1. Patchew
  2. linux
  3. [PATCH 0/2] Fix and add warning of misuse of type##_replace_bits()
  4. View patch

[PATCH 2/2] bitfield: Ensure the return value of type##_replace_bits() is checked

Ben Horgan posted 2 patches 3 months ago
There is a newer version of this series
[PATCH 2/2] bitfield: Ensure the return value of type##_replace_bits() is checked
Posted by Ben Horgan 3 months ago 
As type##_replace_bits() has no side effects it is only useful if its
return value is checked. Add __must_check to enforce this usage. To have
the bits replaced in-place typep##_replace_bits() can be used instead.

Signed-off-by: Ben Horgan <ben.horgan@arm.com>
---
 include/linux/bitfield.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h
index 6d9a53db54b6..39333b80d22b 100644
--- a/include/linux/bitfield.h
+++ b/include/linux/bitfield.h
@@ -195,8 +195,8 @@ static __always_inline __##type type##_encode_bits(base v, base field)	\
 		__field_overflow();					\
 	return to((v & field_mask(field)) * field_multiplier(field));	\
 }									\
-static __always_inline __##type type##_replace_bits(__##type old,	\
-					base val, base field)		\
+static __always_inline __##type __must_check type##_replace_bits(__##type old,	\
+							base val, base field)	\
 {									\
 	return (old & ~to(field)) | type##_encode_bits(val, field);	\
 }									\
-- 
2.43.0
Re: [PATCH 2/2] bitfield: Ensure the return value of type##_replace_bits() is checked
Posted by Yury Norov 3 months ago 
Hi Ben,

On Thu, Jul 03, 2025 at 02:57:29PM +0100, Ben Horgan wrote:
> As type##_replace_bits() has no side effects it is only useful if its
> return value is checked. Add __must_check to enforce this usage. To have
> the bits replaced in-place typep##_replace_bits() can be used instead.
> 
> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
> ---
>  include/linux/bitfield.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h
> index 6d9a53db54b6..39333b80d22b 100644
> --- a/include/linux/bitfield.h
> +++ b/include/linux/bitfield.h
> @@ -195,8 +195,8 @@ static __always_inline __##type type##_encode_bits(base v, base field)	\
>  		__field_overflow();					\
>  	return to((v & field_mask(field)) * field_multiplier(field));	\
>  }									\
> -static __always_inline __##type type##_replace_bits(__##type old,	\
> -					base val, base field)		\
> +static __always_inline __##type __must_check type##_replace_bits(__##type old,	\
> +							base val, base field)	\
>  {									\
>  	return (old & ~to(field)) | type##_encode_bits(val, field);	\
>  }									\

So, would it make sense to mark _encode_bits() and _get_bits() as
__must_check as well? At least from the point of unification, it
would.

How would we move this - with my bitmap-for next or with arm branch?

Thanks,
Yury
Re: [PATCH 2/2] bitfield: Ensure the return value of type##_replace_bits() is checked
Posted by Ben Horgan 3 months ago 
Hi Yury,

On 7/7/25 17:31, Yury Norov wrote:
> Hi Ben,
> 
> On Thu, Jul 03, 2025 at 02:57:29PM +0100, Ben Horgan wrote:
>> As type##_replace_bits() has no side effects it is only useful if its
>> return value is checked. Add __must_check to enforce this usage. To have
>> the bits replaced in-place typep##_replace_bits() can be used instead.
>>
>> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
>> ---
>>   include/linux/bitfield.h | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h
>> index 6d9a53db54b6..39333b80d22b 100644
>> --- a/include/linux/bitfield.h
>> +++ b/include/linux/bitfield.h
>> @@ -195,8 +195,8 @@ static __always_inline __##type type##_encode_bits(base v, base field)	\
>>   		__field_overflow();					\
>>   	return to((v & field_mask(field)) * field_multiplier(field));	\
>>   }									\
>> -static __always_inline __##type type##_replace_bits(__##type old,	\
>> -					base val, base field)		\
>> +static __always_inline __##type __must_check type##_replace_bits(__##type old,	\
>> +							base val, base field)	\
>>   {									\
>>   	return (old & ~to(field)) | type##_encode_bits(val, field);	\
>>   }									\
> 
> So, would it make sense to mark _encode_bits() and _get_bits() as
> __must_check as well? At least from the point of unification, it
> would.
Could do. It seems less important as there are no obvious foot-guns that 
these would guards against. Would you like me to add this in a v2?
> 
> How would we move this - with my bitmap-for next or with arm branch?

I'm not familiar with the branch machinery so can't comment on this.
> 
> Thanks,
> Yury
> 

Thanks,

Ben
Re: [PATCH 2/2] bitfield: Ensure the return value of type##_replace_bits() is checked
Posted by Marc Zyngier 3 months ago 
On Tue, 08 Jul 2025 10:42:06 +0100,
Ben Horgan <ben.horgan@arm.com> wrote:
> 
> Hi Yury,
> 
> On 7/7/25 17:31, Yury Norov wrote:
> > Hi Ben,
> > 
> > On Thu, Jul 03, 2025 at 02:57:29PM +0100, Ben Horgan wrote:
> >> As type##_replace_bits() has no side effects it is only useful if its
> >> return value is checked. Add __must_check to enforce this usage. To have
> >> the bits replaced in-place typep##_replace_bits() can be used instead.
> >> 
> >> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
> >> ---
> >>   include/linux/bitfield.h | 4 ++--
> >>   1 file changed, 2 insertions(+), 2 deletions(-)
> >> 
> >> diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h
> >> index 6d9a53db54b6..39333b80d22b 100644
> >> --- a/include/linux/bitfield.h
> >> +++ b/include/linux/bitfield.h
> >> @@ -195,8 +195,8 @@ static __always_inline __##type type##_encode_bits(base v, base field)	\
> >>   		__field_overflow();					\
> >>   	return to((v & field_mask(field)) * field_multiplier(field));	\
> >>   }									\
> >> -static __always_inline __##type type##_replace_bits(__##type old,	\
> >> -					base val, base field)		\
> >> +static __always_inline __##type __must_check type##_replace_bits(__##type old,	\
> >> +							base val, base field)	\
> >>   {									\
> >>   	return (old & ~to(field)) | type##_encode_bits(val, field);	\
> >>   }									\
> > 
> > So, would it make sense to mark _encode_bits() and _get_bits() as
> > __must_check as well? At least from the point of unification, it
> > would.
> Could do. It seems less important as there are no obvious foot-guns
> that these would guards against. Would you like me to add this in a
> v2?
> > 
> > How would we move this - with my bitmap-for next or with arm branch?
> 
> I'm not familiar with the branch machinery so can't comment on this.

The first patch will definitely go in via the KVM/arm64 tree, probably
as a fix for 6.16.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.
Re: [PATCH 2/2] bitfield: Ensure the return value of type##_replace_bits() is checked
Posted by Yury Norov 3 months ago 
On Tue, Jul 08, 2025 at 10:45:50AM +0100, Marc Zyngier wrote:
> On Tue, 08 Jul 2025 10:42:06 +0100,
> Ben Horgan <ben.horgan@arm.com> wrote:
> > 
> > Hi Yury,
> > 
> > On 7/7/25 17:31, Yury Norov wrote:
> > > Hi Ben,
> > > 
> > > On Thu, Jul 03, 2025 at 02:57:29PM +0100, Ben Horgan wrote:
> > >> As type##_replace_bits() has no side effects it is only useful if its
> > >> return value is checked. Add __must_check to enforce this usage. To have
> > >> the bits replaced in-place typep##_replace_bits() can be used instead.
> > >> 
> > >> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
> > >> ---
> > >>   include/linux/bitfield.h | 4 ++--
> > >>   1 file changed, 2 insertions(+), 2 deletions(-)
> > >> 
> > >> diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h
> > >> index 6d9a53db54b6..39333b80d22b 100644
> > >> --- a/include/linux/bitfield.h
> > >> +++ b/include/linux/bitfield.h
> > >> @@ -195,8 +195,8 @@ static __always_inline __##type type##_encode_bits(base v, base field)	\
> > >>   		__field_overflow();					\
> > >>   	return to((v & field_mask(field)) * field_multiplier(field));	\
> > >>   }									\
> > >> -static __always_inline __##type type##_replace_bits(__##type old,	\
> > >> -					base val, base field)		\
> > >> +static __always_inline __##type __must_check type##_replace_bits(__##type old,	\
> > >> +							base val, base field)	\
> > >>   {									\
> > >>   	return (old & ~to(field)) | type##_encode_bits(val, field);	\
> > >>   }									\
> > > 
> > > So, would it make sense to mark _encode_bits() and _get_bits() as
> > > __must_check as well? At least from the point of unification, it
> > > would.
> > Could do. It seems less important as there are no obvious foot-guns
> > that these would guards against. Would you like me to add this in a
> > v2?

Yes please.
 
> > > How would we move this - with my bitmap-for next or with arm branch?
> > 
> > I'm not familiar with the branch machinery so can't comment on this.
> 
> The first patch will definitely go in via the KVM/arm64 tree, probably
> as a fix for 6.16.

OK. Then I'll take patch #2 v2 by myself.

Thanks,
Yury

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.