[PATCH 1/2] include/linux: provide a safe version of container_of()
From: Alexander Potapenko
Date: Fri Sep 23 2016 - 09:24:11 EST
Some code relies on "negative" (i.e. too big) pointer values being
returned by container_of() when its first argument is NULL. But doing
so breaks the compiler's assumptions that pointer arithmetic never
overflows.
container_of_safe() checks its arguments and returns NULL in the case
the member offset within the container is greater than the pointer to
the member, otherwise it returns the result of container_of().
Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
---
Note that checkpatch.pl reports whitespace problems in this patch, but
the diff is consistent with the rest of the file.
---
include/linux/kernel.h | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index d96a611..820b134 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -831,6 +831,21 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
const typeof( ((type *)0)->member ) *__mptr = (ptr); \
(type *)( (char *)__mptr - offsetof(type,member) );})
+/**
+ * container_of_safe - safe version of container_of
+ * @ptr: the pointer to the member.
+ * @type: the type of the container struct this is embedded in.
+ * @member: the name of the member within the struct.
+ *
+ * In the case the value of @ptr is smaller than the offset of @member within
+ * @type, return 0.
+ */
+#define container_of_safe(ptr, type, member) ({ \
+ const typeof( ((type *)0)->member ) *__mptr = (ptr); \
+ (size_t)__mptr >= offsetof(type,member) ? \
+ (type *)( (char *)__mptr - offsetof(type,member) ) : (type *)0 ;})
+
+
/* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */
#ifdef CONFIG_FTRACE_MCOUNT_RECORD
# define REBUILD_DUE_TO_FTRACE_MCOUNT_RECORD
--
2.8.0.rc3.226.g39d4020