Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2665445imm; Wed, 16 May 2018 17:29:35 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpvty8kth3GAvHEl8x+N/1m36m91WcsWORWZliYtr/zpwm3mSc+4adxp2mrizGoqO4XCX4/ X-Received: by 2002:a62:c205:: with SMTP id l5-v6mr3068955pfg.6.1526516975915; Wed, 16 May 2018 17:29:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526516975; cv=none; d=google.com; s=arc-20160816; b=ZhCVBGb1rMj4AYV4RDz4i+wqrmnMzDeq6lb8RL4TtRcITxRy4SZrxWXK5zlx5w5g+h Y0pFWgZPgZhIkDDWDKyZQVcfMwCDnKt3DXFBe+2qmvC8loTmBtWe3dbXhLEkvDABdyP3 p5dPW8NOCwmF8e10FrpNrkrnmROCamnb9AooIaIOf8SkAv1Plnu4vJippWM7XRPo6BDc 9fHgRvNl+Rf+iKpgp01NPmQaQDWzQoWYXhgyZD0X/4bHrE4srhraC2hZ7xDNXWlHCMx5 KbJYuRYOFLhBWwFSY5S8piGBWJvmB3gE86wpZLlBS60VOcbMwiC21L3BRA7aQQvdYD1F ln8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=+NZb8QpbWtw4f5IsdYgVDenHKtY/d6gqYwq0ELjeghI=; b=SbN33YKs0sRwe7Fiv3JNH0Kuk50c05CBtLInwcnV32i3Q2yzNGPd4MiOWzB02sKhfw DZ27uxL0tlarZjcPAlwn7EsYHXIB+wBIVQFPjDvrpBrYLzag9lcM1L+k793E54tr2hwU uCPO6KVeQ5VynG5fiiSoczfl/NXHHeLxUIg6G/7DuODyB9GIdOoXUSUG9WFrz9CW090Y cAMMnnsbkDzcKXaooBfXjcpNYxQujJgC7LbRONwF0ZwF/1+rpmDdIRo3oj0o9471gJbW /u9I7HKWnQ38ebak9CcVNo8w9ktQFfinIC2Sx6tvSWowynTc+pqlL9vjXYQ3acK8TEpW UhCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bj5-v6si3636673plb.67.2018.05.16.17.29.21; Wed, 16 May 2018 17:29:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751665AbeEQA3J (ORCPT + 99 others); Wed, 16 May 2018 20:29:09 -0400 Received: from anchovy1.45ru.net.au ([203.30.46.145]:50430 "EHLO anchovy1.45ru.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751163AbeEQA3H (ORCPT ); Wed, 16 May 2018 20:29:07 -0400 Received: (qmail 11925 invoked by uid 5089); 17 May 2018 00:29:05 -0000 Received: by simscan 1.2.0 ppid: 11843, pid: 11844, t: 0.0787s scanners: regex: 1.2.0 attach: 1.2.0 clamav: 0.88.3/m:40/d:1950 Received: from unknown (HELO ?192.168.0.122?) (preid@electromag.com.au@203.59.235.95) by anchovy1.45ru.net.au with ESMTPA; 17 May 2018 00:29:04 -0000 Subject: Re: [PATCHv6] gpio: Remove VLA from gpiolib To: Laura Abbott , Linus Walleij , Kees Cook , Lukas Wunner , Rasmus Villemoes Cc: linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Geert Uytterhoeven References: <20180517000027.26639-1-labbott@redhat.com> From: Phil Reid Message-ID: Date: Thu, 17 May 2018 08:28:56 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180517000027.26639-1-labbott@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-AU Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17/05/2018 08:00, Laura Abbott wrote: > The new challenge is to remove VLAs from the kernel > (see https://lkml.org/lkml/2018/3/7/621) to eventually > turn on -Wvla. > > Using a kmalloc array is the easy way to fix this but kmalloc is still > more expensive than stack allocation. Introduce a fast path with a > fixed size stack array to cover most chip with gpios below some fixed > amount. The slow path dynamically allocates an array to cover those > chips with a large number of gpios. > > Reviewed-and-tested-by: Lukas Wunner > Signed-off-by: Lukas Wunner > Signed-off-by: Laura Abbott > --- > v6: Introduce a config option for setting the fast path GPIOs because > there are too many combinations to make the arch default workable. I > went with a default of 512 in the Kconfig. > > Also to other points: I don't think the warning should be triggerable > from userspace, it should only happen on probe. I also think only > memsetting half the array is more likely to be error prone. We can > change it if there is significant overhead. > --- > drivers/gpio/Kconfig | 10 +++++ > drivers/gpio/gpiolib.c | 76 +++++++++++++++++++++++++++-------- > drivers/gpio/gpiolib.h | 2 +- > include/linux/gpio/consumer.h | 10 +++-- > 4 files changed, 76 insertions(+), 22 deletions(-) > > diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig > index 68d812b38be7..2855b5c5c8ca 100644 > --- a/drivers/gpio/Kconfig > +++ b/drivers/gpio/Kconfig > @@ -22,6 +22,16 @@ menuconfig GPIOLIB > > if GPIOLIB > > +config GPIOLIB_FASTPATH_LIMIT > + int "Maximum number of GPIOs for fast path" > + default 512 > + help > + This adjusts the point at which certain APIs will switch from > + using a statically allocated fixed size buffer to a dynamically > + allocated buffer. This is a trade-off in stackspace vs. speed. > + You shouldn't need to change this unless you really need to > + optimize one of those two. > + > config OF_GPIO > def_bool y > depends on OF > diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c > index d66de67ef307..f7ce546796e0 100644 > --- a/drivers/gpio/gpiolib.c > +++ b/drivers/gpio/gpiolib.c > @@ -61,6 +61,11 @@ static struct bus_type gpio_bus_type = { > .name = "gpio", > }; > > +/* > + * Number of GPIOs to use for the fast path in set array > + */ > +#define FASTPATH_NGPIO CONFIG_GPIOLIB_FASTPATH_LIMIT > + > /* gpio_lock prevents conflicts during gpio_desc[] table updates. > * While any GPIO is requested, its gpio_chip is not removable; > * each GPIO's "requested" flag serves as a lock and refcount. > @@ -399,12 +404,11 @@ static long linehandle_ioctl(struct file *filep, unsigned int cmd, > vals[i] = !!ghd.values[i]; > > /* Reuse the array setting function */ > - gpiod_set_array_value_complex(false, > + return gpiod_set_array_value_complex(false, > true, > lh->numdescs, > lh->descs, > vals); > - return 0; > } > return -EINVAL; > } > @@ -1192,6 +1196,10 @@ int gpiochip_add_data_with_key(struct gpio_chip *chip, void *data, > goto err_free_descs; > } > > + if (chip->ngpio > FASTPATH_NGPIO) > + chip_warn(chip, "line cnt %d is greater than fast path cnt %d\n", > + chip->ngpio, FASTPATH_NGPIO); > + > gdev->label = kstrdup_const(chip->label ?: "unknown", GFP_KERNEL); > if (!gdev->label) { > status = -ENOMEM; > @@ -2662,16 +2670,28 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, > > while (i < array_size) { > struct gpio_chip *chip = desc_array[i]->gdev->chip; > - unsigned long mask[BITS_TO_LONGS(chip->ngpio)]; > - unsigned long bits[BITS_TO_LONGS(chip->ngpio)]; > + unsigned long fastpath[2 * BITS_TO_LONGS(FASTPATH_NGPIO)]; > + unsigned long *mask, *bits; > int first, j, ret; > > + if (likely(chip->ngpio <= FASTPATH_NGPIO)) { > + memset(fastpath, 0, sizeof(fastpath)); > + mask = fastpath; > + bits = fastpath + BITS_TO_LONGS(FASTPATH_NGPIO); > + } else { > + mask = kcalloc(2 * BITS_TO_LONGS(chip->ngpio), > + sizeof(*mask), > + can_sleep ? GFP_KERNEL : GFP_ATOMIC); > + if (!mask) > + return -ENOMEM; > + bits = mask + BITS_TO_LONGS(chip->ngpio); > + } > + > if (!can_sleep) > WARN_ON(chip->can_sleep); > > /* collect all inputs belonging to the same chip */ > first = i; > - memset(mask, 0, sizeof(mask)); > do { > const struct gpio_desc *desc = desc_array[i]; > int hwgpio = gpio_chip_hwgpio(desc); > @@ -2682,8 +2702,11 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, > (desc_array[i]->gdev->chip == chip)); > > ret = gpio_chip_get_multiple(chip, mask, bits); > - if (ret) > + if (ret) { > + if (mask != fastpath) > + kfree(mask); > return ret; > + } > > for (j = first; j < i; j++) { > const struct gpio_desc *desc = desc_array[j]; > @@ -2695,6 +2718,9 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, > value_array[j] = value; > trace_gpio_value(desc_to_gpio(desc), 1, value); > } > + > + if (mask != fastpath) > + kfree(mask); > } > return 0; > } > @@ -2878,7 +2904,7 @@ static void gpio_chip_set_multiple(struct gpio_chip *chip, > } > } > > -void gpiod_set_array_value_complex(bool raw, bool can_sleep, > +int gpiod_set_array_value_complex(bool raw, bool can_sleep, > unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array) > @@ -2887,14 +2913,26 @@ void gpiod_set_array_value_complex(bool raw, bool can_sleep, > > while (i < array_size) { > struct gpio_chip *chip = desc_array[i]->gdev->chip; > - unsigned long mask[BITS_TO_LONGS(chip->ngpio)]; > - unsigned long bits[BITS_TO_LONGS(chip->ngpio)]; > + unsigned long fastpath[2 * BITS_TO_LONGS(FASTPATH_NGPIO)]; > + unsigned long *mask, *bits; > int count = 0; > > + if (likely(chip->ngpio <= FASTPATH_NGPIO)) { > + memset(fastpath, 0, sizeof(fastpath)); > + mask = fastpath; > + bits = fastpath + BITS_TO_LONGS(FASTPATH_NGPIO); > + } else { > + mask = kcalloc(2 * BITS_TO_LONGS(chip->ngpio), > + sizeof(*mask), > + can_sleep ? GFP_KERNEL : GFP_ATOMIC); > + if (!mask) > + return -ENOMEM; > + bits = mask + BITS_TO_LONGS(chip->ngpio); > + } > + > if (!can_sleep) > WARN_ON(chip->can_sleep); > > - memset(mask, 0, sizeof(mask)); > do { > struct gpio_desc *desc = desc_array[i]; > int hwgpio = gpio_chip_hwgpio(desc); > @@ -2925,7 +2963,11 @@ void gpiod_set_array_value_complex(bool raw, bool can_sleep, > /* push collected bits to outputs */ > if (count != 0) > gpio_chip_set_multiple(chip, mask, bits); > + > + if (mask != fastpath) > + kfree(mask); > } > + return 0; > } > > /** > @@ -3000,13 +3042,13 @@ EXPORT_SYMBOL_GPL(gpiod_set_value); > * This function should be called from contexts where we cannot sleep, and will > * complain if the GPIO chip functions potentially sleep. > */ > -void gpiod_set_raw_array_value(unsigned int array_size, > +int gpiod_set_raw_array_value(unsigned int array_size, > struct gpio_desc **desc_array, int *value_array) > { > if (!desc_array) > - return; > - gpiod_set_array_value_complex(true, false, array_size, desc_array, > - value_array); > + return -EINVAL; > + return gpiod_set_array_value_complex(true, false, array_size, > + desc_array, value_array); > } > EXPORT_SYMBOL_GPL(gpiod_set_raw_array_value); > > @@ -3326,14 +3368,14 @@ EXPORT_SYMBOL_GPL(gpiod_set_value_cansleep); > * > * This function is to be called from contexts that can sleep. > */ > -void gpiod_set_raw_array_value_cansleep(unsigned int array_size, > +int gpiod_set_raw_array_value_cansleep(unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array) > { > might_sleep_if(extra_checks); > if (!desc_array) > - return; > - gpiod_set_array_value_complex(true, true, array_size, desc_array, > + return -EINVAL; > + return gpiod_set_array_value_complex(true, true, array_size, desc_array, > value_array); > } > EXPORT_SYMBOL_GPL(gpiod_set_raw_array_value_cansleep); > diff --git a/drivers/gpio/gpiolib.h b/drivers/gpio/gpiolib.h > index b17ec6795c81..b64813e3876e 100644 > --- a/drivers/gpio/gpiolib.h > +++ b/drivers/gpio/gpiolib.h > @@ -188,7 +188,7 @@ int gpiod_get_array_value_complex(bool raw, bool can_sleep, > unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array); > -void gpiod_set_array_value_complex(bool raw, bool can_sleep, > +int gpiod_set_array_value_complex(bool raw, bool can_sleep, > unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array); > diff --git a/include/linux/gpio/consumer.h b/include/linux/gpio/consumer.h > index dbd065963296..243112c7fa7d 100644 > --- a/include/linux/gpio/consumer.h > +++ b/include/linux/gpio/consumer.h > @@ -116,7 +116,7 @@ int gpiod_get_raw_array_value(unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array); > void gpiod_set_raw_value(struct gpio_desc *desc, int value); > -void gpiod_set_raw_array_value(unsigned int array_size, > +int gpiod_set_raw_array_value(unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array); > > @@ -134,7 +134,7 @@ int gpiod_get_raw_array_value_cansleep(unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array); > void gpiod_set_raw_value_cansleep(struct gpio_desc *desc, int value); > -void gpiod_set_raw_array_value_cansleep(unsigned int array_size, > +int gpiod_set_raw_array_value_cansleep(unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array); > > @@ -369,12 +369,13 @@ static inline void gpiod_set_raw_value(struct gpio_desc *desc, int value) > /* GPIO can never have been requested */ > WARN_ON(1); > } > -static inline void gpiod_set_raw_array_value(unsigned int array_size, > +static inline int gpiod_set_raw_array_value(unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array) > { > /* GPIO can never have been requested */ > WARN_ON(1); > + return 0; > } > > static inline int gpiod_get_value_cansleep(const struct gpio_desc *desc) > @@ -423,12 +424,13 @@ static inline void gpiod_set_raw_value_cansleep(struct gpio_desc *desc, > /* GPIO can never have been requested */ > WARN_ON(1); > } > -static inline void gpiod_set_raw_array_value_cansleep(unsigned int array_size, > +static inline int gpiod_set_raw_array_value_cansleep(unsigned int array_size, > struct gpio_desc **desc_array, > int *value_array) > { > /* GPIO can never have been requested */ > WARN_ON(1); > + return 0; > } > > static inline int gpiod_set_debounce(struct gpio_desc *desc, unsigned debounce) > G'day Laura, Looks good to me. Reviewed-by: Phil Reid -- Regards Phil Reid