Re: [GIT PULL] arm64: updates for 4.15

From: Will Deacon
Date: Thu Nov 16 2017 - 06:51:50 EST

Next message: Chao Yu: "[PATCH 3/4] f2fs: avoid memory leak in f2fs_write_root_inode"
Previous message: SF Markus Elfring: "[PATCH 0/3] ALSA: korg1212: Fine-tuning for three function implementations"
Next in thread: Linus Torvalds: "Re: [GIT PULL] arm64: updates for 4.15"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

On Wed, Nov 15, 2017 at 11:13:51AM -0800, Linus Torvalds wrote:
> On Tue, Nov 14, 2017 at 12:11 PM, Will Deacon <will.deacon@xxxxxxx> wrote:
> >
> > Please pull the following arm64 updates
>
> Pulled. However, looking at the non-arm changes, I noticed this:
>
> static inline int irq_is_percpu_devid(unsigned int irq)
> ...
> return desc->status_use_accessors & IRQ_PER_CPU_DEVID;
>
> and it matches the existing pattern in that file, so it is fine and
> I'm not complaining about this pull.

Thanks.

> But that existing pattern happens to be very dangerous and bad.
>
> In particular, what can (and _has_ happened) is that people end up
> using these functions that return true or false, and they assign the
> result to something like a bitfield (or a char) or whatever.
>
> And the code looks *obviously* correct, when you have things like
>
> dev->percpu = irq_is_percpu_devid(dev->irq);
>
> and that "percpu" thing is just one status bit among many. It may even
> *work*, because maybe that "percpu" flag ends up not being all that
> important, or it just happens to never be set on the particular
> hardware that people end up testing.
>
> But while it looks obviously correct, and might even work, it's really
> fundamentally broken. Because that "true or false" function didn't
> actually return 0/1, it returned 0 or 0x20000.
>
> And 0x20000 may not fit in a bitmask or a "char" or whatever.
>
> So I'm not a huge fan of "bool" in structures etc (a "unsigned int
> percpu:1" really is fundamentally much better), but when it comes to
> inline helper functions like this, "bool" really is the right return
> type, because it avoids these issues, and turns the return value to
> 0/1 if you actually use it in an integer context.

Yes, that makes sense and just returning bool matches the code in
kernel/irq/settings.h which is the other direct user of
status_use_accessors. The small handful of callers also treat the returned
value as a bool (as you'd expect), so we're good.

Patch below.

Will

--->8

Next message: Chao Yu: "[PATCH 3/4] f2fs: avoid memory leak in f2fs_write_root_inode"
Previous message: SF Markus Elfring: "[PATCH 0/3] ALSA: korg1212: Fine-tuning for three function implementations"
Next in thread: Linus Torvalds: "Re: [GIT PULL] arm64: updates for 4.15"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]