Re: [PATCH 28/31] Constify struct super_operations for 2.6.32 v1

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Emese Revfy <re.emese@gmail.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 28/31] Constify struct super_operations for 2.6.32 v1
Date: Wed, 09 Dec 2009 01:24:34 +0100	[thread overview]
Message-ID: <4B1EEE42.6090202@gmail.com> (raw)
In-Reply-To: <20091208015148.GK14381@ZenIV.linux.org.uk>

Al Viro wrote:
> On Tue, Dec 08, 2009 at 01:06:38AM +0100, Emese Revfy wrote:
> 
>> DEBUG_RODATA catches the unwanted write attempt at runtime whereas
>> my patch will catch it at compile time. I think it's better to detect
>> an error as early as possible.
> 
> Not when the price is readability.  

If constifying the function pointer fields reduces readability,
what would you say for turning then into typedefs, something like this:

typedef int (* super_ops_statfs) (struct dentry *, struct kstatfs *);
struct super_operations {
...
	const super_ops_statfs statfs;
...
};

> Moreover, you *still* are not
> covering the real policy - these suckers should be statically allocated,
> not just never modified.

If the super ops are allocated on the stack then they will be overwritten
during later syscalls and will eventually crash the system on a future
dereference, that is, this kind of problem manifests during development.

If the super ops are allocated by kmalloc/etc, then they will have to be
explicitly initialised by writing to specific fields, my patch would prevent
that.

So in the end the programmer is forced to allocate and initialise super ops
statically.
---
Emese

next prev parent reply	other threads:[~2009-12-09  0:22 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-06  5:14 [PATCH 28/31] Constify struct super_operations for 2.6.32 v1 Alexey Dobriyan
2009-12-06 14:23 ` Emese Revfy
2009-12-07 18:30   ` Alexey Dobriyan
2009-12-08  0:06     ` Emese Revfy
2009-12-08  1:51       ` Al Viro
2009-12-09  0:24         ` Emese Revfy [this message]
2009-12-09  0:47           ` Al Viro
2009-12-09  8:22             ` Olivier Galibert
2009-12-10 18:24             ` Emese Revfy
2009-12-09  1:31 ` Ralf Baechle
2009-12-09  1:45   ` Al Viro
  -- strict thread matches above, loose matches on Subject: below --
2009-12-04 22:00 [PATCH 00/31] constify various _ops structures " Emese Revfy
2009-12-04 22:47 ` [PATCH 28/31] Constify struct super_operations " Emese Revfy
2009-12-06  1:23   ` Al Viro
2009-12-06  1:41     ` Emese Revfy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B1EEE42.6090202@gmail.com \
    --to=re.emese@gmail.com \
    --cc=adobriyan@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox