diff options
| author | Dmitry Ilvokhin <d@ilvokhin.com> | 2026-06-02 10:12:52 +0300 |
|---|---|---|
| committer | Peter Zijlstra <peterz@infradead.org> | 2026-06-03 12:38:48 +0300 |
| commit | 22302af28d3f7c3ca38536978c80db51d2a9e283 (patch) | |
| tree | 3f40e7143d0de27688dde8a58fcc95ef320b87d5 /include/linux | |
| parent | 08d4a7837f008ea6031c1292aa839ad881d7b3f1 (diff) | |
| download | linux-22302af28d3f7c3ca38536978c80db51d2a9e283.tar.xz | |
cleanup: Annotate guard constructors with nonnull
Add __nonnull_args() to unconditional guard constructors so the compiler
warns when NULL is statically known to be passed:
- DEFINE_GUARD(): re-declare the constructor with __nonnull_args().
- __DEFINE_LOCK_GUARD_1(): annotate the constructor directly.
DEFINE_LOCK_GUARD_0() needs no annotation: its constructor takes no
pointer arguments (.lock is hardcoded to (void *)1).
Define the __nonnull_args() macro in compiler_attributes.h, following
the existing convention for attribute wrappers. Deliberately not named
'__nonnull', to avoid clashing with glibc's __nonnull() when kernel and
userspace headers are combined (User Mode Linux for example).
Signed-off-by: Dmitry Ilvokhin <d@ilvokhin.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://patch.msgid.link/85fee12eec20abfcf711443518e8f0caec982a86.1780064327.git.d@ilvokhin.com
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/cleanup.h | 4 | ||||
| -rw-r--r-- | include/linux/compiler_attributes.h | 9 |
2 files changed, 12 insertions, 1 deletions
diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h index ea95ca4bc11c..4e60d519713c 100644 --- a/include/linux/cleanup.h +++ b/include/linux/cleanup.h @@ -397,6 +397,7 @@ static __maybe_unused const bool class_##_name##_is_conditional = _is_cond __DEFINE_GUARD_LOCK_PTR(_name, _T) #define DEFINE_GUARD(_name, _type, _lock, _unlock) \ + static __always_inline __nonnull_args() _type class_##_name##_constructor(_type _T); \ DEFINE_CLASS(_name, _type, if (_T) { _unlock; }, ({ _lock; _T; }), _type _T); \ DEFINE_CLASS_IS_GUARD(_name) @@ -497,7 +498,8 @@ static __always_inline void class_##_name##_destructor(class_##_name##_t *_T) \ __DEFINE_GUARD_LOCK_PTR(_name, &_T->lock) #define __DEFINE_LOCK_GUARD_1(_name, _type, ...) \ -static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \ +static __always_inline __nonnull_args() \ +class_##_name##_t class_##_name##_constructor(_type *l) \ __no_context_analysis \ { \ class_##_name##_t _t = { .lock = l }, *_T = &_t; \ diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h index c16d4199bf92..cffe09387ea6 100644 --- a/include/linux/compiler_attributes.h +++ b/include/linux/compiler_attributes.h @@ -231,6 +231,15 @@ #define noinline __attribute__((__noinline__)) /* + * Note: deliberately not named '__nonnull', to avoid clashing with glibc's + * __nonnull() when kernel and userspace headers are combined. + * + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Attributes.html#index-nonnull + * clang: https://clang.llvm.org/docs/AttributeReference.html#nonnull + */ +#define __nonnull_args(x...) __attribute__((__nonnull__(x))) + +/* * Optional: only supported since gcc >= 8 * Optional: not supported by clang * |