I am reading linux kernel 5.17.5 and now looking at container_of() macro.
/**
* container_of - cast a member of a structure out to the containing structure
* @ptr: the pointer to the member.
* @type: the type of the container struct this is embedded in.
* @member: the name of the member within the struct.
*
*/
#define container_of(ptr, type, member) ({ \
void *__mptr = (void *)(ptr); \
static_assert(__same_type(*(ptr), ((type *)0)->member) || \
__same_type(*(ptr), void), \
"pointer type mismatch in container_of()"); \
((type *)(__mptr - offsetof(type, member))); })
My question is really simple: What is the purpose of the __mptr, can i just replace __mptr by (void *)ptr like this?
#define container_of(ptr, type, member) ({ \
static_assert(__same_type(*(ptr), ((type *)0)->member) || \
__same_type(*(ptr), void), \
"pointer type mismatch in container_of()"); \
((type *)((void*)ptr - offsetof(type, member))); })
CodePudding user response:
Since “kernel.h: handle pointers to arrays better in container_of()”, __mptr doesn't serve for type checking anymore. It is used to eliminate scripts/gcc-plugins/randomize_layout_plugin.c's informative message like inform(gimple_location(stmt), "found mismatched ssa struct pointer types: %qT and %qT\n", ptr_lhs_type, ptr_rhs_type);. One of this file's job is:
/*
* iterate over all statements to find "bad" casts:
* those where the address of the start of a structure is cast
* to a pointer of a structure of a different type, or a
* structure pointer type is cast to a different structure pointer type
*/
If __mptr is missing, the macro will include code as you said:
(type *)((void*)ptr - offsetof(type, member)))
(PS: char * is better here, because it is guaranteed by iso c standard to be byte foroffsetof, void *` is guaranteed by gnu c only)
If offsetof gets zero, and ptr will contain the start address of struct type member, then this will be cast to be a totally different type: struct type *. This form malfunctions per scripts/gcc-plugins/randomize_layout_plugin.c and will be detected by it.
With the introduce of void *__mptr = (void *)(ptr);, the compiler doesn't know the type of __mptr and more, so scripts/gcc-plugins/randomize_layout_plugin.c will not complain anymore when casting the void * __mptr to (type *)
You can see the real case and related fixed patch from https://lkml.org/lkml/2017/6/20/873
Below is original answer for kernel prior to 4.13 when __mptr was used for type checking:
Let's simplify the container_of and see this case:
#include <stdio.h>
#include <stddef.h>
#define container_of(ptr, type, member) ({ \
const typeof( ((type *)0)->member ) *__mptr = (ptr); \
(type *)( (char *)__mptr - offsetof(type,member) );})
#define container_of_without_typechecking(ptr, type, member) ({ \
(type *)( (char *)ptr - offsetof(type,member) );})
struct Foo
{
int a;
};
int main(int argc, char *argv[]) {
struct Foo foo;
int *a;
printf("foo addr: %p\n", &foo);
a = &foo.a;
printf("container of a: %p\n", container_of_without_typechecking((unsigned long long*)a, struct Foo, a));
printf("typecheck: container of a: %p\n", container_of((unsigned long long*)a, struct Foo, a));
return 0;
}
container_of_without_typechecking doesn't have __mptr but container_of does.
When compiling:
a.c: In function ‘main’:
a.c:13:55: warning: initialization of ‘const int *’ from incompatible pointer type ‘long long unsigned int *’ [-Wincompatible-pointer-types]
13 | const typeof( ((type *)0)->member ) *__mptr = (ptr); \
| ^
a.c:28:47: note: in expansion of macro ‘container_of’
28 | printf("typecheck: container of a: %p\n", container_of((unsigned long long*)a, struct Foo, a));
| ^~~~~~~~~~~~
As you can see, container_of throws an incompatible pointer type warning while container_of_without_typechecking does not, so it just for type checking.
Also, note that the Linux kernel regards this warning as an error:
KBUILD_CFLAGS = $(call cc-option,-Werror=incompatible-pointer-types)
So, you will get an error instead of a warning if you pass through the wrong type to container_of.