From patchwork Wed Sep 13 13:10:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 139709 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp493501vqi; Thu, 14 Sep 2023 10:05:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFow/uCSnkF+1MQbkzf5dLKnwW8WbVKL8PjPjwuL5NtxszKEfXO3V7nnpRRkr3hgJwnaJq6 X-Received: by 2002:a05:6a20:1602:b0:15a:3b83:24d1 with SMTP id l2-20020a056a20160200b0015a3b8324d1mr503136pzj.18.1694711112169; Thu, 14 Sep 2023 10:05:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694711112; cv=none; d=google.com; s=arc-20160816; b=Ph0ClydVJ1iG7mrkhiuhgccWeVAMc3n/Hxzsp49MMI8LHqcZgJM9qfGHTTAt6qvN3G hl2Jyr0fCt3qqs8Ft/tiJCxf4fb2GMxHtq6cz15uKDFw30kcRwj8QOgUeXExd3StA0dI JMZgpEsAun+Hs3TlQ/mgIIRb+sixpV5TM1qG0VxHkp3LgOvdUS5OVsSKLNzFL1PO4McB fu63EYY5iZNcZViAdFj1hDQR9qk/iQpkqJCyxffDGmCSEuyzkJpuiACO3Jb49p+M27WZ 1gmfRBbDnovTLqXv5RMFZGQaTsHX/Y1AhDhbUPT1Us0+ExGnlxj091W1m/ppEOVPaWUA n/Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=TZqxVEGK4kLTjqiI5TlNyUfCYKdpoexEMO8Nc7Yn7r0=; fh=zdCoWWNwZujffrJhBueQUzngzidRSLRPEc3xeSuESio=; b=WVnYlFi2CHwHPZ+sG2fgkDuwjP1I4XClKzMXdimefLLOP5kplpsd+p+uXsqInEImL0 RZFoN2L+ne0FNaGjkD9miGI78scMxmJk/EAP9Hj+Bdq7maGqCYpN3djY8F1kGte5nt+A 3/X8bV7P2srF+PZcR1kw9ErTMNtUTGImm4oR75flQsiG8c6fFw4fm1OtqMo/e1yPUbes Zwu5qqUCBTgvhw7dhHzbrJ9Skr2soa4BZ/+p+T1erVMqqT27pR2DgF+qOKE1dDv6bDqO xd1o+nwpaCKF6n4vqCsCESknQQGgvUb9/5bihzeEBcKryMIX59bZbQuIbCbIEN6HIeos SJkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=cyYNH51c; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id eb5-20020a056a004c8500b0068e23721457si1911261pfb.68.2023.09.14.10.05.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 10:05:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=cyYNH51c; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 4E5A782224F1; Wed, 13 Sep 2023 06:10:47 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240783AbjIMNKl (ORCPT + 36 others); Wed, 13 Sep 2023 09:10:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33520 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240779AbjIMNKk (ORCPT ); Wed, 13 Sep 2023 09:10:40 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C7C71BC0; Wed, 13 Sep 2023 06:10:34 -0700 (PDT) Date: Wed, 13 Sep 2023 13:10:31 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694610632; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TZqxVEGK4kLTjqiI5TlNyUfCYKdpoexEMO8Nc7Yn7r0=; b=cyYNH51cp1BvNtdCFz3Wf+jYQdnWgivDrHM2k0RpU7JYtQ6PhDazZEL3NUL89qLOzWZpmh 1KC+HSZ++TRdPL+hvQ2lMaj3pQYiZUs0NnOMOEwVfL2sQke0qESCUsMoXFa23ueG+oKdKl SqmWq210VCt/BvY2zSIEZchorDNrRdGQmdSIpceqRTa+Zl7vjp7o973yaWc6/f6sV1y5qG PvA8mOiIj0/zMf2YM3a/PTE9J0fqFuUNlSsJI+/3J9xk8P14szZVPdkZgfxZNU89qFdDYi 3xuMMN2nkXzt4wqdG8MF70/7Fxopja6CvAcs4PlcXSxcab589hW0sipZrjHrfQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694610632; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TZqxVEGK4kLTjqiI5TlNyUfCYKdpoexEMO8Nc7Yn7r0=; b=H9ijjwoTkmjyFdsN5ZlZslsZTdewoHwGCMfDFX70XOIItyoxpiswsYIh8wGBldaWotOprn nElCKRgXYVOxQICA== From: "tip-bot2 for Peter Zijlstra" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: locking/core] cleanup: Make no_free_ptr() __must_check Cc: "Peter Zijlstra (Intel)" , Ingo Molnar , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20230816103102.GF980931@hirez.programming.kicks-ass.net> References: <20230816103102.GF980931@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Message-ID: <169461063154.27769.7093220616808262713.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 13 Sep 2023 06:10:47 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1776869956742199549 X-GMAIL-MSGID: 1777033398995588359 The following commit has been merged into the locking/core branch of tip: Commit-ID: 85be6d842447067ce76047a14d4258c96fd33b7b Gitweb: https://git.kernel.org/tip/85be6d842447067ce76047a14d4258c96fd33b7b Author: Peter Zijlstra AuthorDate: Tue, 15 Aug 2023 12:52:04 +02:00 Committer: Ingo Molnar CommitterDate: Wed, 13 Sep 2023 14:59:54 +02:00 cleanup: Make no_free_ptr() __must_check recent discussion brought about the realization that it makes sense for no_free_ptr() to have __must_check semantics in order to avoid leaking the resource. Additionally, add a few comments to clarify why/how things work. All credit to Linus on how to combine __must_check and the stmt-expression. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Link: https://lkml.kernel.org/r/20230816103102.GF980931@hirez.programming.kicks-ass.net --- include/linux/cleanup.h | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h index 53f1a7a..9f1a9c4 100644 --- a/include/linux/cleanup.h +++ b/include/linux/cleanup.h @@ -7,8 +7,9 @@ /* * DEFINE_FREE(name, type, free): * simple helper macro that defines the required wrapper for a __free() - * based cleanup function. @free is an expression using '_T' to access - * the variable. + * based cleanup function. @free is an expression using '_T' to access the + * variable. @free should typically include a NULL test before calling a + * function, see the example below. * * __free(name): * variable attribute to add a scoped based cleanup to the variable. @@ -17,6 +18,9 @@ * like a non-atomic xchg(var, NULL), such that the cleanup function will * be inhibited -- provided it sanely deals with a NULL value. * + * NOTE: this has __must_check semantics so that it is harder to accidentally + * leak the resource. + * * return_ptr(p): * returns p while inhibiting the __free(). * @@ -24,6 +28,8 @@ * * DEFINE_FREE(kfree, void *, if (_T) kfree(_T)) * + * void *alloc_obj(...) + * { * struct obj *p __free(kfree) = kmalloc(...); * if (!p) * return NULL; @@ -32,6 +38,24 @@ * return NULL; * * return_ptr(p); + * } + * + * NOTE: the DEFINE_FREE()'s @free expression includes a NULL test even though + * kfree() is fine to be called with a NULL value. This is on purpose. This way + * the compiler sees the end of our alloc_obj() function as: + * + * tmp = p; + * p = NULL; + * if (p) + * kfree(p); + * return tmp; + * + * And through the magic of value-propagation and dead-code-elimination, it + * eliminates the actual cleanup call and compiles into: + * + * return p; + * + * Without the NULL test it turns into a mess and the compiler can't help us. */ #define DEFINE_FREE(_name, _type, _free) \ @@ -39,8 +63,17 @@ #define __free(_name) __cleanup(__free_##_name) +#define __get_and_null_ptr(p) \ + ({ __auto_type __ptr = &(p); \ + __auto_type __val = *__ptr; \ + *__ptr = NULL; __val; }) + +static inline __must_check +const volatile void * __must_check_fn(const volatile void *val) +{ return val; } + #define no_free_ptr(p) \ - ({ __auto_type __ptr = (p); (p) = NULL; __ptr; }) + ((typeof(p)) __must_check_fn(__get_and_null_ptr(p))) #define return_ptr(p) return no_free_ptr(p)