From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 970E1C43334 for ; Tue, 14 Jun 2022 18:08:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343630AbiFNSIc (ORCPT ); Tue, 14 Jun 2022 14:08:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59412 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243747AbiFNSIa (ORCPT ); Tue, 14 Jun 2022 14:08:30 -0400 Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3065934B93 for ; Tue, 14 Jun 2022 11:08:30 -0700 (PDT) Received: by mail-yb1-xb29.google.com with SMTP id x38so16472269ybd.9 for ; Tue, 14 Jun 2022 11:08:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=I7mIzgHlKoo48q72bBYb3vEBCu9Nvd6MDnUH2Y99HDs=; b=rueFW7Hw9BW5aiacWVNeDteqBIXmxnNHCNKISJs/aDl7jnTwrNcJrqHjAEU+ozjnbR 8uNLg/U3OLLjTUWHjjkfGiKsRwqdtpppCZ6Ygx7DdKK2WqDZNolZOI4s+G40ALixMZaF LlpPBxi0MX4Nl1LpyZ0wpOAfq71h8fVtHmNRzdbya/rJX38r4NnJQAtI0rI4086LpAKL IlRa0CBNAbJIdlI5v8kIQbF2C5qsJoakcX7uFN3I7SkWdExdKM5jqv2bSwjDB94yoVhG QYEBI26fURbxppMXaezdRzq3ocqQJqs7yAlgNYIQKiCTI+O8pKsk848mFEgrQQ2NDvx1 qYiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=I7mIzgHlKoo48q72bBYb3vEBCu9Nvd6MDnUH2Y99HDs=; b=urnMJnRrIw58epeX/QJihAirFDsGzbNYJuxJXMif0b2yzS6m7MaHjZtbu+BzW3MgCV VVB/rgBAlECfPyRbfSR6WS4ydeLKica1KpPZeXYU0WGMq5iG5WIlYdBCqt8ULEc54fAl jyad30F8DsXqfKbGoLFv0H7cuNNurAi2Mn2cN3PgUw9pxi49V0XP9fpub1QG7BPrV0mV /JPTWbYnDKP9RvAKtSiWZhK4LsZ0rFmudQ4vHkDaeNJGge+n/MSCxaPPZO2taWy/OfKo XDzUzHSZEm4SvDnyhZ81U01mHVSyZKRM1rr7nzWoj8HweyDd9t+kT18/ieL8efZv/qsY mNzg== X-Gm-Message-State: AJIora93fbkXQRL0Ka3E5fdR5b/tkKCwSM2Hdh1xyooYG5/7lDNCbK4t 1pmP5rkgdH72SWsNLfeEFkL7IFJxmwM4EuIdyj7WEQ== X-Google-Smtp-Source: AGRyM1v4Pm0uKutjGFFGG8hxEK6A2MV95t6qGASMp568gSd6ZZcLQLhn3uiQz7zYDJnZy348rz4aUrhLiQObaBcCuI4= X-Received: by 2002:a25:e68b:0:b0:65c:7aa5:f901 with SMTP id d133-20020a25e68b000000b0065c7aa5f901mr6203492ybh.147.1655230108954; Tue, 14 Jun 2022 11:08:28 -0700 (PDT) MIME-Version: 1.0 References: <20220614144853.3693273-1-glider@google.com> In-Reply-To: From: Alexander Potapenko Date: Tue, 14 Jun 2022 20:07:52 +0200 Message-ID: Subject: Re: [PATCH] [RFC] Initialization of unused function parameters To: Linus Torvalds Cc: Evgenii Stepanov , Kees Cook , Marco Elver , Nathan Chancellor , Nick Desaulniers , Thomas Gleixner , Vitaly Buka , Linux Kernel Mailing List , linux-toolchains Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-toolchains@vger.kernel.org On Tue, Jun 14, 2022 at 6:48 PM Linus Torvalds wrote: > > On Tue, Jun 14, 2022 at 7:49 AM Alexander Potapenko w= rote: > > > > The bigger question I want to raise here is whether we want to > > discourage passing uninitialized variables to functions in the kernel > > altogether. > > I'm assuming you mean pass by reference. No, sorry for being unclear. I mean passing by value. In the given example the prototype of step_into looks as follows (see https://elixir.bootlin.com/linux/latest/source/fs/namei.c#L1846): static const char *step_into(struct nameidata *nd, int flags, struct dentry *dentry, struct inode *inode, unsigned seq); , and the local variables `struct inode *inode` and `unsigned seq` are being passed to it by value, i.e. in certain cases the struct inode pointer and the unsigned seq are uninitialized. Does that change anything? > Some functions are really fundamentally about initializing things, and > expect uninitialized allocations. Agreed, there are a lot of functions around that initialize one struct or another, they are out of the scope. > What I think might be a good model is to be able to mark such > arguments as "must be initialized by callee". This sounds interesting. In the given example I would suggest that the call to lookup_fast() (https://elixir.bootlin.com/linux/latest/source/fs/namei.c#L2016) should be initializing &inode and &seq, so that it is guaranteed that they are passed initialized into step_into(). --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Falls Sie diese f=C3=A4lschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, l=C3=B6schen Sie alle Kopien und Anh=C3=A4nge davon und lassen Sie = mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde. This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.