lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 8 Apr 2020 17:53:52 +0530
From:   Maulik Shah <mkshah@...eaurora.org>
To:     Douglas Anderson <dianders@...omium.org>,
        Andy Gross <agross@...nel.org>,
        Bjorn Andersson <bjorn.andersson@...aro.org>
Cc:     mka@...omium.org, Lina Iyer <ilina@...eaurora.org>,
        Rajendra Nayak <rnayak@...eaurora.org>, swboyd@...omium.org,
        evgreen@...omium.org, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 08/10] drivers: qcom: rpmh-rsc: Don't double-check rpmh

Hi,

In rpmh.c, rpmh_write_async() and rpmh_write_batch() uses 
__fill_rpmh_msg() which already checks for below payload conditions.

so i am ok to remove duplicate checks from rpmh-rsc.c

can you please add payload at the end of subject.

drivers: qcom: rpmh-rsc: Don't double-check rpmh payload

Other than this.

Reviewed-by: Maulik Shah <mkshah@...eaurora.org>
Tested-by: Maulik Shah <mkshah@...eaurora.org>

Note:

rpmh_write() is not using __fill_rpmh_msg() and have replica as below, 
probably since it was declares message on stack instead of using malloc()

         if (!cmd || !n || n > MAX_RPMH_PAYLOAD)
                 return -EINVAL;

         memcpy(rpm_msg.cmd, cmd, n * sizeof(*cmd));
         rpm_msg.msg.num_cmds = n;

Making a note to remove above if check and start using __fill_rpmh_msg() 
here as well to do memcpy() and num_cmds initilization.

Although it may end up writing msg.state and msg.cmd twice (once during 
defining msg on stack and then during fill rpmh msg) but it should be ok.

Below two lines from __rpmh_write() can be removed as well.

         rpm_msg->msg.state = state;

DEFINE_RPMH_MSG_ONSTACK() and __fill_rpmh_msg() seems taking care of 
initializing msg.state already, so we should be good.

if you are spinning a new version and want to include above change as 
well, i am ok.

if not, i can push separate patch to update this as well once my series 
to invoke rpmh_flush() gets picked up.

Thanks,
Maulik

On 4/8/2020 5:20 AM, Douglas Anderson wrote:
> The calls rpmh_rsc_write_ctrl_data() and rpmh_rsc_send_data() are only
> ever called from rpmh.c.  We know that rpmh.c already error checked
> the message.  There's no reason to do it again in rpmh-rsc.
>
> Suggested-by: Maulik Shah <mkshah@...eaurora.org>
> Signed-off-by: Douglas Anderson <dianders@...omium.org>
> ---
>
> Changes in v3:
> - ("Don't double-check rpmh") replaces ("Warning if tcs_write...")
>
> Changes in v2: None
>
>   drivers/soc/qcom/rpmh-rsc.c | 18 +-----------------
>   1 file changed, 1 insertion(+), 17 deletions(-)
>
> diff --git a/drivers/soc/qcom/rpmh-rsc.c b/drivers/soc/qcom/rpmh-rsc.c
> index 9502e7ea96be..10c026b2e1bc 100644
> --- a/drivers/soc/qcom/rpmh-rsc.c
> +++ b/drivers/soc/qcom/rpmh-rsc.c
> @@ -633,7 +633,7 @@ static int tcs_write(struct rsc_drv *drv, const struct tcs_request *msg)
>   }
>   
>   /**
> - * rpmh_rsc_send_data() - Validate the incoming message + write to TCS block.
> + * rpmh_rsc_send_data() - Write / trigger active-only message.
>    * @drv: The controller.
>    * @msg: The data to be sent.
>    *
> @@ -658,12 +658,6 @@ int rpmh_rsc_send_data(struct rsc_drv *drv, const struct tcs_request *msg)
>   {
>   	int ret;
>   
> -	if (!msg || !msg->cmds || !msg->num_cmds ||
> -	    msg->num_cmds > MAX_RPMH_PAYLOAD) {
> -		WARN_ON(1);
> -		return -EINVAL;
> -	}
> -
>   	do {
>   		ret = tcs_write(drv, msg);
>   		if (ret == -EBUSY) {
> @@ -734,16 +728,6 @@ int rpmh_rsc_write_ctrl_data(struct rsc_drv *drv, const struct tcs_request *msg)
>   	unsigned long flags;
>   	int ret;
>   
> -	if (!msg || !msg->cmds || !msg->num_cmds ||
> -	    msg->num_cmds > MAX_RPMH_PAYLOAD) {
> -		pr_err("Payload error\n");
> -		return -EINVAL;
> -	}
> -
> -	/* Data sent to this API will not be sent immediately */
> -	if (msg->state == RPMH_ACTIVE_ONLY_STATE)
> -		return -EINVAL;
> -
>   	tcs = get_tcs_for_msg(drv, msg);
>   	if (IS_ERR(tcs))
>   		return PTR_ERR(tcs);

-- 
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ