RE: [PATCH] divide by 3*sizeof(u32) when computing array_size

From: David Laight
Date: Tue Jul 13 2021 - 08:20:34 EST

Next message: Dongliang Mu: "[PATCH] i40e: Fix error handling code of label err_set_queues"
Previous message: Herbert Xu: "Re: [PATCH v1 3/3] kernel.h: Split out container_of() and typeof_memeber() macros"
In reply to: Russell King (Oracle): "Re: [PATCH] divide by 3*sizeof(u32) when computing array_size"
Next in thread: Russell King (Oracle): "Re: [PATCH] divide by 3*sizeof(u32) when computing array_size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Russell King
> Sent: 13 July 2021 12:23
>
> On Tue, Jul 13, 2021 at 11:07:00AM +0000, David Laight wrote:
> > From: Russell King
> > > Sent: 13 July 2021 10:20
> > ....
> > > I would also note that the code relies on there being no padding in
> > > struct stm32_breakinput - it should be noted that a strict
> > > interpretation of the C standard allows padding to be added anywhere
> > > to a structure - at the start, end or between members.
> >
> > I'm pretty certain I remember that padding before the first member
> > isn't allowed.
>
> You may be right there.
>
> > In any case the kernel generally assumes there is no extra padding.
> > (eg for structures that map hardware registers.)
>
> That's incorrect. Places where we care either generally end up with
> __packed or are carefully layed out to ensure members are naturally
> aligned to reduce the likelyhood of it. 32-bit OABI ARM has been
> particularly "fun" in this respect.

I did say 'extra padding'.
Ensuring everything is naturally aligned is best - shame the standards
bodies don't do that - just look at the SCTP socket options.

Adding __packed is right sometimes, but it isn't without cost
and is probably wrong for anything hardware related.
Definitely useful on structure members to remove the padding
before that specific member (eg for 64bit in x86 compat code).
But marking a structure __packed is usually wrong (or bad).

> > For big structures it is worth adding a compile-time check of
> > the structure size - but not really for three u32.
>
> Sorry, structure size has absolutely nothing to do with whether it's
> a good idea to have a compile-time check. The deciding factor is
> whether the code relies on some property such as it being a certain
> size. Such as in this exact case. If you grep for "BUILD_BUG_ON.*sizeof"
> in fs/ for example, this illustrates the point rather well.

I'd not bother if the size is obviously going to be correct.

I did get some odd bugs a few years ago from a compiler that aligned
all structures on 4-byte boundaries.
I had to change a structure of two u16 into an array :-)

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Dongliang Mu: "[PATCH] i40e: Fix error handling code of label err_set_queues"
Previous message: Herbert Xu: "Re: [PATCH v1 3/3] kernel.h: Split out container_of() and typeof_memeber() macros"
In reply to: Russell King (Oracle): "Re: [PATCH] divide by 3*sizeof(u32) when computing array_size"
Next in thread: Russell King (Oracle): "Re: [PATCH] divide by 3*sizeof(u32) when computing array_size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]