lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1495195570-5249-1-git-send-email-sakari.ailus@linux.intel.com>
Date:   Fri, 19 May 2017 15:06:10 +0300
From:   Sakari Ailus <sakari.ailus@...ux.intel.com>
To:     linux-kernel@...r.kernel.org
Cc:     laurent.pinchart@...asonboard.com
Subject: [RFC 1/1] linux/kernel.h: const-safe container_of() macro

Make container_of() macro const-safe by using _Generic selections.

It's easy to mistakenly pass a const ptr argument to container_of() and
use a non-const type for the container struct, which results in a
non-const reference to a struct that used to be const. This type of errors
are currently not flagged during compilation.

Another useful case for this is to provide a const-safe conversion between
different structs such as OF specific struct device_node and the more
generic struct fwnode_handle. const-ness of the argument is preserved in
the conversion and const warnings will be flagged by the compiler.

The "default" selection will match if the ptr argument is not const. The
"const typeof(*(ptr)) *" selection will match otherwise: constifying a
const type does not change it.

Signed-off-by: Sakari Ailus <sakari.ailus@...ux.intel.com>
---
Hi folks,

This patch currently triggers a large number of compiler warnings and not
necessarily all of the cases are at fault but nevertheless this suggests
that there could be issues.

I haven't checked most of the locations where the warnings are emitted and
rather wanted to ask about the approach.

Another option to support e.g. const-safe conversion could be to add a new
macro and leave the existing one as-is. This has the drawback of not
drawing attention to potential const-correctness issues.

Regards,
Sakari

 include/linux/kernel.h | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 13bc08a..ddd4987 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -850,10 +850,20 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
  * @member:	the name of the member within the struct.
  *
  */
-#define container_of(ptr, type, member) ({			\
+#define ____container_of(ptr, type, member) ({			\
 	const typeof( ((type *)0)->member ) *__mptr = (ptr);	\
 	(type *)( (char *)__mptr - offsetof(type,member) );})
 
+#if GCC_VERSION >= 40900 /* GCC 4.9 added support for _Generic */
+#define container_of(ptr, type, member)					\
+	_Generic((ptr),							\
+		 default: ____container_of(ptr, type, member),		\
+		 const typeof(*(ptr)) *: ____container_of(ptr, const type, \
+							  member))
+#else
+#define container_of(ptr, type, member) ____container_of(ptr, type, member)
+#endif
+
 /* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
 #ifdef CONFIG_FTRACE_MCOUNT_RECORD
 # define REBUILD_DUE_TO_FTRACE_MCOUNT_RECORD
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ