[RFC PATCH 14/21] plist: Use CHECK_DATA_CORRUPTION instead of explicit {BUG,WARN}_ON()

From: Will Deacon
Date: Tue Mar 24 2020 - 11:38:28 EST


CHECK_DATA_CORRUPTION() allows detected data corruption to result
consistently in either a BUG() or a WARN() depending on
CONFIG_BUG_ON_DATA_CORRUPTION.

Use CHECK_DATA_CORRUPTION() to report plist integrity checking failures,
rather than explicit use of BUG_ON() and WARN_ON().

Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Paul E. McKenney <paulmck@xxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Signed-off-by: Will Deacon <will@xxxxxxxxxx>
---
lib/plist.c | 63 ++++++++++++++++++++++++++++++++++-------------------
1 file changed, 40 insertions(+), 23 deletions(-)

diff --git a/lib/plist.c b/lib/plist.c
index c06e98e78259..eb127eaab235 100644
--- a/lib/plist.c
+++ b/lib/plist.c
@@ -29,39 +29,46 @@

static struct plist_head test_head;

-static void plist_check_prev_next(struct list_head *t, struct list_head *p,
- struct list_head *n)
+static bool plist_prev_next_invalid(struct list_head *t, struct list_head *p,
+ struct list_head *n)
{
- WARN(n->prev != p || p->next != n,
- "top: %p, n: %p, p: %p\n"
- "prev: %p, n: %p, p: %p\n"
- "next: %p, n: %p, p: %p\n",
+ return CHECK_DATA_CORRUPTION(n->prev != p || p->next != n,
+ "plist corruption:\n"
+ "\ttop: %p, n: %p, p: %p\n"
+ "\tprev: %p, n: %p, p: %p\n"
+ "\tnext: %p, n: %p, p: %p\n",
t, t->next, t->prev,
p, p->next, p->prev,
n, n->next, n->prev);
}

-static void plist_check_list(struct list_head *top)
+static bool plist_list_invalid(struct list_head *top)
{
struct list_head *prev = top, *next = top->next;
+ bool corruption;

- plist_check_prev_next(top, prev, next);
+ corruption = plist_prev_next_invalid(top, prev, next);
while (next != top) {
prev = next;
next = prev->next;
- plist_check_prev_next(top, prev, next);
+ corruption |= plist_prev_next_invalid(top, prev, next);
}
+
+ return corruption;
}

-static void plist_check_head(struct plist_head *head)
+static bool plist_head_valid(struct plist_head *head)
{
+ bool corruption = false;
+
if (!plist_head_empty(head))
- plist_check_list(&plist_first(head)->prio_list);
- plist_check_list(&head->node_list);
+ corruption |= plist_list_invalid(&plist_first(head)->prio_list);
+ corruption |= plist_list_invalid(&head->node_list);
+ return !corruption;
}

#else
-# define plist_check_head(h) do { } while (0)
+# define plist_head_valid(h) (true)
#endif

/**
@@ -75,9 +82,12 @@ void plist_add(struct plist_node *node, struct plist_head *head)
struct plist_node *first, *iter, *prev = NULL;
struct list_head *node_next = &head->node_list;

- plist_check_head(head);
- WARN_ON(!plist_node_empty(node));
- WARN_ON(!list_empty(&node->prio_list));
+ if (!plist_head_valid(head) ||
+ CHECK_DATA_CORRUPTION(!plist_node_empty(node),
+ "plist_add corruption. node list is not empty.\n") ||
+ CHECK_DATA_CORRUPTION(!list_empty(&node->prio_list),
+ "plist_add corruption. node prio list is not empty.\n"))
+ return;

if (plist_head_empty(head))
goto ins_node;
@@ -100,7 +110,8 @@ void plist_add(struct plist_node *node, struct plist_head *head)
ins_node:
list_add_tail(&node->node_list, node_next);

- plist_check_head(head);
+ if (!plist_head_valid(head))
+ return;
}

/**
@@ -111,7 +122,8 @@ void plist_add(struct plist_node *node, struct plist_head *head)
*/
void plist_del(struct plist_node *node, struct plist_head *head)
{
- plist_check_head(head);
+ if (!plist_head_valid(head))
+ return;

if (!list_empty(&node->prio_list)) {
if (node->node_list.next != &head->node_list) {
@@ -129,7 +141,8 @@ void plist_del(struct plist_node *node, struct plist_head *head)

list_del_init(&node->node_list);

- plist_check_head(head);
+ if (!plist_head_valid(head))
+ return;
}

/**
@@ -147,9 +160,12 @@ void plist_requeue(struct plist_node *node, struct plist_head *head)
struct plist_node *iter;
struct list_head *node_next = &head->node_list;

- plist_check_head(head);
- BUG_ON(plist_head_empty(head));
- BUG_ON(plist_node_empty(node));
+ if (!plist_head_valid(head) ||
+ CHECK_DATA_CORRUPTION(plist_head_empty(head),
+ "plist_requeue corruption. head list is empty.\n") ||
+ CHECK_DATA_CORRUPTION(plist_node_empty(node),
+ "plist_requeue corruption. node list is empty.\n"))
+ return;

if (node == plist_last(head))
return;
@@ -169,7 +185,8 @@ void plist_requeue(struct plist_node *node, struct plist_head *head)
}
list_add_tail(&node->node_list, node_next);

- plist_check_head(head);
+ if (!plist_head_valid(head))
+ return;
}

#ifdef CONFIG_CHECK_INTEGRITY_PLIST
--
2.20.1