Message ID | c3611f95862a7f30d67d1c3cc56aaf7bb93d3b59.1678296892.git.mst@redhat.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp482319wrd; Wed, 8 Mar 2023 10:01:57 -0800 (PST) X-Google-Smtp-Source: AK7set8D04DnS3BYvkGRXfQoPAbV34MSHOqq4/vZmz1UbrqP57Z9PCPZUuF2IHuNu3fCgpjbO0Tk X-Received: by 2002:a17:90b:2246:b0:229:f4f3:e904 with SMTP id hk6-20020a17090b224600b00229f4f3e904mr21028800pjb.11.1678298517130; Wed, 08 Mar 2023 10:01:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678298517; cv=none; d=google.com; s=arc-20160816; b=o9ahQZUtIABVUmwJi+5pZE3Arla/0G79/1o/q7t8Q15MKiCnHNhFekY5gV2bFOmErO 1nhNbvQqA/hh5gijUKDwlX7Maw393ZZxveT0vdg+ooIIc62PYXyfDJp0ccKHMax0thz2 Ihtk53Jy/g+ybQ4uunBperS/xngEku1UaB+zDs6Dj7BeumOpOYAobzb/TrdnZqtoePtN h9LDM9JsuxqAfBPUJB3kx8cOP3PmuAXqilQfzJOU+vudj4VZ2WDFLxkWjcorC60l2N+i Rb1+1gS1FK6g/ds0BXvwUh23+f+fw9FKGg4JtwDH0PfH3mKSpGVujkG0ZQLxaRhrF07v g0pQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature; bh=uJnoHmMiEQ50Bf/sgKD3h0FbrR1x8YjmBiKx8gh/fG0=; b=TA2ta8HR71UgJWlOe+brEml74GDxYoBMDhmP3xYQ3b1Gc0H34dNKmqUeDuBrNjZU5A VFGOwfIw4bRe7UaO9TKc4w4c+aOb+gx8MN/Y+Y8WjRzBKCylrrJpQomwgzYKeevF7ffV Vbzxa3YfQkI3Pht66X4Aal8vErbIO6+MEkBQ1tPhbOkjYb3JnyP8DBdWJ9TTa+mCzMs+ 5/5/P5zWCyspqHEgGv0kbdiYh5kucsyw95e8uvw3/4haseSvPklmufE7maYRg9tnJO18 +K3i4MM4qORSOE9lVdR+P0ZwL2Zgynrjy3e0ZtzLg57AH5zJAGk92VYNlinAzeGXLzWP SI7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=T9IEcY1I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w185-20020a6382c2000000b00507648eb45asi4718608pgd.6.2023.03.08.10.01.21; Wed, 08 Mar 2023 10:01:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=T9IEcY1I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229717AbjCHRf7 (ORCPT <rfc822;toshivichauhan@gmail.com> + 99 others); Wed, 8 Mar 2023 12:35:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229636AbjCHRf5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 8 Mar 2023 12:35:57 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 772C440C1 for <linux-kernel@vger.kernel.org>; Wed, 8 Mar 2023 09:35:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678296909; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=uJnoHmMiEQ50Bf/sgKD3h0FbrR1x8YjmBiKx8gh/fG0=; b=T9IEcY1IGUZb6oM1IxdSfr4Wo7RhL28xi3jmESy3pBfCdi91nKP6hOBP8YFA3Qyabe5Dvu 1qsxg0yR5w6Z4mJluvH7u3bekKdx91T6i3akM6vY9UbWRNQnvu8DJ/Tk50po1sEBYB5XNM GSuNCzauT2JqJQU936AcZlTPZahgzTw= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-470-H1O2NKkGNSGSNM91jyyYAA-1; Wed, 08 Mar 2023 12:35:08 -0500 X-MC-Unique: H1O2NKkGNSGSNM91jyyYAA-1 Received: by mail-ed1-f72.google.com with SMTP id h15-20020a056402280f00b004bf9e193c23so25222287ede.11 for <linux-kernel@vger.kernel.org>; Wed, 08 Mar 2023 09:35:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678296906; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uJnoHmMiEQ50Bf/sgKD3h0FbrR1x8YjmBiKx8gh/fG0=; b=7KmvZjGqY3xw3Cqjr0DPaRzYi0QJpfU88dVA6P/HX+BgPtsy015tSgZr8u2LULO30e zwLAd6N8Iy5mFK+Wrc1Kg7+yL1UbRdlkKprdgl3K38Uz9bekIn+umOSX3ZlmnlDsZ3Y3 BM2xDqmY0vAcrCDvXtZIyvUA6jSk2Zq7hAk5E8zDg1uVdoVNd3iO0TBaNp6DVrR5zbv5 Etsrm36zbpc61cAwSucdgzs96Mis7KZU/Siu4XxsLTYAVLBQqy1EADJO7UWPeJYeMjQ/ SKAfnks4s3V6B/nyAZifzrHXB+71mkVlyYgan+nSGgkpXK0YlR0dR+f3DHzlv9XusWRr X7Jw== X-Gm-Message-State: AO0yUKWuK2XKxtP4eV+mgUU7aaTzitcR3uocKla38X9kapvyeIhcphFq Be1iv7YdTHZZnQ8IrhMz6qmKRfmEwzb1yx1bAJ9V8+NZl60rdtL1x37b56i1FmkH7DHRHSAVLBh TkGOmH9czTAEB6xDWmOfwBtPqVkHvgOS4LsrDbjMYhc8oOu0BOuolrmZXteazrasKVwEhrw6lDK TmlA== X-Received: by 2002:a17:907:6d92:b0:8ed:e8d6:4e0e with SMTP id sb18-20020a1709076d9200b008ede8d64e0emr27091314ejc.36.1678296906818; Wed, 08 Mar 2023 09:35:06 -0800 (PST) X-Received: by 2002:a17:907:6d92:b0:8ed:e8d6:4e0e with SMTP id sb18-20020a1709076d9200b008ede8d64e0emr27091280ejc.36.1678296906475; Wed, 08 Mar 2023 09:35:06 -0800 (PST) Received: from redhat.com ([2.52.138.216]) by smtp.gmail.com with ESMTPSA id g26-20020a17090613da00b008d044ede804sm7624887ejc.163.2023.03.08.09.35.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Mar 2023 09:35:06 -0800 (PST) Date: Wed, 8 Mar 2023 12:35:03 -0500 From: "Michael S. Tsirkin" <mst@redhat.com> To: linux-kernel@vger.kernel.org Cc: Jason Gunthorpe <jgg@ziepe.ca>, Sakari Ailus <sakari.ailus@linux.intel.com>, Matthew Wilcox <willy@infradead.org>, Jason Gunthorpe <jgg@nvidia.com>, Andy Shevchenko <andriy.shevchenko@linux.intel.com>, "Rafael J . Wysocki" <rafael@kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org> Subject: [PATCH] container_of: add type safety Message-ID: <c3611f95862a7f30d67d1c3cc56aaf7bb93d3b59.1678296892.git.mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759823546010082440?= X-GMAIL-MSGID: =?utf-8?q?1759823546010082440?= |
Series |
container_of: add type safety
|
|
Commit Message
Michael S. Tsirkin
March 8, 2023, 5:35 p.m. UTC
Using a wrong member in container_of will result in an error.
No so for container_of_const - it is just a cast so will
happily give you a wrong pointer.
Use logic from container_of to add safety.
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Jason Gunthorpe <jgg@nvidia.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Link: https://lore.kernel.org/r/20221205121206.166576-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/container_of.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Comments
On Wed, Mar 08, 2023 at 12:35:03PM -0500, Michael S. Tsirkin wrote: > Using a wrong member in container_of will result in an error. > No so for container_of_const - it is just a cast so will > happily give you a wrong pointer. > > Use logic from container_of to add safety. > > Cc: Jason Gunthorpe <jgg@ziepe.ca> > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > Cc: Matthew Wilcox (Oracle) <willy@infradead.org> > Cc: Jason Gunthorpe <jgg@nvidia.com> > Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > Cc: Rafael J. Wysocki <rafael@kernel.org> > Link: https://lore.kernel.org/r/20221205121206.166576-1-gregkh@linuxfoundation.org That's the wrong link, that's not this patch, that was an old patch. > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> I did not sign off on this. NEVER do that, you just made a legal statement in my name, why? Why did you not sign off on it? totally confused... > --- > include/linux/container_of.h | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/include/linux/container_of.h b/include/linux/container_of.h > index 1d898f9158b4..5d87faf72e0a 100644 > --- a/include/linux/container_of.h > +++ b/include/linux/container_of.h > @@ -29,10 +29,13 @@ > * @type: the type of the container struct this is embedded in. > * @member: the name of the member within the struct. > */ > -#define container_of_const(ptr, type, member) \ > +#define container_of_const(ptr, type, member) ({ \ > + static_assert(__same_type(*(ptr), ((type *)0)->member) || \ > + __same_type(*(ptr), void), \ > + "pointer type mismatch in container_of()"); \ Why is this needed because: > _Generic(ptr, \ > const typeof(*(ptr)) *: ((const type *)container_of(ptr, type, member)),\ > default: ((type *)container_of(ptr, type, member)) \ container_of() is used here, so shouldn't the assert trigger there if you get things wrong? So why is this change needed at all? thanks, greg k-h
On Wed, Mar 08, 2023 at 12:35:03PM -0500, Michael S. Tsirkin wrote: > Using a wrong member in container_of will result in an error. > No so for container_of_const - it is just a cast so will > happily give you a wrong pointer. > > Use logic from container_of to add safety. Also your subject line is wrong :(
On Wed, Mar 08, 2023 at 06:57:13PM +0100, Greg Kroah-Hartman wrote: > On Wed, Mar 08, 2023 at 12:35:03PM -0500, Michael S. Tsirkin wrote: > > Using a wrong member in container_of will result in an error. > > No so for container_of_const - it is just a cast so will > > happily give you a wrong pointer. > > > > Use logic from container_of to add safety. > > > > Cc: Jason Gunthorpe <jgg@ziepe.ca> > > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > > Cc: Matthew Wilcox (Oracle) <willy@infradead.org> > > Cc: Jason Gunthorpe <jgg@nvidia.com> > > Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> > > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > > Cc: Rafael J. Wysocki <rafael@kernel.org> > > Link: https://lore.kernel.org/r/20221205121206.166576-1-gregkh@linuxfoundation.org > > That's the wrong link, that's not this patch, that was an old patch. > > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > I did not sign off on this. NEVER do that, you just made a legal > statement in my name, why? > > Why did you not sign off on it? > > totally confused... Ooops. I started with people who signed off on the original one and replaced S.O.B with a CC. Forgot to replace it for yours and then the script checking patches saw a signoff and was happy so I didn't notice I forgot to sign it myself ... However ... > > --- > > include/linux/container_of.h | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/include/linux/container_of.h b/include/linux/container_of.h > > index 1d898f9158b4..5d87faf72e0a 100644 > > --- a/include/linux/container_of.h > > +++ b/include/linux/container_of.h > > @@ -29,10 +29,13 @@ > > * @type: the type of the container struct this is embedded in. > > * @member: the name of the member within the struct. > > */ > > -#define container_of_const(ptr, type, member) \ > > +#define container_of_const(ptr, type, member) ({ \ > > + static_assert(__same_type(*(ptr), ((type *)0)->member) || \ > > + __same_type(*(ptr), void), \ > > + "pointer type mismatch in container_of()"); \ > > Why is this needed because: > > > > _Generic(ptr, \ > > const typeof(*(ptr)) *: ((const type *)container_of(ptr, type, member)),\ > > default: ((type *)container_of(ptr, type, member)) \ > > container_of() is used here, so shouldn't the assert trigger there if > you get things wrong? > > So why is this change needed at all? > > thanks, > > greg k-h Hmm. I think I was confused. Error did not seem to trigger but I tried again and it does. Ignore this please. Sorry about the noise.
diff --git a/include/linux/container_of.h b/include/linux/container_of.h index 1d898f9158b4..5d87faf72e0a 100644 --- a/include/linux/container_of.h +++ b/include/linux/container_of.h @@ -29,10 +29,13 @@ * @type: the type of the container struct this is embedded in. * @member: the name of the member within the struct. */ -#define container_of_const(ptr, type, member) \ +#define container_of_const(ptr, type, member) ({ \ + static_assert(__same_type(*(ptr), ((type *)0)->member) || \ + __same_type(*(ptr), void), \ + "pointer type mismatch in container_of()"); \ _Generic(ptr, \ const typeof(*(ptr)) *: ((const type *)container_of(ptr, type, member)),\ default: ((type *)container_of(ptr, type, member)) \ - ) + ); }) #endif /* _LINUX_CONTAINER_OF_H */