| Message ID | c3611f95862a7f30d67d1c3cc56aaf7bb93d3b59.1678296892.git.mst@redhat.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp482319wrd;
Wed, 8 Mar 2023 10:01:57 -0800 (PST)
X-Google-Smtp-Source:
AK7set8D04DnS3BYvkGRXfQoPAbV34MSHOqq4/vZmz1UbrqP57Z9PCPZUuF2IHuNu3fCgpjbO0Tk
X-Received: by 2002:a17:90b:2246:b0:229:f4f3:e904 with SMTP id
hk6-20020a17090b224600b00229f4f3e904mr21028800pjb.11.1678298517130;
Wed, 08 Mar 2023 10:01:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678298517; cv=none;
d=google.com; s=arc-20160816;
b=o9ahQZUtIABVUmwJi+5pZE3Arla/0G79/1o/q7t8Q15MKiCnHNhFekY5gV2bFOmErO
1nhNbvQqA/hh5gijUKDwlX7Maw393ZZxveT0vdg+ooIIc62PYXyfDJp0ccKHMax0thz2
Ihtk53Jy/g+ybQ4uunBperS/xngEku1UaB+zDs6Dj7BeumOpOYAobzb/TrdnZqtoePtN
h9LDM9JsuxqAfBPUJB3kx8cOP3PmuAXqilQfzJOU+vudj4VZ2WDFLxkWjcorC60l2N+i
Rb1+1gS1FK6g/ds0BXvwUh23+f+fw9FKGg4JtwDH0PfH3mKSpGVujkG0ZQLxaRhrF07v
g0pQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-disposition:mime-version:message-id
:subject:cc:to:from:date:dkim-signature;
bh=uJnoHmMiEQ50Bf/sgKD3h0FbrR1x8YjmBiKx8gh/fG0=;
b=TA2ta8HR71UgJWlOe+brEml74GDxYoBMDhmP3xYQ3b1Gc0H34dNKmqUeDuBrNjZU5A
VFGOwfIw4bRe7UaO9TKc4w4c+aOb+gx8MN/Y+Y8WjRzBKCylrrJpQomwgzYKeevF7ffV
Vbzxa3YfQkI3Pht66X4Aal8vErbIO6+MEkBQ1tPhbOkjYb3JnyP8DBdWJ9TTa+mCzMs+
5/5/P5zWCyspqHEgGv0kbdiYh5kucsyw95e8uvw3/4haseSvPklmufE7maYRg9tnJO18
+K3i4MM4qORSOE9lVdR+P0ZwL2Zgynrjy3e0ZtzLg57AH5zJAGk92VYNlinAzeGXLzWP
SI7A==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=T9IEcY1I;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
w185-20020a6382c2000000b00507648eb45asi4718608pgd.6.2023.03.08.10.01.21;
Wed, 08 Mar 2023 10:01:57 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=T9IEcY1I;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229717AbjCHRf7 (ORCPT <rfc822;toshivichauhan@gmail.com>
+ 99 others); Wed, 8 Mar 2023 12:35:59 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60910 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229636AbjCHRf5 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 8 Mar 2023 12:35:57 -0500
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 772C440C1
for <linux-kernel@vger.kernel.org>;
Wed, 8 Mar 2023 09:35:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1678296909;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type;
bh=uJnoHmMiEQ50Bf/sgKD3h0FbrR1x8YjmBiKx8gh/fG0=;
b=T9IEcY1IGUZb6oM1IxdSfr4Wo7RhL28xi3jmESy3pBfCdi91nKP6hOBP8YFA3Qyabe5Dvu
1qsxg0yR5w6Z4mJluvH7u3bekKdx91T6i3akM6vY9UbWRNQnvu8DJ/Tk50po1sEBYB5XNM
GSuNCzauT2JqJQU936AcZlTPZahgzTw=
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
[209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
us-mta-470-H1O2NKkGNSGSNM91jyyYAA-1; Wed, 08 Mar 2023 12:35:08 -0500
X-MC-Unique: H1O2NKkGNSGSNM91jyyYAA-1
Received: by mail-ed1-f72.google.com with SMTP id
h15-20020a056402280f00b004bf9e193c23so25222287ede.11
for <linux-kernel@vger.kernel.org>;
Wed, 08 Mar 2023 09:35:08 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1678296906;
h=content-disposition:mime-version:message-id:subject:cc:to:from:date
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=uJnoHmMiEQ50Bf/sgKD3h0FbrR1x8YjmBiKx8gh/fG0=;
b=7KmvZjGqY3xw3Cqjr0DPaRzYi0QJpfU88dVA6P/HX+BgPtsy015tSgZr8u2LULO30e
zwLAd6N8Iy5mFK+Wrc1Kg7+yL1UbRdlkKprdgl3K38Uz9bekIn+umOSX3ZlmnlDsZ3Y3
BM2xDqmY0vAcrCDvXtZIyvUA6jSk2Zq7hAk5E8zDg1uVdoVNd3iO0TBaNp6DVrR5zbv5
Etsrm36zbpc61cAwSucdgzs96Mis7KZU/Siu4XxsLTYAVLBQqy1EADJO7UWPeJYeMjQ/
SKAfnks4s3V6B/nyAZifzrHXB+71mkVlyYgan+nSGgkpXK0YlR0dR+f3DHzlv9XusWRr
X7Jw==
X-Gm-Message-State: AO0yUKWuK2XKxtP4eV+mgUU7aaTzitcR3uocKla38X9kapvyeIhcphFq
Be1iv7YdTHZZnQ8IrhMz6qmKRfmEwzb1yx1bAJ9V8+NZl60rdtL1x37b56i1FmkH7DHRHSAVLBh
TkGOmH9czTAEB6xDWmOfwBtPqVkHvgOS4LsrDbjMYhc8oOu0BOuolrmZXteazrasKVwEhrw6lDK
TmlA==
X-Received: by 2002:a17:907:6d92:b0:8ed:e8d6:4e0e with SMTP id
sb18-20020a1709076d9200b008ede8d64e0emr27091314ejc.36.1678296906818;
Wed, 08 Mar 2023 09:35:06 -0800 (PST)
X-Received: by 2002:a17:907:6d92:b0:8ed:e8d6:4e0e with SMTP id
sb18-20020a1709076d9200b008ede8d64e0emr27091280ejc.36.1678296906475;
Wed, 08 Mar 2023 09:35:06 -0800 (PST)
Received: from redhat.com ([2.52.138.216])
by smtp.gmail.com with ESMTPSA id
g26-20020a17090613da00b008d044ede804sm7624887ejc.163.2023.03.08.09.35.04
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 08 Mar 2023 09:35:06 -0800 (PST)
Date: Wed, 8 Mar 2023 12:35:03 -0500
From: "Michael S. Tsirkin" <mst@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: Jason Gunthorpe <jgg@ziepe.ca>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Matthew Wilcox <willy@infradead.org>,
Jason Gunthorpe <jgg@nvidia.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
"Rafael J . Wysocki" <rafael@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH] container_of: add type safety
Message-ID:
<c3611f95862a7f30d67d1c3cc56aaf7bb93d3b59.1678296892.git.mst@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1
X-Mutt-Fcc: =sent
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1759823546010082440?=
X-GMAIL-MSGID: =?utf-8?q?1759823546010082440?=
|
| Series |
container_of: add type safety
|
|
Commit Message
Michael S. Tsirkin
March 8, 2023, 5:35 p.m. UTC
Using a wrong member in container_of will result in an error.
No so for container_of_const - it is just a cast so will
happily give you a wrong pointer.
Use logic from container_of to add safety.
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Jason Gunthorpe <jgg@nvidia.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Link: https://lore.kernel.org/r/20221205121206.166576-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/container_of.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Comments
On Wed, Mar 08, 2023 at 12:35:03PM -0500, Michael S. Tsirkin wrote: > Using a wrong member in container_of will result in an error. > No so for container_of_const - it is just a cast so will > happily give you a wrong pointer. > > Use logic from container_of to add safety. > > Cc: Jason Gunthorpe <jgg@ziepe.ca> > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > Cc: Matthew Wilcox (Oracle) <willy@infradead.org> > Cc: Jason Gunthorpe <jgg@nvidia.com> > Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > Cc: Rafael J. Wysocki <rafael@kernel.org> > Link: https://lore.kernel.org/r/20221205121206.166576-1-gregkh@linuxfoundation.org That's the wrong link, that's not this patch, that was an old patch. > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> I did not sign off on this. NEVER do that, you just made a legal statement in my name, why? Why did you not sign off on it? totally confused... > --- > include/linux/container_of.h | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/include/linux/container_of.h b/include/linux/container_of.h > index 1d898f9158b4..5d87faf72e0a 100644 > --- a/include/linux/container_of.h > +++ b/include/linux/container_of.h > @@ -29,10 +29,13 @@ > * @type: the type of the container struct this is embedded in. > * @member: the name of the member within the struct. > */ > -#define container_of_const(ptr, type, member) \ > +#define container_of_const(ptr, type, member) ({ \ > + static_assert(__same_type(*(ptr), ((type *)0)->member) || \ > + __same_type(*(ptr), void), \ > + "pointer type mismatch in container_of()"); \ Why is this needed because: > _Generic(ptr, \ > const typeof(*(ptr)) *: ((const type *)container_of(ptr, type, member)),\ > default: ((type *)container_of(ptr, type, member)) \ container_of() is used here, so shouldn't the assert trigger there if you get things wrong? So why is this change needed at all? thanks, greg k-h
On Wed, Mar 08, 2023 at 12:35:03PM -0500, Michael S. Tsirkin wrote: > Using a wrong member in container_of will result in an error. > No so for container_of_const - it is just a cast so will > happily give you a wrong pointer. > > Use logic from container_of to add safety. Also your subject line is wrong :(
On Wed, Mar 08, 2023 at 06:57:13PM +0100, Greg Kroah-Hartman wrote: > On Wed, Mar 08, 2023 at 12:35:03PM -0500, Michael S. Tsirkin wrote: > > Using a wrong member in container_of will result in an error. > > No so for container_of_const - it is just a cast so will > > happily give you a wrong pointer. > > > > Use logic from container_of to add safety. > > > > Cc: Jason Gunthorpe <jgg@ziepe.ca> > > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > > Cc: Matthew Wilcox (Oracle) <willy@infradead.org> > > Cc: Jason Gunthorpe <jgg@nvidia.com> > > Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> > > Cc: Sakari Ailus <sakari.ailus@linux.intel.com> > > Cc: Rafael J. Wysocki <rafael@kernel.org> > > Link: https://lore.kernel.org/r/20221205121206.166576-1-gregkh@linuxfoundation.org > > That's the wrong link, that's not this patch, that was an old patch. > > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > I did not sign off on this. NEVER do that, you just made a legal > statement in my name, why? > > Why did you not sign off on it? > > totally confused... Ooops. I started with people who signed off on the original one and replaced S.O.B with a CC. Forgot to replace it for yours and then the script checking patches saw a signoff and was happy so I didn't notice I forgot to sign it myself ... However ... > > --- > > include/linux/container_of.h | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/include/linux/container_of.h b/include/linux/container_of.h > > index 1d898f9158b4..5d87faf72e0a 100644 > > --- a/include/linux/container_of.h > > +++ b/include/linux/container_of.h > > @@ -29,10 +29,13 @@ > > * @type: the type of the container struct this is embedded in. > > * @member: the name of the member within the struct. > > */ > > -#define container_of_const(ptr, type, member) \ > > +#define container_of_const(ptr, type, member) ({ \ > > + static_assert(__same_type(*(ptr), ((type *)0)->member) || \ > > + __same_type(*(ptr), void), \ > > + "pointer type mismatch in container_of()"); \ > > Why is this needed because: > > > > _Generic(ptr, \ > > const typeof(*(ptr)) *: ((const type *)container_of(ptr, type, member)),\ > > default: ((type *)container_of(ptr, type, member)) \ > > container_of() is used here, so shouldn't the assert trigger there if > you get things wrong? > > So why is this change needed at all? > > thanks, > > greg k-h Hmm. I think I was confused. Error did not seem to trigger but I tried again and it does. Ignore this please. Sorry about the noise.
diff --git a/include/linux/container_of.h b/include/linux/container_of.h index 1d898f9158b4..5d87faf72e0a 100644 --- a/include/linux/container_of.h +++ b/include/linux/container_of.h @@ -29,10 +29,13 @@ * @type: the type of the container struct this is embedded in. * @member: the name of the member within the struct. */ -#define container_of_const(ptr, type, member) \ +#define container_of_const(ptr, type, member) ({ \ + static_assert(__same_type(*(ptr), ((type *)0)->member) || \ + __same_type(*(ptr), void), \ + "pointer type mismatch in container_of()"); \ _Generic(ptr, \ const typeof(*(ptr)) *: ((const type *)container_of(ptr, type, member)),\ default: ((type *)container_of(ptr, type, member)) \ - ) + ); }) #endif /* _LINUX_CONTAINER_OF_H */