From: Jason Gunthorpe <jgg@ziepe.ca>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jakob <jakobkoschel@gmail.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Arnd Bergman <arnd@arndb.de>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Mike Rapoport <rppt@kernel.org>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Brian Johannesmeyer <bjohannesmeyer@gmail.com>,
Cristiano Giuffrida <c.giuffrida@vu.nl>,
"Bos, H.J." <h.j.bos@vu.nl>
Subject: Re: [RFC PATCH 04/13] vfio/mdev: remove the usage of the list iterator after the loop
Date: Wed, 23 Feb 2022 15:12:22 -0400 [thread overview]
Message-ID: <20220223191222.GC10361@ziepe.ca> (raw)
In-Reply-To: <CAHk-=wir=xabJ73Upk1dsuoMKWTTjTfeLFJ=p2S0yRYYaxW4fA@mail.gmail.com>
On Wed, Feb 23, 2022 at 11:06:03AM -0800, Linus Torvalds wrote:
> And as such, you not only can't dereference it, but you also shouldn't
> even compare pointer values - because the pointer arithmetic that was
> valid for loop entries is not valid for the HEAD entry that is
> embedded in another type. So the pointer arithmetic might have turned
> it into a pointer outside the real container of the HEAD, and might
> actually match something else.
Yes, this is what I had put together as well about this patch, and I
think it is OK as-is. In this case the list head is in the .bss of a
module so I don't think it is very likely that the type confused
container_of() will alias a kalloc result, but it is certainly
technically wrong as-is.
> So elsewhere I suggested that the fix to "you can't use the pointer
> outside the loop" be made to literally disallow it (using C99 for-loop
> variables seems the cleanest model), and have the compiler refuse to
> touch code that tries to use the loop iterator outside.
Oh yes, that would be really nice solution.
Jason
next prev parent reply other threads:[~2022-02-23 19:12 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-17 18:48 [RFC PATCH 00/13] Proposal for speculative safe list iterator Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 01/13] list: introduce speculative safe list_for_each_entry() Jakob Koschel
2022-02-17 19:29 ` Greg Kroah-Hartman
2022-02-18 16:29 ` Jann Horn
2022-02-18 16:29 ` Jann Horn
2022-02-23 14:32 ` Jakob
2022-02-19 19:44 ` Jann Horn
2022-02-17 18:48 ` [RFC PATCH 02/13] scripts: coccinelle: adapt to find list_for_each_entry nospec issues Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 03/13] usb: remove the usage of the list iterator after the loop Jakob Koschel
2022-02-17 19:28 ` Linus Torvalds
2022-02-23 14:13 ` Jakob
2022-02-23 14:16 ` Jakob
2022-02-24 10:33 ` Greg Kroah-Hartman
2022-02-24 17:56 ` Linus Torvalds
[not found] ` <6d191223d93249a98511177d4af08420@pexch012b.vu.local>
2022-02-24 10:46 ` Cristiano Giuffrida
2022-02-24 11:26 ` Greg Kroah-Hartman
2022-02-23 18:47 ` Linus Torvalds
2022-02-23 19:23 ` Linus Torvalds
2022-02-23 19:43 ` Linus Torvalds
2022-02-23 20:24 ` Arnd Bergmann
2022-02-23 20:43 ` Linus Torvalds
2022-02-23 20:48 ` Arnd Bergmann
2022-02-23 21:53 ` Linus Torvalds
2022-02-24 16:04 ` Nathan Chancellor
2022-02-23 20:54 ` Linus Torvalds
2022-02-23 22:21 ` David Laight
2022-02-25 21:36 ` Uecker, Martin
2022-02-25 22:02 ` Linus Torvalds
2022-02-26 1:21 ` Martin Uecker
2022-02-27 18:12 ` Miguel Ojeda
2022-02-28 7:08 ` Martin Uecker
2022-02-28 13:49 ` Miguel Ojeda
2022-03-01 20:26 ` Linus Torvalds
2022-03-02 7:27 ` Martin Uecker
2022-02-26 12:42 ` Segher Boessenkool
2022-02-26 22:14 ` Arnd Bergmann
2022-02-26 23:03 ` Linus Torvalds
2022-02-27 1:19 ` Segher Boessenkool
2022-02-27 1:09 ` Segher Boessenkool
2022-02-27 7:10 ` David Laight
2022-02-27 11:32 ` Segher Boessenkool
2022-02-27 18:09 ` Miguel Ojeda
2022-02-27 20:17 ` Segher Boessenkool
2022-02-27 21:04 ` Linus Torvalds
2022-02-28 6:15 ` David Laight
2022-02-27 22:43 ` Miguel Ojeda
2022-02-27 21:28 ` Arnd Bergmann
2022-02-27 22:43 ` Segher Boessenkool
2022-02-17 18:48 ` [RFC PATCH 04/13] vfio/mdev: " Jakob Koschel
2022-02-18 15:12 ` Jason Gunthorpe
2022-02-23 14:18 ` Jakob
2022-02-23 19:06 ` Linus Torvalds
2022-02-23 19:12 ` Jason Gunthorpe [this message]
2022-02-23 19:31 ` Linus Torvalds
2022-02-23 20:15 ` Jakob
2022-02-23 20:22 ` Linus Torvalds
2022-02-23 22:08 ` Jakob
2022-02-23 20:19 ` Rasmus Villemoes
2022-02-23 20:34 ` Linus Torvalds
2022-02-17 18:48 ` [RFC PATCH 05/13] drivers/perf: " Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 06/13] ARM: mmp: " Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 07/13] udp_tunnel: " Jakob Koschel
2022-02-23 20:00 ` Christophe JAILLET
2022-02-24 6:20 ` Dan Carpenter
2022-02-17 18:48 ` [RFC PATCH 08/13] net: dsa: future proof usage of " Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 09/13] drbd: " Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 10/13] powerpc/spufs: " Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 11/13] ath6kl: remove use " Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 12/13] staging: greybus: audio: Remove usage " Jakob Koschel
2022-02-17 18:48 ` [RFC PATCH 13/13] scsi: mpt3sas: comment about invalid usage of the list iterator Jakob Koschel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220223191222.GC10361@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=arnd@arndb.de \
--cc=bjohannesmeyer@gmail.com \
--cc=c.giuffrida@vu.nl \
--cc=gregkh@linuxfoundation.org \
--cc=gustavo@embeddedor.com \
--cc=h.j.bos@vu.nl \
--cc=jakobkoschel@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).