[RFC PATCH v2 11/12] landlock/task: Fix incorrect BUILD_BUG_ON() in domain_is_scoped

[Tingmao Wang]

[1] introduces a check which doesn't seem fully correct / necessary, and
breaks the build for a further commit in this series.  This patch replaces
it with just a signedness check.

Cc: Tahera Fahimi <fahimitahera at gmail.com>
Link: https://lore.kernel.org/all/5f7ad85243b78427242275b93481cfc7c127764b.1725494372.git.fahimitahera@gmail.com/ [1]
Signed-off-by: Tingmao Wang <m at maowtm.org>
---

Mickaël, if this looks good can we merge this separately?

 security/landlock/task.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/security/landlock/task.c b/security/landlock/task.c
index d79919c1fec3..46e9bcc3beea 100644
--- a/security/landlock/task.c
+++ b/security/landlock/task.c
@@ -190,10 +190,11 @@ static bool domain_is_scoped(const struct landlock_domain *const client,
 	client_layer = client->num_layers - 1;
 	client_walker = client->hierarchy;
 	/*
-	 * client_layer must be a signed integer with greater capacity
-	 * than client->num_layers to ensure the following loop stops.
+	 * The following 2 loops involving client_layer and server_layer is
+	 * only safe if those integers are signed.
 	 */
-	BUILD_BUG_ON(sizeof(client_layer) > sizeof(client->num_layers));
+	BUILD_BUG_ON((typeof(client_layer))(-1) >= 0);
+	BUILD_BUG_ON((typeof(server_layer))(-1) >= 0);
 
 	server_layer = server ? (server->num_layers - 1) : -1;
 	server_walker = server ? server->hierarchy : NULL;
-- 
2.49.0