From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Bart Van Assche <bvanassche@acm.org>,
ksummit@lists.linux.dev, Dan Williams <dan.j.williams@intel.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Dan Carpenter <dan.carpenter@linaro.org>
Subject: Re: Clarifying confusion of our variable placement rules caused by cleanup.h
Date: Tue, 18 Nov 2025 15:21:10 -0500 [thread overview]
Message-ID: <bff6d9974e50f7cb27cc2b150ecd6e5e2252ae54.camel@HansenPartnership.com> (raw)
In-Reply-To: <20251118141720.11c8d4d6@gandalf.local.home>
On Tue, 2025-11-18 at 14:17 -0500, Steven Rostedt wrote:
> On Tue, 18 Nov 2025 10:38:20 -0800
> Linus Torvalds <torvalds@linux-foundation.org> wrote:
>
> > struct x509_parse_context *ctx __free(kfree) = NULL;
> > ... other code ...
> > ctx = kzalloc(sizeof(struct x509_parse_context),
> > GFP_KERNEL);
> >
> > where you have now split up the whole "this is allocated by
> > kmalloc, and free'd by kfree" into two different sections that are
> > not next to each other.
Yes, I get that; effectively you're declaring an unindented variable
scope. However, there will be cases where you want an explicit free
(so not a __free variable) and under the rule you propose that should
be allowable as tastefully done.
I've also got to say that the NULL initialization above should be
unnecessary given we can compile time detect if there's potential exit
uninitialized, but I can see that simply declaring where allocated
would avoid having to move the allocation if you did want to introduce
an exit above it in new code.
> I've been doing the above, and was even going to recommend it to
> James. But if it is preferred to declare the __free() variables where
> they are allocated, I'd be much happier.
>
> I think the code could also be better optimized? I haven't run an
> objcopy to confirm but now early exits do not require calling the
> __free() function on NULL pointers.
Yes, I can confirm that (at least from reading the docs not actually
from disassembling the code).
>
> Most of my code allocates near the top where I don't find this a
> problem, but I do have a few places of:
>
> struct foo *var __free(kfree) = NULL;
>
> if (ret < 0)
> return -ERROR;
>
> [ several more error exits ]
>
> var = kmalloc(..);
Agree: moving the declaration avoids the unnecessary check on exit
(although I'd also presume a good compiler can optimize this away).
There is one last case that hasn't been discussed, which is where you
deliberately introduce an extra scope block for the free and
allocation, so in your example above it would look like
if (ret < )
return -ERROR
[ several more error exits ]
{
struct foo *var __free(kfree) = kmalloc(...)
[...]
}
I think adding an explicit scope block with no other purpose than to
define the use range of a variable can be beneficial ... with the
obvious caveat that doing it too often causes too much indentation.
It can also help with the entangled lock and free described in the
cleanup.h documentation if the block is paired with a scoped guard.
Regards,
James
next prev parent reply other threads:[~2025-11-18 20:21 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-18 16:39 James Bottomley
2025-11-18 17:18 ` Bart Van Assche
2025-11-18 18:38 ` Linus Torvalds
2025-11-18 19:04 ` Bart Van Assche
2025-11-18 19:14 ` Linus Torvalds
2025-11-18 20:43 ` Al Viro
2025-11-18 19:15 ` H. Peter Anvin
2025-11-18 19:11 ` H. Peter Anvin
2025-11-18 19:16 ` Linus Torvalds
2025-11-18 19:19 ` H. Peter Anvin
2025-11-18 19:17 ` Steven Rostedt
2025-11-18 19:22 ` Linus Torvalds
2025-11-18 19:56 ` Steven Rostedt
2025-11-18 20:23 ` Linus Torvalds
2025-11-18 21:05 ` Linus Torvalds
2025-11-18 20:21 ` James Bottomley [this message]
2025-11-18 20:30 ` Linus Torvalds
2025-11-18 20:51 ` Steven Rostedt
2025-11-18 21:10 ` James Bottomley
2025-11-18 22:34 ` Steven Rostedt
2025-11-18 23:32 ` James Bottomley
2025-11-18 19:23 ` H. Peter Anvin
2025-11-18 20:28 ` James Bottomley
2025-11-25 13:09 ` Jani Nikula
2025-11-25 14:25 ` Alexey Dobriyan
2025-11-25 15:32 ` Stephen Hemminger
2025-11-25 16:04 ` Steven Rostedt
2025-11-25 17:57 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bff6d9974e50f7cb27cc2b150ecd6e5e2252ae54.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=bvanassche@acm.org \
--cc=dan.carpenter@linaro.org \
--cc=dan.j.williams@intel.com \
--cc=ksummit@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox