On Thu, 13 Mar 2025 14:03:38 +0100 (CET)
Thomas Gleixner <t...@linutronix.de> wrote:
> In cases where an allocation is consumed by another function, the
> allocation needs to be retained on success or freed on failure. The code
> pattern is usually:
>
> struct foo *f = kzalloc(sizeof(*f), GFP_KERNEL);
> struct bar *b;
>
> ,,,
> // Initialize f
> ...
> if (ret)
> goto free;
> ...
> bar = bar_create(f);
> if (!bar) {
> ret = -ENOMEM;
> goto free;
> }
> ...
> return 0;
> free:
> kfree(f);
> return ret;
>
> This prevents using __free(kfree) on @f because there is no canonical way
> to tell the cleanup code that the allocation should not be freed.
>
> Abusing no_free_ptr() by force ignoring the return value is not really a
> sensible option either.
>
> Provide an explicit macro retain_ptr(), which NULLs the cleanup
> pointer. That makes it easy to analyze and reason about.
>
> Signed-off-by: Thomas Gleixner <t...@linutronix.de>
> Cc: Peter Zijlstra <pet...@infradead.org>
Seems sensible to me and the resulting code is reasonably easy to
follow / contained in a small region.
Reviewed-by: Jonathan Cameron <jonathan.came...@huawei.com>
> ---
> include/linux/cleanup.h | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> --- a/include/linux/cleanup.h
> +++ b/include/linux/cleanup.h
> @@ -216,6 +216,23 @@ const volatile void * __must_check_fn(co
>
> #define return_ptr(p) return no_free_ptr(p)
>
> +/*
> + * Only for situations where an allocation is handed in to another function
> + * and consumed by that function on success.
> + *
> + * struct foo *f __free(kfree) = kzalloc(sizeof(*f), GFP_KERNEL);
> + *
> + * setup(f);
> + * if (some_condition)
> + * return -EINVAL;
> + * ....
> + * ret = bar(f);
> + * if (!ret)
> + * retain_ptr(f);
> + * return ret;
> + */
> +#define retain_ptr(p) \
> + __get_and_null(p, NULL)
>
> /*
> * DEFINE_CLASS(name, type, exit, init, init_args...):
>
