Re: [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr.

[Russ Cox]

On 3/26/07, Christopher Li <sparse@xxxxxxxxxxx> wrote:
> On Mon, Mar 26, 2007 at 11:23:56AM -0400, Russ Cox wrote:
> > Change prototypes for  __chk_user_ptr and __chk_io_ptr
> > to take const void* instead of void*, so that code can pass
> > const void* to them.  (Right now sparse does not warn
> > about passing const void* to void* functions, but that
> > is a separate bug that I believe Josh is working on,
> > and once sparse does check this, the changed prototypes
> > will be necessary.)
>
> I don't think it is needed. The __user has noderef attribute.
> Which means it is not allow to dereference the pointer. The
> const qualifier allow read dereference, only write is not allowed.
>
> Adding const here will likely force the caller to do a cast at
> the pointer arguments. Which defeats the checker.

No, you have it backward.
It is valid to pass void* to a const void* function.
It is *not* valid to pass const void* to a void* function.

Right now __chk_user_ptr is a void* function, meaning
that all the places where it gets passed a const void*
are technically illegal -- gcc would warn about these, and
it is a (separate, as you observed) bug that sparse does not.

The patch changes __chk_user_ptr to be a const void*
function, meaning that it will be legal to pass either void*
or const void* to it.  This is the correct semantics.

Russ
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/