Hi, I'm working on converting all callbacks of struct timer_list into taking the struct timer_list * that triggered the callback (instead of the timer_list.data field), as done for hrtimers, work queues, etc. Doing this has a number of benefits including actual type checking (via container_of(), etc) instead of blind type casts, and getting rid of the .data field which is used in security flaw exploits[1].
I've got the series well on its way, though I think I have something like 400 users remaining, and they're getting less trivial to convert. :) The series goes through several phases of conversion. The series is here to browse: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=kspp/timer/20170830 Replace open-coded variants of setup_timer() with actual setup_timer() calls: coccinelle: Improve setup_timer.cocci matching Run setup_timer.cocci timer: Remove init_timer_pinned_deferrable() in favor of setup_pinned_deferrable_timer() timer: Remove init_timer_on_stack() in favor of setup_timer_on_stack() timer: Remove init_timer_pinned() in favor of setup_pinned_timer() timer: Remove init_timer_deferrable() in favor of setup_deferrable_timer() Remove little or unused macros, with the goal of removing to ability to statically define the .data field: timer: Remove users of TIMER_DEFERRED_INITIALIZER timer: Remove users of TIMER_INITIALIZER timer: Remove unused static initializer macros timer: Remove users of expire and data arguments to DEFINE_TIMER timer: Remove expires and data arguments from DEFINE_TIMER timer: Remove expires argument from __TIMER_INITIALIZER() Fix usages of setup_timer() that Coccinelle can't reason about: timer: Remove meaningless .data/.function assignments timer: Collapse cross-function single-assignment .data into setup_timer() timer: Additional init_timer() -> setup_timer() conversions Eliminate all open-coded usage of the .data field: usb/phy-isp1301-omap: Remove .data assignment media/i2c/tc358743: Initialize timer scsi/aic7xxx: Clean up timer usage timer: Fix incorrect casts in callbacks net/core: Collapse redundant sk_timer callback data assignments s390/char/sclp: Use separate static data field with with static timer sparc/led: Use separate static data field with with static timer mips/sgi-ip32: Use separate static data field with with static timer mips/sgi-ip22: Use separate static data field with with static timer net/atm/mpc: Use separate static data field with with static timer staging/comedi/das16: Make timer initialization unconditional usb/gadget/snps_udc_core: Move timer initialization earlier infiniband/rdmavt: Remove redundant timer initialization scsi/bnx2i: Initialize timer appletalk: Remove unneeded synchronization timer: Switch to testing for .function instead of .data Create temporary casts for function and data arguments so setup_timer() will take both old and new style function and data arguments: timer: Temporarily explicitly cast all callback functions Convert all DEFINE_TIMER users to taking struct timer_list *: coccinelle: Add define_timer.cocci timer: Switch DEFINE_TIMER callbacks to struct timer_list * Create TIMER_CONTAINER() help for new style callbacks: timer: Add helper for container_of() usage on callbacks Convert timer users that Coccinelle can't reason about: scsi/ipr: Convert timer callbacks to use TIMER_CONATINER staging/wilc1000: Convert timer callbacks to use TIMER_CONTAINER amifloppy: Convert timer callbacks to use TIMER_CONTAINER net/irda: Convert timer callbacks to use TIMER_CONTAINER led/ledtrig-heartbeat: Convert callback to use TIMER_CONTAINER kthread: Convert callback to use TIMER_CONTAINER workqueue: Convert callback to use TIMER_CONTAINER scsi/pmcraid: Convert callbacks to use TIMER_CONTAINER net/decnet: Convert callback to use TIMER_CONTAINER net/lapb: Convert callbacks to use TIMER_CONTAINER net/mac80211/mesh_plink: Convert callback to use TIMER_CONTAINER fs/nilfs2: Convert callback to use TIMER_CONTAINER net/rose: Convert callbacks to use TIMER_CONTAINER scsi/sas: Convert callback to use TIMER_CONTAINER media/saa7146: Convert callback to use TIMER_CONTAINER net/irda-usb: Convert callback to use TIMER_CONTAINER input: Convert callbacks to use TIMER_CONTAINER net/irda/bfin_sir: Convert callback to use TIMER_CONTAINER ALSA: sh: aica: Convert callback to use TIMER_CONTAINER s390/tape: Convert callback to use TIMER_CONTAINER net/ti/tlan: Convert callback to use TIMER_CONTAINER net/wireless/ray_cs: Convert callback to use TIMER_CONTAINER firewire: Convert callback to use TIMER_CONTAINER sound/pci/asihpi: Convert callback to use TIMER_CONTAINER isdn/hisax: Convert callback to use TIMER_CONTAINER net/hamradio/6pack: Convert callback to use TIMER_CONTAINER pci/ehp_hpc: Convert callback to use TIMER_CONTAINER net/usb/usbnet: Convert callback to use TIMER_CONTAINER tty/sysrq: Convert callback to use TIMER_CONTAINER scsi/cxgbi: Convert callback to use TIMER_CONTAINER block/laptop_mode: Convert callback to use TIMER_CONTAINER libata: Convert callback to use TIMER_CONTAINER staging: rtl8723bs: Refactor timers to use setup_timer() staging: rtl8723bs: Convert callback to use TIMER_CONTAINER staging: rtl8712: Convert callbacks to use TIMER_CONTAINER staging: rtl8188eu: Convert callbacks to use TIMER_CONTAINER sound/core: Convert callbacks to use TIMER_CONTAINER fs/ncpfs: Convert callback to use TIMER_CONTAINER block/aoe: Convert callbacks to use TIMER_CONTAINER Rename .data field to .cb_data just to find any remaining .data users that allmodconfig misses but 0-day can find (the above conversions could be rearranged to do all .data-using conversions first, then this patch, then the rest of the conversions): timer: Rename timer_list.data to timer_list.cb_data Add Coccinelle script to perform "easy" conversions of timer callbacks: coccinelle: Add new timer_list handling scripts timer: Mass-convert timer_list callbacks to use TIMER_CONTAINER timer: setup_deferrable_timer conversions timer: setup_pinned_timer conversions Which gets me to here: 747 files changed, 3363 insertions(+), 3410 deletions(-) And current builds with the forced casts removed show about 400 more call sites to fix... Does this look alright, and should some of this go into -next right now, just to get some of the clean-ups into the tree? (Basically, everything before "timer: Temporarily explicitly cast all callback functions") Thanks! -Kees [1] https://lwn.net/Articles/731082/ -- Kees Cook Pixel Security
