From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: linux-kernel@vger.kernel.org, Jason Gunthorpe <jgg@ziepe.ca>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Matthew Wilcox <willy@infradead.org>,
Jason Gunthorpe <jgg@nvidia.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
"Rafael J . Wysocki" <rafael@kernel.org>
Subject: Re: [PATCH] container_of: add type safety
Date: Wed, 8 Mar 2023 18:57:13 +0100 [thread overview]
Message-ID: <ZAjMeVHI1r8jFW/X@kroah.com> (raw)
In-Reply-To: <c3611f95862a7f30d67d1c3cc56aaf7bb93d3b59.1678296892.git.mst@redhat.com>
On Wed, Mar 08, 2023 at 12:35:03PM -0500, Michael S. Tsirkin wrote:
> Using a wrong member in container_of will result in an error.
> No so for container_of_const - it is just a cast so will
> happily give you a wrong pointer.
>
> Use logic from container_of to add safety.
>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
> Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
> Cc: Jason Gunthorpe <jgg@nvidia.com>
> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
> Cc: Rafael J. Wysocki <rafael@kernel.org>
> Link: https://lore.kernel.org/r/20221205121206.166576-1-gregkh@linuxfoundation.org
That's the wrong link, that's not this patch, that was an old patch.
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
I did not sign off on this. NEVER do that, you just made a legal
statement in my name, why?
Why did you not sign off on it?
totally confused...
> ---
> include/linux/container_of.h | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/container_of.h b/include/linux/container_of.h
> index 1d898f9158b4..5d87faf72e0a 100644
> --- a/include/linux/container_of.h
> +++ b/include/linux/container_of.h
> @@ -29,10 +29,13 @@
> * @type: the type of the container struct this is embedded in.
> * @member: the name of the member within the struct.
> */
> -#define container_of_const(ptr, type, member) \
> +#define container_of_const(ptr, type, member) ({ \
> + static_assert(__same_type(*(ptr), ((type *)0)->member) || \
> + __same_type(*(ptr), void), \
> + "pointer type mismatch in container_of()"); \
Why is this needed because:
> _Generic(ptr, \
> const typeof(*(ptr)) *: ((const type *)container_of(ptr, type, member)),\
> default: ((type *)container_of(ptr, type, member)) \
container_of() is used here, so shouldn't the assert trigger there if
you get things wrong?
So why is this change needed at all?
thanks,
greg k-h
next prev parent reply other threads:[~2023-03-08 17:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-08 17:35 [PATCH] container_of: add type safety Michael S. Tsirkin
2023-03-08 17:57 ` Greg Kroah-Hartman [this message]
2023-03-08 20:58 ` Michael S. Tsirkin
2023-03-08 17:57 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZAjMeVHI1r8jFW/X@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=jgg@ziepe.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=rafael@kernel.org \
--cc=sakari.ailus@linux.intel.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox