| Message ID | 20210415135901.47131-1-andriy.shevchenko@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v1,1/1] ACPI: NFIT: Import GUID before use | expand |
On Thu, Apr 15, 2021 at 6:59 AM Andy Shevchenko <andriy.shevchenko@linux.intel.com> wrote: > > Strictly speaking the comparison between guid_t and raw buffer > is not correct. Import GUID to variable of guid_t type and then > compare. Hmm, what about something like the following instead, because it adds safety. Any concerns about evaluating x twice in a macro should be alleviated by the fact that ARRAY_SIZE() will fail the build if (x) is not an array. diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 8c5dde628405..bac01eec07a6 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -681,7 +681,7 @@ int nfit_spa_type(struct acpi_nfit_system_address *spa) int i; for (i = 0; i < NFIT_UUID_MAX; i++) - if (guid_equal(to_nfit_uuid(i), (guid_t *)&spa->range_guid)) + if (guid_equal(to_nfit_uuid(i), cast_guid(spa->range_guid))) return i; return -1; } diff --git a/include/linux/uuid.h b/include/linux/uuid.h index 8cdc0d3567cd..cec1dc2ab994 100644 --- a/include/linux/uuid.h +++ b/include/linux/uuid.h @@ -33,6 +33,9 @@ typedef struct { extern const guid_t guid_null; extern const uuid_t uuid_null; +#define cast_guid(x) ({ BUILD_BUG_ON(ARRAY_SIZE(x) != 16); (guid_t *)&(x); }) +#define cast_uuid(x) ({ BUILD_BUG_ON(ARRAY_SIZE(x) != 16); (uuid_t *)&(x); }) + static inline bool guid_equal(const guid_t *u1, const guid_t *u2) { return memcmp(u1, u2, sizeof(guid_t)) == 0;
On Fri, Apr 16, 2021 at 1:58 AM Andy Shevchenko <andy.shevchenko@gmail.com> wrote: > > On Fri, Apr 16, 2021 at 8:28 AM Dan Williams <dan.j.williams@intel.com> wrote: > > > > On Thu, Apr 15, 2021 at 6:59 AM Andy Shevchenko > > <andriy.shevchenko@linux.intel.com> wrote: > > > > > > Strictly speaking the comparison between guid_t and raw buffer > > > is not correct. Import GUID to variable of guid_t type and then > > > compare. > > > > Hmm, what about something like the following instead, because it adds > > safety. Any concerns about evaluating x twice in a macro should be > > alleviated by the fact that ARRAY_SIZE() will fail the build if (x) is > > not an array. > > ARRAY_SIZE doesn't check type. See __must_be_array. > I don't like hiding ugly casts like this. See PTR_ERR, ERR_PTR, ERR_CAST. There's nothing broken about the way the code currently stands, so I'd rather try to find something to move the implementation forward than sideways.
On Fri, Apr 16, 2021 at 09:15:34AM -0700, Dan Williams wrote: > On Fri, Apr 16, 2021 at 1:58 AM Andy Shevchenko > <andy.shevchenko@gmail.com> wrote: > > On Fri, Apr 16, 2021 at 8:28 AM Dan Williams <dan.j.williams@intel.com> wrote: > > > On Thu, Apr 15, 2021 at 6:59 AM Andy Shevchenko > > > <andriy.shevchenko@linux.intel.com> wrote: > > > > > > > > Strictly speaking the comparison between guid_t and raw buffer > > > > is not correct. Import GUID to variable of guid_t type and then > > > > compare. > > > > > > Hmm, what about something like the following instead, because it adds > > > safety. Any concerns about evaluating x twice in a macro should be > > > alleviated by the fact that ARRAY_SIZE() will fail the build if (x) is > > > not an array. > > > > ARRAY_SIZE doesn't check type. > > See __must_be_array. > > > I don't like hiding ugly casts like this. > > See PTR_ERR, ERR_PTR, ERR_CAST. It's special, i.e. error pointer case. We don't handle such here. > There's nothing broken about the way the code currently stands, so I'd > rather try to find something to move the implementation forward than > sideways. Submit a patch then. I rest my case b/c I consider that ugly castings worse than additional API call, although it's not ideal.
On Fri, Apr 16, 2021 at 10:34 AM Andy Shevchenko <andy.shevchenko@gmail.com> wrote: > > On Fri, Apr 16, 2021 at 09:15:34AM -0700, Dan Williams wrote: > > On Fri, Apr 16, 2021 at 1:58 AM Andy Shevchenko > > <andy.shevchenko@gmail.com> wrote: > > > On Fri, Apr 16, 2021 at 8:28 AM Dan Williams <dan.j.williams@intel.com> wrote: > > > > On Thu, Apr 15, 2021 at 6:59 AM Andy Shevchenko > > > > <andriy.shevchenko@linux.intel.com> wrote: > > > > > > > > > > Strictly speaking the comparison between guid_t and raw buffer > > > > > is not correct. Import GUID to variable of guid_t type and then > > > > > compare. > > > > > > > > Hmm, what about something like the following instead, because it adds > > > > safety. Any concerns about evaluating x twice in a macro should be > > > > alleviated by the fact that ARRAY_SIZE() will fail the build if (x) is > > > > not an array. > > > > > > ARRAY_SIZE doesn't check type. > > > > See __must_be_array. > > > > > I don't like hiding ugly casts like this. > > > > See PTR_ERR, ERR_PTR, ERR_CAST. > > It's special, i.e. error pointer case. We don't handle such here. > > > There's nothing broken about the way the code currently stands, so I'd > > rather try to find something to move the implementation forward than > > sideways. > > Submit a patch then. I rest my case b/c I consider that ugly castings worse > than additional API call, although it's not ideal. It sounds like you'll NAK that patch, and I'm not too enthusiastic about these proposed changes either because I disagree that the code is incorrect. Is there another compromise?
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 958aaac869e8..6d8a1a93636a 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -678,10 +678,12 @@ static const char *spa_type_name(u16 type) int nfit_spa_type(struct acpi_nfit_system_address *spa) { + guid_t guid; int i; + import_guid(&guid, spa->range_guid); for (i = 0; i < NFIT_UUID_MAX; i++) - if (guid_equal(to_nfit_uuid(i), (guid_t *)&spa->range_guid)) + if (guid_equal(to_nfit_uuid(i), &guid)) return i; return -1; }
Strictly speaking the comparison between guid_t and raw buffer is not correct. Import GUID to variable of guid_t type and then compare. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> --- drivers/acpi/nfit/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)