archive mirror
 help / color / mirror / Atom feed
From: Alexander Potapenko <>
To: Linus Torvalds <>
Cc: Evgenii Stepanov <>,
	Kees Cook <>, Marco Elver <>,
	Nathan Chancellor <>,
	Nick Desaulniers <>,
	Thomas Gleixner <>,
	Vitaly Buka <>,
	Linux Kernel Mailing List <>,
	linux-toolchains <>
Subject: Re: [PATCH] [RFC] Initialization of unused function parameters
Date: Tue, 14 Jun 2022 20:07:52 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Tue, Jun 14, 2022 at 6:48 PM Linus Torvalds
<> wrote:
> On Tue, Jun 14, 2022 at 7:49 AM Alexander Potapenko <> wrote:
> >
> > The bigger question I want to raise here is whether we want to
> > discourage passing uninitialized variables to functions in the kernel
> > altogether.
> I'm assuming you mean pass by reference.

No, sorry for being unclear. I mean passing by value.
In the given example the prototype of step_into looks as follows (see

  static const char *step_into(struct nameidata *nd, int flags, struct
dentry *dentry, struct inode *inode, unsigned seq);

, and the local variables `struct inode *inode` and `unsigned seq` are
being passed to it by value, i.e. in certain cases the struct inode
pointer and the unsigned seq are uninitialized.

Does that change anything?

> Some functions are really fundamentally about initializing things, and
> expect uninitialized allocations.

Agreed, there are a lot of functions around that initialize one struct
or another, they are out of the scope.

> What I think might be a good model is to be able to mark such
> arguments as "must be initialized by callee".

This sounds interesting. In the given example I would suggest that the
call to lookup_fast()
should be initializing &inode and &seq, so that it is guaranteed that
they are passed initialized into step_into().

Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Liana Sebastian
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise
erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes
weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich
bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.

This e-mail is confidential. If you received this communication by
mistake, please don't forward it to anyone else, please erase all
copies and attachments, and please let me know that it has gone to the
wrong person.

  parent reply	other threads:[~2022-06-14 18:08 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-14 14:48 [PATCH] [RFC] Initialization of unused function parameters Alexander Potapenko
2022-06-14 16:48 ` Linus Torvalds
2022-06-14 17:11   ` Nick Desaulniers
2022-06-14 17:24     ` Linus Torvalds
2022-06-14 18:08       ` Nick Desaulniers
2022-06-14 22:27         ` Peter Zijlstra
2022-06-14 18:07   ` Alexander Potapenko [this message]
2022-06-14 18:30     ` Linus Torvalds
2022-06-14 20:19       ` Alexander Potapenko
2022-06-14 20:43         ` Linus Torvalds
2022-06-14 21:40         ` Segher Boessenkool
2022-06-14 22:08           ` Evgenii Stepanov
2022-06-15  8:30           ` Alexander Potapenko
2022-06-15 16:46             ` Segher Boessenkool

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='' \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).