Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp2867764rwb; Mon, 19 Sep 2022 11:09:28 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4nvk+vVMcJ6p7Fckm1GPAT7RvSiULP6Y4yynZIa6F67FsIaLeOySbl1+PWVUOrdxPFgnzj X-Received: by 2002:a17:903:1211:b0:178:a692:b1e3 with SMTP id l17-20020a170903121100b00178a692b1e3mr1015636plh.48.1663610967862; Mon, 19 Sep 2022 11:09:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663610967; cv=none; d=google.com; s=arc-20160816; b=VIzGWYm25O7g+HoCHpZJkptBkx7P1dA8ivYhQIhssHF4ry0dr8q3Mqtf5/h6ATODOA /IhHLIpCgj3Y21gmoT+ZGKR1y/CZr+LYmPvGerjZaVUXWlrSsJR24pjrpWm6asUKcl23 vo7RG6HgyEyJHfpkUOlXvmExfmAhprkTL4h88Q+f9zpoi4tH68QNyQFzJatviZEjngP4 dIPYCInD2HYEM65osBxfufr8x00tw99mmMr49XR6fZQxOdVe0k8vZ9QKOOa7+pK5Cxkg ZCekQgLk6c5kuulLxiw6z+ucNpkTxDDHIjPyS0riEIU33O2fAOJyoxtfMSxXwA6r/T0j oTzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=EgL3wAVtykRbB60d0P+xCgMTnp4Z75hkxYXaeHPjSuA=; b=pNKBAvBlCydOgz3Njl96SCGPd1gLFv7srvHaThTzIVF+Oak5FQ91o+QZe2ZedugyFK 4tAkySOQO+tFyqCf2S4JV002S75SQn5jmUNxLaOSg3/iJsdl5MPM6SwN3ZIl7e7O42fr RkNBKnkxntc9JC41S4PKszlKk2CUnW+2HT2+I59LUgPO4zc5pcaGizNzudhXBc+Ef56u 8qa+oUolSLAqm0nxJLTkpI7wtTNc4W6cXp88fZSFVFXHcNuM4eFjTAiEt+wHNKft2Fx/ sr05CDs07vw4vhp7mlP56m3CjL6NYZXaXgy/GlnMVShlB++Xeh8OxkIDZvQh7qwkREQ4 3sZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MsVjJ6Ai; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pv9-20020a17090b3c8900b001fdb4973e60si11592801pjb.21.2022.09.19.11.09.16; Mon, 19 Sep 2022 11:09:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MsVjJ6Ai; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230329AbiISRS7 (ORCPT + 99 others); Mon, 19 Sep 2022 13:18:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229724AbiISRS5 (ORCPT ); Mon, 19 Sep 2022 13:18:57 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C9AD11FCF5; Mon, 19 Sep 2022 10:18:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7121FB8069D; Mon, 19 Sep 2022 17:18:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A1B8AC433D6; Mon, 19 Sep 2022 17:18:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663607933; bh=9ZvJnawDlxY9dZtU1p0CXXCvVjy3I23Z9TlaleTFuPQ=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=MsVjJ6AioCtwqKEp5Uy3poH+nqi0N+rPq/ItcSpu8UbHmfRzCa5FKRFLyEUDJtD8Q C5VaVKvDDyHrMXGLiNG947QlmCYrNyi/Z7c65jTdA/+y5sfPPLHjWYPZ5eThTiVNp5 zMPrzhrpdjgt8XrCc/jSdZTut4Cn4aGRA3r4cRWT1tzdtMFi9UrV+c4sJBO+jELULQ ivdUqBgBeY+bW/qGMPaiQyOe/eGuSj0PfDNMsRQ95KGmOOTeyJzDCyLRXfKi9LyCuj eQjRwjAmzP44Vb/Zsr9tmhnVk40QQR5K1XVHLrincl2w/oaukIjIeXH+GEDoHnvnnN GqxYouMYWUaeQ== Date: Mon, 19 Sep 2022 18:18:54 +0100 From: Jonathan Cameron To: "Vaittinen, Matti" Cc: Alexandru Ardelean , "linux-kernel@vger.kernel.org" , "linux-iio@vger.kernel.org" , "nuno.sa@analog.com" , "dragos.bogdan@analog.com" , Stefan Popa , Jonathan Cameron , Michael Hennerich , Lars-Peter Clausen , Miquel Raynal , Eugen Hristev , Nicolas Ferre , Alexandre Belloni , Claudiu Beznea , Alexandru Ardelean Subject: Re: [RFT] potential bug with IIO_CONST_ATTR usage with triggered buffers Message-ID: <20220919181854.01214355@jic23-huawei> In-Reply-To: <20220919163214.5b757903@jic23-huawei> References: <20210215104043.91251-1-alexandru.ardelean@analog.com> <20210215104043.91251-15-alexandru.ardelean@analog.com> <87fbfc8e-fb17-444d-22a2-3738ade77cb5@fi.rohmeurope.com> <20220919163214.5b757903@jic23-huawei> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 19 Sep 2022 16:32:14 +0100 Jonathan Cameron wrote: > On Mon, 19 Sep 2022 08:52:38 +0000 > "Vaittinen, Matti" wrote: > > > On 9/9/22 11:12, Vaittinen, Matti wrote: > > > Hi dee Ho peeps! > > > > > > Disclaimer - I have no HW to test this using real in-tree drivers. If > > > someone has a device with a variant of bmc150 or adxl372 or - it'd be > > > nice to see if reading hwfifo_watermark_max or hwfifo_watermark_min > > > works with the v6.0-rc4. Maybe I am misreading code and have my own > > > issues - in which case I apologize already now and go to the corner > > > while being deeply ashamed :) > > > > I would like to add at least the at91-sama5d2_adc (conditonally > > registers the IIO_CONST_ATTR for triggered-buffer) to the list of > > devices that could be potentially tested. I hope some of these devices > > had a user who could either make us worried and verify my assumption - > > or make me ashamed but rest of us relieved :) Eg - I second my request > > for testing this - and add potential owners of at91-sama5d2_adc to the list. > > > > > On 2/15/21 12:40, Alexandru Ardelean wrote: > > >> This change wraps all buffer attributes into iio_dev_attr objects, and > > >> assigns a reference to the IIO buffer they belong to. > > >> > > >> With the addition of multiple IIO buffers per one IIO device, we need a way > > >> to know which IIO buffer is being enabled/disabled/controlled. > > >> > > >> We know that all buffer attributes are device_attributes. > > > > > > I think this assumption is slightly unsafe. I see few drivers adding > > > IIO_CONST_ATTRs in attribute groups. For example the bmc150 and adxl372 > > > add the hwfifo_watermark_min and hwfifo_watermark_max. > > > > > > > and at91-sama5d2_adc > > > > //snip > > > > >I noticed that using > > > IIO_CONST_ATTRs for triggered buffers seem to cause access to somewhere > > > it shouldn't... Oops. > > > > > > Reading the code allows me to assume the problem is wrapping the > > > attributes to IIO_DEV_ATTRs. > > > > > > static struct attribute *iio_buffer_wrap_attr(struct iio_buffer *buffer, > > > + struct attribute *attr) > > > +{ > > > + struct device_attribute *dattr = to_dev_attr(attr); > > > + struct iio_dev_attr *iio_attr; > > > + > > > + iio_attr = kzalloc(sizeof(*iio_attr), GFP_KERNEL); > > > + if (!iio_attr) > > > + return NULL; > > > + > > > + iio_attr->buffer = buffer; > > > + memcpy(&iio_attr->dev_attr, dattr, sizeof(iio_attr->dev_attr)); > > > > > > This copy does assume all attributes are device_attrs, and does not take > > > into account that IIO_CONST_ATTRS have the string stored in a struct > > > iio_const_attr which is containing the dev_attr. Eg, copying in the > > > iio_buffer_wrap_attr() does not copy the string - and later invoking the > > > 'show' callback goes reading something else than the mentioned string > > > because the pointer is not copied. > > > > Yours, > > -- Matti > Hi Matti, > > +CC Alexandru on a current email address. > > I saw this whilst travelling and completely forgot about when > I was back to normal - so great you sent a follow up! > > Anyhow, your reasoning seems correct and it would be easy enough > to add such a case to iio/dummy/iio_simple_dummy_buffer.c and > provide a clear test for the problem. > > As to solutions. The quickest is probably to switch these const attrs > over to a non const form and add a comment to the header to say they are > unsuitable for use with buffers. Thinking a little more on this - all / (most?) of the users pass a null terminated array of struct device_attribute * to *iio_triggered_buffer_setup_ext() That's then assigned to buffer->attrs. We could add an additional pointer to the struct iio_buffer to take a null terminated array of struct iio_dev_attr * and change the signature of that function to take one of those, thus preventing us using iio_const_attr structures for this. Then we can wrap those just fine in the code you highlighted and assign the result into buffer->attrs. We'd need to precede that change with fixes that just switch the iio_const_attr uses over to iio_dev_attr but changing this would ensure no accidental reintroductions of the problem in future drivers (typically as a result of someone forward porting a driver that is out of tree). I think this combination of fix then prevent future problems is what I would prefer. Jonathan > > An alternative would be to make it 'safe' by making the data layouts > match up. > > struct iio_attr { > struct device_attribute dev_attr; > union { > u64 address; > const char *string; > }; > struct list_head l; > struct iio_chan_spec const *c; > struct iio_buffer *buffer; > }; > > #define iio_dev_attr iio_attr > #define iio_const_attr iio_attr > > Looking at this raises another potential problem. > Where is the address copied over for attributes using IIO_DEVICE_ATTR()? > Maybe I'm just missing it somewhere. Grepping suggests we've been > lucky and there are no users of that field in buffer attributes. > > Detecting the problem you found is going to be inherently tricky - though maybe > could rely on the naming of the attributes passed in (iio_const...) > and some scripting magic. > > Longer term, it's this sort of thing that motivates protections / runnable > CI self tests with, for example, the roadtest framework that I'm hoping > will be available upstream soonish! > > Would you like to send patches given you identified the problem? > > If not I'm happy to fix these up. My grepping identified the same 3 cases > you found. > > Jonathan >