diff mbox series

[v2,2/2] pinctrl: pinmux: Add pinmux-select debugfs file

Message ID 20210210074946.155417-3-drew@beagleboard.org
State New
Headers show
Series pinctrl: pinmux: Add pinmux-select debugfs file | expand

Commit Message

Drew Fustini Feb. 10, 2021, 7:49 a.m. UTC 
Add "pinmux-select" to debugfs which will activate a function and group
when 2 integers "<function-selector> <group-selector>" are written to
the file. The write operation pinmux_select() handles this by checking
if fsel and gsel are valid selectors and then calling ops->set_mux().

The existing "pinmux-functions" debugfs file lists the pin functions
registered for the pin controller. For example:

function: pinmux-uart0, groups = [ pinmux-uart0-pins ]
function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ]
function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ]
function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ]
function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ]
function: pinmux-spi1, groups = [ pinmux-spi1-pins ]

To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins
(gsel 4):

echo '4 4' > pinmux-select

Signed-off-by: Drew Fustini <drew@beagleboard.org>
---
 drivers/pinctrl/pinmux.c | 106 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 106 insertions(+)

Comments

Geert Uytterhoeven Feb. 10, 2021, 8:35 a.m. UTC | #1 
Hi Drew,

On Wed, Feb 10, 2021 at 8:50 AM Drew Fustini <drew@beagleboard.org> wrote:
> Add "pinmux-select" to debugfs which will activate a function and group
> when 2 integers "<function-selector> <group-selector>" are written to
> the file. The write operation pinmux_select() handles this by checking
> if fsel and gsel are valid selectors and then calling ops->set_mux().

Thanks for your patch!

> The existing "pinmux-functions" debugfs file lists the pin functions
> registered for the pin controller. For example:
>
> function: pinmux-uart0, groups = [ pinmux-uart0-pins ]
> function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ]
> function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ]
> function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ]
> function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ]
> function: pinmux-spi1, groups = [ pinmux-spi1-pins ]
>
> To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins
> (gsel 4):
>
> echo '4 4' > pinmux-select

I think you forgot to update the example.

I assume

    echo pinmux-i2c1 pinmux-i2c1-pins > mux-select

?

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
Andy Shevchenko Feb. 10, 2021, 9:56 a.m. UTC | #2 
On Wed, Feb 10, 2021 at 9:50 AM Drew Fustini <drew@beagleboard.org> wrote:
>
> Add "pinmux-select" to debugfs which will activate a function and group
> when 2 integers "<function-selector> <group-selector>" are written to
> the file. The write operation pinmux_select() handles this by checking
> if fsel and gsel are valid selectors and then calling ops->set_mux().
>
> The existing "pinmux-functions" debugfs file lists the pin functions
> registered for the pin controller. For example:
>
> function: pinmux-uart0, groups = [ pinmux-uart0-pins ]
> function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ]
> function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ]
> function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ]
> function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ]
> function: pinmux-spi1, groups = [ pinmux-spi1-pins ]
>
> To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins
> (gsel 4):
>
> echo '4 4' > pinmux-select

...

>  DEFINE_SHOW_ATTRIBUTE(pinmux_pins);
>

> +

One blank line (existed) is enough.

> +#define PINMUX_MAX_NAME 64

...

> +       buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);

You have to (re-)read documentation about Device Managed Resources.
Keyword here is *device*! Pay attention to it. TL;DR: misuse of device
managed resources here.
Potentially memory exhausting (local DoS attack), but see below.

> +       if (!buf)
> +               return -ENOMEM;

...

> +       devm_kfree(pctldev->dev, buf);

Calling devm_kfree() or other devm_*() release kinda APIs is a red
flag in 99%. See above.

--
With Best Regards,
Andy Shevchenko
Drew Fustini Feb. 10, 2021, 5:31 p.m. UTC | #3 
On Wed, Feb 10, 2021 at 11:56:49AM +0200, Andy Shevchenko wrote:
> On Wed, Feb 10, 2021 at 9:50 AM Drew Fustini <drew@beagleboard.org> wrote:
> >
> > Add "pinmux-select" to debugfs which will activate a function and group
> > when 2 integers "<function-selector> <group-selector>" are written to
> > the file. The write operation pinmux_select() handles this by checking
> > if fsel and gsel are valid selectors and then calling ops->set_mux().
> >
> > The existing "pinmux-functions" debugfs file lists the pin functions
> > registered for the pin controller. For example:
> >
> > function: pinmux-uart0, groups = [ pinmux-uart0-pins ]
> > function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ]
> > function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ]
> > function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ]
> > function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ]
> > function: pinmux-spi1, groups = [ pinmux-spi1-pins ]
> >
> > To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins
> > (gsel 4):
> >
> > echo '4 4' > pinmux-select
> 
> ...
> 
> >  DEFINE_SHOW_ATTRIBUTE(pinmux_pins);
> >
> 
> > +
> 
> One blank line (existed) is enough.
> 
> > +#define PINMUX_MAX_NAME 64
> 
> ...
> 
> > +       buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);
> 
> You have to (re-)read documentation about Device Managed Resources.
> Keyword here is *device*! Pay attention to it. TL;DR: misuse of device
> managed resources here.
> Potentially memory exhausting (local DoS attack), but see below.
> 
> > +       if (!buf)
> > +               return -ENOMEM;
> 
> ...
> 
> > +       devm_kfree(pctldev->dev, buf);
> 
> Calling devm_kfree() or other devm_*() release kinda APIs is a red
> flag in 99%. See above.

Thank you for reviewing and pointing out this issue.

Do you mean that I should not be treating these buffers used in the 
debugfs write op as belonging to the pin controller device?

I have looked through the kernel code and I realize now that I don't see
any instances of devm_*() being used inside the read or write op for a
debugfs file. As I consider it further, devm_*() does not seem to make
sense as I am creating the buffers only for temporary use inside
pinmux_select().

I'll get that fixed in v3.

Thank you,
Drew
Dan Carpenter Feb. 10, 2021, 6:20 p.m. UTC | #4 
Hi Drew,

url:    https://github.com/0day-ci/linux/commits/Drew-Fustini/pinctrl-pinmux-Add-pinmux-select-debugfs-file/20210210-160108
base:   https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git devel
config: i386-randconfig-m021-20210209 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
drivers/pinctrl/pinmux.c:762 pinmux_select() error: uninitialized symbol 'gname'.

vim +/gname +762 drivers/pinctrl/pinmux.c

99b2f99aa41aa7 Drew Fustini  2021-02-09  678  static ssize_t pinmux_select(struct file *file, const char __user *user_buf,
99b2f99aa41aa7 Drew Fustini  2021-02-09  679  				   size_t len, loff_t *ppos)
99b2f99aa41aa7 Drew Fustini  2021-02-09  680  {
99b2f99aa41aa7 Drew Fustini  2021-02-09  681  	struct seq_file *sfile = file->private_data;
99b2f99aa41aa7 Drew Fustini  2021-02-09  682  	struct pinctrl_dev *pctldev = sfile->private;
99b2f99aa41aa7 Drew Fustini  2021-02-09  683  	const struct pinmux_ops *pmxops = pctldev->desc->pmxops;
99b2f99aa41aa7 Drew Fustini  2021-02-09  684  	const char *const *groups;
99b2f99aa41aa7 Drew Fustini  2021-02-09  685  	char *buf, *fname, *gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  686  	unsigned int num_groups;
99b2f99aa41aa7 Drew Fustini  2021-02-09  687  	int fsel, gsel, ret;
99b2f99aa41aa7 Drew Fustini  2021-02-09  688  
99b2f99aa41aa7 Drew Fustini  2021-02-09  689  	if (len > (PINMUX_MAX_NAME * 2)) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  690  		dev_err(pctldev->dev, "write too big for buffer");
99b2f99aa41aa7 Drew Fustini  2021-02-09  691  		return -EINVAL;
99b2f99aa41aa7 Drew Fustini  2021-02-09  692  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  693  
99b2f99aa41aa7 Drew Fustini  2021-02-09  694  	buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);
99b2f99aa41aa7 Drew Fustini  2021-02-09  695  	if (!buf)
99b2f99aa41aa7 Drew Fustini  2021-02-09  696  		return -ENOMEM;
99b2f99aa41aa7 Drew Fustini  2021-02-09  697  
99b2f99aa41aa7 Drew Fustini  2021-02-09  698  	fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
99b2f99aa41aa7 Drew Fustini  2021-02-09  699  	if (!fname) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  700  		ret = -ENOMEM;
99b2f99aa41aa7 Drew Fustini  2021-02-09  701  		goto free_buf;

The gotos are out of order.  They should be in mirror/reverse order of
the allocations:

free_gmane:
	devm_kfree(pctldev->dev, gname);
free_fname:
	devm_kfree(pctldev->dev, fname);
free_buf:
	devm_kfree(pctldev->dev, buf);

But also why do we need to use devm_kfree() at all?  I thought the whole
point of devm_ functions was that they are garbage collected
automatically for you.  Can we not just delete all error handling and
return -ENOMEM here?

99b2f99aa41aa7 Drew Fustini  2021-02-09  702  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  703  
99b2f99aa41aa7 Drew Fustini  2021-02-09  704  	gname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
99b2f99aa41aa7 Drew Fustini  2021-02-09  705  	if (!buf) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  706  		ret = -ENOMEM;
99b2f99aa41aa7 Drew Fustini  2021-02-09  707  		goto free_fname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  708  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  709  
99b2f99aa41aa7 Drew Fustini  2021-02-09  710  	ret = strncpy_from_user(buf, user_buf, PINMUX_MAX_NAME * 2);
99b2f99aa41aa7 Drew Fustini  2021-02-09  711  	if (ret < 0) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  712  		dev_err(pctldev->dev, "failed to copy buffer from userspace");
99b2f99aa41aa7 Drew Fustini  2021-02-09  713  		goto free_gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  714  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  715  	buf[len-1] = '\0';
99b2f99aa41aa7 Drew Fustini  2021-02-09  716  
99b2f99aa41aa7 Drew Fustini  2021-02-09  717  	ret = sscanf(buf, "%s %s", fname, gname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  718  	if (ret != 2) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  719  		dev_err(pctldev->dev, "expected format: <function-name> <group-name>");
99b2f99aa41aa7 Drew Fustini  2021-02-09  720  		goto free_gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  721  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  722  
99b2f99aa41aa7 Drew Fustini  2021-02-09  723  	fsel = pinmux_func_name_to_selector(pctldev, fname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  724  	if (fsel < 0) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  725  		dev_err(pctldev->dev, "invalid function %s in map table\n", fname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  726  		ret = -EINVAL;
99b2f99aa41aa7 Drew Fustini  2021-02-09  727  		goto free_gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  728  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  729  
99b2f99aa41aa7 Drew Fustini  2021-02-09  730  	ret = pmxops->get_function_groups(pctldev, fsel, &groups, &num_groups);
99b2f99aa41aa7 Drew Fustini  2021-02-09  731  	if (ret) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  732  		dev_err(pctldev->dev, "no groups for function %d (%s)", fsel, fname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  733  		goto free_gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  734  
99b2f99aa41aa7 Drew Fustini  2021-02-09  735  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  736  
99b2f99aa41aa7 Drew Fustini  2021-02-09  737  	ret = match_string(groups, num_groups, gname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  738  	if (ret < 0) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  739  		dev_err(pctldev->dev, "invalid group %s", gname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  740  		goto free_gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  741  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  742  
99b2f99aa41aa7 Drew Fustini  2021-02-09  743  	ret = pinctrl_get_group_selector(pctldev, gname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  744  	if (ret < 0) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  745  		dev_err(pctldev->dev, "failed to get group selectorL %s", gname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  746  		goto free_gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  747  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  748  	gsel = ret;
99b2f99aa41aa7 Drew Fustini  2021-02-09  749  
99b2f99aa41aa7 Drew Fustini  2021-02-09  750  	ret = pmxops->set_mux(pctldev, fsel, gsel);
99b2f99aa41aa7 Drew Fustini  2021-02-09  751  	if (ret) {
99b2f99aa41aa7 Drew Fustini  2021-02-09  752  		dev_err(pctldev->dev, "set_mux() failed: %d", ret);
99b2f99aa41aa7 Drew Fustini  2021-02-09  753  		goto free_gname;
99b2f99aa41aa7 Drew Fustini  2021-02-09  754  	}
99b2f99aa41aa7 Drew Fustini  2021-02-09  755  
99b2f99aa41aa7 Drew Fustini  2021-02-09  756  	return len;
99b2f99aa41aa7 Drew Fustini  2021-02-09  757  free_buf:
99b2f99aa41aa7 Drew Fustini  2021-02-09  758  	devm_kfree(pctldev->dev, buf);
99b2f99aa41aa7 Drew Fustini  2021-02-09  759  free_fname:
99b2f99aa41aa7 Drew Fustini  2021-02-09  760  	devm_kfree(pctldev->dev, fname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  761  free_gname:
99b2f99aa41aa7 Drew Fustini  2021-02-09 @762  	devm_kfree(pctldev->dev, gname);
99b2f99aa41aa7 Drew Fustini  2021-02-09  763  	return ret;
99b2f99aa41aa7 Drew Fustini  2021-02-09  764  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Geert Uytterhoeven Feb. 10, 2021, 6:39 p.m. UTC | #5 
Hi Dan,

On Wed, Feb 10, 2021 at 7:21 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  694    buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  695    if (!buf)
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  696            return -ENOMEM;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  697
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  698    fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  699    if (!fname) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  700            ret = -ENOMEM;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  701            goto free_buf;
>
> The gotos are out of order.  They should be in mirror/reverse order of
> the allocations:
>
> free_gmane:
>         devm_kfree(pctldev->dev, gname);
> free_fname:
>         devm_kfree(pctldev->dev, fname);
> free_buf:
>         devm_kfree(pctldev->dev, buf);
>
> But also why do we need to use devm_kfree() at all?  I thought the whole
> point of devm_ functions was that they are garbage collected
> automatically for you.  Can we not just delete all error handling and
> return -ENOMEM here?

No, because the lifetime of the objects allocated here does not match the
lifetime of dev.  If they're not freed here, they will only be freed when the
device is unbound.  As the user can access the sysfs files at will, he can
OOM the system.

Gr{oetje,eeting}s,

                        Geert
Drew Fustini Feb. 10, 2021, 7:04 p.m. UTC | #6 
On Wed, Feb 10, 2021 at 09:20:44PM +0300, Dan Carpenter wrote:
> Hi Drew,
> 
> url:    https://github.com/0day-ci/linux/commits/Drew-Fustini/pinctrl-pinmux-Add-pinmux-select-debugfs-file/20210210-160108
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git devel
> config: i386-randconfig-m021-20210209 (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

Does it makes sense for me to include that tag in this patch?

It's not really a fix but rather creating a new feature through debugfs.
I am wondering if it might confuse people reading the git log as to
whether the Reported-by: was with regards to the addition of
'pinmux-select' to debugfs, rather than it was just reporting that my
goto handling was incorrect.

I think it makes sense for me to mention that in the PATCH changelog but
that won't be in the git commit message.

> 
> smatch warnings:
> drivers/pinctrl/pinmux.c:762 pinmux_select() error: uninitialized symbol 'gname'.
> 
> vim +/gname +762 drivers/pinctrl/pinmux.c
> 
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  678  static ssize_t pinmux_select(struct file *file, const char __user *user_buf,
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  679  				   size_t len, loff_t *ppos)
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  680  {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  681  	struct seq_file *sfile = file->private_data;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  682  	struct pinctrl_dev *pctldev = sfile->private;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  683  	const struct pinmux_ops *pmxops = pctldev->desc->pmxops;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  684  	const char *const *groups;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  685  	char *buf, *fname, *gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  686  	unsigned int num_groups;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  687  	int fsel, gsel, ret;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  688  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  689  	if (len > (PINMUX_MAX_NAME * 2)) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  690  		dev_err(pctldev->dev, "write too big for buffer");
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  691  		return -EINVAL;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  692  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  693  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  694  	buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  695  	if (!buf)
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  696  		return -ENOMEM;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  697  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  698  	fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  699  	if (!fname) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  700  		ret = -ENOMEM;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  701  		goto free_buf;
> 
> The gotos are out of order.  They should be in mirror/reverse order of
> the allocations:
> 
> free_gmane:
> 	devm_kfree(pctldev->dev, gname);
> free_fname:
> 	devm_kfree(pctldev->dev, fname);
> free_buf:
> 	devm_kfree(pctldev->dev, buf);

Thank you, yes, I should have caught this.

> 
> But also why do we need to use devm_kfree() at all?  I thought the whole
> point of devm_ functions was that they are garbage collected
> automatically for you.  Can we not just delete all error handling and
> return -ENOMEM here?

Andy replied already that it is incorrect for me to be using devm_*() in
the debugfs write operation.  I'll be changing the code to use normal
kzalloc() and thus will need to keep the goto error handling (but with
the correct order as you pointed out).

> 
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  702  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  703  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  704  	gname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  705  	if (!buf) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  706  		ret = -ENOMEM;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  707  		goto free_fname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  708  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  709  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  710  	ret = strncpy_from_user(buf, user_buf, PINMUX_MAX_NAME * 2);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  711  	if (ret < 0) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  712  		dev_err(pctldev->dev, "failed to copy buffer from userspace");
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  713  		goto free_gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  714  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  715  	buf[len-1] = '\0';
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  716  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  717  	ret = sscanf(buf, "%s %s", fname, gname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  718  	if (ret != 2) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  719  		dev_err(pctldev->dev, "expected format: <function-name> <group-name>");
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  720  		goto free_gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  721  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  722  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  723  	fsel = pinmux_func_name_to_selector(pctldev, fname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  724  	if (fsel < 0) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  725  		dev_err(pctldev->dev, "invalid function %s in map table\n", fname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  726  		ret = -EINVAL;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  727  		goto free_gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  728  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  729  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  730  	ret = pmxops->get_function_groups(pctldev, fsel, &groups, &num_groups);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  731  	if (ret) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  732  		dev_err(pctldev->dev, "no groups for function %d (%s)", fsel, fname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  733  		goto free_gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  734  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  735  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  736  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  737  	ret = match_string(groups, num_groups, gname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  738  	if (ret < 0) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  739  		dev_err(pctldev->dev, "invalid group %s", gname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  740  		goto free_gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  741  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  742  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  743  	ret = pinctrl_get_group_selector(pctldev, gname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  744  	if (ret < 0) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  745  		dev_err(pctldev->dev, "failed to get group selectorL %s", gname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  746  		goto free_gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  747  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  748  	gsel = ret;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  749  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  750  	ret = pmxops->set_mux(pctldev, fsel, gsel);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  751  	if (ret) {
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  752  		dev_err(pctldev->dev, "set_mux() failed: %d", ret);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  753  		goto free_gname;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  754  	}
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  755  
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  756  	return len;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  757  free_buf:
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  758  	devm_kfree(pctldev->dev, buf);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  759  free_fname:
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  760  	devm_kfree(pctldev->dev, fname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  761  free_gname:
> 99b2f99aa41aa7 Drew Fustini  2021-02-09 @762  	devm_kfree(pctldev->dev, gname);
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  763  	return ret;
> 99b2f99aa41aa7 Drew Fustini  2021-02-09  764  }
> 
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Thank you,
Drew
Dan Carpenter Feb. 10, 2021, 7:05 p.m. UTC | #7 
On Wed, Feb 10, 2021 at 07:39:16PM +0100, Geert Uytterhoeven wrote:
> Hi Dan,
> 
> On Wed, Feb 10, 2021 at 7:21 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  694    buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  695    if (!buf)
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  696            return -ENOMEM;
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  697
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  698    fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  699    if (!fname) {
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  700            ret = -ENOMEM;
> > 99b2f99aa41aa7 Drew Fustini  2021-02-09  701            goto free_buf;
> >
> > The gotos are out of order.  They should be in mirror/reverse order of
> > the allocations:
> >
> > free_gmane:
> >         devm_kfree(pctldev->dev, gname);
> > free_fname:
> >         devm_kfree(pctldev->dev, fname);
> > free_buf:
> >         devm_kfree(pctldev->dev, buf);
> >
> > But also why do we need to use devm_kfree() at all?  I thought the whole
> > point of devm_ functions was that they are garbage collected
> > automatically for you.  Can we not just delete all error handling and
> > return -ENOMEM here?
> 
> No, because the lifetime of the objects allocated here does not match the
> lifetime of dev.  If they're not freed here, they will only be freed when the
> device is unbound.  As the user can access the sysfs files at will, he can
> OOM the system.
> 

Then why not use vanilla kmalloc()?

regards,
dan carpenter
Drew Fustini Feb. 10, 2021, 7:14 p.m. UTC | #8 
On Wed, Feb 10, 2021 at 10:05:29PM +0300, Dan Carpenter wrote:
> On Wed, Feb 10, 2021 at 07:39:16PM +0100, Geert Uytterhoeven wrote:
> > Hi Dan,
> > 
> > On Wed, Feb 10, 2021 at 7:21 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  694    buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  695    if (!buf)
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  696            return -ENOMEM;
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  697
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  698    fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  699    if (!fname) {
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  700            ret = -ENOMEM;
> > > 99b2f99aa41aa7 Drew Fustini  2021-02-09  701            goto free_buf;
> > >
> > > The gotos are out of order.  They should be in mirror/reverse order of
> > > the allocations:
> > >
> > > free_gmane:
> > >         devm_kfree(pctldev->dev, gname);
> > > free_fname:
> > >         devm_kfree(pctldev->dev, fname);
> > > free_buf:
> > >         devm_kfree(pctldev->dev, buf);
> > >
> > > But also why do we need to use devm_kfree() at all?  I thought the whole
> > > point of devm_ functions was that they are garbage collected
> > > automatically for you.  Can we not just delete all error handling and
> > > return -ENOMEM here?
> > 
> > No, because the lifetime of the objects allocated here does not match the
> > lifetime of dev.  If they're not freed here, they will only be freed when the
> > device is unbound.  As the user can access the sysfs files at will, he can
> > OOM the system.
> > 
> 
> Then why not use vanilla kmalloc()?

Yes, I believe that is the correct approach.  The problem was due to my
misunderstanding of when devm_*() was appropriate.  In this case, I
should have been using the vanilla allocation as the buffers used in
this debugfs write operation are not tied to the lifetime of the pin
controller device.  The are just allocated for internal use inside the
write function.

thanks,
drew
Dan Carpenter Feb. 10, 2021, 8:33 p.m. UTC | #9 
On Wed, Feb 10, 2021 at 11:04:28AM -0800, Drew Fustini wrote:
> On Wed, Feb 10, 2021 at 09:20:44PM +0300, Dan Carpenter wrote:
> > Hi Drew,
> > 
> > url:    https://github.com/0day-ci/linux/commits/Drew-Fustini/pinctrl-pinmux-Add-pinmux-select-debugfs-file/20210210-160108 
> > base:   https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git  devel
> > config: i386-randconfig-m021-20210209 (attached as .config)
> > compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
> > 
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> Does it makes sense for me to include that tag in this patch?
> 

This stuff is just in the autogenerated portions of the kbuild bot
email.  I normally just hit forward, without all the extra pontifying
that I included this time.  :P

regards,
dan carpenter
diff mbox series

Patch

diff --git a/drivers/pinctrl/pinmux.c b/drivers/pinctrl/pinmux.c
index 7f6190eaedbb..b8cd0c3bedf7 100644
--- a/drivers/pinctrl/pinmux.c
+++ b/drivers/pinctrl/pinmux.c
@@ -673,6 +673,110 @@  void pinmux_show_setting(struct seq_file *s,
 DEFINE_SHOW_ATTRIBUTE(pinmux_functions);
 DEFINE_SHOW_ATTRIBUTE(pinmux_pins);
 
+
+#define PINMUX_MAX_NAME 64
+static ssize_t pinmux_select(struct file *file, const char __user *user_buf,
+				   size_t len, loff_t *ppos)
+{
+	struct seq_file *sfile = file->private_data;
+	struct pinctrl_dev *pctldev = sfile->private;
+	const struct pinmux_ops *pmxops = pctldev->desc->pmxops;
+	const char *const *groups;
+	char *buf, *fname, *gname;
+	unsigned int num_groups;
+	int fsel, gsel, ret;
+
+	if (len > (PINMUX_MAX_NAME * 2)) {
+		dev_err(pctldev->dev, "write too big for buffer");
+		return -EINVAL;
+	}
+
+	buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL);
+	if (!buf)
+		return -ENOMEM;
+
+	fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
+	if (!fname) {
+		ret = -ENOMEM;
+		goto free_buf;
+	}
+
+	gname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL);
+	if (!buf) {
+		ret = -ENOMEM;
+		goto free_fname;
+	}
+
+	ret = strncpy_from_user(buf, user_buf, PINMUX_MAX_NAME * 2);
+	if (ret < 0) {
+		dev_err(pctldev->dev, "failed to copy buffer from userspace");
+		goto free_gname;
+	}
+	buf[len-1] = '\0';
+
+	ret = sscanf(buf, "%s %s", fname, gname);
+	if (ret != 2) {
+		dev_err(pctldev->dev, "expected format: <function-name> <group-name>");
+		goto free_gname;
+	}
+
+	fsel = pinmux_func_name_to_selector(pctldev, fname);
+	if (fsel < 0) {
+		dev_err(pctldev->dev, "invalid function %s in map table\n", fname);
+		ret = -EINVAL;
+		goto free_gname;
+	}
+
+	ret = pmxops->get_function_groups(pctldev, fsel, &groups, &num_groups);
+	if (ret) {
+		dev_err(pctldev->dev, "no groups for function %d (%s)", fsel, fname);
+		goto free_gname;
+
+	}
+
+	ret = match_string(groups, num_groups, gname);
+	if (ret < 0) {
+		dev_err(pctldev->dev, "invalid group %s", gname);
+		goto free_gname;
+	}
+
+	ret = pinctrl_get_group_selector(pctldev, gname);
+	if (ret < 0) {
+		dev_err(pctldev->dev, "failed to get group selectorL %s", gname);
+		goto free_gname;
+	}
+	gsel = ret;
+
+	ret = pmxops->set_mux(pctldev, fsel, gsel);
+	if (ret) {
+		dev_err(pctldev->dev, "set_mux() failed: %d", ret);
+		goto free_gname;
+	}
+
+	return len;
+free_buf:
+	devm_kfree(pctldev->dev, buf);
+free_fname:
+	devm_kfree(pctldev->dev, fname);
+free_gname:
+	devm_kfree(pctldev->dev, gname);
+	return ret;
+}
+
+static int pinmux_select_open(struct inode *inode, struct file *file)
+{
+	return single_open(file, NULL, inode->i_private);
+}
+
+static const struct file_operations pinmux_select_ops = {
+	.owner = THIS_MODULE,
+	.open = pinmux_select_open,
+	.read = seq_read,
+	.write = pinmux_select,
+	.llseek = no_llseek,
+	.release = single_release,
+};
+
 void pinmux_init_device_debugfs(struct dentry *devroot,
 			 struct pinctrl_dev *pctldev)
 {
@@ -680,6 +784,8 @@  void pinmux_init_device_debugfs(struct dentry *devroot,
 			    devroot, pctldev, &pinmux_functions_fops);
 	debugfs_create_file("pinmux-pins", 0400,
 			    devroot, pctldev, &pinmux_pins_fops);
+	debugfs_create_file("pinmux-select", 0200,
+			    devroot, pctldev, &pinmux_select_ops);
 }
 
 #endif /* CONFIG_DEBUG_FS */