From: Marcin Slusarz <marcin.slusarz@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] let ERR_PTR BUILD_BUG_ON when we know its argument is not a valid errno
Date: Tue, 13 May 2008 22:18:30 +0200 [thread overview]
Message-ID: <20080513201813.GA5869@joi> (raw)
In-Reply-To: <20080512163830.04ef13fd.akpm@linux-foundation.org>
On Mon, May 12, 2008 at 04:38:30PM -0700, Andrew Morton wrote:
> On Sun, 11 May 2008 22:12:14 +0200
> Marcin Slusarz <marcin.slusarz@gmail.com> wrote:
>
> > Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
> > Cc: Andrew Morton <akpm@osdl.org>
> > ---
> > allmodconfig compile tested (on x86_64)
> >
> > should be applied after:
> > net/sunrpc/xprtrdma: fix svc_rdma_create out of memory error path
> > jfs: 0 is not valid errno value
> > ---
> > include/linux/err.h | 4 +++-
> > 1 files changed, 3 insertions(+), 1 deletions(-)
> >
> > diff --git a/include/linux/err.h b/include/linux/err.h
> > --- a/include/linux/err.h
> > +++ b/include/linux/err.h
> > @@ -19,11 +19,13 @@
> >
> > #define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)
> >
> > -static inline void *ERR_PTR(long error)
> > +static inline void *__ERR_PTR(long error)
> > {
> > return (void *) error;
> > }
> >
> > +#define ERR_PTR(error) (BUILD_BUG_ON(!IS_ERR_VALUE(error)), __ERR_PTR(error))
> > +
> > static inline long PTR_ERR(const void *ptr)
> > {
> > return (long) ptr;
>
> Not sure about this one. BUILD_BUG_ON only makes sense if the value is
> a compile-time constant. I think the code as you have it will take this:
>
> int e = foo();
>
> p = ERR_PTR(e);
>
> and will attempt to evaluate sizeof() on a negative-sized array at
> runtime. The conmpile will laugh and throw that all away, but it's a
> bit weird.
>
> Plus I'd have thought that the amount of code which does ERR_PTR(-EFOO)
> is fairly small, but perhaps that's wrong.
$ git grep 'ERR_PTR(-E[A-Z]*)' | wc -l
1431
> If I _am_ wrong then I do think it'd be saner to only do the
> BUILD_BUG_ON() if __builtin_constant_p(error) evaluates true. And even
I thought BUILD_BUG_ON uses __builtin_constant_p internally and it was
a big mistake (see below).
> then I do think we'd like to see a more lengthy justification of why
> the kernel needs this check.
Well, I think it's better to find more errors at compile time,
than on rare runtime situation (error handling).
This patch found 2 errors on current sources (but one of them was harmless).
> More lengthy than zero, anyway...
>
> (If a compile-time check is needed then why not a runtime one also?)
I'm not sure - it would make kernel slightly bigger. I'll check that.
Today I discovered, that this patch causes funny runtime errors (/proc is mounted,
but many applications think it's not), so ignore this patch for now.
I'll prepare second version.
Marcin
next prev parent reply other threads:[~2008-05-13 20:27 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-11 20:12 [PATCH] let ERR_PTR BUILD_BUG_ON when we know its argument is not a valid errno Marcin Slusarz
2008-05-12 23:38 ` Andrew Morton
2008-05-13 20:18 ` Marcin Slusarz [this message]
2008-05-18 21:56 ` [PATCH 0/6] Sanity checks for ERR_PTR argument Marcin Slusarz
2008-05-18 21:56 ` [PATCH 1/6] ERR_PTR: if errno value is known at compile time, make sure it's valid Marcin Slusarz
2008-05-19 6:38 ` Alexey Dobriyan
2008-05-22 16:03 ` Marcin Slusarz
2008-05-18 22:01 ` [PATCH 2/6] ERR_PTR: add ERR_OR_0_PTR Marcin Slusarz
2008-05-18 23:04 ` Johannes Weiner
2008-05-19 5:55 ` Christoph Hellwig
2008-05-19 6:33 ` Al Viro
2008-05-18 22:01 ` [PATCH 3/6] vfs: open_exec cleanup Marcin Slusarz
2008-05-19 5:53 ` Christoph Hellwig
2008-05-22 15:57 ` Marcin Slusarz
2008-05-18 22:03 ` [PATCH 4/6] procfs: switch ERR_PTR to ERR_OR_0_PTR when "error" might be 0 Marcin Slusarz
2008-05-18 22:03 ` [PATCH 5/6] vfs: fix ERR_PTR abuse in generic_readlink Marcin Slusarz
2008-05-18 22:04 ` [PATCH 6/6] ERR_PTR: warn when ERR_PTR parameter is not errno value Marcin Slusarz
2008-05-18 23:13 ` Johannes Weiner
2008-05-19 6:43 ` Alexey Dobriyan
2008-05-19 12:11 ` Johannes Weiner
2008-05-22 16:08 ` Marcin Slusarz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080513201813.GA5869@joi \
--to=marcin.slusarz@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.