Am 01.04.22 um 00:03 schrieb Jakob Koschel:
> When list_for_each_entry() completes the iteration over the whole list
> without breaking the loop, the iterator value will be a bogus pointer
> computed based on the head element.
>
> While it is safe to use the pointer to determine if it was computed
> based on the head element, either with list_entry_is_head() or
> &pos->member == head, using the iterator variable after the loop should
> be avoided.
>
> In preparation to limit the scope of a list iterator to the list
> traversal loop, use a dedicated pointer to point to the found element [1].
>
> Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1]
> Signed-off-by: Jakob Koschel <[email protected]>
> ---
> drivers/block/drbd/drbd_req.c | 42 ++++++++++++++++++++++-------------
> 1 file changed, 27 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c
> index c04394518b07..b2571dc77fe6 100644
> --- a/drivers/block/drbd/drbd_req.c
> +++ b/drivers/block/drbd/drbd_req.c
> @@ -332,17 +332,21 @@ static void set_if_null_req_next(struct drbd_peer_device *peer_device, struct dr
> static void advance_conn_req_next(struct drbd_peer_device *peer_device, struct drbd_request *req)
> {
> struct drbd_connection *connection = peer_device ? peer_device->connection : NULL;
> + struct drbd_request *iter = req;
> if (!connection)
> return;
> if (connection->req_next != req)
> return;
> - list_for_each_entry_continue(req, &connection->transfer_log, tl_requests) {
> - const unsigned s = req->rq_state;
> - if (s & RQ_NET_QUEUED)
> +
> + req = NULL;
> + list_for_each_entry_continue(iter, &connection->transfer_log, tl_requests) {
> + const unsigned int s = iter->rq_state;
> +
> + if (s & RQ_NET_QUEUED) {
> + req = iter;
> break;
> + }
> }
> - if (&req->tl_requests == &connection->transfer_log)
> - req = NULL;
> connection->req_next = req;
> }
>
> @@ -358,17 +362,21 @@ static void set_if_null_req_ack_pending(struct drbd_peer_device *peer_device, st
> static void advance_conn_req_ack_pending(struct drbd_peer_device *peer_device, struct drbd_request *req)
> {
> struct drbd_connection *connection = peer_device ? peer_device->connection : NULL;
> + struct drbd_request *iter = req;
> if (!connection)
> return;
> if (connection->req_ack_pending != req)
> return;
> - list_for_each_entry_continue(req, &connection->transfer_log, tl_requests) {
> - const unsigned s = req->rq_state;
> - if ((s & RQ_NET_SENT) && (s & RQ_NET_PENDING))
> +
> + req = NULL;
> + list_for_each_entry_continue(iter, &connection->transfer_log, tl_requests) {
> + const unsigned int s = iter->rq_state;
> +
> + if ((s & RQ_NET_SENT) && (s & RQ_NET_PENDING)) {
> + req = iter;
> break;
> + }
> }
> - if (&req->tl_requests == &connection->transfer_log)
> - req = NULL;
> connection->req_ack_pending = req;
> }
>
> @@ -384,17 +392,21 @@ static void set_if_null_req_not_net_done(struct drbd_peer_device *peer_device, s
> static void advance_conn_req_not_net_done(struct drbd_peer_device *peer_device, struct drbd_request *req)
> {
> struct drbd_connection *connection = peer_device ? peer_device->connection : NULL;
> + struct drbd_request *iter = req;
> if (!connection)
> return;
> if (connection->req_not_net_done != req)
> return;
> - list_for_each_entry_continue(req, &connection->transfer_log, tl_requests) {
> - const unsigned s = req->rq_state;
> - if ((s & RQ_NET_SENT) && !(s & RQ_NET_DONE))
> +
> + req = NULL;
> + list_for_each_entry_continue(iter, &connection->transfer_log, tl_requests) {
> + const unsigned int s = iter->rq_state;
> +
> + if ((s & RQ_NET_SENT) && !(s & RQ_NET_DONE)) {
> + req = iter;
> break;
> + }
> }
> - if (&req->tl_requests == &connection->transfer_log)
> - req = NULL;
> connection->req_not_net_done = req;
> }
>
Hi Jakob,
Both of these look good to me, thanks.
Reviewed-by: Christoph Böhmwalder <[email protected]>
Regards, Christoph
On 3/31/22 4:28 PM, Christoph B?hmwalder wrote:
> Am 01.04.22 um 00:03 schrieb Jakob Koschel:
>> When list_for_each_entry() completes the iteration over the whole list
>> without breaking the loop, the iterator value will be a bogus pointer
>> computed based on the head element.
>>
>> While it is safe to use the pointer to determine if it was computed
>> based on the head element, either with list_entry_is_head() or
>> &pos->member == head, using the iterator variable after the loop should
>> be avoided.
>>
>> In preparation to limit the scope of a list iterator to the list
>> traversal loop, use a dedicated pointer to point to the found element [1].
>>
>
> Hi Jakob,
>
> Both of these look good to me, thanks.
>
> Reviewed-by: Christoph B?hmwalder <[email protected]>
Applied both, but shortened title of this commit. Jakob, please keep it
within the usual 74 chars. In general, it's great to use a cover letter
for anything that's more than one patch. Just some pointers if you're
doing more of these.
--
Jens Axboe