Re: [PATCH 1/1] linux/container_of.h: Warn about loss of constness

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	Sakari Ailus <sakari.ailus@linux.intel.com>,
	linux-kernel@vger.kernel.org,
	David Laight <David.Laight@aculab.com>
Subject: Re: [PATCH 1/1] linux/container_of.h: Warn about loss of constness
Date: Tue, 25 Oct 2022 09:47:39 +0200	[thread overview]
Message-ID: <Y1eUm5pnZUWdPrp/@kroah.com> (raw)
In-Reply-To: <CAJZ5v0jczp8J89EdywFDbzPmmeKmoQ3wNFUmKxH_1xS7LPNzkA@mail.gmail.com>

On Mon, Oct 24, 2022 at 07:51:11PM +0200, Rafael J. Wysocki wrote:
> On Mon, Oct 24, 2022 at 7:39 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > On Mon, Oct 24, 2022 at 12:00:16PM +0300, Andy Shevchenko wrote:
> > > + Kees
> > >
> > > On Mon, Oct 24, 2022 at 10:45:25AM +0200, Greg Kroah-Hartman wrote:
> > > > On Mon, Oct 24, 2022 at 10:43:52AM +0200, Greg Kroah-Hartman wrote:
> > > > > On Mon, Oct 24, 2022 at 11:26:10AM +0300, Sakari Ailus wrote:
> > > > > > container_of() casts the original type to another which leads to the loss
> > > > > > of the const qualifier if it is not specified in the caller-provided type.
> > > > > > This easily leads to container_of() returning a non-const pointer to a
> > > > > > const struct which the C compiler does not warn about.
> > >
> > > ...
> > >
> > > > > >   * @type:      the type of the container struct this is embedded in.
> > > > > >   * @member:    the name of the member within the struct.
> > > > > >   *
> > > > > > + * WARNING: as container_of() casts the given struct to another, also the
> > > >
> > > > Wrong function name here.
> > > >
> > > > > > + * possible const qualifier of @ptr is lost unless it is also specified in
> > > > > > + * @type. This is not a problem if the containing object is not const. Use with
> > > > > > + * care.
> > > > >
> > > > > Same comments here.
> > > >
> > > > Wait, no one uses this macro, so why not just remove it entirely?
> > >
> > > Kees, do you know why and what for we have container_of_safe()?
> >
> > It looks like it was designed to handle the cases where the pointer was
> > ERR_OR_NULL:
> >
> >        IS_ERR_OR_NULL(__mptr) ? ERR_CAST(__mptr) : \
> >                ((type *)(__mptr - offsetof(type, member))); })
> >
> > i.e. just pass through the NULL/ERR instead of attempting the cast,
> > which would fail spectacularly. :)
> >
> > It seems like this version should actually be used everywhere instead of
> > nowhere... (i.e. just drop container_of() and rename container_of_safe()
> > to container_of())
> 
> As a rule, though, users of container_of() don't check the pointer
> returned by it against NULL, so I'm not sure how much of an
> improvement that would be.

Nor should they.  This is just tiny pointer math, that always assumes a
valid pointer is passed in.  It should never be used in any code path
where a valid pointer is NOT passed into it.

thanks,

greg k-h

next prev parent reply	other threads:[~2022-10-25  7:47 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-24  8:26 [PATCH 1/1] linux/container_of.h: Warn about loss of constness Sakari Ailus
2022-10-24  8:43 ` Greg Kroah-Hartman
2022-10-24  8:45   ` Greg Kroah-Hartman
2022-10-24  9:00     ` Andy Shevchenko
2022-10-24 17:39       ` Kees Cook
2022-10-24 17:51         ` Rafael J. Wysocki
2022-10-24 21:24           ` David Laight
2022-10-25  7:47           ` Greg Kroah-Hartman [this message]
2022-10-24  9:11     ` Sakari Ailus
2022-10-24  9:22       ` Andy Shevchenko
2022-10-24  9:34         ` David Laight
2022-10-24  9:37           ` 'Andy Shevchenko'
2022-10-24  9:46             ` David Laight
2022-10-24 10:01               ` Greg Kroah-Hartman
2022-10-24 10:05                 ` David Laight
2022-10-24  9:48       ` Greg Kroah-Hartman
2022-10-24 10:07         ` Sakari Ailus
2022-10-24  8:59   ` David Laight
2022-10-24 10:11     ` Sakari Ailus

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y1eUm5pnZUWdPrp/@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=David.Laight@aculab.com \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rafael@kernel.org \
    --cc=sakari.ailus@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.