Received: by 2002:a05:6512:3d0e:0:0:0:0 with SMTP id d14csp39428lfv; Tue, 12 Apr 2022 16:22:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzUfVlJFrR+cAkH63oO2XxqVsE4LGq29eYEzYR/JxJA6vBy2lpf5PCAEQv7P+DiXQCivYB2 X-Received: by 2002:a05:6a00:1814:b0:505:b3c5:7fe2 with SMTP id y20-20020a056a00181400b00505b3c57fe2mr15021474pfa.81.1649805753855; Tue, 12 Apr 2022 16:22:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649805753; cv=none; d=google.com; s=arc-20160816; b=e3B2LgASo4umLAhQ50vqUXWEElXzxrXgb96T4h5/fdI4ZUEd4FESH1p+aAcntKqQke xqSh0uoZaCoqjvFtmOIiBjRwJ+ZNCrwl5HgEDfx6t+NXeiwU06fncdE3tUfnOkpzc4u2 FQiT5n7An8sWzGEMOVLxcUROakzhuMbfTZV/qBi0JCwNQGam2tTw5l9ZUv+QBj6lgQwI l9bOGx8m0nblwYxJY9AbQC8rKwAS2DBllLDHxpszNfRfgnj4peR8AxHhpmpNfKKvUWM7 GO1gPv99UdOQc9Uv1HhIGlxelYlVwYyQbKXiBKYeOe8VQnMtKm3Z2i6QsYMpL124VuY+ vmzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=kn52YjxRP3HqWkZew8Ipsml5lgWqK7Cz8BCyoXhoZV0=; b=vyrGFcHTo61QlOhg6FZKuxUMhJierYVtRltdEBSljGCFeCa9YVCwmwubhJvyFkhNGy ndXmkMFjR4IrY7SrVt2aMZHx50BP6hpdotJGGdTUA0EbCHnC+siLIg2L3b4X2O+wYlNm 7IRxAuuyVEonZbWxX+LaQVDljqWf480PW4uRBeatRz6uS5IdoX3Lfdz6C67wR9bwSHuL 1tEzDWtP/TjVz7KZfJqwsDzcxa4rDmzoFJR3g0W2wyZSrIaCrxWwzetxH0fZ1k5DsyQs XIa7Z/H5GuQNpf0DJzCYhMcoqAvF3KjW0U2KqDKVPc+DEHZuDX9TDOEddRfl7MmJnNQ9 IQhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=nRLdihQf; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id m18-20020a170902e41200b0015827ec0073si11683423ple.452.2022.04.12.16.22.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 16:22:33 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=nRLdihQf; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 49104EBB93; Tue, 12 Apr 2022 14:14:32 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237933AbiDJKyw (ORCPT + 99 others); Sun, 10 Apr 2022 06:54:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32918 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237695AbiDJKyr (ORCPT ); Sun, 10 Apr 2022 06:54:47 -0400 Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66A5B53732; Sun, 10 Apr 2022 03:52:36 -0700 (PDT) Received: by mail-wm1-x32d.google.com with SMTP id o20-20020a05600c511400b0038ebbbb2ad8so31384wms.0; Sun, 10 Apr 2022 03:52:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kn52YjxRP3HqWkZew8Ipsml5lgWqK7Cz8BCyoXhoZV0=; b=nRLdihQfsUp6sOWD/nbTtvNLMahUa3M3qne1N4xH/AydXioUpWdhPubJA7eKSeUhUx w7d3384iWpbwTVWDQ5IUJJCPhtwaReM2CJXXTO/XSehw11KmHBhBWieY7Zk6xsXzv21m skJn3JmdAjUG2epzSVL6LxvoZn5f6484C94OUEWBatIBJThlje5Vl24BLML0OAbKFBf4 JoK4FeewUjOWymiDKBcTdUeW+b5K4PdGOsmBQRzYKwD95fu4KTLRsOp4CBB7zCKvAzVp fFBRADeBE0V+wggy8Z+EAOwfk/e0dCyodl8fN0fVs8HTJpf264mgZaTeMPaYciEiD0kr o3Zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kn52YjxRP3HqWkZew8Ipsml5lgWqK7Cz8BCyoXhoZV0=; b=MNqCXIXuRKnTaGaKFEju3uUs61AnCsgZPE7ewXqmDFbZGzMgFzX5cy7W5glf174OAY Z7OTEI2TN2U2l1fAi+xaKdrDEBjQLPQJOmXBQiF5uaC177wcfUOyVDVsIBvaP3lWtFyk WZl82HagHylM5VRdYWC9lA4fnvb4bM4zwNbOECdd3j9UsKsyJvNGhCtYo3sblVOvaUzC QNJNyU4lp+qki6DOIe3+FaPx9BZF4IgG/3I2yqPotghkCdMesqOckX203wz72td1fsaZ BDL03HKUQ5tB+yjhh7J+0JHRLmgm24y8kaHVXp1pPrqfYLwmtp9ctiXhaRq4/zqf6znQ qLig== X-Gm-Message-State: AOAM532EiUlqB1dVv6oisf20C+mOCVm454tDItYsY9OxpN0ofvtrt0XY Z7zrplCRgkHSplflZuEbjhM= X-Received: by 2002:a05:600c:5111:b0:38e:3535:b258 with SMTP id o17-20020a05600c511100b0038e3535b258mr24017702wms.169.1649587954790; Sun, 10 Apr 2022 03:52:34 -0700 (PDT) Received: from smtpclient.apple ([109.190.253.11]) by smtp.gmail.com with ESMTPSA id h9-20020a05600c350900b0038cbcbcf994sm15712375wmq.36.2022.04.10.03.52.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 10 Apr 2022 03:52:34 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\)) Subject: Re: [PATCH net-next 02/15] net: dsa: sja1105: Remove usage of iterator for list_add() after loop From: Jakob Koschel In-Reply-To: Date: Sun, 10 Apr 2022 12:51:56 +0200 Cc: "David S. Miller" , Jakub Kicinski , Paolo Abeni , Andrew Lunn , Vivien Didelot , Florian Fainelli , Lars Povlsen , Steen Hegelund , UNGLinuxDriver@microchip.com, Ariel Elior , Manish Chopra , Edward Cree , Martin Habets , Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , Jiri Pirko , Casper Andersson , Bjarni Jonasson , Colin Ian King , Michael Walle , Christophe JAILLET , Arnd Bergmann , Eric Dumazet , Di Zhu , Xu Wang , Netdev , LKML , Linux ARM , linuxppc-dev , Mike Rapoport , Brian Johannesmeyer , Cristiano Giuffrida , "Bos, H.J." Content-Transfer-Encoding: quoted-printable Message-Id: References: <20220407102900.3086255-1-jakobkoschel@gmail.com> <20220407102900.3086255-3-jakobkoschel@gmail.com> <20220408114120.tvf2lxvhfqbnrlml@skbuf> To: Vladimir Oltean X-Mailer: Apple Mail (2.3696.80.82.1.1) X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SBL_CSS, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey Vladimir, > On 9. Apr 2022, at 01:54, Jakob Koschel = wrote: >=20 > Hello Vladimir, >=20 >> On 8. Apr 2022, at 13:41, Vladimir Oltean wrote: >>=20 >> Hello Jakob, >>=20 >> On Thu, Apr 07, 2022 at 12:28:47PM +0200, Jakob Koschel wrote: >>> In preparation to limit the scope of a list iterator to the list >>> traversal loop, use a dedicated pointer to point to the found = element [1]. >>>=20 >>> Before, the code implicitly used the head when no element was found >>> when using &pos->list. Since the new variable is only set if an >>> element was found, the list_add() is performed within the loop >>> and only done after the loop if it is done on the list head = directly. >>>=20 >>> Link: = https://lore.kernel.org/all/CAHk-=3DwgRr_D8CB-D9Kg-c=3DEHreAsk5SqXPwr9Y7k9= sA6cWXJ6w@mail.gmail.com/ [1] >>> Signed-off-by: Jakob Koschel >>> --- >>> drivers/net/dsa/sja1105/sja1105_vl.c | 14 +++++++++----- >>> 1 file changed, 9 insertions(+), 5 deletions(-) >>>=20 >>> diff --git a/drivers/net/dsa/sja1105/sja1105_vl.c = b/drivers/net/dsa/sja1105/sja1105_vl.c >>> index b7e95d60a6e4..cfcae4d19eef 100644 >>> --- a/drivers/net/dsa/sja1105/sja1105_vl.c >>> +++ b/drivers/net/dsa/sja1105/sja1105_vl.c >>> @@ -27,20 +27,24 @@ static int sja1105_insert_gate_entry(struct = sja1105_gating_config *gating_cfg, >>> if (list_empty(&gating_cfg->entries)) { >>> list_add(&e->list, &gating_cfg->entries); >>> } else { >>> - struct sja1105_gate_entry *p; >>> + struct sja1105_gate_entry *p =3D NULL, *iter; >>>=20 >>> - list_for_each_entry(p, &gating_cfg->entries, list) { >>> - if (p->interval =3D=3D e->interval) { >>> + list_for_each_entry(iter, &gating_cfg->entries, list) { >>> + if (iter->interval =3D=3D e->interval) { >>> NL_SET_ERR_MSG_MOD(extack, >>> "Gate conflict"); >>> rc =3D -EBUSY; >>> goto err; >>> } >>>=20 >>> - if (e->interval < p->interval) >>> + if (e->interval < iter->interval) { >>> + p =3D iter; >>> + list_add(&e->list, iter->list.prev); >>> break; >>> + } >>> } >>> - list_add(&e->list, p->list.prev); >>> + if (!p) >>> + list_add(&e->list, gating_cfg->entries.prev); >>> } >>>=20 >>> gating_cfg->num_entries++; >>> --=20 >>> 2.25.1 >>>=20 >>=20 >> I apologize in advance if I've misinterpreted the end goal of your = patch. >> I do have a vague suspicion I understand what you're trying to = achieve, >> and in that case, would you mind using this patch instead of yours? >=20 > I think you are very much spot on! >=20 >> I think it still preserves the intention of the code in a clean = manner. >>=20 >> -----------------------------[ cut here = ]----------------------------- >> =46rom 7aed740750d1bc3bff6e85fd33298f5905bb4e01 Mon Sep 17 00:00:00 = 2001 >> From: Vladimir Oltean >> Date: Fri, 8 Apr 2022 13:55:14 +0300 >> Subject: [PATCH] net: dsa: sja1105: avoid use of type-confused = pointer in >> sja1105_insert_gate_entry() >>=20 >> It appears that list_for_each_entry() leaks a type-confused pointer = when >> the iteration loop ends with no early break, since "*p" will no = longer >> point to a "struct sja1105_gate_entry", but rather to some memory in >> front of "gating_cfg->entries". >>=20 >> This isn't actually a problem here, because if the element we insert = has >> the highest interval, therefore we never exit the loop early, = "p->list" >> (which is all that we use outside the loop) will in fact point to >> "gating_cfg->entries" even though "p" itself is invalid. >>=20 >> Nonetheless, there are preparations to increase the safety of >> list_for_each_entry() by making it impossible to use the = encapsulating >> structure of the iterator element outside the loop. So something = needs >> to change here before those preparations go in, even though this >> constitutes legitimate use. >>=20 >> Make it clear that we are not dereferencing members of the = encapsulating >> "struct sja1105_gate_entry" outside the loop, by using the regular >> list_for_each() iterator, and dereferencing the struct = sja1105_gate_entry >> only within the loop. >>=20 >> With list_for_each(), the iterator element at the end of the loop = does >> have a sane value in all cases, and we can just use that as the = "head" >> argument of list_add(). >>=20 >> Signed-off-by: Vladimir Oltean >> --- >> drivers/net/dsa/sja1105/sja1105_vl.c | 12 +++++++++--- >> 1 file changed, 9 insertions(+), 3 deletions(-) >>=20 >> diff --git a/drivers/net/dsa/sja1105/sja1105_vl.c = b/drivers/net/dsa/sja1105/sja1105_vl.c >> index c0e45b393fde..fe93c80fe5ef 100644 >> --- a/drivers/net/dsa/sja1105/sja1105_vl.c >> +++ b/drivers/net/dsa/sja1105/sja1105_vl.c >> @@ -27,9 +27,15 @@ static int sja1105_insert_gate_entry(struct = sja1105_gating_config *gating_cfg, >> if (list_empty(&gating_cfg->entries)) { >> list_add(&e->list, &gating_cfg->entries); >> } else { >> - struct sja1105_gate_entry *p; >> + struct list_head *pos; >> + >> + /* We cannot safely use list_for_each_entry() >> + * because we dereference "pos" after the loop >> + */ >> + list_for_each(pos, &gating_cfg->entries) { >> + struct sja1105_gate_entry *p; >>=20 >> - list_for_each_entry(p, &gating_cfg->entries, list) { >> + p =3D list_entry(pos, struct sja1105_gate_entry, = list); >> if (p->interval =3D=3D e->interval) { >> NL_SET_ERR_MSG_MOD(extack, >> "Gate conflict"); >> @@ -40,7 +46,7 @@ static int sja1105_insert_gate_entry(struct = sja1105_gating_config *gating_cfg, >> if (e->interval < p->interval) >> break; >> } >> - list_add(&e->list, p->list.prev); >> + list_add(&e->list, pos->prev); >=20 > I was actually considering doing it this way before but wasn't sure if = this would be preferred. > I've done something like this in [1] and it does turn out quite well. >=20 > I'll integrate this in the v2 series. I've just looked at this again in a bit more detail while integrating it = into the patch series. I realized that this just shifts the 'problem' to using the 'pos' = iterator variable after the loop. If the scope of the list iterator would be lowered to the list traversal = loop it would also make sense to also do it for list_for_each(). What do you think about doing it this way: diff --git a/drivers/net/dsa/sja1105/sja1105_vl.c = b/drivers/net/dsa/sja1105/sja1105_vl.c index b7e95d60a6e4..f5b0502c1098 100644 --- a/drivers/net/dsa/sja1105/sja1105_vl.c +++ b/drivers/net/dsa/sja1105/sja1105_vl.c @@ -28,6 +28,7 @@ static int sja1105_insert_gate_entry(struct = sja1105_gating_config *gating_cfg, list_add(&e->list, &gating_cfg->entries); } else { struct sja1105_gate_entry *p; + struct list_head *pos =3D NULL; list_for_each_entry(p, &gating_cfg->entries, list) { if (p->interval =3D=3D e->interval) { @@ -37,10 +38,14 @@ static int sja1105_insert_gate_entry(struct = sja1105_gating_config *gating_cfg, goto err; } - if (e->interval < p->interval) + if (e->interval < p->interval) { + pos =3D &p->list; break; + } } - list_add(&e->list, p->list.prev); + if (!pos) + pos =3D &gating_cfg->entries; + list_add(&e->list, pos->prev); } gating_cfg->num_entries++; -- >=20 > Thanks for the suggestion. >=20 >> } >>=20 >> gating_cfg->num_entries++; >> -----------------------------[ cut here = ]----------------------------- >=20 > [1] = https://lore.kernel.org/linux-kernel/20220407102900.3086255-12-jakobkosche= l@gmail.com/ >=20 > Jakob Thanks, Jakob=