From: Linus Torvalds <torvalds@linux-foundation.org>
To: Jakob Koschel <jakobkoschel@gmail.com>
Cc: linux-wireless <linux-wireless@vger.kernel.org>,
alsa-devel@alsa-project.org, "KVM list" <kvm@vger.kernel.org>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-iio@vger.kernel.org, nouveau@lists.freedesktop.org,
"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
dri-devel <dri-devel@lists.freedesktop.org>,
"Cristiano Giuffrida" <c.giuffrida@vu.nl>,
"amd-gfx list" <amd-gfx@lists.freedesktop.org>,
linux1394-devel@lists.sourceforge.net, drbd-dev@lists.linbit.com,
linux-arch <linux-arch@vger.kernel.org>,
CIFS <linux-cifs@vger.kernel.org>,
linux-aspeed@lists.ozlabs.org,
linux-scsi <linux-scsi@vger.kernel.org>,
linux-rdma <linux-rdma@vger.kernel.org>,
linux-staging@lists.linux.dev, "Bos, H.J." <h.j.bos@vu.nl>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
intel-wired-lan@lists.osuosl.org,
kgdb-bugreport@lists.sourceforge.net,
bcm-kernel-feedback-list@broadcom.com,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"Linux Media Mailing List" <linux-media@vger.kernel.org>,
"Kees Cook" <keescook@chromium.org>,
"Arnd Bergman" <arnd@arndb.de>,
"Linux PM" <linux-pm@vger.kernel.org>,
intel-gfx <intel-gfx@lists.freedesktop.org>,
"Brian Johannesmeyer" <bjohannesmeyer@gmail.com>,
"Nathan Chancellor" <nathan@kernel.org>,
dma <dmaengine@vger.kernel.org>,
"Christophe JAILLET" <christophe.jaillet@wanadoo.fr>,
v9fs-developer@lists.sourceforge.net,
linux-tegra <linux-tegra@vger.kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
"Linux ARM" <linux-arm-kernel@lists.infradead.org>,
linux-sgx@vger.kernel.org,
linux-block <linux-block@vger.kernel.org>,
Netdev <netdev@vger.kernel.org>,
linux-usb@vger.kernel.org, samba-technical@lists.samba.org,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Linux F2FS Dev Mailing List"
<linux-f2fs-devel@lists.sourceforge.net>,
tipc-discussion@lists.sourceforge.net,
"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-mediatek@lists.infradead.org,
"Andrew Morton" <akpm@linux-foundation.org>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
"Christian König" <christian.koenig@amd.com>,
"Mike Rapoport" <rppt@kernel.org>
Subject: Re: [PATCH 2/6] treewide: remove using list iterator after loop body as a ptr
Date: Mon, 28 Feb 2022 16:41:04 -0800 [thread overview]
Message-ID: <CAHk-=whLK11HyvpUtEftOjc3Gup2V77KpAQ2fycj3uai=qceHw@mail.gmail.com> (raw)
In-Reply-To: <FC710A1A-524E-481B-A668-FC258F529A2E@gmail.com>
On Mon, Feb 28, 2022 at 1:47 PM Jakob Koschel <jakobkoschel@gmail.com> wrote:
>
> The goal of this is to get compiler warnings right? This would indeed be great.
Yes, so I don't mind having a one-time patch that has been gathered
using some automated checker tool, but I don't think that works from a
long-term maintenance perspective.
So if we have the basic rule being "don't use the loop iterator after
the loop has finished, because it can cause all kinds of subtle
issues", then in _addition_ to fixing the existing code paths that
have this issue, I really would want to (a) get a compiler warning for
future cases and (b) make it not actually _work_ for future cases.
Because otherwise it will just happen again.
> Changing the list_for_each_entry() macro first will break all of those cases
> (e.g. the ones using 'list_entry_is_head()).
So I have no problems with breaking cases that we basically already
have a patch for due to your automated tool. There were certainly
more than a handful, but it didn't look _too_ bad to just make the
rule be "don't use the iterator after the loop".
Of course, that's just based on that patch of yours. Maybe there are a
ton of other cases that your patch didn't change, because they didn't
match your trigger case, so I may just be overly optimistic here.
But basically to _me_, the important part is that the end result is
maintainable longer-term. I'm more than happy to have a one-time patch
to fix a lot of dubious cases if we can then have clean rules going
forward.
> I assumed it is better to fix those cases first and then have a simple
> coccinelle script changing the macro + moving the iterator into the scope
> of the macro.
So that had been another plan of mine, until I actually looked at
changing the macro. In the one case I looked at, it was ugly beyond
belief.
It turns out that just syntactically, it's really nice to give the
type of the iterator from outside the way we do now. Yeah, it may be a
bit odd, and maybe it's partly because I'm so used to the
"list_for_each_list_entry()" syntax, but moving the type into the loop
construct really made it nasty - either one very complex line, or
having to split it over two lines which was even worse.
Maybe the place I looked at just happened to have a long typename, but
it's basically always going to be a struct, so it's never a _simple_
type. And it just looked very odd adn unnatural to have the type as
one of the "arguments" to that list_for_each_entry() macro.
So yes, initially my idea had been to just move the iterator entirely
inside the macro. But specifying the type got so ugly that I think
that
typeof (pos) pos
trick inside the macro really ends up giving us the best of all worlds:
(a) let's us keep the existing syntax and code for all the nice cases
that did everything inside the loop anyway
(b) gives us a nice warning for any normal use-after-loop case
(unless you explicitly initialized it like that
sgx_mmu_notifier_release() function did for no good reason
(c) also guarantees that even if you don't get a warning,
non-converted (or newly written) bad code won't actually _work_
so you end up getting the new rules without any ambiguity or mistaken
> With this you are no longer able to set the 'outer' pos within the list
> iterator loop body or am I missing something?
Correct. Any assignment inside the loop will be entirely just to the
local loop case. So any "break;" out of the loop will have to set
another variable - like your updated patch did.
> I fail to see how this will make most of the changes in this
> patch obsolete (if that was the intention).
I hope my explanation above clarifies my thinking: I do not dislike
your patch, and in fact your patch is indeed required to make the new
semantics work.
What I disliked was always the maintainability of your patch - making
the rules be something that isn't actually visible in the source code,
and letting the old semantics still work as well as they ever did, and
having to basically run some verification pass to find bad users.
(I also disliked your original patch that mixed up the "CPU
speculation type safety" with the actual non-speculative problems, but
that was another issue).
Linus
next prev parent reply other threads:[~2022-03-01 0:42 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-28 11:08 [PATCH 0/6] Remove usage of list iterator past the loop body Jakob Koschel
2022-02-28 11:08 ` [PATCH 1/6] drivers: usb: remove " Jakob Koschel
2022-02-28 11:24 ` Dan Carpenter
2022-02-28 12:03 ` Jakob Koschel
2022-02-28 13:18 ` Dan Carpenter
2022-02-28 18:20 ` Joe Perches
2022-03-01 5:52 ` Dan Carpenter
2022-02-28 11:08 ` [PATCH 2/6] treewide: remove using list iterator after loop body as a ptr Jakob Koschel
2022-02-28 11:20 ` Greg KH
2022-02-28 12:06 ` Jakob Koschel
2022-03-01 17:37 ` Greg KH
2022-02-28 12:19 ` Christian König
2022-02-28 19:56 ` Linus Torvalds
2022-02-28 20:03 ` Linus Torvalds
2022-02-28 20:10 ` Linus Torvalds
2022-02-28 20:14 ` Linus Torvalds
2022-02-28 20:53 ` Segher Boessenkool
2022-02-28 20:16 ` Matthew Wilcox
2022-02-28 20:27 ` Johannes Berg
2022-02-28 20:41 ` Linus Torvalds
2022-02-28 20:37 ` Linus Torvalds
2022-02-28 23:26 ` Matthew Wilcox
2022-03-01 0:45 ` Linus Torvalds
2022-03-01 0:57 ` Linus Torvalds
2022-03-01 18:14 ` Kees Cook
2022-03-01 18:47 ` Linus Torvalds
2022-03-01 19:01 ` Matthew Wilcox
2022-03-01 3:03 ` David Laight
2022-02-28 21:47 ` Jakob Koschel
2022-03-01 0:41 ` Linus Torvalds [this message]
2022-03-01 6:32 ` Jakub Kicinski
2022-03-01 11:28 ` Jakob Koschel
2022-03-01 17:36 ` Greg KH
2022-03-01 17:40 ` Jakob Koschel
2022-03-01 17:58 ` Greg KH
2022-03-01 18:21 ` Kees Cook
2022-03-02 9:31 ` Xiaomeng Tong
2022-03-02 14:04 ` David Laight
2022-03-03 2:27 ` Xiaomeng Tong
2022-03-03 4:58 ` David Laight
2022-03-03 7:26 ` Xiaomeng Tong
2022-03-03 9:30 ` David Laight
2022-03-03 12:37 ` Xiaomeng Tong
2022-03-03 12:18 ` [Kgdb-bugreport] " Daniel Thompson
2022-03-04 6:59 ` Xiaomeng Tong
2022-03-03 7:32 ` Jakob Koschel
2022-03-03 8:30 ` Xiaomeng Tong
2022-03-03 8:38 ` Xiaomeng Tong
2022-02-28 20:07 ` Christian König
2022-02-28 20:42 ` James Bottomley
2022-02-28 20:56 ` Christian König
2022-02-28 21:13 ` James Bottomley
2022-03-01 7:03 ` Christian König
2022-02-28 22:05 ` Jakob Koschel
2022-02-28 21:18 ` Jeffrey Walton
2022-02-28 21:59 ` Mike Rapoport
2022-02-28 22:28 ` James Bottomley
2022-02-28 22:50 ` Barnabás Pőcze
2022-03-01 0:30 ` Segher Boessenkool
2022-03-01 0:54 ` Linus Torvalds
2022-03-01 19:06 ` Linus Torvalds
2022-03-01 19:42 ` Linus Torvalds
2022-03-01 22:58 ` David Laight
2022-03-01 23:03 ` Linus Torvalds
2022-03-01 23:19 ` David Laight
2022-03-01 23:55 ` Linus Torvalds
2022-03-02 9:29 ` Rasmus Villemoes
2022-03-02 20:07 ` Kees Cook
2022-03-02 20:18 ` Linus Torvalds
2022-03-02 20:59 ` Kees Cook
2022-03-03 8:37 ` Dan Carpenter
2022-03-03 10:56 ` Dan Carpenter
2022-03-01 2:15 ` David Laight
2022-02-28 13:13 ` Dan Carpenter
2022-02-28 11:08 ` [PATCH 3/6] treewide: fix incorrect use to determine if list is empty Jakob Koschel
2022-02-28 11:38 ` Dan Carpenter
2022-02-28 11:08 ` [PATCH 4/6] drivers: remove unnecessary use of list iterator variable Jakob Koschel
2022-02-28 11:08 ` [PATCH 5/6] treewide: remove dereference of list iterator after loop body Jakob Koschel
2022-02-28 11:08 ` [PATCH 6/6] treewide: remove check of list iterator against head past the " Jakob Koschel
2022-02-28 11:22 ` Dominique Martinet
2022-02-28 13:12 ` Dan Carpenter
2022-03-01 20:36 ` Linus Torvalds
2022-03-02 17:14 ` [Intel-gfx] " Tvrtko Ursulin
2022-03-07 15:00 ` [PATCH 0/6] Remove usage of list iterator " Dan Carpenter
2022-03-07 15:26 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whLK11HyvpUtEftOjc3Gup2V77KpAQ2fycj3uai=qceHw@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=alsa-devel@alsa-project.org \
--cc=amd-gfx@lists.freedesktop.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=arnd@arndb.de \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=bjohannesmeyer@gmail.com \
--cc=c.giuffrida@vu.nl \
--cc=christian.koenig@amd.com \
--cc=christophe.jaillet@wanadoo.fr \
--cc=dan.carpenter@oracle.com \
--cc=dmaengine@vger.kernel.org \
--cc=drbd-dev@lists.linbit.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gustavo@embeddedor.com \
--cc=h.j.bos@vu.nl \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jakobkoschel@gmail.com \
--cc=jgg@ziepe.ca \
--cc=keescook@chromium.org \
--cc=kgdb-bugreport@lists.sourceforge.net \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-aspeed@lists.ozlabs.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=linux-tegra@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linux1394-devel@lists.sourceforge.net \
--cc=linux@rasmusvillemoes.dk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=nathan@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nouveau@lists.freedesktop.org \
--cc=rppt@kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=tglx@linutronix.de \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=v9fs-developer@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).