Hi Andrew,
On 26.02.2016 21:59, Andrew Lunn wrote:
> Add a regmap for accessing the EEPROM, and then use that with the
> NVMEM framework. Enable backward compatibility in the NVMEM config
> structure, so that the 'eeprom' file in sys is provided by the
> framework.
>
> Signed-off-by: Andrew Lunn <[email protected]>
> Acked-by: Srinivas Kandagatla <[email protected]>
> ---
[snip]
>
> static ssize_t
> -eeprom_93xx46_bin_read(struct file *filp, struct kobject *kobj,
> - struct bin_attribute *bin_attr,
> - char *buf, loff_t off, size_t count)
> +eeprom_93xx46_read(struct eeprom_93xx46_dev *edev, char *buf,
> + unsigned off, size_t count)
> {
> - struct eeprom_93xx46_dev *edev;
> - struct device *dev;
> ssize_t ret = 0;
>
> - dev = kobj_to_dev(kobj);
> - edev = dev_get_drvdata(dev);
> + if (unlikely(off >= edev->size))
> + return 0;
> + if ((off + count) > edev->size)
> + count = edev->size - off;
> + if (unlikely(!count))
> + return count;
>
I'm scratching my head, do you want to kind of revert
the change https://lkml.org/lkml/2015/7/26/89 ? Why?
If you know regmap_config.max_register, then all necessary
boundary checks can be done inside NVMEM core.
> mutex_lock(&edev->lock);
>
> @@ -226,16 +231,17 @@ eeprom_93xx46_write_word(struct eeprom_93xx46_dev *edev,
> }
>
> static ssize_t
> -eeprom_93xx46_bin_write(struct file *filp, struct kobject *kobj,
> - struct bin_attribute *bin_attr,
> - char *buf, loff_t off, size_t count)
> +eeprom_93xx46_write(struct eeprom_93xx46_dev *edev, const char *buf,
> + loff_t off, size_t count)
> {
> - struct eeprom_93xx46_dev *edev;
> - struct device *dev;
> int i, ret, step = 1;
>
> - dev = kobj_to_dev(kobj);
> - edev = dev_get_drvdata(dev);
> + if (unlikely(off >= edev->size))
> + return -EFBIG;
> + if ((off + count) > edev->size)
> + count = edev->size - off;
> + if (unlikely(!count))
> + return count;
>
See a comment above.
> /* only write even number of bytes on 16-bit devices */
> if (edev->addrlen == 6) {
> @@ -272,6 +278,49 @@ eeprom_93xx46_bin_write(struct file *filp, struct kobject *kobj,
> return ret ? : count;
> }
>
> +/*
> + * Provide a regmap interface, which is registered with the NVMEM
> + * framework
> +*/
> +static int eeprom_93xx46_regmap_read(void *context, const void *reg,
> + size_t reg_size, void *val,
> + size_t val_size)
> +{
> + struct eeprom_93xx46_dev *eeprom_93xx46 = context;
> + off_t offset = *(u32 *)reg;
> + int err;
> +
> + err = eeprom_93xx46_read(eeprom_93xx46, val, offset, val_size);
> + if (err)
> + return err;
> + return 0;
return eeprom_93xx46_read(eeprom_93xx46, val, offset, val_size);
> +}
> +
> +static int eeprom_93xx46_regmap_write(void *context, const void *data,
> + size_t count)
> +{
> + struct eeprom_93xx46_dev *eeprom_93xx46 = context;
> + const char *buf;
> + u32 offset;
> + size_t len;
> + int err;
> +
> + memcpy(&offset, data, sizeof(offset));
> + buf = (const char *)data + sizeof(offset);
> + len = count - sizeof(offset);
> +
> + err = eeprom_93xx46_write(eeprom_93xx46, buf, offset, len);
> + if (err)
> + return err;
> + return 0;
return eeprom_93xx46_write(eeprom_93xx46, buf, offset, len);
> +}
> +
--
With best wishes,
Vladimir
> > static ssize_t
> > -eeprom_93xx46_bin_read(struct file *filp, struct kobject *kobj,
> > - struct bin_attribute *bin_attr,
> > - char *buf, loff_t off, size_t count)
> > +eeprom_93xx46_read(struct eeprom_93xx46_dev *edev, char *buf,
> > + unsigned off, size_t count)
> > {
> > - struct eeprom_93xx46_dev *edev;
> > - struct device *dev;
> > ssize_t ret = 0;
> >
> > - dev = kobj_to_dev(kobj);
> > - edev = dev_get_drvdata(dev);
> > + if (unlikely(off >= edev->size))
> > + return 0;
> > + if ((off + count) > edev->size)
> > + count = edev->size - off;
> > + if (unlikely(!count))
> > + return count;
> >
>
> I'm scratching my head, do you want to kind of revert
> the change https://lkml.org/lkml/2015/7/26/89 ? Why?
Hi Vladimir
I had not noticed you had removed this.
> If you know regmap_config.max_register, then all necessary
> boundary checks can be done inside NVMEM core.
You don't have to use NVMEM, you could use the regmap directly. It is
a public API. Also, during implementation, i did manage to get out of
bounds read passed into the drivers and they caused a crash. That
might of been AT24, i don't remember, but verifying is better than
possible crashing.
> > +/*
> > + * Provide a regmap interface, which is registered with the NVMEM
> > + * framework
> > +*/
> > +static int eeprom_93xx46_regmap_read(void *context, const void *reg,
> > + size_t reg_size, void *val,
> > + size_t val_size)
> > +{
> > + struct eeprom_93xx46_dev *eeprom_93xx46 = context;
> > + off_t offset = *(u32 *)reg;
> > + int err;
> > +
> > + err = eeprom_93xx46_read(eeprom_93xx46, val, offset, val_size);
> > + if (err)
> > + return err;
> > + return 0;
>
> return eeprom_93xx46_read(eeprom_93xx46, val, offset, val_size);
As i've said a few times now to a few different people reviewing these
patches, regmap wants either an error code or 0.
Andrew
On 03.03.2016 00:26, Andrew Lunn wrote:
>>> static ssize_t
>>> -eeprom_93xx46_bin_read(struct file *filp, struct kobject *kobj,
>>> - struct bin_attribute *bin_attr,
>>> - char *buf, loff_t off, size_t count)
>>> +eeprom_93xx46_read(struct eeprom_93xx46_dev *edev, char *buf,
>>> + unsigned off, size_t count)
>>> {
>>> - struct eeprom_93xx46_dev *edev;
>>> - struct device *dev;
>>> ssize_t ret = 0;
>>>
>>> - dev = kobj_to_dev(kobj);
>>> - edev = dev_get_drvdata(dev);
>>> + if (unlikely(off >= edev->size))
>>> + return 0;
>>> + if ((off + count) > edev->size)
>>> + count = edev->size - off;
>>> + if (unlikely(!count))
>>> + return count;
>>>
>>
>> I'm scratching my head, do you want to kind of revert
>> the change https://lkml.org/lkml/2015/7/26/89 ? Why?
>
> Hi Vladimir
>
> I had not noticed you had removed this.
>
>> If you know regmap_config.max_register, then all necessary
>> boundary checks can be done inside NVMEM core.
>
> You don't have to use NVMEM, you could use the regmap directly.
No problem, regmap API from drivers/base/regmap/regmap.c contains
all necessary boundary checks as far as I understand.
> It is a public API. Also, during implementation, i did manage to get out of
> bounds read passed into the drivers and they caused a crash. That
> might of been AT24, i don't remember, but verifying is better than
> possible crashing.
>
IMHO to avoid boilerplate code and/or missed/redundant checks it
might be better to handle this particular kind of problem only
in one common place, for example sysfs binary attribute files do
not need this anymore, probably I should scrutinize the situation
with this transition to NVMEM as well.
If you remember a reproduction scenario for that crash, please let
me know.
At least this changeset must be applied I guess, am I right?
In other words is the code without this changeset safe in connection
to boundary checks, and this is a new discovered issue?
--
With best wishes,
Vladimir