* [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr.
@ 2007-03-26 15:23 Russ Cox
2007-03-26 18:01 ` Christopher Li
0 siblings, 1 reply; 4+ messages in thread
From: Russ Cox @ 2007-03-26 15:23 UTC (permalink / raw)
To: linux-kernel; +Cc: linux-sparse
Change prototypes for __chk_user_ptr and __chk_io_ptr
to take const void* instead of void*, so that code can pass
const void* to them. (Right now sparse does not warn
about passing const void* to void* functions, but that
is a separate bug that I believe Josh is working on,
and once sparse does check this, the changed prototypes
will be necessary.)
Signed-off-by: Russ Cox <rsc@swtch.com>
Signed-off-by: Josh Triplett <josh@freedesktop.org>
---
include/linux/compiler.h | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
e5174dfa73190036ae1086110292594a3ffb3752
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index aca6698..3b6949b 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -15,8 +15,8 @@
# define __acquire(x) __context__(x,1)
# define __release(x) __context__(x,-1)
# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
-extern void __chk_user_ptr(void __user *);
-extern void __chk_io_ptr(void __iomem *);
+extern void __chk_user_ptr(const void __user *);
+extern void __chk_io_ptr(const void __iomem *);
#else
# define __user
# define __kernel
--
1.1.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr.
2007-03-26 15:23 [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr Russ Cox
@ 2007-03-26 18:01 ` Christopher Li
2007-03-26 18:59 ` Russ Cox
0 siblings, 1 reply; 4+ messages in thread
From: Christopher Li @ 2007-03-26 18:01 UTC (permalink / raw)
To: Russ Cox; +Cc: linux-kernel, linux-sparse
On Mon, Mar 26, 2007 at 11:23:56AM -0400, Russ Cox wrote:
> Change prototypes for __chk_user_ptr and __chk_io_ptr
> to take const void* instead of void*, so that code can pass
> const void* to them. (Right now sparse does not warn
> about passing const void* to void* functions, but that
> is a separate bug that I believe Josh is working on,
> and once sparse does check this, the changed prototypes
> will be necessary.)
I don't think it is needed. The __user has noderef attribute.
Which means it is not allow to dereference the pointer. The
const qualifier allow read dereference, only write is not allowed.
Adding const here will likely force the caller to do a cast at
the pointer arguments. Which defeats the checker.
Sparse allow passing const void* to void* is a different issue.
Chris
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr.
2007-03-26 18:59 ` Russ Cox
@ 2007-03-26 18:46 ` Christopher Li
0 siblings, 0 replies; 4+ messages in thread
From: Christopher Li @ 2007-03-26 18:46 UTC (permalink / raw)
To: Russ Cox; +Cc: linux-kernel, linux-sparse
On Mon, Mar 26, 2007 at 02:59:39PM -0400, Russ Cox wrote:
> No, you have it backward.
> It is valid to pass void* to a const void* function.
> It is *not* valid to pass const void* to a void* function.
>
> Right now __chk_user_ptr is a void* function, meaning
> that all the places where it gets passed a const void*
> are technically illegal -- gcc would warn about these, and
> it is a (separate, as you observed) bug that sparse does not.
>
> The patch changes __chk_user_ptr to be a const void*
> function, meaning that it will be legal to pass either void*
> or const void* to it. This is the correct semantics.
Hah, I see. Thanks for the explain.
Ack.
Chris
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr.
2007-03-26 18:01 ` Christopher Li
@ 2007-03-26 18:59 ` Russ Cox
2007-03-26 18:46 ` Christopher Li
0 siblings, 1 reply; 4+ messages in thread
From: Russ Cox @ 2007-03-26 18:59 UTC (permalink / raw)
To: Christopher Li; +Cc: linux-kernel, linux-sparse
On 3/26/07, Christopher Li <sparse@chrisli.org> wrote:
> On Mon, Mar 26, 2007 at 11:23:56AM -0400, Russ Cox wrote:
> > Change prototypes for __chk_user_ptr and __chk_io_ptr
> > to take const void* instead of void*, so that code can pass
> > const void* to them. (Right now sparse does not warn
> > about passing const void* to void* functions, but that
> > is a separate bug that I believe Josh is working on,
> > and once sparse does check this, the changed prototypes
> > will be necessary.)
>
> I don't think it is needed. The __user has noderef attribute.
> Which means it is not allow to dereference the pointer. The
> const qualifier allow read dereference, only write is not allowed.
>
> Adding const here will likely force the caller to do a cast at
> the pointer arguments. Which defeats the checker.
No, you have it backward.
It is valid to pass void* to a const void* function.
It is *not* valid to pass const void* to a void* function.
Right now __chk_user_ptr is a void* function, meaning
that all the places where it gets passed a const void*
are technically illegal -- gcc would warn about these, and
it is a (separate, as you observed) bug that sparse does not.
The patch changes __chk_user_ptr to be a const void*
function, meaning that it will be legal to pass either void*
or const void* to it. This is the correct semantics.
Russ
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-03-26 19:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-26 15:23 [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr Russ Cox
2007-03-26 18:01 ` Christopher Li
2007-03-26 18:59 ` Russ Cox
2007-03-26 18:46 ` Christopher Li
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.