Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
From: Romain Perier <romain.perier@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>,
	Romain Perier <romain.perier@gmail.com>
Subject: [PRE-REVIEW PATCH 07/16] qed: Prepare to use the new tasklet API
Date: Sun, 29 Sep 2019 18:30:19 +0200
Message-ID: <20190929163028.9665-8-romain.perier@gmail.com> (raw)
In-Reply-To: <20190929163028.9665-1-romain.perier@gmail.com>

The future tasklet API will no longer allow to pass an arbitrary
"unsigned long" data parameter. The tasklet data structure will need to
be embedded into a data structure that will be retrieved from the tasklet
handler. For this, the parent structure will be retrieved by the help of
container_of(), which means that tasklet must be statically allocated
into the parent structure and not allocated via kmalloc(). This commit,
remove the dynamic allocation of the tasklet in each "struct qed_hwfn".
Before each reused the tasklet will be killed, disabled then reinit,
redefining its internal data structure state, so it can be reused for
another purpose without requiring the need to reallocate a new object
dynamically (which can be subject to use-after-free, double-free or
memleak issues).

Signed-off-by: Romain Perier <romain.perier@gmail.com>
---
 drivers/net/ethernet/qlogic/qed/qed.h      |  2 +-
 drivers/net/ethernet/qlogic/qed/qed_int.c  | 22 +---------------------
 drivers/net/ethernet/qlogic/qed/qed_main.c | 14 +++++++-------
 3 files changed, 9 insertions(+), 29 deletions(-)

diff --git a/drivers/net/ethernet/qlogic/qed/qed.h b/drivers/net/ethernet/qlogic/qed/qed.h
index 89fe091c958d..e180df1d340e 100644
--- a/drivers/net/ethernet/qlogic/qed/qed.h
+++ b/drivers/net/ethernet/qlogic/qed/qed.h
@@ -592,7 +592,7 @@ struct qed_hwfn {
 	struct qed_consq		*p_consq;
 
 	/* Slow-Path definitions */
-	struct tasklet_struct		*sp_dpc;
+	struct tasklet_struct		sp_dpc;
 	bool				b_sp_dpc_enabled;
 
 	struct qed_ptt			*p_main_ptt;
diff --git a/drivers/net/ethernet/qlogic/qed/qed_int.c b/drivers/net/ethernet/qlogic/qed/qed_int.c
index 9f5113639eaf..7e1ef7b281b5 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_int.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_int.c
@@ -2279,34 +2279,15 @@ u64 qed_int_igu_read_sisr_reg(struct qed_hwfn *p_hwfn)
 
 static void qed_int_sp_dpc_setup(struct qed_hwfn *p_hwfn)
 {
-	tasklet_init(p_hwfn->sp_dpc,
+	tasklet_init(&p_hwfn->sp_dpc,
 		     qed_int_sp_dpc, (unsigned long)p_hwfn);
 	p_hwfn->b_sp_dpc_enabled = true;
 }
 
-static int qed_int_sp_dpc_alloc(struct qed_hwfn *p_hwfn)
-{
-	p_hwfn->sp_dpc = kmalloc(sizeof(*p_hwfn->sp_dpc), GFP_KERNEL);
-	if (!p_hwfn->sp_dpc)
-		return -ENOMEM;
-
-	return 0;
-}
-
-static void qed_int_sp_dpc_free(struct qed_hwfn *p_hwfn)
-{
-	kfree(p_hwfn->sp_dpc);
-	p_hwfn->sp_dpc = NULL;
-}
-
 int qed_int_alloc(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt)
 {
 	int rc = 0;
 
-	rc = qed_int_sp_dpc_alloc(p_hwfn);
-	if (rc)
-		return rc;
-
 	rc = qed_int_sp_sb_alloc(p_hwfn, p_ptt);
 	if (rc)
 		return rc;
@@ -2320,7 +2301,6 @@ void qed_int_free(struct qed_hwfn *p_hwfn)
 {
 	qed_int_sp_sb_free(p_hwfn);
 	qed_int_sb_attn_free(p_hwfn);
-	qed_int_sp_dpc_free(p_hwfn);
 }
 
 void qed_int_setup(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt)
diff --git a/drivers/net/ethernet/qlogic/qed/qed_main.c b/drivers/net/ethernet/qlogic/qed/qed_main.c
index 2ce70097d018..743c4561e251 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_main.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_main.c
@@ -678,7 +678,7 @@ static irqreturn_t qed_single_int(int irq, void *dev_instance)
 
 		/* Slowpath interrupt */
 		if (unlikely(status & 0x1)) {
-			tasklet_schedule(hwfn->sp_dpc);
+			tasklet_schedule(&hwfn->sp_dpc);
 			status &= ~0x1;
 			rc = IRQ_HANDLED;
 		}
@@ -724,7 +724,7 @@ int qed_slowpath_irq_req(struct qed_hwfn *hwfn)
 			 id, cdev->pdev->bus->number,
 			 PCI_SLOT(cdev->pdev->devfn), hwfn->abs_pf_id);
 		rc = request_irq(cdev->int_params.msix_table[id].vector,
-				 qed_msix_sp_int, 0, hwfn->name, hwfn->sp_dpc);
+				 qed_msix_sp_int, 0, hwfn->name, &hwfn->sp_dpc);
 	} else {
 		unsigned long flags = 0;
 
@@ -756,8 +756,8 @@ static void qed_slowpath_tasklet_flush(struct qed_hwfn *p_hwfn)
 	 * enable function makes this sequence a flush-like operation.
 	 */
 	if (p_hwfn->b_sp_dpc_enabled) {
-		tasklet_disable(p_hwfn->sp_dpc);
-		tasklet_enable(p_hwfn->sp_dpc);
+		tasklet_disable(&p_hwfn->sp_dpc);
+		tasklet_enable(&p_hwfn->sp_dpc);
 	}
 }
 
@@ -786,7 +786,7 @@ static void qed_slowpath_irq_free(struct qed_dev *cdev)
 				break;
 			synchronize_irq(cdev->int_params.msix_table[i].vector);
 			free_irq(cdev->int_params.msix_table[i].vector,
-				 cdev->hwfns[i].sp_dpc);
+				 &cdev->hwfns[i].sp_dpc);
 		}
 	} else {
 		if (QED_LEADING_HWFN(cdev)->b_int_requested)
@@ -805,11 +805,11 @@ static int qed_nic_stop(struct qed_dev *cdev)
 		struct qed_hwfn *p_hwfn = &cdev->hwfns[i];
 
 		if (p_hwfn->b_sp_dpc_enabled) {
-			tasklet_disable(p_hwfn->sp_dpc);
+			tasklet_disable(&p_hwfn->sp_dpc);
 			p_hwfn->b_sp_dpc_enabled = false;
 			DP_VERBOSE(cdev, NETIF_MSG_IFDOWN,
 				   "Disabled sp tasklet [hwfn %d] at %p\n",
-				   i, p_hwfn->sp_dpc);
+				   i, &p_hwfn->sp_dpc);
 		}
 	}
 
-- 
2.23.0


  parent reply index

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-29 16:30 [PRE-REVIEW PATCH 00/16] Modernize the " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 01/16] tasklet: Prepare to change tasklet callback argument type Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 02/16] crypto: ccp - Prepare to use the new tasklet API Romain Perier
2019-09-30 22:35   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 03/16] mmc: renesas_sdhi: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 04/16] net: liquidio: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 05/16] chelsio: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 06/16] net: mvpp2: " Romain Perier
2019-09-29 16:30 ` Romain Perier [this message]
2019-09-29 16:30 ` [PRE-REVIEW PATCH 08/16] isdn: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 09/16] scsi: pm8001: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 10/16] scsi: pmcraid: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 11/16] treewide: Globally replace tasklet_init() by tasklet_setup() Romain Perier
2019-09-30 22:46   ` Kees Cook
2019-10-01 17:18     ` Romain Perier
2019-10-10 22:30       ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 12/16] tasklet: Pass tasklet_struct pointer as .data in DECLARE_TASKLET Romain Perier
2019-09-30 22:44   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 13/16] tasklet: Pass tasklet_struct pointer to callbacks unconditionally Romain Perier
2019-09-30 22:49   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 14/16] tasklet: Remove the data argument from DECLARE_TASKLET() macros Romain Perier
2019-09-30 22:50   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 15/16] tasklet: convert callbacks prototype for using struct tasklet_struct * arguments Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 16/16] tasklet: Add the new initialization function permanently Romain Perier
2019-09-30 22:52   ` Kees Cook
2019-10-01 17:34     ` Romain Perier
2019-09-30 23:06 ` [PRE-REVIEW PATCH 00/16] Modernize the tasklet API Kees Cook
2019-10-01 17:47   ` Romain Perier
2019-10-10 22:34     ` Kees Cook
2019-10-30  8:20       ` Allen
2019-11-07  7:29         ` Romain Perier
2019-11-07 21:22           ` Kees Cook

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190929163028.9665-8-romain.perier@gmail.com \
    --to=romain.perier@gmail.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com
	public-inbox-index kernel-hardening

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git