024 19:12:07 +0000

 - Change three to several.
 - Remove the comment about retaining constant expressions, no longer true.
 - Realign to nearer 80 columns and break on major punctiation.
 - Add a leading comment to the block before __signed_type() and __is_nonneg()
   Otherwise the block explaining the cast is a bit 'floating'.
   Reword the rest of that comment to improve readability.

 Link: https://lkml.kernel.org/r/85b050c81c1d4076aeb91a6cded45fee@AcuMS.aculab.com
 Signed-off-by: David Laight <david.laight@aculab.com>
 Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
 Cc: Arnd Bergmann <arnd@kernel.org>
 Cc: Christoph Hellwig <hch@infradead.org>
 Cc: Dan Carpenter <dan.carpenter@linaro.org>
 Cc: Jason A. Donenfeld <Jason@zx2c4.com>
 Cc: Jens Axboe <axboe@kernel.dk>
 Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
 Cc: Mateusz Guzik <mjguzik@gmail.com>
 Cc: Matthew Wilcox <willy@infradead.org>
 Cc: Pedro Falcato <pedro.falcato@gmail.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---

  include/linux/minmax.h |   61 +++++++++++++++++----------------------
  1 file changed, 28 insertions(+), 33 deletions(-)

 --- a/include/linux/minmax.h~minmaxh-update-some-comments
 +++ a/include/linux/minmax.h
 @@ -8,13 +8,10 @@
  #include <linux/types.h>

  /*
 - * min()/max()/clamp() macros must accomplish three things:
 + * min()/max()/clamp() macros must accomplish several things:
   *
   * - Avoid multiple evaluations of the arguments (so side-effects like
   *   "x++" happen only once) when non-constant.
 - * - Retain result as a constant expressions when called with only
 - *   constant expressions (to avoid tripping VLA warnings in stack
 - *   allocation usage).
   * - Perform signed v unsigned type-checking (to generate compile
   *   errors instead of nasty runtime surprises).
   * - Unsigned char/short are always promoted to signed int and can be
 @@ -31,25 +28,23 @@
   *   bit #0 set if ok for unsigned comparisons
   *   bit #1 set if ok for signed comparisons
   *
 - * In particular, statically non-negative signed integer
 - * expressions are ok for both.
 + * In particular, statically non-negative signed integer expressions
 + * are ok for both.
   *
 - * NOTE! Unsigned types smaller than 'int' are implicitly
 - * converted to 'int' in expressions, and are accepted for
 - * signed conversions for now. This is debatable.
 - *
 - * Note that 'x' is the original expression, and 'ux' is
 - * the unique variable that contains the value.
 - *
 - * We use 'ux' for pure type checking, and 'x' for when
 - * we need to look at the value (but without evaluating
 - * it for side effects! Careful to only ever evaluate it
 - * with sizeof() or __builtin_constant_p() etc).
 - *
 - * Pointers end up being checked by the normal C type
 - * rules at the actual comparison, and these expressions
 - * only need to be careful to not cause warnings for
 - * pointer use.
 + * NOTE! Unsigned types smaller than 'int' are implicitly converted to 'int'
 + * in expressions, and are accepted for signed conversions for now.
 + * This is debatable.
 + *
 + * Note that 'x' is the original expression, and 'ux' is the unique variable
 + * that contains the value.
 + *
 + * We use 'ux' for pure type checking, and 'x' for when we need to look at the
 + * value (but without evaluating it for side effects!
 + * Careful to only ever evaluate it with sizeof() or __builtin_constant_p() etc).
 + *
 + * Pointers end up being checked by the normal C type rules at the actual
 + * comparison, and these expressions only need to be careful to not cause
 + * warnings for pointer use.
   */
  #define __signed_type_use(x, ux) (2 + __is_nonneg(x, ux))
  #define __unsigned_type_use(x, ux) (1 + 2 * (sizeof(ux) < 4))
 @@ -57,19 +52,19 @@
  	__signed_type_use(x, ux) : __unsigned_type_use(x, ux))

  /*
 - * To avoid warnings about casting pointers to integers
 - * of different sizes, we need that special sign type.
 + * Check whether a signed value is always non-negative.
   *
 - * On 64-bit we can just always use 'long', since any
 - * integer or pointer type can just be cast to that.
 + * A cast is needed to avoid any warnings from values that aren't signed
 + * integer types (in which case the result doesn't matter).
   *
 - * This does not work for 128-bit signed integers since
 - * the cast would truncate them, but we do not use s128
 - * types in the kernel (we do use 'u128', but they will
 - * be handled by the !is_signed_type() case).
 - *
 - * NOTE! The cast is there only to avoid any warnings
 - * from when values that aren't signed integer types.
 + * On 64-bit any integer or pointer type can safely be cast to 'long'.
 + * But on 32-bit we need to avoid warnings about casting pointers to integers
 + * of different sizes without truncating 64-bit values so 'long' or 'long long'
 + * must be used depending on the size of the value.
 + *
 + * This does not work for 128-bit signed integers since the cast would truncate
 + * them, but we do not use s128 types in the kernel (we do use 'u128',
 + * but they are handled by the !is_signed_type() case).
   */
  #ifdef CONFIG_64BIT
    #define __signed_type(ux) long
 _
	From: David Laight <David.Laight@ACULAB.COM>
	Subject: minmax.h: update some comments
	Date: Mon, 18 Nov 2024 19:12:07 +0000

	- Change three to several.
	- Remove the comment about retaining constant expressions, no longer true.
	- Realign to nearer 80 columns and break on major punctiation.
	- Add a leading comment to the block before __signed_type() and __is_nonneg()
	Otherwise the block explaining the cast is a bit 'floating'.
	Reword the rest of that comment to improve readability.

	Link: https://lkml.kernel.org/r/85b050c81c1d4076aeb91a6cded45fee@AcuMS.aculab.com
	Signed-off-by: David Laight <david.laight@aculab.com>
	Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
	Cc: Arnd Bergmann <arnd@kernel.org>
	Cc: Christoph Hellwig <hch@infradead.org>
	Cc: Dan Carpenter <dan.carpenter@linaro.org>
	Cc: Jason A. Donenfeld <Jason@zx2c4.com>
	Cc: Jens Axboe <axboe@kernel.dk>
	Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
	Cc: Mateusz Guzik <mjguzik@gmail.com>
	Cc: Matthew Wilcox <willy@infradead.org>
	Cc: Pedro Falcato <pedro.falcato@gmail.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	---

	include/linux/minmax.h \| 61 +++++++++++++++++----------------------
	1 file changed, 28 insertions(+), 33 deletions(-)

	--- a/include/linux/minmax.h~minmaxh-update-some-comments
	+++ a/include/linux/minmax.h
	@@ -8,13 +8,10 @@
	#include <linux/types.h>

	/*
	- * min()/max()/clamp() macros must accomplish three things:
	+ * min()/max()/clamp() macros must accomplish several things:
	*
	* - Avoid multiple evaluations of the arguments (so side-effects like
	* "x++" happen only once) when non-constant.
	- * - Retain result as a constant expressions when called with only
	- * constant expressions (to avoid tripping VLA warnings in stack
	- * allocation usage).
	* - Perform signed v unsigned type-checking (to generate compile
	* errors instead of nasty runtime surprises).
	* - Unsigned char/short are always promoted to signed int and can be
	@@ -31,25 +28,23 @@
	* bit #0 set if ok for unsigned comparisons
	* bit #1 set if ok for signed comparisons
	*
	- * In particular, statically non-negative signed integer
	- * expressions are ok for both.
	+ * In particular, statically non-negative signed integer expressions
	+ * are ok for both.
	*
	- * NOTE! Unsigned types smaller than 'int' are implicitly
	- * converted to 'int' in expressions, and are accepted for
	- * signed conversions for now. This is debatable.
	- *
	- * Note that 'x' is the original expression, and 'ux' is
	- * the unique variable that contains the value.
	- *
	- * We use 'ux' for pure type checking, and 'x' for when
	- * we need to look at the value (but without evaluating
	- * it for side effects! Careful to only ever evaluate it
	- * with sizeof() or __builtin_constant_p() etc).
	- *
	- * Pointers end up being checked by the normal C type
	- * rules at the actual comparison, and these expressions
	- * only need to be careful to not cause warnings for
	- * pointer use.
	+ * NOTE! Unsigned types smaller than 'int' are implicitly converted to 'int'
	+ * in expressions, and are accepted for signed conversions for now.
	+ * This is debatable.
	+ *
	+ * Note that 'x' is the original expression, and 'ux' is the unique variable
	+ * that contains the value.
	+ *
	+ * We use 'ux' for pure type checking, and 'x' for when we need to look at the
	+ * value (but without evaluating it for side effects!
	+ * Careful to only ever evaluate it with sizeof() or __builtin_constant_p() etc).
	+ *
	+ * Pointers end up being checked by the normal C type rules at the actual
	+ * comparison, and these expressions only need to be careful to not cause
	+ * warnings for pointer use.
	*/
	#define __signed_type_use(x, ux) (2 + __is_nonneg(x, ux))
	#define __unsigned_type_use(x, ux) (1 + 2 * (sizeof(ux) < 4))
	@@ -57,19 +52,19 @@
	__signed_type_use(x, ux) : __unsigned_type_use(x, ux))

	/*
	- * To avoid warnings about casting pointers to integers
	- * of different sizes, we need that special sign type.
	+ * Check whether a signed value is always non-negative.
	*
	- * On 64-bit we can just always use 'long', since any
	- * integer or pointer type can just be cast to that.
	+ * A cast is needed to avoid any warnings from values that aren't signed
	+ * integer types (in which case the result doesn't matter).
	*
	- * This does not work for 128-bit signed integers since
	- * the cast would truncate them, but we do not use s128
	- * types in the kernel (we do use 'u128', but they will
	- * be handled by the !is_signed_type() case).
	- *
	- * NOTE! The cast is there only to avoid any warnings
	- * from when values that aren't signed integer types.
	+ * On 64-bit any integer or pointer type can safely be cast to 'long'.
	+ * But on 32-bit we need to avoid warnings about casting pointers to integers
	+ * of different sizes without truncating 64-bit values so 'long' or 'long long'
	+ * must be used depending on the size of the value.
	+ *
	+ * This does not work for 128-bit signed integers since the cast would truncate
	+ * them, but we do not use s128 types in the kernel (we do use 'u128',
	+ * but they are handled by the !is_signed_type() case).
	*/
	#ifdef CONFIG_64BIT
	#define __signed_type(ux) long
	_