From: Marc Herbert <marc.herbert@linux.intel.com>
To: Dan Carpenter <dan.carpenter@linaro.org>,
Miguel Ojeda <ojeda@kernel.org>
Cc: gregkh@linuxfoundation.org, Benjamin.Cheatham@amd.com,
Jonathan.Cameron@huawei.com, dakr@kernel.org,
dan.j.williams@intel.com, linux-acpi@vger.kernel.org,
linux-cxl@vger.kernel.org, linux-kernel@vger.kernel.org,
rafael.j.wysocki@intel.com, rafael@kernel.org,
sudeep.holla@arm.com, Kees Cook <kees@kernel.org>
Subject: Re: [PATCH] driver core: faux: fix Undefined Behavior in faux_device_destroy()
Date: Wed, 25 Jun 2025 15:30:47 -0700 [thread overview]
Message-ID: <daa7eb83-7413-4b6e-a241-84d306db0d43@linux.intel.com> (raw)
In-Reply-To: <685c13c5.050a0220.38a39d.dcf8@mx.google.com>
On 2025-06-25 08:20, Dan Carpenter wrote:
> On Sat, Jun 14, 2025 at 12:50:37PM +0200, Miguel Ojeda wrote:
>> On Fri, 13 Jun 2025 20:33:42 -0400 Greg KH <gregkh@linuxfoundation.org> wrote:
>>>
>>> Great writeup, but as Miguel says, this isn't needed at all, the kernel
>>> relies on the compiler to be sane :)
>>
>> We may still want to clean them up, e.g. for tooling -- Kees/Dan: do we?
>> e.g. I see a similar case with discussion at:
>>
>> https://lore.kernel.org/lkml/3f1e7aaa-501a-44f1-8122-28e9efa0a33c@web.de/
>>
>> Which in the end was picked up as commit 2df2c0caaecf ("fbdev: au1100fb:
>> Move a variable assignment behind a null pointer check").
>
> Putting the declarations at the top was always just a style preference.
No, "const" and variable scopes are not just "style", please do a
bit of research. For instance...
> Putting declarations at the top causes issues for __cleanup magic and...
https://stackoverflow.com/questions/368385/implementing-raii-in-pure-c
https://en.wikipedia.org/wiki/Resource_acquisition_is_initialization#Compiler_%22cleanup%22_extensions
Not just "style" either:
- Automagically avoiding exploits like TUN https://lwn.net/Articles/342330/
- The unusual flag -fno-delete-null-pointer-checks and incompatibility
with other analyzers and compilers
- All the complex compiler discussions around those.
Declaration-after-statement was an important (and obviously: optional)
C99 feature that let C catch up with every other language. Forbidding it
just for "style" would be a serious misunderstanding of that feature. I
don't know any yet but there has to be some more important reason(s)
than "style".
From https://lore.kernel.org/lkml/4d54e4f6-0d98-4b42-9bea-169f3b8772bb@sabinyo.mountain/
> Btw, this is testing dereferences where the kernel code is doing pointer math.
Compiler optimizations may or may not care about that difference. It
seems gcc and clang both do care... for now (and even if that changes
then I guess -fno-delete-null-pointer-checks would still be enough)
next prev parent reply other threads:[~2025-06-25 22:30 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-13 19:15 [PATCH] driver core: faux: fix Undefined Behavior in faux_device_destroy() marc.herbert
2025-06-13 20:20 ` Miguel Ojeda
2025-06-14 0:33 ` Greg KH
2025-06-14 10:50 ` Miguel Ojeda
2025-06-14 11:53 ` Greg KH
2025-06-14 14:53 ` Marc Herbert
2025-06-16 3:35 ` Greg KH
2025-06-16 14:02 ` Alice Ryhl
2025-06-18 23:43 ` Marc Herbert
2025-06-19 0:23 ` Dan Williams
2025-06-19 2:35 ` Dan Carpenter
2025-06-19 3:33 ` Marc Herbert
2025-06-19 4:02 ` Dan Carpenter
2025-06-26 0:55 ` Kent Overstreet
2025-06-30 23:24 ` Marc Herbert
2025-06-25 15:20 ` Dan Carpenter
2025-06-25 22:30 ` Marc Herbert [this message]
2025-06-25 23:18 ` Dan Carpenter
2025-06-25 15:21 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=daa7eb83-7413-4b6e-a241-84d306db0d43@linux.intel.com \
--to=marc.herbert@linux.intel.com \
--cc=Benjamin.Cheatham@amd.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=dakr@kernel.org \
--cc=dan.carpenter@linaro.org \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=kees@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox