Message ID | 20210210074946.155417-3-drew@beagleboard.org |
---|---|
State | New |
Headers | show |
Series | pinctrl: pinmux: Add pinmux-select debugfs file | expand |
Hi Drew, On Wed, Feb 10, 2021 at 8:50 AM Drew Fustini <drew@beagleboard.org> wrote: > Add "pinmux-select" to debugfs which will activate a function and group > when 2 integers "<function-selector> <group-selector>" are written to > the file. The write operation pinmux_select() handles this by checking > if fsel and gsel are valid selectors and then calling ops->set_mux(). Thanks for your patch! > The existing "pinmux-functions" debugfs file lists the pin functions > registered for the pin controller. For example: > > function: pinmux-uart0, groups = [ pinmux-uart0-pins ] > function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ] > function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ] > function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ] > function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ] > function: pinmux-spi1, groups = [ pinmux-spi1-pins ] > > To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins > (gsel 4): > > echo '4 4' > pinmux-select I think you forgot to update the example. I assume echo pinmux-i2c1 pinmux-i2c1-pins > mux-select ? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
On Wed, Feb 10, 2021 at 9:50 AM Drew Fustini <drew@beagleboard.org> wrote: > > Add "pinmux-select" to debugfs which will activate a function and group > when 2 integers "<function-selector> <group-selector>" are written to > the file. The write operation pinmux_select() handles this by checking > if fsel and gsel are valid selectors and then calling ops->set_mux(). > > The existing "pinmux-functions" debugfs file lists the pin functions > registered for the pin controller. For example: > > function: pinmux-uart0, groups = [ pinmux-uart0-pins ] > function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ] > function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ] > function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ] > function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ] > function: pinmux-spi1, groups = [ pinmux-spi1-pins ] > > To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins > (gsel 4): > > echo '4 4' > pinmux-select ... > DEFINE_SHOW_ATTRIBUTE(pinmux_pins); > > + One blank line (existed) is enough. > +#define PINMUX_MAX_NAME 64 ... > + buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); You have to (re-)read documentation about Device Managed Resources. Keyword here is *device*! Pay attention to it. TL;DR: misuse of device managed resources here. Potentially memory exhausting (local DoS attack), but see below. > + if (!buf) > + return -ENOMEM; ... > + devm_kfree(pctldev->dev, buf); Calling devm_kfree() or other devm_*() release kinda APIs is a red flag in 99%. See above. -- With Best Regards, Andy Shevchenko
On Wed, Feb 10, 2021 at 11:56:49AM +0200, Andy Shevchenko wrote: > On Wed, Feb 10, 2021 at 9:50 AM Drew Fustini <drew@beagleboard.org> wrote: > > > > Add "pinmux-select" to debugfs which will activate a function and group > > when 2 integers "<function-selector> <group-selector>" are written to > > the file. The write operation pinmux_select() handles this by checking > > if fsel and gsel are valid selectors and then calling ops->set_mux(). > > > > The existing "pinmux-functions" debugfs file lists the pin functions > > registered for the pin controller. For example: > > > > function: pinmux-uart0, groups = [ pinmux-uart0-pins ] > > function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ] > > function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ] > > function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ] > > function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ] > > function: pinmux-spi1, groups = [ pinmux-spi1-pins ] > > > > To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins > > (gsel 4): > > > > echo '4 4' > pinmux-select > > ... > > > DEFINE_SHOW_ATTRIBUTE(pinmux_pins); > > > > > + > > One blank line (existed) is enough. > > > +#define PINMUX_MAX_NAME 64 > > ... > > > + buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); > > You have to (re-)read documentation about Device Managed Resources. > Keyword here is *device*! Pay attention to it. TL;DR: misuse of device > managed resources here. > Potentially memory exhausting (local DoS attack), but see below. > > > + if (!buf) > > + return -ENOMEM; > > ... > > > + devm_kfree(pctldev->dev, buf); > > Calling devm_kfree() or other devm_*() release kinda APIs is a red > flag in 99%. See above. Thank you for reviewing and pointing out this issue. Do you mean that I should not be treating these buffers used in the debugfs write op as belonging to the pin controller device? I have looked through the kernel code and I realize now that I don't see any instances of devm_*() being used inside the read or write op for a debugfs file. As I consider it further, devm_*() does not seem to make sense as I am creating the buffers only for temporary use inside pinmux_select(). I'll get that fixed in v3. Thank you, Drew
Hi Drew, url: https://github.com/0day-ci/linux/commits/Drew-Fustini/pinctrl-pinmux-Add-pinmux-select-debugfs-file/20210210-160108 base: https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git devel config: i386-randconfig-m021-20210209 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> smatch warnings: drivers/pinctrl/pinmux.c:762 pinmux_select() error: uninitialized symbol 'gname'. vim +/gname +762 drivers/pinctrl/pinmux.c 99b2f99aa41aa7 Drew Fustini 2021-02-09 678 static ssize_t pinmux_select(struct file *file, const char __user *user_buf, 99b2f99aa41aa7 Drew Fustini 2021-02-09 679 size_t len, loff_t *ppos) 99b2f99aa41aa7 Drew Fustini 2021-02-09 680 { 99b2f99aa41aa7 Drew Fustini 2021-02-09 681 struct seq_file *sfile = file->private_data; 99b2f99aa41aa7 Drew Fustini 2021-02-09 682 struct pinctrl_dev *pctldev = sfile->private; 99b2f99aa41aa7 Drew Fustini 2021-02-09 683 const struct pinmux_ops *pmxops = pctldev->desc->pmxops; 99b2f99aa41aa7 Drew Fustini 2021-02-09 684 const char *const *groups; 99b2f99aa41aa7 Drew Fustini 2021-02-09 685 char *buf, *fname, *gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 686 unsigned int num_groups; 99b2f99aa41aa7 Drew Fustini 2021-02-09 687 int fsel, gsel, ret; 99b2f99aa41aa7 Drew Fustini 2021-02-09 688 99b2f99aa41aa7 Drew Fustini 2021-02-09 689 if (len > (PINMUX_MAX_NAME * 2)) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 690 dev_err(pctldev->dev, "write too big for buffer"); 99b2f99aa41aa7 Drew Fustini 2021-02-09 691 return -EINVAL; 99b2f99aa41aa7 Drew Fustini 2021-02-09 692 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 693 99b2f99aa41aa7 Drew Fustini 2021-02-09 694 buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); 99b2f99aa41aa7 Drew Fustini 2021-02-09 695 if (!buf) 99b2f99aa41aa7 Drew Fustini 2021-02-09 696 return -ENOMEM; 99b2f99aa41aa7 Drew Fustini 2021-02-09 697 99b2f99aa41aa7 Drew Fustini 2021-02-09 698 fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); 99b2f99aa41aa7 Drew Fustini 2021-02-09 699 if (!fname) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 700 ret = -ENOMEM; 99b2f99aa41aa7 Drew Fustini 2021-02-09 701 goto free_buf; The gotos are out of order. They should be in mirror/reverse order of the allocations: free_gmane: devm_kfree(pctldev->dev, gname); free_fname: devm_kfree(pctldev->dev, fname); free_buf: devm_kfree(pctldev->dev, buf); But also why do we need to use devm_kfree() at all? I thought the whole point of devm_ functions was that they are garbage collected automatically for you. Can we not just delete all error handling and return -ENOMEM here? 99b2f99aa41aa7 Drew Fustini 2021-02-09 702 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 703 99b2f99aa41aa7 Drew Fustini 2021-02-09 704 gname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); 99b2f99aa41aa7 Drew Fustini 2021-02-09 705 if (!buf) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 706 ret = -ENOMEM; 99b2f99aa41aa7 Drew Fustini 2021-02-09 707 goto free_fname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 708 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 709 99b2f99aa41aa7 Drew Fustini 2021-02-09 710 ret = strncpy_from_user(buf, user_buf, PINMUX_MAX_NAME * 2); 99b2f99aa41aa7 Drew Fustini 2021-02-09 711 if (ret < 0) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 712 dev_err(pctldev->dev, "failed to copy buffer from userspace"); 99b2f99aa41aa7 Drew Fustini 2021-02-09 713 goto free_gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 714 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 715 buf[len-1] = '\0'; 99b2f99aa41aa7 Drew Fustini 2021-02-09 716 99b2f99aa41aa7 Drew Fustini 2021-02-09 717 ret = sscanf(buf, "%s %s", fname, gname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 718 if (ret != 2) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 719 dev_err(pctldev->dev, "expected format: <function-name> <group-name>"); 99b2f99aa41aa7 Drew Fustini 2021-02-09 720 goto free_gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 721 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 722 99b2f99aa41aa7 Drew Fustini 2021-02-09 723 fsel = pinmux_func_name_to_selector(pctldev, fname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 724 if (fsel < 0) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 725 dev_err(pctldev->dev, "invalid function %s in map table\n", fname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 726 ret = -EINVAL; 99b2f99aa41aa7 Drew Fustini 2021-02-09 727 goto free_gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 728 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 729 99b2f99aa41aa7 Drew Fustini 2021-02-09 730 ret = pmxops->get_function_groups(pctldev, fsel, &groups, &num_groups); 99b2f99aa41aa7 Drew Fustini 2021-02-09 731 if (ret) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 732 dev_err(pctldev->dev, "no groups for function %d (%s)", fsel, fname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 733 goto free_gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 734 99b2f99aa41aa7 Drew Fustini 2021-02-09 735 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 736 99b2f99aa41aa7 Drew Fustini 2021-02-09 737 ret = match_string(groups, num_groups, gname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 738 if (ret < 0) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 739 dev_err(pctldev->dev, "invalid group %s", gname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 740 goto free_gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 741 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 742 99b2f99aa41aa7 Drew Fustini 2021-02-09 743 ret = pinctrl_get_group_selector(pctldev, gname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 744 if (ret < 0) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 745 dev_err(pctldev->dev, "failed to get group selectorL %s", gname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 746 goto free_gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 747 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 748 gsel = ret; 99b2f99aa41aa7 Drew Fustini 2021-02-09 749 99b2f99aa41aa7 Drew Fustini 2021-02-09 750 ret = pmxops->set_mux(pctldev, fsel, gsel); 99b2f99aa41aa7 Drew Fustini 2021-02-09 751 if (ret) { 99b2f99aa41aa7 Drew Fustini 2021-02-09 752 dev_err(pctldev->dev, "set_mux() failed: %d", ret); 99b2f99aa41aa7 Drew Fustini 2021-02-09 753 goto free_gname; 99b2f99aa41aa7 Drew Fustini 2021-02-09 754 } 99b2f99aa41aa7 Drew Fustini 2021-02-09 755 99b2f99aa41aa7 Drew Fustini 2021-02-09 756 return len; 99b2f99aa41aa7 Drew Fustini 2021-02-09 757 free_buf: 99b2f99aa41aa7 Drew Fustini 2021-02-09 758 devm_kfree(pctldev->dev, buf); 99b2f99aa41aa7 Drew Fustini 2021-02-09 759 free_fname: 99b2f99aa41aa7 Drew Fustini 2021-02-09 760 devm_kfree(pctldev->dev, fname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 761 free_gname: 99b2f99aa41aa7 Drew Fustini 2021-02-09 @762 devm_kfree(pctldev->dev, gname); 99b2f99aa41aa7 Drew Fustini 2021-02-09 763 return ret; 99b2f99aa41aa7 Drew Fustini 2021-02-09 764 } --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Hi Dan, On Wed, Feb 10, 2021 at 7:21 PM Dan Carpenter <dan.carpenter@oracle.com> wrote: > 99b2f99aa41aa7 Drew Fustini 2021-02-09 694 buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 695 if (!buf) > 99b2f99aa41aa7 Drew Fustini 2021-02-09 696 return -ENOMEM; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 697 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 698 fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 699 if (!fname) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 700 ret = -ENOMEM; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 701 goto free_buf; > > The gotos are out of order. They should be in mirror/reverse order of > the allocations: > > free_gmane: > devm_kfree(pctldev->dev, gname); > free_fname: > devm_kfree(pctldev->dev, fname); > free_buf: > devm_kfree(pctldev->dev, buf); > > But also why do we need to use devm_kfree() at all? I thought the whole > point of devm_ functions was that they are garbage collected > automatically for you. Can we not just delete all error handling and > return -ENOMEM here? No, because the lifetime of the objects allocated here does not match the lifetime of dev. If they're not freed here, they will only be freed when the device is unbound. As the user can access the sysfs files at will, he can OOM the system. Gr{oetje,eeting}s, Geert
On Wed, Feb 10, 2021 at 09:20:44PM +0300, Dan Carpenter wrote: > Hi Drew, > > url: https://github.com/0day-ci/linux/commits/Drew-Fustini/pinctrl-pinmux-Add-pinmux-select-debugfs-file/20210210-160108 > base: https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git devel > config: i386-randconfig-m021-20210209 (attached as .config) > compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 > > If you fix the issue, kindly add following tag as appropriate > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Does it makes sense for me to include that tag in this patch? It's not really a fix but rather creating a new feature through debugfs. I am wondering if it might confuse people reading the git log as to whether the Reported-by: was with regards to the addition of 'pinmux-select' to debugfs, rather than it was just reporting that my goto handling was incorrect. I think it makes sense for me to mention that in the PATCH changelog but that won't be in the git commit message. > > smatch warnings: > drivers/pinctrl/pinmux.c:762 pinmux_select() error: uninitialized symbol 'gname'. > > vim +/gname +762 drivers/pinctrl/pinmux.c > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 678 static ssize_t pinmux_select(struct file *file, const char __user *user_buf, > 99b2f99aa41aa7 Drew Fustini 2021-02-09 679 size_t len, loff_t *ppos) > 99b2f99aa41aa7 Drew Fustini 2021-02-09 680 { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 681 struct seq_file *sfile = file->private_data; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 682 struct pinctrl_dev *pctldev = sfile->private; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 683 const struct pinmux_ops *pmxops = pctldev->desc->pmxops; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 684 const char *const *groups; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 685 char *buf, *fname, *gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 686 unsigned int num_groups; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 687 int fsel, gsel, ret; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 688 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 689 if (len > (PINMUX_MAX_NAME * 2)) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 690 dev_err(pctldev->dev, "write too big for buffer"); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 691 return -EINVAL; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 692 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 693 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 694 buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 695 if (!buf) > 99b2f99aa41aa7 Drew Fustini 2021-02-09 696 return -ENOMEM; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 697 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 698 fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 699 if (!fname) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 700 ret = -ENOMEM; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 701 goto free_buf; > > The gotos are out of order. They should be in mirror/reverse order of > the allocations: > > free_gmane: > devm_kfree(pctldev->dev, gname); > free_fname: > devm_kfree(pctldev->dev, fname); > free_buf: > devm_kfree(pctldev->dev, buf); Thank you, yes, I should have caught this. > > But also why do we need to use devm_kfree() at all? I thought the whole > point of devm_ functions was that they are garbage collected > automatically for you. Can we not just delete all error handling and > return -ENOMEM here? Andy replied already that it is incorrect for me to be using devm_*() in the debugfs write operation. I'll be changing the code to use normal kzalloc() and thus will need to keep the goto error handling (but with the correct order as you pointed out). > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 702 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 703 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 704 gname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 705 if (!buf) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 706 ret = -ENOMEM; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 707 goto free_fname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 708 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 709 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 710 ret = strncpy_from_user(buf, user_buf, PINMUX_MAX_NAME * 2); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 711 if (ret < 0) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 712 dev_err(pctldev->dev, "failed to copy buffer from userspace"); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 713 goto free_gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 714 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 715 buf[len-1] = '\0'; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 716 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 717 ret = sscanf(buf, "%s %s", fname, gname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 718 if (ret != 2) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 719 dev_err(pctldev->dev, "expected format: <function-name> <group-name>"); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 720 goto free_gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 721 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 722 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 723 fsel = pinmux_func_name_to_selector(pctldev, fname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 724 if (fsel < 0) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 725 dev_err(pctldev->dev, "invalid function %s in map table\n", fname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 726 ret = -EINVAL; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 727 goto free_gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 728 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 729 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 730 ret = pmxops->get_function_groups(pctldev, fsel, &groups, &num_groups); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 731 if (ret) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 732 dev_err(pctldev->dev, "no groups for function %d (%s)", fsel, fname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 733 goto free_gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 734 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 735 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 736 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 737 ret = match_string(groups, num_groups, gname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 738 if (ret < 0) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 739 dev_err(pctldev->dev, "invalid group %s", gname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 740 goto free_gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 741 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 742 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 743 ret = pinctrl_get_group_selector(pctldev, gname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 744 if (ret < 0) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 745 dev_err(pctldev->dev, "failed to get group selectorL %s", gname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 746 goto free_gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 747 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 748 gsel = ret; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 749 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 750 ret = pmxops->set_mux(pctldev, fsel, gsel); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 751 if (ret) { > 99b2f99aa41aa7 Drew Fustini 2021-02-09 752 dev_err(pctldev->dev, "set_mux() failed: %d", ret); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 753 goto free_gname; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 754 } > 99b2f99aa41aa7 Drew Fustini 2021-02-09 755 > 99b2f99aa41aa7 Drew Fustini 2021-02-09 756 return len; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 757 free_buf: > 99b2f99aa41aa7 Drew Fustini 2021-02-09 758 devm_kfree(pctldev->dev, buf); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 759 free_fname: > 99b2f99aa41aa7 Drew Fustini 2021-02-09 760 devm_kfree(pctldev->dev, fname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 761 free_gname: > 99b2f99aa41aa7 Drew Fustini 2021-02-09 @762 devm_kfree(pctldev->dev, gname); > 99b2f99aa41aa7 Drew Fustini 2021-02-09 763 return ret; > 99b2f99aa41aa7 Drew Fustini 2021-02-09 764 } > > --- > 0-DAY CI Kernel Test Service, Intel Corporation > https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org Thank you, Drew
On Wed, Feb 10, 2021 at 07:39:16PM +0100, Geert Uytterhoeven wrote: > Hi Dan, > > On Wed, Feb 10, 2021 at 7:21 PM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 694 buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 695 if (!buf) > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 696 return -ENOMEM; > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 697 > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 698 fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 699 if (!fname) { > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 700 ret = -ENOMEM; > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 701 goto free_buf; > > > > The gotos are out of order. They should be in mirror/reverse order of > > the allocations: > > > > free_gmane: > > devm_kfree(pctldev->dev, gname); > > free_fname: > > devm_kfree(pctldev->dev, fname); > > free_buf: > > devm_kfree(pctldev->dev, buf); > > > > But also why do we need to use devm_kfree() at all? I thought the whole > > point of devm_ functions was that they are garbage collected > > automatically for you. Can we not just delete all error handling and > > return -ENOMEM here? > > No, because the lifetime of the objects allocated here does not match the > lifetime of dev. If they're not freed here, they will only be freed when the > device is unbound. As the user can access the sysfs files at will, he can > OOM the system. > Then why not use vanilla kmalloc()? regards, dan carpenter
On Wed, Feb 10, 2021 at 10:05:29PM +0300, Dan Carpenter wrote: > On Wed, Feb 10, 2021 at 07:39:16PM +0100, Geert Uytterhoeven wrote: > > Hi Dan, > > > > On Wed, Feb 10, 2021 at 7:21 PM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 694 buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 695 if (!buf) > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 696 return -ENOMEM; > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 697 > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 698 fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 699 if (!fname) { > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 700 ret = -ENOMEM; > > > 99b2f99aa41aa7 Drew Fustini 2021-02-09 701 goto free_buf; > > > > > > The gotos are out of order. They should be in mirror/reverse order of > > > the allocations: > > > > > > free_gmane: > > > devm_kfree(pctldev->dev, gname); > > > free_fname: > > > devm_kfree(pctldev->dev, fname); > > > free_buf: > > > devm_kfree(pctldev->dev, buf); > > > > > > But also why do we need to use devm_kfree() at all? I thought the whole > > > point of devm_ functions was that they are garbage collected > > > automatically for you. Can we not just delete all error handling and > > > return -ENOMEM here? > > > > No, because the lifetime of the objects allocated here does not match the > > lifetime of dev. If they're not freed here, they will only be freed when the > > device is unbound. As the user can access the sysfs files at will, he can > > OOM the system. > > > > Then why not use vanilla kmalloc()? Yes, I believe that is the correct approach. The problem was due to my misunderstanding of when devm_*() was appropriate. In this case, I should have been using the vanilla allocation as the buffers used in this debugfs write operation are not tied to the lifetime of the pin controller device. The are just allocated for internal use inside the write function. thanks, drew
On Wed, Feb 10, 2021 at 11:04:28AM -0800, Drew Fustini wrote: > On Wed, Feb 10, 2021 at 09:20:44PM +0300, Dan Carpenter wrote: > > Hi Drew, > > > > url: https://github.com/0day-ci/linux/commits/Drew-Fustini/pinctrl-pinmux-Add-pinmux-select-debugfs-file/20210210-160108 > > base: https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git devel > > config: i386-randconfig-m021-20210209 (attached as .config) > > compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 > > > > If you fix the issue, kindly add following tag as appropriate > > Reported-by: kernel test robot <lkp@intel.com> > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > > Does it makes sense for me to include that tag in this patch? > This stuff is just in the autogenerated portions of the kbuild bot email. I normally just hit forward, without all the extra pontifying that I included this time. :P regards, dan carpenter
diff --git a/drivers/pinctrl/pinmux.c b/drivers/pinctrl/pinmux.c index 7f6190eaedbb..b8cd0c3bedf7 100644 --- a/drivers/pinctrl/pinmux.c +++ b/drivers/pinctrl/pinmux.c @@ -673,6 +673,110 @@ void pinmux_show_setting(struct seq_file *s, DEFINE_SHOW_ATTRIBUTE(pinmux_functions); DEFINE_SHOW_ATTRIBUTE(pinmux_pins); + +#define PINMUX_MAX_NAME 64 +static ssize_t pinmux_select(struct file *file, const char __user *user_buf, + size_t len, loff_t *ppos) +{ + struct seq_file *sfile = file->private_data; + struct pinctrl_dev *pctldev = sfile->private; + const struct pinmux_ops *pmxops = pctldev->desc->pmxops; + const char *const *groups; + char *buf, *fname, *gname; + unsigned int num_groups; + int fsel, gsel, ret; + + if (len > (PINMUX_MAX_NAME * 2)) { + dev_err(pctldev->dev, "write too big for buffer"); + return -EINVAL; + } + + buf = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME * 2, GFP_KERNEL); + if (!buf) + return -ENOMEM; + + fname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); + if (!fname) { + ret = -ENOMEM; + goto free_buf; + } + + gname = devm_kzalloc(pctldev->dev, PINMUX_MAX_NAME, GFP_KERNEL); + if (!buf) { + ret = -ENOMEM; + goto free_fname; + } + + ret = strncpy_from_user(buf, user_buf, PINMUX_MAX_NAME * 2); + if (ret < 0) { + dev_err(pctldev->dev, "failed to copy buffer from userspace"); + goto free_gname; + } + buf[len-1] = '\0'; + + ret = sscanf(buf, "%s %s", fname, gname); + if (ret != 2) { + dev_err(pctldev->dev, "expected format: <function-name> <group-name>"); + goto free_gname; + } + + fsel = pinmux_func_name_to_selector(pctldev, fname); + if (fsel < 0) { + dev_err(pctldev->dev, "invalid function %s in map table\n", fname); + ret = -EINVAL; + goto free_gname; + } + + ret = pmxops->get_function_groups(pctldev, fsel, &groups, &num_groups); + if (ret) { + dev_err(pctldev->dev, "no groups for function %d (%s)", fsel, fname); + goto free_gname; + + } + + ret = match_string(groups, num_groups, gname); + if (ret < 0) { + dev_err(pctldev->dev, "invalid group %s", gname); + goto free_gname; + } + + ret = pinctrl_get_group_selector(pctldev, gname); + if (ret < 0) { + dev_err(pctldev->dev, "failed to get group selectorL %s", gname); + goto free_gname; + } + gsel = ret; + + ret = pmxops->set_mux(pctldev, fsel, gsel); + if (ret) { + dev_err(pctldev->dev, "set_mux() failed: %d", ret); + goto free_gname; + } + + return len; +free_buf: + devm_kfree(pctldev->dev, buf); +free_fname: + devm_kfree(pctldev->dev, fname); +free_gname: + devm_kfree(pctldev->dev, gname); + return ret; +} + +static int pinmux_select_open(struct inode *inode, struct file *file) +{ + return single_open(file, NULL, inode->i_private); +} + +static const struct file_operations pinmux_select_ops = { + .owner = THIS_MODULE, + .open = pinmux_select_open, + .read = seq_read, + .write = pinmux_select, + .llseek = no_llseek, + .release = single_release, +}; + void pinmux_init_device_debugfs(struct dentry *devroot, struct pinctrl_dev *pctldev) { @@ -680,6 +784,8 @@ void pinmux_init_device_debugfs(struct dentry *devroot, devroot, pctldev, &pinmux_functions_fops); debugfs_create_file("pinmux-pins", 0400, devroot, pctldev, &pinmux_pins_fops); + debugfs_create_file("pinmux-select", 0200, + devroot, pctldev, &pinmux_select_ops); } #endif /* CONFIG_DEBUG_FS */
Add "pinmux-select" to debugfs which will activate a function and group when 2 integers "<function-selector> <group-selector>" are written to the file. The write operation pinmux_select() handles this by checking if fsel and gsel are valid selectors and then calling ops->set_mux(). The existing "pinmux-functions" debugfs file lists the pin functions registered for the pin controller. For example: function: pinmux-uart0, groups = [ pinmux-uart0-pins ] function: pinmux-mmc0, groups = [ pinmux-mmc0-pins ] function: pinmux-mmc1, groups = [ pinmux-mmc1-pins ] function: pinmux-i2c0, groups = [ pinmux-i2c0-pins ] function: pinmux-i2c1, groups = [ pinmux-i2c1-pins ] function: pinmux-spi1, groups = [ pinmux-spi1-pins ] To activate function pinmux-i2c1 (fsel 4) and group pinmux-i2c1-pins (gsel 4): echo '4 4' > pinmux-select Signed-off-by: Drew Fustini <drew@beagleboard.org> --- drivers/pinctrl/pinmux.c | 106 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+)