Message ID | b2fdb048-cfc5-4f61-8507-bf8020e02132@suse.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | earlycpio: constify find_cpio_data()'s "data" parameter | expand |
On 28/10/2024 4:03 pm, Jan Beulich wrote: > As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While > this is imported from Linux, the parameter not being pointer-to-const is > dubious in the first place and we're not plausibly going to gain a write > through it. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> You haven't tried compiling this, have you? There's a reason why the only user us non-const and staying that way. ~Andrew
On 28.10.2024 17:07, Andrew Cooper wrote: > On 28/10/2024 4:03 pm, Jan Beulich wrote: >> As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While >> this is imported from Linux, the parameter not being pointer-to-const is >> dubious in the first place and we're not plausibly going to gain a write >> through it. >> >> Signed-off-by: Jan Beulich <jbeulich@suse.com> > > You haven't tried compiling this, have you? Of course I have. Is there any subtlety with compiler versions? Or what else am I missing? Jan
On 28/10/2024 4:12 pm, Jan Beulich wrote: > On 28.10.2024 17:07, Andrew Cooper wrote: >> On 28/10/2024 4:03 pm, Jan Beulich wrote: >>> As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While >>> this is imported from Linux, the parameter not being pointer-to-const is >>> dubious in the first place and we're not plausibly going to gain a write >>> through it. >>> >>> Signed-off-by: Jan Beulich <jbeulich@suse.com> >> You haven't tried compiling this, have you? > Of course I have. Is there any subtlety with compiler versions? Or what > else am I missing? struct cpio_data's copy of this field is non-const (which you keep on noting that new compilers will object to), and you can't change that without breaking the build in microcode. Nothing of this form can be taken until the constness is consistent in microcode, after which yes it can mostly become const. ~Andrew
On 28.10.2024 17:18, Andrew Cooper wrote: > On 28/10/2024 4:12 pm, Jan Beulich wrote: >> On 28.10.2024 17:07, Andrew Cooper wrote: >>> On 28/10/2024 4:03 pm, Jan Beulich wrote: >>>> As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While >>>> this is imported from Linux, the parameter not being pointer-to-const is >>>> dubious in the first place and we're not plausibly going to gain a write >>>> through it. >>>> >>>> Signed-off-by: Jan Beulich <jbeulich@suse.com> >>> You haven't tried compiling this, have you? >> Of course I have. Is there any subtlety with compiler versions? Or what >> else am I missing? > > struct cpio_data's copy of this field is non-const (which you keep on > noting that new compilers will object to), New compilers? I'm afraid I'm missing context. With gcc14 the patch builds fine. I didn't try _older_ ones (but I see no reason why they might object; see below). > and you can't change that > without breaking the build in microcode. I don't need to change that, "thanks" to cd.data = (void *)dptr; casting away const-ness. That is - compilers ought to be fine with the change; Misra won't like it. > Nothing of this form can be taken until the constness is consistent in > microcode, after which yes it can mostly become const. We can move there in steps, can't we? Jan
On 28/10/2024 4:25 pm, Jan Beulich wrote: > On 28.10.2024 17:18, Andrew Cooper wrote: >> On 28/10/2024 4:12 pm, Jan Beulich wrote: >>> On 28.10.2024 17:07, Andrew Cooper wrote: >>>> On 28/10/2024 4:03 pm, Jan Beulich wrote: >>>>> As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While >>>>> this is imported from Linux, the parameter not being pointer-to-const is >>>>> dubious in the first place and we're not plausibly going to gain a write >>>>> through it. >>>>> >>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com> >>>> You haven't tried compiling this, have you? >>> Of course I have. Is there any subtlety with compiler versions? Or what >>> else am I missing? >> struct cpio_data's copy of this field is non-const (which you keep on >> noting that new compilers will object to), > New compilers? I'm afraid I'm missing context. With gcc14 the patch builds > fine. I didn't try _older_ ones (but I see no reason why they might object; > see below). > >> and you can't change that >> without breaking the build in microcode. > I don't need to change that, "thanks" to > > cd.data = (void *)dptr; > > casting away const-ness. That is - compilers ought to be fine with the > change; Misra won't like it. You have literally complained about patches of mine on the grounds of "GCC is about to start caring about casting away const on a void pointer". So which is it. > >> Nothing of this form can be taken until the constness is consistent in >> microcode, after which yes it can mostly become const. > We can move there in steps, can't we? Or you can stop trying to insist that I rebase around an incorrect/incomplete patch, just for the sake of the const of one void pointer, which can still be laundered by this function. Especially when you could wait the ~day it will take to get an otherwise-good series in, and then change cpio and get all of the const problems in one go. ~Andrew
On 28.10.2024 17:45, Andrew Cooper wrote: > On 28/10/2024 4:25 pm, Jan Beulich wrote: >> On 28.10.2024 17:18, Andrew Cooper wrote: >>> On 28/10/2024 4:12 pm, Jan Beulich wrote: >>>> On 28.10.2024 17:07, Andrew Cooper wrote: >>>>> On 28/10/2024 4:03 pm, Jan Beulich wrote: >>>>>> As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While >>>>>> this is imported from Linux, the parameter not being pointer-to-const is >>>>>> dubious in the first place and we're not plausibly going to gain a write >>>>>> through it. >>>>>> >>>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com> >>>>> You haven't tried compiling this, have you? >>>> Of course I have. Is there any subtlety with compiler versions? Or what >>>> else am I missing? >>> struct cpio_data's copy of this field is non-const (which you keep on >>> noting that new compilers will object to), >> New compilers? I'm afraid I'm missing context. With gcc14 the patch builds >> fine. I didn't try _older_ ones (but I see no reason why they might object; >> see below). >> >>> and you can't change that >>> without breaking the build in microcode. >> I don't need to change that, "thanks" to >> >> cd.data = (void *)dptr; >> >> casting away const-ness. That is - compilers ought to be fine with the >> change; Misra won't like it. > > You have literally complained about patches of mine on the grounds of > "GCC is about to start caring about casting away const on a void pointer". I still don't remember what context this was in, I'm sorry. > So which is it. I'm not adding any such casts; the (potentially problematic) cast is there already. I therefore still don't see what's wrong with the patch. >>> Nothing of this form can be taken until the constness is consistent in >>> microcode, after which yes it can mostly become const. >> We can move there in steps, can't we? > > Or you can stop trying to insist that I rebase around an > incorrect/incomplete patch, just for the sake of the const of one void > pointer, which can still be laundered by this function. Okay, I won't insist; take my ack as unconditional one. I still consider it a bad precedent though that we'd set, when elsewhere we ask for const- correctness wherever possible. > Especially when you could wait the ~day it will take to get an > otherwise-good series in, and then change cpio and get all of the const > problems in one go. If that turns out to be true, all will indeed be fine in the end. Question is whether we really want to diverge earlycpio.c by more than minimal changes. Jan
On Mon, Oct 28, 2024 at 4:51 PM Jan Beulich <jbeulich@suse.com> wrote: > > On 28.10.2024 17:45, Andrew Cooper wrote: > > On 28/10/2024 4:25 pm, Jan Beulich wrote: > >> On 28.10.2024 17:18, Andrew Cooper wrote: > >>> On 28/10/2024 4:12 pm, Jan Beulich wrote: > >>>> On 28.10.2024 17:07, Andrew Cooper wrote: > >>>>> On 28/10/2024 4:03 pm, Jan Beulich wrote: > >>>>>> As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While > >>>>>> this is imported from Linux, the parameter not being pointer-to-const is > >>>>>> dubious in the first place and we're not plausibly going to gain a write > >>>>>> through it. > >>>>>> > >>>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com> > >>>>> You haven't tried compiling this, have you? > >>>> Of course I have. Is there any subtlety with compiler versions? Or what > >>>> else am I missing? > >>> struct cpio_data's copy of this field is non-const (which you keep on > >>> noting that new compilers will object to), > >> New compilers? I'm afraid I'm missing context. With gcc14 the patch builds > >> fine. I didn't try _older_ ones (but I see no reason why they might object; > >> see below). > >> > >>> and you can't change that > >>> without breaking the build in microcode. > >> I don't need to change that, "thanks" to > >> > >> cd.data = (void *)dptr; > >> > >> casting away const-ness. That is - compilers ought to be fine with the > >> change; Misra won't like it. > > > > You have literally complained about patches of mine on the grounds of > > "GCC is about to start caring about casting away const on a void pointer". > > I still don't remember what context this was in, I'm sorry. > > > So which is it. > > I'm not adding any such casts; the (potentially problematic) cast is > there already. I therefore still don't see what's wrong with the patch. > You usually don't want some const data to be silently transformed to no-const data. In this case the "find_cpio_data" is getting a no-const pointer "data" and returning it into "cpio_data.data". As "cpio_data.data" is no-const for the previously stated rule the initial data (that is "data" pointer) should not be const. Internally you change from no-const to const with the assignment to "p" and than "dptr". However the "find_cpio_data" function has knowledge of the original no-const so it uses that knowledge for the no-const conversion done by "cd.data = (void *)dptr". That makes that conversion less "silent". > >>> Nothing of this form can be taken until the constness is consistent in > >>> microcode, after which yes it can mostly become const. > >> We can move there in steps, can't we? > > > > Or you can stop trying to insist that I rebase around an > > incorrect/incomplete patch, just for the sake of the const of one void > > pointer, which can still be laundered by this function. > > Okay, I won't insist; take my ack as unconditional one. I still consider > it a bad precedent though that we'd set, when elsewhere we ask for const- > correctness wherever possible. > > > Especially when you could wait the ~day it will take to get an > > otherwise-good series in, and then change cpio and get all of the const > > problems in one go. > > If that turns out to be true, all will indeed be fine in the end. Question > is whether we really want to diverge earlycpio.c by more than minimal > changes. > > Jan > Frediano
--- a/xen/common/earlycpio.c +++ b/xen/common/earlycpio.c @@ -64,7 +64,8 @@ enum cpio_fields { * the match returned an empty filename string. */ -struct cpio_data __init find_cpio_data(const char *path, void *data, size_t len) +struct cpio_data __init find_cpio_data( + const char *path, const void *data, size_t len) { const size_t cpio_header_len = 8*C_NFIELDS - 2; struct cpio_data cd = { NULL, 0, "" }; --- a/xen/include/xen/earlycpio.h +++ b/xen/include/xen/earlycpio.h @@ -9,6 +9,6 @@ struct cpio_data { char name[MAX_CPIO_FILE_NAME]; }; -struct cpio_data find_cpio_data(const char *path, void *data, size_t len); +struct cpio_data find_cpio_data(const char *path, const void *data, size_t len); #endif /* _EARLYCPIO_H */
As with 9cbf61445cda ("xen/earlycpio: Drop nextoff parameter"): While this is imported from Linux, the parameter not being pointer-to-const is dubious in the first place and we're not plausibly going to gain a write through it. Signed-off-by: Jan Beulich <jbeulich@suse.com>