From: Andrew Morton <akpm@linux-foundation.org>
To: Marcin Slusarz <marcin.slusarz@gmail.com>
Cc: linux-kernel@vger.kernel.org, hch@lst.de,
viro@ZenIV.linux.org.uk, adobriyan@gmail.com,
hannes@saeurebad.de
Subject: Re: [PATCH] ERR_PTR: warn when ERR_PTR parameter is valid argument
Date: Tue, 27 May 2008 13:04:13 -0700 [thread overview]
Message-ID: <20080527130413.14dca0cf.akpm@linux-foundation.org> (raw)
In-Reply-To: <1211475019-5596-2-git-send-email-marcin.slusarz@gmail.com>
On Thu, 22 May 2008 18:50:19 +0200
Marcin Slusarz <marcin.slusarz@gmail.com> wrote:
> Check at runtime whether error argument of ERR_PTR is valid.
> It can catch bugs which possibly lead to oops or panic earlier.
>
> Currently there are > 600 calls of ERR_PTR with non-constant argument.
>
> Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Al Viro <viro@ZenIV.linux.org.uk>
> Cc: Alexey Dobriyan <adobriyan@gmail.com>
> Cc: Johannes Weiner <hannes@saeurebad.de>
> ---
> include/linux/err.h | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/err.h b/include/linux/err.h
> index 4773ed3..f7e098e 100644
> --- a/include/linux/err.h
> +++ b/include/linux/err.h
> @@ -3,6 +3,7 @@
>
> #include <linux/compiler.h>
>
> +#include <asm/bug.h>
> #include <asm/errno.h>
>
> /*
> @@ -22,6 +23,7 @@
>
> static inline void *__ERR_PTR(long error)
> {
> + WARN_ON(!VALID_ERR_PTR_ARG(error));
> return (void *) error;
> }
It would be regrettable to add source-level complexity and runtime cost
to detect this particular bug. I think it would be better to do this
via static source-code checking if at all possible.
Is there _any_ legitimate use of non-negative EFOO? There might be
some baroque bits of code which are using non-negative constants in a
non-buggy fashion, but I bet they could be reworked to use negative
constants.
In which case I'd have thought that a script which
a) extracts all the EFOO identifiers from include/*/errno.h and
b) greps the tree for non-negative uses of those
would have 100% coverage?
We might need to touch up some code sites to avoid triggering false
positives and make that script's life a bit easier, but that's fine.
prev parent reply other threads:[~2008-05-27 20:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-22 16:50 [PATCH] ERR_PTR: if errno value is known at compile time, make sure it's valid Marcin Slusarz
2008-05-22 16:50 ` [PATCH] ERR_PTR: warn when ERR_PTR parameter is valid argument Marcin Slusarz
2008-05-22 16:58 ` [PATCH] ERR_PTR: warn when ERR_PTR parameter is invalid Marcin Slusarz
2008-05-27 20:04 ` Andrew Morton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080527130413.14dca0cf.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=adobriyan@gmail.com \
--cc=hannes@saeurebad.de \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=marcin.slusarz@gmail.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.