Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1051224pxm; Wed, 23 Feb 2022 16:53:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJwPHdJFJCDoXJv6gTLe1vVLPUXn8jRSKEXXtw95XPH8ZEVN9p5mt3w59TI1d4g1GDFoo6aP X-Received: by 2002:a05:6a00:181c:b0:4e1:a270:df4d with SMTP id y28-20020a056a00181c00b004e1a270df4dmr326873pfa.71.1645664029126; Wed, 23 Feb 2022 16:53:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645664029; cv=none; d=google.com; s=arc-20160816; b=mIbZbzua2PANi4B9cSqGEsOuLQq6BFri9AwBh8ZIP/rWqsCpQITT+pgqVgc/WJRl2J 5zY3HAnVLU+EYJPbclVhp0nIjXJGxOqrniUj7poszn9aay383NSVPWNB3J9r60RryrSX pJOzibrtmYXPmtpgmjfSdYv9YTAkw+58qpapZlvRZ72NivBLIsrxrQ4wFYEZMz6WXTFK wXNTDNlZG9nJ34HId0vfnop5wHelVJeFJylse1T1RJIGIpxJLJEWzFV6JJ00aVCl/wC+ LpniMY2uoS3Dthqjh85MmWXdd4X65Pc8NfM0/YaPvKjkS2BzV1cEf1kejKELUILbd7ym cR1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:content-language:subject:user-agent:mime-version:date :message-id:dkim-signature; bh=UkXoPF9GFsyAWsCPL3ryOH3fKN9jJKmB8GGxrcEoohU=; b=JjkWfa/GYFZLBSNpFp/EZljvY69vvTAqFcTC+z+gMPH84u6Q5149APtk3iqtF+qlgv YiEw5sF1zMB357Z/1Ul/yQRaM1FF4g6yyGjs6FeFbIWaav+Clhb9wvEyRVjrCjRyI0Ej r49QnAXsoXEm5UTsEAnH8j5Il0dIpCv2Ahk1G7NBuq2R9U68DC+SVFPUfqV6GwN2IuGu ixHOCiqyzYiJRrp242fwWk8HsGPQEHENVYyjYF8FjkoxIkUw5jm1aSdHBIu2/BPbFtfW SdKI4l1ewROMe9sQA7zk87Umv80bd7p/pY7jPj21/448amdlyDPUnUpi4ofIZ+kAM3g/ 7U3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=KprZCbbn; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id k4si1316351plk.601.2022.02.23.16.53.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Feb 2022 16:53:49 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=KprZCbbn; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6F1CF101F1E; Wed, 23 Feb 2022 16:47:15 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234846AbiBWOXZ (ORCPT + 99 others); Wed, 23 Feb 2022 09:23:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239615AbiBWOXX (ORCPT ); Wed, 23 Feb 2022 09:23:23 -0500 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 544B2B1A86 for ; Wed, 23 Feb 2022 06:22:55 -0800 (PST) Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 420B03F1D0 for ; Wed, 23 Feb 2022 14:22:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1645626167; bh=UkXoPF9GFsyAWsCPL3ryOH3fKN9jJKmB8GGxrcEoohU=; h=Message-ID:Date:MIME-Version:Subject:To:References:From: In-Reply-To:Content-Type; b=KprZCbbn9roHI76H3j/ZoMkRIaG+CEATaMj+2Zz8rEdG9iHpHB0b5QiRpqTrY/bVj nZI2AdL2jNVcY0KA/s1yh/EtXgtzjRzKQS47WKnxXg9sNcUVVDBNOw7uFYsdHJJGIy WvwsVL+Kgv+wpyfNwLE1rs9FgEbK5vuUUtbp0kcVdi9HTKYsKJjoZPkevXORaKD2P3 AU5qH9Efl8faRmCz71Fsrd9M13G52a56P37CML/QUFaKGneArevM+LaKZY88/Tz4Ru mPIdF8H0eKkXO5NyWcsgCnWHrItwE4uaCNeoYbwdcBQUdIe+bAEkl7T5fgqHwUv8XB WiK+ELItfF/kA== Received: by mail-ej1-f69.google.com with SMTP id k16-20020a17090632d000b006ae1cdb0f07so7154461ejk.16 for ; Wed, 23 Feb 2022 06:22:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=UkXoPF9GFsyAWsCPL3ryOH3fKN9jJKmB8GGxrcEoohU=; b=uG9rhFU7XYT3MYnG9BQ0LbjxUgMojbe7wVWcLtaLUfYFzpTRy585BTRLJItktzeybw +A23r8o0MSUCfuq3KGw6YavgHxwh8b/Jaya4hbEvLT+JZ+P9BToWJ4vxR+wOCzj4MonC qAUozzMhlFcqIUX2oiZ1MT2PU5PD+YoD0H3X7SFXVBfp9rBFZm2nf17vaWfIeei04Hi2 X4PBQxV+jN4coGolT+CAInnj0ZmNdZHew8wyNJcMBvYPFKXSoa9+r1Qjbdwft0gl+B7J id6TpnGAzESViKR+6Fj3q12VtNRjPEUoIBIhXm4Wrf7U1/yjbawN9aMrEgFJvpWwKLDv C3zQ== X-Gm-Message-State: AOAM533kivt0C5IW8gYelhBhVx8Y64+7OkDbGQbtARk1TibQN3usXa4P MprGoNjJLswn5fiJYOfgZSOg4nhdQ0JhdVsARJ6Buqvc9NVsPOAn+VYpAz9om8bXQ0lxkP5zrEy 7VefMjqLFospGXSNwUeUhMqHf0mRMX6t4Hwv0f30yUw== X-Received: by 2002:a05:6402:1cae:b0:410:d3ae:3c8a with SMTP id cz14-20020a0564021cae00b00410d3ae3c8amr30820284edb.215.1645626166974; Wed, 23 Feb 2022 06:22:46 -0800 (PST) X-Received: by 2002:a05:6402:1cae:b0:410:d3ae:3c8a with SMTP id cz14-20020a0564021cae00b00410d3ae3c8amr30820260edb.215.1645626166707; Wed, 23 Feb 2022 06:22:46 -0800 (PST) Received: from [192.168.0.125] (xdsl-188-155-181-108.adslplus.ch. [188.155.181.108]) by smtp.gmail.com with ESMTPSA id hp7sm2475722ejc.144.2022.02.23.06.22.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 23 Feb 2022 06:22:45 -0800 (PST) Message-ID: <636e5b92-8ed8-35a1-d6e9-516d5b35be91@canonical.com> Date: Wed, 23 Feb 2022 15:22:44 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [RFT PATCH 0/3] Fix kfree() of const memory on setting driver_override Content-Language: en-US To: Robin Murphy , Rasmus Villemoes , Abel Vesa , Michael Turquette , Stephen Boyd , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Bjorn Andersson , Mathieu Poirier , Andy Gross , Srinivas Kandagatla , linux-clk@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-arm-msm@vger.kernel.org, alsa-devel@alsa-project.org References: <20220222132707.266883-1-krzysztof.kozlowski@canonical.com> <708eabb1-7b35-d525-d4c3-451d4a3de84f@rasmusvillemoes.dk> <0442526f-b6d9-8868-ac1c-dd11a2d3b2ab@arm.com> From: Krzysztof Kozlowski In-Reply-To: <0442526f-b6d9-8868-ac1c-dd11a2d3b2ab@arm.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23/02/2022 15:04, Robin Murphy wrote: > On 2022-02-22 14:06, Krzysztof Kozlowski wrote: >> On 22/02/2022 14:51, Rasmus Villemoes wrote: >>> On 22/02/2022 14.27, Krzysztof Kozlowski wrote: >>>> Hi, >>>> >>>> Drivers still seem to use driver_override incorrectly. Perhaps my old >>>> patch makes sense now? >>>> https://lore.kernel.org/all/1550484960-2392-3-git-send-email-krzk@kernel.org/ >>>> >>>> Not tested - please review and test (e.g. by writing to dirver_override >>>> sysfs entry with KASAN enabled). >>> >>> Perhaps it would make sense to update the core code to release using >>> kfree_const(), allowing drivers to set the initial value with >>> kstrdup_const(). Drivers that currently use kstrdup() or kasprintf() >>> will continue to work [but if they kstrdup() a string literal they could >>> be changed to use kstrdup_const]. >> >> The core here means several buses, so the change would not be that >> small. However I don't see the reason why "driver_override" is special >> and should be freed with kfree_const() while most of other places don't >> use it. >> >> The driver_override field definition is here obvious: "char *", so any >> assignments of "const char *" are logically wrong (although GCC does not >> warn of this literal string const discarding). Adding kfree_const() is >> hiding the problem - someone did not read the definition of assigned field. > > That's not the issue, though, is it? If I take the struct > platform_device definition at face value, this should be perfectly valid: > > static char foo[] = "foo"; > pdev->driver_override = &foo; Yes, that's not the issue. It's rather about the interface. By convention we do not modify string literals but "char *driver_override" indicates that this is modifiable memory. I would argue that it even means that ownership is passed. Therefore passing string literal to "char *driver_override" is wrong from logical point of view. Plus, as you mentioned later, can lead to undefined behavior. > > And in fact that's effectively how the direct assignment form works > anyway - string literals are static arrays of type char (or wchar_t), > *not* const char, however trying to modify them is undefined behaviour. > > There's a big difference between "non-const" and "kfree()able", and > AFAICS there's no obvious clue that the latter is actually a requirement. Then maybe kfreeable should be made a requirement? Or at least clearly documented? Best regards, Krzysztof