From: Matti Vaittinen <mazziesaccount@gmail.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: "Matti Vaittinen" <matti.vaittinen@fi.rohmeurope.com>,
"Lars-Peter Clausen" <lars@metafoo.de>,
"Michael Hennerich" <Michael.Hennerich@analog.com>,
"Cosmin Tanislav" <cosmin.tanislav@analog.com>,
"Jonathan Cameron" <jic23@kernel.org>,
"Eugen Hristev" <eugen.hristev@microchip.com>,
"Nicolas Ferre" <nicolas.ferre@microchip.com>,
"Alexandre Belloni" <alexandre.belloni@bootlin.com>,
"Claudiu Beznea" <claudiu.beznea@microchip.com>,
"Benson Leung" <bleung@chromium.org>,
"Guenter Roeck" <groeck@chromium.org>,
"Alexandru Ardelean" <alexandru.ardelean@analog.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Miquel Raynal" <miquel.raynal@bootlin.com>,
"Miaoqian Lin" <linmq006@gmail.com>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
"Paul Cercueil" <paul@crapouillou.net>,
"Mihail Chindris" <mihail.chindris@analog.com>,
"Gwendal Grignou" <gwendal@chromium.org>,
linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
chrome-platform@lists.linux.dev
Subject: Re: [RFT PATCH v3 10/10] iio: Don't silently expect attribute types
Date: Mon, 3 Oct 2022 12:02:56 +0300 [thread overview]
Message-ID: <7ae09809-4f3c-9872-5a87-0a05e73d39b4@gmail.com> (raw)
In-Reply-To: <b36ee317-abfe-9f55-70b5-bbf3138f50c0@gmail.com>
On 10/3/22 11:58, Matti Vaittinen wrote:
> Hi Andy,
>
> Thanks for taking the time to review :) Much appreciated.
>
> On 10/3/22 11:43, Andy Shevchenko wrote:
>> On Mon, Oct 03, 2022 at 11:13:53AM +0300, Matti Vaittinen wrote:
>>> The iio_triggered_buffer_setup_ext() and the
>>> devm_iio_kfifo_buffer_setup_ext() were changed by
>>> commit 15097c7a1adc ("iio: buffer: wrap all buffer attributes into
>>> iio_dev_attr")
>>> to silently expect that all attributes given in buffer_attrs array are
>>> device-attributes. This expectation was not forced by the API - and some
>>> drivers did register attributes created by IIO_CONST_ATTR().
>>>
>>> When using IIO_CONST_ATTRs the added attribute "wrapping" does not copy
>>> the pointer to stored string constant and when the sysfs file is read
>>> the
>>> kernel will access to invalid location.
>>>
>>> Change the function signatures to expect an array of iio_dev_attrs to
>>> avoid similar errors in the future.
>>
>> ...
>>
>>> + attr[ARRAY_SIZE(iio_buffer_attrs) + i] =
>>> + (struct attribute *)&id_attr->dev_attr.attr;
>>
>> ...and explicit casting here. Isn't attr is already of a struct
>> attribute?
>
> I am glad you asked :)
> This is one of the "things" I was not really happy about. Here we hide
> the fact that our array is full of pointers to _const_ data. If we don't
> cast the compiler points this out. Old code did the same thing but it
> did this by just doing a memcpy for the pointers - which I personally
> consider even worse as it gets really easy to miss this. The cast at
> least hints there is something slightly "fishy" going on.
>
> My "gut feeling" about the correct fix is we should check if some
> attributes in the array (stored to the struct here) actually need to be
> modified later (which I doubt). If I was keen on betting I'd bet we
> could switch the struct definition to also contain pointers to const
> attributes. I am afraid this would mean quite a few more changes to the
> function signatures (changing struct attribute * to const struct
> attribute *) here and there - and possibly also require some changes to
> drivers. Thus I didn't even look at that option in the scope of this
> fix. It should probably be a separate refactoring series. But yes - this
> cast should catch attention as it did.
>
Actually, now that you pointed it out - do you think this would warrant
a FIXME comment?
> Yours,
> -- Matti Vaittinen
>
--
Matti Vaittinen
Linux kernel developer at ROHM Semiconductors
Oulu Finland
~~ When things go utterly wrong vim users can always type :help! ~~
WARNING: multiple messages have this Message-ID (diff)
From: Matti Vaittinen <mazziesaccount@gmail.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: "Alexandre Belloni" <alexandre.belloni@bootlin.com>,
linux-iio@vger.kernel.org,
"Gwendal Grignou" <gwendal@chromium.org>,
linux-kernel@vger.kernel.org,
"Paul Cercueil" <paul@crapouillou.net>,
"Miquel Raynal" <miquel.raynal@bootlin.com>,
"Guenter Roeck" <groeck@chromium.org>,
chrome-platform@lists.linux.dev,
"Lars-Peter Clausen" <lars@metafoo.de>,
"Miaoqian Lin" <linmq006@gmail.com>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
"Alexandru Ardelean" <alexandru.ardelean@analog.com>,
"Mihail Chindris" <mihail.chindris@analog.com>,
"Michael Hennerich" <Michael.Hennerich@analog.com>,
"Cosmin Tanislav" <cosmin.tanislav@analog.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Benson Leung" <bleung@chromium.org>,
linux-arm-kernel@lists.infradead.org,
"Matti Vaittinen" <matti.vaittinen@fi.rohmeurope.com>,
"Eugen Hristev" <eugen.hristev@microchip.com>,
"Claudiu Beznea" <claudiu.beznea@microchip.com>,
"Jonathan Cameron" <jic23@kernel.org>
Subject: Re: [RFT PATCH v3 10/10] iio: Don't silently expect attribute types
Date: Mon, 3 Oct 2022 12:02:56 +0300 [thread overview]
Message-ID: <7ae09809-4f3c-9872-5a87-0a05e73d39b4@gmail.com> (raw)
In-Reply-To: <b36ee317-abfe-9f55-70b5-bbf3138f50c0@gmail.com>
On 10/3/22 11:58, Matti Vaittinen wrote:
> Hi Andy,
>
> Thanks for taking the time to review :) Much appreciated.
>
> On 10/3/22 11:43, Andy Shevchenko wrote:
>> On Mon, Oct 03, 2022 at 11:13:53AM +0300, Matti Vaittinen wrote:
>>> The iio_triggered_buffer_setup_ext() and the
>>> devm_iio_kfifo_buffer_setup_ext() were changed by
>>> commit 15097c7a1adc ("iio: buffer: wrap all buffer attributes into
>>> iio_dev_attr")
>>> to silently expect that all attributes given in buffer_attrs array are
>>> device-attributes. This expectation was not forced by the API - and some
>>> drivers did register attributes created by IIO_CONST_ATTR().
>>>
>>> When using IIO_CONST_ATTRs the added attribute "wrapping" does not copy
>>> the pointer to stored string constant and when the sysfs file is read
>>> the
>>> kernel will access to invalid location.
>>>
>>> Change the function signatures to expect an array of iio_dev_attrs to
>>> avoid similar errors in the future.
>>
>> ...
>>
>>> + attr[ARRAY_SIZE(iio_buffer_attrs) + i] =
>>> + (struct attribute *)&id_attr->dev_attr.attr;
>>
>> ...and explicit casting here. Isn't attr is already of a struct
>> attribute?
>
> I am glad you asked :)
> This is one of the "things" I was not really happy about. Here we hide
> the fact that our array is full of pointers to _const_ data. If we don't
> cast the compiler points this out. Old code did the same thing but it
> did this by just doing a memcpy for the pointers - which I personally
> consider even worse as it gets really easy to miss this. The cast at
> least hints there is something slightly "fishy" going on.
>
> My "gut feeling" about the correct fix is we should check if some
> attributes in the array (stored to the struct here) actually need to be
> modified later (which I doubt). If I was keen on betting I'd bet we
> could switch the struct definition to also contain pointers to const
> attributes. I am afraid this would mean quite a few more changes to the
> function signatures (changing struct attribute * to const struct
> attribute *) here and there - and possibly also require some changes to
> drivers. Thus I didn't even look at that option in the scope of this
> fix. It should probably be a separate refactoring series. But yes - this
> cast should catch attention as it did.
>
Actually, now that you pointed it out - do you think this would warrant
a FIXME comment?
> Yours,
> -- Matti Vaittinen
>
--
Matti Vaittinen
Linux kernel developer at ROHM Semiconductors
Oulu Finland
~~ When things go utterly wrong vim users can always type :help! ~~
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-10-03 9:03 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-03 8:09 [PATCH v3 00/10] iio: Fix unsafe buffer attributes Matti Vaittinen
2022-10-03 8:09 ` Matti Vaittinen
2022-10-03 8:10 ` [PATCH v3 01/10] iio: adxl367: " Matti Vaittinen
2022-10-16 11:12 ` Jonathan Cameron
2022-10-03 8:10 ` [PATCH v3 02/10] iio: adxl372: " Matti Vaittinen
2022-10-16 11:12 ` Jonathan Cameron
2022-10-03 8:11 ` [PATCH v3 03/10] iio: bmc150-accel-core: " Matti Vaittinen
2022-10-16 11:13 ` Jonathan Cameron
2022-10-03 8:11 ` [PATCH v3 04/10] iio: at91-sama5d2_adc: " Matti Vaittinen
2022-10-03 8:11 ` Matti Vaittinen
2022-10-06 8:34 ` Claudiu.Beznea
2022-10-06 8:34 ` Claudiu.Beznea
2022-10-16 11:14 ` Jonathan Cameron
2022-10-16 11:14 ` Jonathan Cameron
2022-10-03 8:12 ` [PATCH v3 05/10] iio: Add IIO_STATIC_CONST_DEVICE_ATTR Matti Vaittinen
2022-10-03 8:12 ` [PATCH v3 06/10] iio: adxl367: Use IIO_STATIC_CONST_DEVICE_ATTR() Matti Vaittinen
2022-10-03 8:12 ` [PATCH v3 07/10] iio: adxl372: " Matti Vaittinen
2022-10-03 8:13 ` [PATCH v3 08/10] iio: bmc150-accel-core: " Matti Vaittinen
2022-10-03 8:13 ` [PATCH v3 09/10] iio: at91-sama5d2_adc: " Matti Vaittinen
2022-10-03 8:13 ` Matti Vaittinen
2022-10-06 8:35 ` Claudiu.Beznea
2022-10-06 8:35 ` Claudiu.Beznea
2022-10-03 8:13 ` [RFT PATCH v3 10/10] iio: Don't silently expect attribute types Matti Vaittinen
2022-10-03 8:13 ` Matti Vaittinen
2022-10-03 8:43 ` Andy Shevchenko
2022-10-03 8:43 ` Andy Shevchenko
2022-10-03 8:58 ` Matti Vaittinen
2022-10-03 8:58 ` Matti Vaittinen
2022-10-03 9:02 ` Matti Vaittinen [this message]
2022-10-03 9:02 ` Matti Vaittinen
2022-10-03 9:39 ` Andy Shevchenko
2022-10-03 9:39 ` Andy Shevchenko
2022-10-03 9:42 ` Andy Shevchenko
2022-10-03 9:42 ` Andy Shevchenko
2022-10-06 8:35 ` Claudiu.Beznea
2022-10-06 8:35 ` Claudiu.Beznea
2022-10-06 12:53 ` Matti Vaittinen
2022-10-06 12:53 ` Matti Vaittinen
2022-10-09 17:38 ` Jonathan Cameron
2022-10-09 17:38 ` Jonathan Cameron
2022-10-10 9:36 ` Matti Vaittinen
2022-10-10 9:36 ` Matti Vaittinen
2022-11-05 14:45 ` Jonathan Cameron
2022-11-05 14:45 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ae09809-4f3c-9872-5a87-0a05e73d39b4@gmail.com \
--to=mazziesaccount@gmail.com \
--cc=Michael.Hennerich@analog.com \
--cc=alexandre.belloni@bootlin.com \
--cc=alexandru.ardelean@analog.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bleung@chromium.org \
--cc=chrome-platform@lists.linux.dev \
--cc=claudiu.beznea@microchip.com \
--cc=cosmin.tanislav@analog.com \
--cc=eugen.hristev@microchip.com \
--cc=groeck@chromium.org \
--cc=gwendal@chromium.org \
--cc=jic23@kernel.org \
--cc=lars@metafoo.de \
--cc=linmq006@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matti.vaittinen@fi.rohmeurope.com \
--cc=mihail.chindris@analog.com \
--cc=miquel.raynal@bootlin.com \
--cc=nathan@kernel.org \
--cc=nicolas.ferre@microchip.com \
--cc=paul@crapouillou.net \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.