linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Daniel Thompson <daniel.thompson@linaro.org>
To: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Cc: linux-wireless@vger.kernel.org, alsa-devel@alsa-project.org,
	linux-aspeed@lists.ozlabs.org, gustavo@embeddedor.com,
	linux-iio@vger.kernel.org, kgdb-bugreport@lists.sourceforge.net,
	linux@rasmusvillemoes.dk, dri-devel@lists.freedesktop.org,
	c.giuffrida@vu.nl, amd-gfx@lists.freedesktop.org,
	linux1394-devel@lists.sourceforge.net, drbd-dev@lists.linbit.com,
	linux-arch@vger.kernel.org, linux-cifs@vger.kernel.org,
	kvm@vger.kernel.org, linux-scsi@vger.kernel.org,
	linux-rdma@vger.kernel.org, linux-staging@lists.linux.dev,
	h.j.bos@vu.nl, jgg@ziepe.ca, intel-wired-lan@lists.osuosl.org,
	nouveau@lists.freedesktop.org,
	bcm-kernel-feedback-list@broadcom.com, dan.carpenter@oracle.com,
	linux-media@vger.kernel.org, keescook@chromium.org,
	arnd@arndb.de, linux-pm@vger.kernel.org,
	intel-gfx@lists.freedesktop.org, linuxppc-dev@lists.ozlabs.org,
	bjohannesmeyer@gmail.com, linux-block@vger.kernel.org,
	dmaengine@vger.kernel.org, christophe.jaillet@wanadoo.fr,
	jakobkoschel@gmail.com, v9fs-developer@lists.sourceforge.net,
	linux-tegra@vger.kernel.org, tglx@linutronix.de,
	andriy.shevchenko@linux.intel.com,
	linux-arm-kernel@lists.infradead.org, linux-sgx@vger.kernel.org,
	nathan@kernel.org, netdev@vger.kernel.org,
	linux-usb@vger.kernel.org, samba-technical@lists.samba.org,
	linux-kernel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net, david.laight@aculab.com,
	tipc-discussion@lists.sourceforge.net,
	linux-crypto@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-mediatek@lists.infradead.org, akpm@linux-foundation.org,
	torvalds@linux-foundation.org, christian.koenig@amd.com,
	rppt@kernel.org
Subject: Re: [Kgdb-bugreport] [PATCH 2/6] treewide: remove using list iterator after loop body as a ptr
Date: Thu, 3 Mar 2022 12:18:24 +0000	[thread overview]
Message-ID: <20220303121824.qdyrognluik74iph@maple.lan> (raw)
In-Reply-To: <20220303072657.11124-1-xiam0nd.tong@gmail.com>

On Thu, Mar 03, 2022 at 03:26:57PM +0800, Xiaomeng Tong wrote:
> On Thu, 3 Mar 2022 04:58:23 +0000, David Laight wrote:
> > on 3 Mar 2022 10:27:29 +0800, Xiaomeng Tong wrote:
> > > The problem is the mis-use of iterator outside the loop on exit, and
> > > the iterator will be the HEAD's container_of pointer which pointers
> > > to a type-confused struct. Sidenote: The *mis-use* here refers to
> > > mistakely access to other members of the struct, instead of the
> > > list_head member which acutally is the valid HEAD.
> >
> > The problem is that the HEAD's container_of pointer should never
> > be calculated at all.
> > This is what is fundamentally broken about the current definition.
> 
> Yes, the rule is "the HEAD's container_of pointer should never be
> calculated at all outside the loop", but how do you make sure everyone
> follows this rule?

Your formulation of the rule is correct: never run container_of() on HEAD
pointer.

However the rule that is introduced by list_for_each_entry_inside() is
*not* this rule. The rule it introduces is: never access the iterator
variable outside the loop.

Making the iterator NULL on loop exit does follow the rule you proposed
but using a different technique: do not allow HEAD to be stored in the
iterator variable after loop exit. This also makes it impossible to run
container_of() on the HEAD pointer.


> Everyone makes mistakes, but we can eliminate them all from the beginning
> with the help of compiler which can catch such use-after-loop things.

Indeed but if we introduce new interfaces then we don't have to worry
about existing usages and silent regressions. Code will have been
written knowing the loop can exit with the iterator set to NULL.

Sure it is still possible for programmers to make mistakes and
dereference the NULL pointer but C programmers are well training w.r.t.
NULL pointer checking so such mistakes are much less likely than with
the current list_for_each_entry() macro. This risk must be offset
against the way a NULLify approach can lead to more elegant code when we
are doing a list search.


Daniel.

  parent reply	other threads:[~2022-03-03 12:19 UTC|newest]

Thread overview: 85+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-28 11:08 [PATCH 0/6] Remove usage of list iterator past the loop body Jakob Koschel
2022-02-28 11:08 ` [PATCH 1/6] drivers: usb: remove " Jakob Koschel
2022-02-28 11:24   ` Dan Carpenter
2022-02-28 12:03     ` Jakob Koschel
2022-02-28 13:18       ` Dan Carpenter
2022-02-28 18:20     ` Joe Perches
2022-03-01  5:52       ` Dan Carpenter
2022-02-28 11:08 ` [PATCH 2/6] treewide: remove using list iterator after loop body as a ptr Jakob Koschel
2022-02-28 11:20   ` Greg KH
2022-02-28 12:06     ` Jakob Koschel
2022-03-01 17:37       ` Greg KH
2022-02-28 12:19   ` Christian König
2022-02-28 19:56     ` Linus Torvalds
2022-02-28 20:03       ` Linus Torvalds
2022-02-28 20:10         ` Linus Torvalds
2022-02-28 20:14           ` Linus Torvalds
2022-02-28 20:53             ` Segher Boessenkool
2022-02-28 20:16           ` Matthew Wilcox
2022-02-28 20:27             ` Johannes Berg
2022-02-28 20:41               ` Linus Torvalds
2022-02-28 20:37             ` Linus Torvalds
2022-02-28 23:26               ` Matthew Wilcox
2022-03-01  0:45                 ` Linus Torvalds
2022-03-01  0:57                   ` Linus Torvalds
2022-03-01 18:14                   ` Kees Cook
2022-03-01 18:47                     ` Linus Torvalds
2022-03-01 19:01                     ` Matthew Wilcox
2022-03-01  3:03             ` David Laight
2022-02-28 21:47           ` Jakob Koschel
2022-03-01  0:41             ` Linus Torvalds
2022-03-01  6:32               ` Jakub Kicinski
2022-03-01 11:28               ` Jakob Koschel
2022-03-01 17:36                 ` Greg KH
2022-03-01 17:40                   ` Jakob Koschel
2022-03-01 17:58                     ` Greg KH
2022-03-01 18:21                 ` Kees Cook
2022-03-02  9:31               ` Xiaomeng Tong
2022-03-02 14:04                 ` David Laight
2022-03-03  2:27                   ` Xiaomeng Tong
2022-03-03  4:58                     ` David Laight
2022-03-03  7:26                       ` Xiaomeng Tong
2022-03-03  9:30                         ` David Laight
2022-03-03 12:37                           ` Xiaomeng Tong
2022-03-03 12:18                         ` Daniel Thompson [this message]
2022-03-04  6:59                           ` Xiaomeng Tong
2022-03-03  7:32                       ` Jakob Koschel
2022-03-03  8:30                         ` Xiaomeng Tong
2022-03-03  8:38                           ` Xiaomeng Tong
2022-02-28 20:07       ` Christian König
2022-02-28 20:42         ` James Bottomley
2022-02-28 20:56           ` Christian König
2022-02-28 21:13             ` James Bottomley
2022-03-01  7:03               ` Christian König
2022-02-28 22:05             ` Jakob Koschel
2022-02-28 21:18           ` Jeffrey Walton
2022-02-28 21:59           ` Mike Rapoport
2022-02-28 22:28             ` James Bottomley
2022-02-28 22:50               ` Barnabás Pőcze
2022-03-01  0:30               ` Segher Boessenkool
2022-03-01  0:54                 ` Linus Torvalds
2022-03-01 19:06               ` Linus Torvalds
2022-03-01 19:42                 ` Linus Torvalds
2022-03-01 22:58                 ` David Laight
2022-03-01 23:03                   ` Linus Torvalds
2022-03-01 23:19                     ` David Laight
2022-03-01 23:55                       ` Linus Torvalds
2022-03-02  9:29                         ` Rasmus Villemoes
2022-03-02 20:07                           ` Kees Cook
2022-03-02 20:18                             ` Linus Torvalds
2022-03-02 20:59                               ` Kees Cook
2022-03-03  8:37                             ` Dan Carpenter
2022-03-03 10:56                           ` Dan Carpenter
2022-03-01  2:15       ` David Laight
2022-02-28 13:13   ` Dan Carpenter
2022-02-28 11:08 ` [PATCH 3/6] treewide: fix incorrect use to determine if list is empty Jakob Koschel
2022-02-28 11:38   ` Dan Carpenter
2022-02-28 11:08 ` [PATCH 4/6] drivers: remove unnecessary use of list iterator variable Jakob Koschel
2022-02-28 11:08 ` [PATCH 5/6] treewide: remove dereference of list iterator after loop body Jakob Koschel
2022-02-28 11:08 ` [PATCH 6/6] treewide: remove check of list iterator against head past the " Jakob Koschel
2022-02-28 11:22   ` Dominique Martinet
2022-02-28 13:12   ` Dan Carpenter
2022-03-01 20:36   ` Linus Torvalds
2022-03-02 17:14   ` [Intel-gfx] " Tvrtko Ursulin
2022-03-07 15:00 ` [PATCH 0/6] Remove usage of list iterator " Dan Carpenter
2022-03-07 15:26   ` David Laight

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220303121824.qdyrognluik74iph@maple.lan \
    --to=daniel.thompson@linaro.org \
    --cc=akpm@linux-foundation.org \
    --cc=alsa-devel@alsa-project.org \
    --cc=amd-gfx@lists.freedesktop.org \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=arnd@arndb.de \
    --cc=bcm-kernel-feedback-list@broadcom.com \
    --cc=bjohannesmeyer@gmail.com \
    --cc=c.giuffrida@vu.nl \
    --cc=christian.koenig@amd.com \
    --cc=christophe.jaillet@wanadoo.fr \
    --cc=dan.carpenter@oracle.com \
    --cc=david.laight@aculab.com \
    --cc=dmaengine@vger.kernel.org \
    --cc=drbd-dev@lists.linbit.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=gustavo@embeddedor.com \
    --cc=h.j.bos@vu.nl \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=intel-wired-lan@lists.osuosl.org \
    --cc=jakobkoschel@gmail.com \
    --cc=jgg@ziepe.ca \
    --cc=keescook@chromium.org \
    --cc=kgdb-bugreport@lists.sourceforge.net \
    --cc=kvm@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-aspeed@lists.ozlabs.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-iio@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-media@vger.kernel.org \
    --cc=linux-mediatek@lists.infradead.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=linux-rdma@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=linux-staging@lists.linux.dev \
    --cc=linux-tegra@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linux1394-devel@lists.sourceforge.net \
    --cc=linux@rasmusvillemoes.dk \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=nathan@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=nouveau@lists.freedesktop.org \
    --cc=rppt@kernel.org \
    --cc=samba-technical@lists.samba.org \
    --cc=tglx@linutronix.de \
    --cc=tipc-discussion@lists.sourceforge.net \
    --cc=torvalds@linux-foundation.org \
    --cc=v9fs-developer@lists.sourceforge.net \
    --cc=xiam0nd.tong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).