[PATCH 2/2] llist: introduce llist_entry_safe()

From: Alexander Potapenko
Date: Fri Sep 23 2016 - 09:23:30 EST

Next message: Rob Herring: "Re: [PATCH 04/10] [v3] dt-bindings: qoriq-clock: update for more SoCs"
Previous message: Alexander Potapenko: "[PATCH 0/2] Clang: avoid undefined behavior in llist iterators"
In reply to: Alexander Potapenko: "[PATCH 0/2] Clang: avoid undefined behavior in llist iterators"
Next in thread: Alexander Potapenko: "[PATCH 1/2] include/linux: provide a safe version of container_of()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently llist_for_each_entry() and llist_for_each_entry_safe() iterate
until &pos->member != NULL. But when building the kernel with Clang, the
compiler assumes &pos->member cannot be NULL if the member's offset is
greater than 0. Therefore the loop condition is always true, and the
loops become infinite.

To work around this, introduce llist_entry_safe(), which returns NULL
for NULL pointers, and additionally check that pos is not NULL in the
list iterators before dereferencing it.

Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
---
include/linux/llist.h | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/include/linux/llist.h b/include/linux/llist.h
index fd4ca0b..e17ae8a 100644
--- a/include/linux/llist.h
+++ b/include/linux/llist.h
@@ -88,6 +88,16 @@ static inline void init_llist_head(struct llist_head *list)
container_of(ptr, type, member)

/**
+ * llist_entry_safe - get the struct of this entry without overflowing
+ * @ptr: the &struct llist_node pointer.
+ * @type: the type of the struct this is embedded in.
+ * @member: the name of the llist_node within the struct.
+ */
+#define llist_entry_safe(ptr, type, member) \
+ container_of_safe(ptr, type, member)
+
+
+/**
* llist_for_each - iterate over some deleted entries of a lock-less list
* @pos: the &struct llist_node to use as a loop cursor
* @node: the first entry of deleted list entries
@@ -120,9 +130,10 @@ static inline void init_llist_head(struct llist_head *list)
* reverse the order by yourself before traversing.
*/
#define llist_for_each_entry(pos, node, member) \
- for ((pos) = llist_entry((node), typeof(*(pos)), member); \
- &(pos)->member != NULL; \
- (pos) = llist_entry((pos)->member.next, typeof(*(pos)), member))
+ for ((pos) = llist_entry_safe((node), typeof(*(pos)), member); \
+ pos != NULL && &(pos)->member != NULL; \
+ (pos) = llist_entry_safe((pos)->member.next, \
+ typeof(*(pos)), member))

/**
* llist_for_each_entry_safe - iterate over some deleted entries of lock-less list of given type
@@ -141,10 +152,11 @@ static inline void init_llist_head(struct llist_head *list)
* you want to traverse from the oldest to the newest, you must
* reverse the order by yourself before traversing.
*/
-#define llist_for_each_entry_safe(pos, n, node, member) \
- for (pos = llist_entry((node), typeof(*pos), member); \
- &pos->member != NULL && \
- (n = llist_entry(pos->member.next, typeof(*n), member), true); \
+#define llist_for_each_entry_safe(pos, n, node, member) \
+ for (pos = llist_entry_safe((node), typeof(*pos), member); \
+ pos != NULL && &pos->member != NULL && \
+ (n = llist_entry_safe(pos->member.next, typeof(*n), member), \
+ true); \
pos = n)

/**
--
2.8.0.rc3.226.g39d4020

Next message: Rob Herring: "Re: [PATCH 04/10] [v3] dt-bindings: qoriq-clock: update for more SoCs"
Previous message: Alexander Potapenko: "[PATCH 0/2] Clang: avoid undefined behavior in llist iterators"
In reply to: Alexander Potapenko: "[PATCH 0/2] Clang: avoid undefined behavior in llist iterators"
Next in thread: Alexander Potapenko: "[PATCH 1/2] include/linux: provide a safe version of container_of()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]