From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: Yury Norov <ynorov@caviumnetworks.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@redhat.com>,
dm-devel@redhat.com, Shaohua Li <shli@kernel.org>,
linux-raid@vger.kernel.org, linux-input@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, mika.westerberg@linux.intel.com
Subject: Re: [PATCH v2 5/5] Input: evdev - Switch to bitmap_zalloc()
Date: Wed, 20 Jun 2018 13:26:53 -0700 [thread overview]
Message-ID: <20180620202653.GA75925@dtor-ws> (raw)
In-Reply-To: <20180620081321.GB19364@yury-thinkpad>
On Wed, Jun 20, 2018 at 11:13:21AM +0300, Yury Norov wrote:
> On Tue, Jun 19, 2018 at 11:33:16AM -0700, Dmitry Torokhov wrote:
> > External Email
> >
> > On Sat, Jun 16, 2018 at 12:42:31AM +0300, Yury Norov wrote:
> > > Hi Andy,
> > >
> > > On Fri, Jun 15, 2018 at 04:20:17PM +0300, Andy Shevchenko wrote:
> > > > Switch to bitmap_zalloc() to show clearly what we are allocating.
> > > > Besides that it returns pointer of bitmap type instead of opaque void *.
> > > >
> > > > Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
> > > > Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> > > > ---
> > > > drivers/input/evdev.c | 16 +++++++---------
> > > > 1 file changed, 7 insertions(+), 9 deletions(-)
> > > >
> > > > diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
> > > > index c81c79d01d93..370206f987f9 100644
> > > > --- a/drivers/input/evdev.c
> > > > +++ b/drivers/input/evdev.c
> > > > @@ -481,7 +481,7 @@ static int evdev_release(struct inode *inode, struct file *file)
> > > > evdev_detach_client(evdev, client);
> > > >
> > > > for (i = 0; i < EV_CNT; ++i)
> > > > - kfree(client->evmasks[i]);
> > > > + bitmap_free(client->evmasks[i]);
> > > >
> > > > kvfree(client);
> > > >
> > > > @@ -925,17 +925,15 @@ static int evdev_handle_get_val(struct evdev_client *client,
> > > > {
> > > > int ret;
> > > > unsigned long *mem;
> > > > - size_t len;
> > > >
> > > > - len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long);
> > > > - mem = kmalloc(len, GFP_KERNEL);
> > > > + mem = bitmap_alloc(maxbit, GFP_KERNEL);
> > > > if (!mem)
> > > > return -ENOMEM;
> > >
> > > But in commit message you say you switch to bitmap_zalloc(). IIUC
> > > bitmap_alloc() is OK here. But could you please update comment to
> > > avoid confusing.
> > >
> > > >
> > > > spin_lock_irq(&dev->event_lock);
> > > > spin_lock(&client->buffer_lock);
> > > >
> > > > - memcpy(mem, bits, len);
> > > > + bitmap_copy(mem, bits, maxbit);
> > > >
> > > > spin_unlock(&dev->event_lock);
> > > >
> > > > @@ -947,7 +945,7 @@ static int evdev_handle_get_val(struct evdev_client *client,
> > > > if (ret < 0)
> > > > evdev_queue_syn_dropped(client);
> > > >
> > > > - kfree(mem);
> > > > + bitmap_free(mem);
> > > >
> > > > return ret;
> > > > }
> > > > @@ -1003,13 +1001,13 @@ static int evdev_set_mask(struct evdev_client *client,
> > > > if (!cnt)
> > > > return 0;
> > > >
> > > > - mask = kcalloc(sizeof(unsigned long), BITS_TO_LONGS(cnt), GFP_KERNEL);
> > > > + mask = bitmap_zalloc(cnt, GFP_KERNEL);
> > > > if (!mask)
> > > > return -ENOMEM;
> > > >
> > > > error = bits_from_user(mask, cnt - 1, codes_size, codes, compat);
> > >
> > > If my understanding of bits_from_user() correct, here you can also use
> > > bitmap_alloc(), true?
> >
> > bits_from_user() copies as much as user supplied, we want to zero out
> > the tail to make sure there is no garbage, so we want to use
> > kcalloc/kzalloc/bitmap_zalloc here.
>
> I don't understand that. Tail bits of bitmap (i.e. after last used bit
> till the end of last word) are always ignored by kernel code and there's
> no matter what was stored in that bits.
Users can supply as little as one long word worth of data (codes_size =
maxlen = 4). You really do not want the rest of the mask you will be
applying to contain random heap garbage.
>
> (With the exception of copying bitmap from kernel to userspace. For this
> case we have bitmap_copy_clear_tail() to avoid unintended exposing kernel
> data to user.)
>
> If you know any bitmap function that don't ignore tail bits, this is a
> bug and should be fixed.
>
> By the way, bits_from_user() is bad-designed because it takes 2 size
> arguments - maxbit and maxlen, and should be reworked. There's a
> single user of this function, and I suspect, it can be switched to
> existing core API, like bitmap_from_arr32().
I'm afraid you suspect wrong, as (unfortunately, but it is ABI now) we
are not dealing with masks consisting of u32 or u64 elements, but
"unsigned long" elements, which change size depending on 32/64 bit
architecture and whether we are dealing with compat or native userspace.
It also needs both maxbit and maxlen, because one is kernel's limit
while the other is limit from userspace POV and you need to reconcile
both to make sure you do not overrun buffers on either side.
Thanks.
--
Dmitry
prev parent reply other threads:[~2018-06-20 20:26 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-15 13:20 [PATCH v2 0/5] bitmap: Introduce alloc/free helpers Andy Shevchenko
2018-06-15 13:20 ` [PATCH v2 1/5] md: Avoid namespace collision with bitmap API Andy Shevchenko
2018-06-15 15:09 ` kbuild test robot
2018-06-15 15:09 ` kbuild test robot
2018-06-15 14:58 ` Andy Shevchenko
2018-06-18 13:36 ` Mike Snitzer
2018-06-15 15:19 ` kbuild test robot
2018-06-15 15:19 ` kbuild test robot
2018-06-15 13:20 ` [PATCH v2 2/5] bitmap: Drop unnecessary 0 check for u32 array operations Andy Shevchenko
2018-06-15 13:20 ` [PATCH v2 3/5] bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free() Andy Shevchenko
2018-06-15 22:23 ` Yury Norov
2018-06-16 18:42 ` Andy Shevchenko
2018-06-15 13:20 ` [PATCH v2 4/5] Input: gpio-keys - Switch to bitmap_zalloc() Andy Shevchenko
2018-06-15 22:06 ` Yury Norov
2018-06-16 18:50 ` Andy Shevchenko
2018-06-15 13:20 ` [PATCH v2 5/5] Input: evdev " Andy Shevchenko
2018-06-15 21:42 ` Yury Norov
2018-06-16 18:45 ` Andy Shevchenko
2018-06-16 19:16 ` Joe Perches
2018-06-18 12:02 ` Andy Shevchenko
2018-06-18 15:49 ` Joe Perches
2018-06-18 19:56 ` Andy Shevchenko
2018-06-18 20:40 ` Joe Perches
2018-06-19 18:33 ` Dmitry Torokhov
2018-06-20 8:13 ` Yury Norov
2018-06-20 8:13 ` Yury Norov
2018-06-20 20:26 ` Dmitry Torokhov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180620202653.GA75925@dtor-ws \
--to=dmitry.torokhov@gmail.com \
--cc=agk@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=dm-devel@redhat.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=shli@kernel.org \
--cc=snitzer@redhat.com \
--cc=ynorov@caviumnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.