From: Paolo Bonzini <pbonzini@redhat.com>
To: Nick Desaulniers <ndesaulniers@google.com>,
Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
ojeda@kernel.org, mingo@redhat.com, will@kernel.org,
longman@redhat.com, boqun.feng@gmail.com, juri.lelli@redhat.com,
vincent.guittot@linaro.org, dietmar.eggemann@arm.com,
rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de,
bristot@redhat.com, vschneid@redhat.com, paulmck@kernel.org,
frederic@kernel.org, quic_neeraju@quicinc.com,
joel@joelfernandes.org, josh@joshtriplett.org,
mathieu.desnoyers@efficios.com, jiangshanlai@gmail.com,
rcu@vger.kernel.org, tj@kernel.org, tglx@linutronix.de,
linux-toolchains@vger.kernel.org
Subject: Re: [PATCH v2 0/2] Lock and Pointer guards
Date: Fri, 9 Jun 2023 12:20:53 +0200 [thread overview]
Message-ID: <e7095f56-44c4-7cf1-69f5-4ff66d20952c@redhat.com> (raw)
In-Reply-To: <CAKwvOd=MurF6DQHzRTai15h67FEpd_4R-gz_iFejzLsL=dw3dA@mail.gmail.com>
On 6/8/23 22:14, Nick Desaulniers wrote:
> Here, we're talking about using __attribute__((cleanup())) to DTR
> locally, but then we return a "raw" pointer to a caller. What cleanup
> function should the caller run, implicitly, if at all? If we use
> __attribute__((cleanup())) that saves us a few gotos locally, but the
> caller perhaps now needs the same treatment.
But this is only a problem when you return a void*; and in general in C
you will return a struct more often than a raw pointer (and in C++ you
also have the issue of delete vs. delete[], that does not exist in C).
Returning a struct doesn't protect against use-after-free bugs in the
way std::unique_ptr<> or Rust lifetimes do, but it at least tries to
protect against calling the wrong cleanup function if you provide a
typed "destructor" function that does the right thing---for example by
handling reference counting or by freeing sub-structs before calling
kfree/vfree.
Of course it's not a silver bullet, but then that's why people are
looking into Rust for Linux.
Paolo
next prev parent reply other threads:[~2023-06-09 10:31 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230526205204.861311518@infradead.org>
[not found] ` <CAHk-=wg2RHZKTN29Gr7MhgYfaNtzz58wry9jCNP75LAmQ9t8-A@mail.gmail.com>
[not found] ` <20230530092342.GA149947@hirez.programming.kicks-ass.net>
2023-06-06 9:42 ` [PATCH v2 0/2] Lock and Pointer guards Peter Zijlstra
2023-06-06 13:17 ` Linus Torvalds
2023-06-06 13:40 ` Peter Zijlstra
2023-06-06 14:50 ` Linus Torvalds
2023-06-06 16:06 ` Kees Cook
2023-06-06 18:08 ` Peter Zijlstra
2023-06-06 23:22 ` Linus Torvalds
2023-06-07 9:41 ` Peter Zijlstra
2023-06-08 8:52 ` Peter Zijlstra
2023-06-08 9:04 ` Greg KH
2023-06-08 15:45 ` Linus Torvalds
2023-06-08 16:47 ` Kees Cook
2023-06-08 16:59 ` Linus Torvalds
2023-06-08 17:20 ` Nick Desaulniers
2023-06-08 18:51 ` Peter Zijlstra
2023-06-08 20:14 ` Nick Desaulniers
2023-06-09 10:20 ` Paolo Bonzini [this message]
2023-06-08 20:06 ` Peter Zijlstra
2023-06-09 2:25 ` Linus Torvalds
2023-06-09 8:14 ` Peter Zijlstra
2023-06-09 21:18 ` Kees Cook
2023-06-09 8:27 ` Rasmus Villemoes
2023-06-06 15:31 ` Kees Cook
2023-06-06 15:45 ` Linus Torvalds
2023-06-06 16:08 ` Kees Cook
2023-06-08 16:25 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7095f56-44c4-7cf1-69f5-4ff66d20952c@redhat.com \
--to=pbonzini@redhat.com \
--cc=boqun.feng@gmail.com \
--cc=bristot@redhat.com \
--cc=bsegall@google.com \
--cc=dietmar.eggemann@arm.com \
--cc=frederic@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=jiangshanlai@gmail.com \
--cc=joel@joelfernandes.org \
--cc=josh@joshtriplett.org \
--cc=juri.lelli@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-toolchains@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=quic_neeraju@quicinc.com \
--cc=rcu@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).