Commit 22c2ed69 authored by Brian Norris's avatar Brian Norris Committed by Andrew Morton
Browse files

checkpatch: check for missing sentinels in ID arrays 

All of the ID tables based on <linux/mod_devicetable.h> (of_device_id,
pci_device_id, ...) require their arrays to end in an empty sentinel
value.  That's usually spelled with an empty initializer entry (e.g.,
"{}"), but also sometimes with explicit 0 entries, field initializers
(e.g., '.id = ""'), or even a macro entry (like PCMCIA_DEVICE_NULL).

Without a sentinel, device-matching code may read out of bounds.

I've found a number of such bugs in driver reviews, and we even
occasionally commit one to the tree.  See commit 5751eee5 ("i2c:
nomadik: Add missing sentinel to match table") for example.

Teach checkpatch to find these ID tables, and complain if it looks like
there wasn't a sentinel value.

Test output:

  $ git format-patch -1 a0d15cc4 --stdout | scripts/checkpatch.pl -
  ERROR: missing sentinel in ID array
  #57: FILE: drivers/i2c/busses/i2c-nomadik.c:1073:
  +static const struct of_device_id nmk_i2c_eyeq_match_table[] = {
   	{
   		.compatible = "XXXXXXXXXXXXXXXXXX",
   		.data = (void *)(NMK_I2C_EYEQ_FLAG_32B_BUS | NMK_I2C_EYEQ_FLAG_IS_EYEQ5),
   	},
   };

  total: 1 errors, 0 warnings, 66 lines checked

  NOTE: For some of the reported defects, checkpatch may be able to
        mechanically convert to the typical style using --fix or --fix-inplace.

  "[PATCH] i2c: nomadik: switch from of_device_is_compatible() to" has style problems, please review.

  NOTE: If any of the errors are false positives, please report
        them to the maintainer, see CHECKPATCH in MAINTAINERS.

When run across the entire tree (scripts/checkpatch.pl -q --types
MISSING_SENTINEL -f ...), false positives exist:

* where macros are used that hide the table from analysis
  (e.g., drivers/gpu/drm/radeon/radeon_drv.c / radeon_PCI_IDS).
  There are fewer than 5 of these.

* where such tables are processed correctly via ARRAY_SIZE() (fewer than
  5 instances). This is by far not the typical usage of *_device_id
  arrays.

* some odd parsing artifacts, where ctx_statement_block() seems to quit
  in the middle of a block due to #if/#else/#endif.

Also, not every "struct *_device_id" is in fact a sentinel-requiring
structure, but even with such types, false positives are very rare.

Link: https://lkml.kernel.org/r/20250702235245.1007351-1-briannorris@chromium.org


Signed-off-by: default avatarBrian Norris <briannorris@chromium.org>
Acked-by: default avatarJoe Perches <joe@perches.com>
Cc: Andy Whitcroft <apw@canonical.com>
Cc: Brian Norris <briannorris@chromium.org>
Cc: Dwaipayan Ray <dwaipayanray1@gmail.com>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 1f04e0e6

scripts/checkpatch.pl

+28 −0
Original line number Diff line number Diff line
@@ -685,6 +685,9 @@ our $tracing_logging_tags = qr{(?xi: 
	[\.\!:\s]*

)};



# Device ID types like found in include/linux/mod_devicetable.h.

our $dev_id_types = qr{\b[a-z]\w*_device_id\b};



sub edit_distance_min {

	my (@arr) = @_;

	my $len = scalar @arr;
@@ -7679,6 +7682,31 @@ sub process { 
			WARN("DUPLICATED_SYSCTL_CONST",

				"duplicated sysctl range checking value '$1', consider using the shared one in include/linux/sysctl.h\n" . $herecurr);

		}



# Check that *_device_id tables have sentinel entries.

		if (defined $stat && $line =~ /struct\s+$dev_id_types\s+\w+\s*\[\s*\]\s*=\s*\{/) {

			my $stripped = $stat;



			# Strip diff line prefixes.

			$stripped =~ s/(^|\n)./$1/g;

			# Line continuations.

			$stripped =~ s/\\\n/\n/g;

			# Strip whitespace, empty strings, zeroes, and commas.

			$stripped =~ s/""//g;

			$stripped =~ s/0x0//g;

			$stripped =~ s/[\s$;,0]//g;

			# Strip field assignments.

			$stripped =~ s/\.$Ident=//g;



			if (!(substr($stripped, -4) eq "{}};" ||

			      substr($stripped, -6) eq "{{}}};" ||

			      $stripped =~ /ISAPNP_DEVICE_SINGLE_END}};$/ ||

			      $stripped =~ /ISAPNP_CARD_END}};$/ ||

			      $stripped =~ /NULL};$/ ||

			      $stripped =~ /PCMCIA_DEVICE_NULL};$/)) {

				ERROR("MISSING_SENTINEL", "missing sentinel in ID array\n" . "$here\n$stat\n");

			}

		}

	}



	# If we have no input at all, then there is nothing to report on