Received: by 2002:a05:7412:b795:b0:e2:908c:2ebd with SMTP id iv21csp433745rdb; Thu, 2 Nov 2023 07:53:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGUJgsT77cEHWcDsx3ZGUWY6CUE5V6/2AuBSu05H4+AAcmkaLbglXd9HRmxmnLXlFgfzie4 X-Received: by 2002:a17:902:e811:b0:1cc:569b:1df4 with SMTP id u17-20020a170902e81100b001cc569b1df4mr13271586plg.1.1698936829982; Thu, 02 Nov 2023 07:53:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698936829; cv=none; d=google.com; s=arc-20160816; b=X1ibsBQFNicjv3iFYE2cnCAUjXiDE0j03UwIYyM+PtzcFIt/kykwbcAq2emspUl3s+ ZXED/NO5ZvcZFYaExuwkETzAW4rGL28tDfs9h5tQDmqhW1uNE+txpv77EdFCNCS6LeXL o23YOjwrQ4PAmjwCRx2RhpaGdUa9g8C53vgueb9FIOYXUAIOstJVRre9vdgCeHbDXssr KI9DrxaC/QutqhoCrgzgJ37c1HeFR9aQbVoBEhN6LrJTHKPDLnisAa9IHKTjkIX3Wbn6 h8LyAqvrDC9MARsMKhQ3SgWam+1utwnGgIWqWLn8gr5PBOfMKAKpgE45O+LLuC8RPK+M JI9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=OpPyVtURK3O1993/XOuCJ+rtbqqAwYQxZ3FZRcfqNLE=; fh=X1ATgYlMsiayjV7sQAC5IRImNKxbtCtkXLYB24s2ywI=; b=kqWN1z2DZ+2Ph+4yAAUjGPtszhvP75fZnj4BTeIuYikrBdIkYNjwFg2F3gJNIctvha iill/mFRKVsp2VLomcEq3Uis8eUDteX0ihvCk+IuxUhrTZQ9ob10j4QLxFcTEf2NwgDO DtdIpsFgXfJlF5ct4dDRqx5Nu8N2qJiph/dczc28OC9hKN9LaBrEdsqbtrsBvDGyvy1S ELYaAUmacGJJ5IqXqHIBdsTeBYlFnxV1aeeLOs13BcqVAKW4QjJkp0GSoiFmOgaaKBOy SFvzxhO+MKH93u04Qra8NNNZ2hXminGweVIUwH8HR/ter+dgRKZbi6Vfe4+A3c3nNkYD ad6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@baylibre-com.20230601.gappssmtp.com header.s=20230601 header.b=dcsuXAF8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id z14-20020a170903018e00b001b973681493si10069plg.16.2023.11.02.07.53.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Nov 2023 07:53:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@baylibre-com.20230601.gappssmtp.com header.s=20230601 header.b=dcsuXAF8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 453BC8022C46; Thu, 2 Nov 2023 07:53:47 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232873AbjKBOxa (ORCPT + 99 others); Thu, 2 Nov 2023 10:53:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229596AbjKBOxa (ORCPT ); Thu, 2 Nov 2023 10:53:30 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74FA912F for ; Thu, 2 Nov 2023 07:53:26 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-2c6cb4a79deso11325411fa.1 for ; Thu, 02 Nov 2023 07:53:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20230601.gappssmtp.com; s=20230601; t=1698936804; x=1699541604; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OpPyVtURK3O1993/XOuCJ+rtbqqAwYQxZ3FZRcfqNLE=; b=dcsuXAF8WQ/WQgnJlxp6mUTTx+tkLEHlwQC14+u0VWqWRXpz0ZInRrPJLniLztw4M8 LdraLSjUJ1nIsnOe928PBjFRvI9E8j92RISrAOK3YjKvS89WRDGkL6H2ZmAXbhghHFm5 BDn8ozX7Xc02+i6LvQmyIWF36qxEYrvyiokT1Ksx610H/syKEf6yN2pEZ8UHbZ3yVtNp TtV7G1thlZICvMvQZQDPWZT+U4a/IelaMb1or0bNbFdmhKlAWKqFaUDg/bVtbZWkXtCm UbDQG5HVzqOpdeLiDby/T6Eb2O9tDphJMPPL6hC+k3ZCO7e/25/WK8AC/Ih28Tqywn/3 lVqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698936804; x=1699541604; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OpPyVtURK3O1993/XOuCJ+rtbqqAwYQxZ3FZRcfqNLE=; b=fUgWijoXzXadzGLpgb2nle9kH1x4Nq58W06btMvd5SXnm1JogzPccRAalcTXHaokI1 xQQCdFOkcwTZ64hTVTrndiKwPRyaE1xP+H1wUKHmqp35i7t5bnuF/IE2RztUvQ3PFnYZ TyMfAwT0txn6eQ1UsOib1j+N1LLmaegyKabxyzC2dLGv+PVsLdX5VM+2qmIJKpGK3NHY sYpjnE4roJuJkqdDOZ+NFQJ62Jaf4I2N5psl9LzjQFjEf3Kp2ey+HxW+pAgxHCc67IYh RbUqPBf83kk/EqfKus9RzBGITl/lPDHdTI5OpiXCO39Jvrrn/ioBpfldgc2rAmIbrsz8 tIhQ== X-Gm-Message-State: AOJu0YzEGJd4C95cl4+UoKQLFBww45hpgcUdomF3DjDffib/DUQjaViJ we+Ddm8gWDbd0DXhq1ZOeKLH33ql/5UYGhdkuuUiVLGC35AdRxBtAKh9xQ== X-Received: by 2002:a2e:9695:0:b0:2bd:a67:e8c with SMTP id q21-20020a2e9695000000b002bd0a670e8cmr21102lji.3.1698936804612; Thu, 02 Nov 2023 07:53:24 -0700 (PDT) MIME-Version: 1.0 References: <20231031210521.1661552-1-dlechner@baylibre.com> <3ea3d92db5c4c077a76b29dc5a89c4d491695752.camel@gmail.com> In-Reply-To: <3ea3d92db5c4c077a76b29dc5a89c4d491695752.camel@gmail.com> From: David Lechner Date: Thu, 2 Nov 2023 09:53:13 -0500 Message-ID: Subject: Re: [PATCH] iio: triggered-buffer: prevent possible freeing of wrong buffer To: =?UTF-8?B?TnVubyBTw6E=?= Cc: Jonathan Cameron , linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 02 Nov 2023 07:53:47 -0700 (PDT) On Thu, Nov 2, 2023 at 3:59=E2=80=AFAM Nuno S=C3=A1 = wrote: > > On Tue, 2023-10-31 at 16:05 -0500, David Lechner wrote: > > Commit ee708e6baacd ("iio: buffer: introduce support for attaching more > > IIO buffers") introduced support for multiple buffers per indio_dev but > > left indio_dev->buffer for a few legacy use cases. > > > > In the case of the triggered buffer, iio_triggered_buffer_cleanup() > > still assumes that indio_dev->buffer points to the buffer allocated by > > iio_triggered_buffer_setup_ext(). However, since > > iio_triggered_buffer_setup_ext() now calls iio_device_attach_buffer() > > to attach the buffer, indio_dev->buffer will only point to the buffer > > allocated by iio_device_attach_buffer() if it the first buffer attached= . > > > > This adds a check to make sure that no other buffer has been attached > > yet to ensure that indio_dev->buffer will be assigned when > > iio_device_attach_buffer() is called. > > > > Fixes: ee708e6baacd ("iio: buffer: introduce support for attaching more= IIO > > buffers") > > Signed-off-by: David Lechner > > --- > > drivers/iio/buffer/industrialio-triggered-buffer.c | 10 ++++++++++ > > 1 file changed, 10 insertions(+) > > > > diff --git a/drivers/iio/buffer/industrialio-triggered-buffer.c > > b/drivers/iio/buffer/industrialio-triggered-buffer.c > > index c7671b1f5ead..c06515987e7a 100644 > > --- a/drivers/iio/buffer/industrialio-triggered-buffer.c > > +++ b/drivers/iio/buffer/industrialio-triggered-buffer.c > > @@ -46,6 +46,16 @@ int iio_triggered_buffer_setup_ext(struct iio_dev > > *indio_dev, > > struct iio_buffer *buffer; > > int ret; > > > > + /* > > + * iio_triggered_buffer_cleanup() assumes that the buffer allocat= ed > > here > > + * is assigned to indio_dev->buffer but this is only the case if = this > > + * function is the first caller to iio_device_attach_buffer(). If > > + * indio_dev->buffer is already set then we can't proceed otherwi= se > > the > > + * cleanup function will try to free a buffer that was not alloca= ted > > here. > > + */ > > + if (indio_dev->buffer) > > + return -EADDRINUSE; > > + > > Hmmm, good catch! But I think this is just workarounding the real problem Yes, I could have done a better job explaining my reason for this fix. It seemed like the simplest fix that could be easily backported to stable kernels. And then we can look at removing the legacy field completely in the future. > because like this, you can only have a triggered buffer by device. This s= hould > be fine as we don't really have any multi buffer user so far but ideally = it > should be possible. > > Long term we might want to think about moving 'pollfunc' to be a per buff= er > thing. Not sure how much trouble that would be given that a trigger is al= so per > device and I don't know if it would make sense to have a trigger per buff= er?! > Ideally, given the multi buffer concept, I would say it makes sense but i= t might > be difficult to accomplish. So better to think about it only if there's a= real > usecase for it. > > On thing that I guess it could be done is to change the triggered API so = it > returns a buffer and so iio_triggered_buffer_cleanup() would also get a p= ointer > to the buffer it allocated (similar to what DMA buffer's are doing). But = that's > indeed also bigger change... Bahh, I'm likely over complicating things fo= r now. This sounds very much like the work I am doing on SPI Engine offload support - having a trigger associated with a buffer. So maybe something will come out of that. =C2=AF\_(=E3=83=84)_/=C2=AF > Fell free to: > > Acked-by: Nuno Sa > >