Home > Software design >  What is the purpose of __mptr in latest container_of macro?
What is the purpose of __mptr in latest container_of macro?

Time:05-02

I am reading linux kernel 5.17.5 and now looking at container_of() macro.

/**
 * container_of - cast a member of a structure out to the containing structure
 * @ptr:    the pointer to the member.
 * @type:   the type of the container struct this is embedded in.
 * @member: the name of the member within the struct.
 *
 */
#define container_of(ptr, type, member) ({              \
    void *__mptr = (void *)(ptr);                   \
    static_assert(__same_type(*(ptr), ((type *)0)->member) ||   \
              __same_type(*(ptr), void),            \
              "pointer type mismatch in container_of()");   \
    ((type *)(__mptr - offsetof(type, member))); })

My question is really simple: What is the purpose of the __mptr, can i just replace __mptr by (void *)ptr like this?

#define container_of(ptr, type, member) ({          \
    static_assert(__same_type(*(ptr), ((type *)0)->member) ||   \
              __same_type(*(ptr), void),            \
              "pointer type mismatch in container_of()");   \
    ((type *)((void*)ptr - offsetof(type, member))); })

CodePudding user response:

Since “kernel.h: handle pointers to arrays better in container_of()”, __mptr doesn't serve for type checking anymore. It is used to eliminate scripts/gcc-plugins/randomize_layout_plugin.c's informative message like inform(gimple_location(stmt), "found mismatched ssa struct pointer types: %qT and %qT\n", ptr_lhs_type, ptr_rhs_type);. One of this file's job is:

/*
 * iterate over all statements to find "bad" casts:
 * those where the address of the start of a structure is cast
 * to a pointer of a structure of a different type, or a
 * structure pointer type is cast to a different structure pointer type
 */

If __mptr is missing, the macro will include code as you said:

(type *)((void*)ptr - offsetof(type, member)))

(PS: char * is better here, because it is guaranteed by iso c standard to be byte foroffsetof, void *` is guaranteed by gnu c only)

If offsetof gets zero, and ptr will contain the start address of struct type member, then this will be cast to be a totally different type: struct type *. This form malfunctions per scripts/gcc-plugins/randomize_layout_plugin.c and will be detected by it.

With the introduce of void *__mptr = (void *)(ptr);, the compiler doesn't know the type of __mptr and more, so scripts/gcc-plugins/randomize_layout_plugin.c will not complain anymore when casting the void * __mptr to (type *) You can see the real case and related fixed patch from https://lkml.org/lkml/2017/6/20/873


Below is original answer for kernel prior to 4.13 when __mptr was used for type checking:

Let's simplify the container_of and see this case:

#include <stdio.h>
#include <stddef.h>
#define container_of(ptr, type, member) ({          \
    const typeof( ((type *)0)->member ) *__mptr = (ptr);    \
    (type *)( (char *)__mptr - offsetof(type,member) );})
#define container_of_without_typechecking(ptr, type, member) ({         \
    (type *)( (char *)ptr - offsetof(type,member) );})
struct Foo
{
    int a;
};
int main(int argc, char *argv[]) {
    struct Foo foo;
    int *a;

    printf("foo addr: %p\n", &foo);
    a = &foo.a;
    printf("container of a: %p\n", container_of_without_typechecking((unsigned long long*)a, struct Foo, a));
    printf("typecheck: container of a: %p\n", container_of((unsigned long long*)a, struct Foo, a));
    return 0;
}

container_of_without_typechecking doesn't have __mptr but container_of does.

When compiling:

a.c: In function ‘main’:
a.c:13:55: warning: initialization of ‘const int *’ from incompatible pointer type ‘long long unsigned int *’ [-Wincompatible-pointer-types]
   13 |         const typeof( ((type *)0)->member ) *__mptr = (ptr);    \
      |                                                       ^
a.c:28:47: note: in expansion of macro ‘container_of’
   28 |     printf("typecheck: container of a: %p\n", container_of((unsigned long long*)a, struct Foo, a));
      |                                               ^~~~~~~~~~~~

As you can see, container_of throws an incompatible pointer type warning while container_of_without_typechecking does not, so it just for type checking.

Also, note that the Linux kernel regards this warning as an error:

KBUILD_CFLAGS    = $(call cc-option,-Werror=incompatible-pointer-types)

So, you will get an error instead of a warning if you pass through the wrong type to container_of.

  • Related