Re: [PATCH] linux/kernel.h: add container_from()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	Allen Pais <allen.lkml@gmail.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Jens Axboe <axboe@kernel.dk>
Subject: Re: [PATCH] linux/kernel.h: add container_from()
Date: Thu, 27 Aug 2020 15:14:37 -0700	[thread overview]
Message-ID: <202008271503.181A6A609@keescook> (raw)
In-Reply-To: <20200827213636.GF1236603@ZenIV.linux.org.uk>

On Thu, Aug 27, 2020 at 10:36:36PM +0100, Al Viro wrote:
> On Thu, Aug 27, 2020 at 01:46:33PM -0700, Linus Torvalds wrote:
> > You really have to pick some pretty excessive type names (or variable
> > names) to get close to 80 characters. Again, to pick an example:
> > 
> >         struct timer_group_priv *priv = container_of(handle,
> >                         struct timer_group_priv, timer[handle->num]);
> > 
> > ends up being long even if you were to split it, but that funky
> > container_from() wouldn't have helped the real problem - the fact that
> > the above is complex and nasty.

The point about doing the assignment with the declaration certainly makes
the "ugliness" worse, I agree. I'm still not generally convinced about
the redundancy level pros/cons, but I concede that having a common idiom
(rather than a succinct but subsystem-dependent idiom) is better for
people reading the code for the first time.

> > And I had to _search_ for that example. All the normal cases of
> > split-line container-of's were due to doing it with the declaration,
> > or beause the first argument ended up being an expression in itself
> > and the nested expressions made it more complex.
> 
> Speaking of searching, this kind of typeof use is, IMO, actively
> harmful - it makes finding the places where we might get from
> e.g. linked list to containing objects much harder.  container_of
> (unless combined with obfuscating use of typeof()) at least gives
> you a chance to grep - struct foo *not* followed by '*' is a pattern
> that doesn't give too many false positives.  This one, OTOH, is
> essentially impossible to grep for.

And this observation about workflow does strike a chord with me. I do end
up with those kind of searches too. In trying to examine my preferences
here, I think my instincts are to avoid open-coded types (leading me to
want to use typeof()) but I think those instincts were actually developed
from dealing with _sizeof_ and all the way it goes terribly wrong. So,
okay, I'm convinced. container_of() it is.

Doing these conversions becomes a little less mechanical if assignment
needs to be split from declaration, but hey, we've got a 100 character
line "limit" now, so maybe it'll be less needed. :)

-- 
Kees Cook

next prev parent reply	other threads:[~2020-08-27 22:14 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-27  1:36 [PATCH] linux/kernel.h: add container_from() Allen Pais
2020-08-27  2:31 ` Kees Cook
2020-08-27 12:19   ` Greg Kroah-Hartman
2020-08-27 17:50     ` Kees Cook
2020-08-27 18:04 ` Linus Torvalds
2020-08-27 18:32   ` James Bottomley
2020-08-27 18:40     ` Linus Torvalds
2020-08-27 18:48       ` Linus Torvalds
2020-08-27 19:28         ` Kees Cook
2020-08-27 20:46           ` Linus Torvalds
2020-08-27 21:36             ` Al Viro
2020-08-27 22:14               ` Kees Cook [this message]
2020-08-28  7:09                 ` Allen
2020-08-28  7:07             ` Allen
2020-08-27 18:07 ` Rasmus Villemoes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202008271503.181A6A609@keescook \
    --to=keescook@chromium.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=akpm@linux-foundation.org \
    --cc=allen.lkml@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.