lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 17 Oct 2020 14:58:13 +0000
From:   Barnabás Pőcze <pobrn@...tonmail.com>
To:     Coiby Xu <coiby.xu@...il.com>
Cc:     "linux-input@...r.kernel.org" <linux-input@...r.kernel.org>,
        Helmut Stult <helmut.stult@...info.de>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Jiri Kosina <jikos@...nel.org>,
        Benjamin Tissoires <benjamin.tissoires@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] HID: i2c-hid: add polling mode based on connected GPIO chip's pin status

> [...]
> >> >> +static int get_gpio_pin_state(struct irq_desc *irq_desc)
> >> >> +{
> >> >> +	struct gpio_chip *gc = irq_data_get_irq_chip_data(&irq_desc->irq_data);
> >> >> +
> >> >> +	return gc->get(gc, irq_desc->irq_data.hwirq);
> >> >> +}
> >> >> +
> >> >> +static bool interrupt_line_active(struct i2c_client *client)
> >> >> +{
> >> >> +	unsigned long trigger_type = irq_get_trigger_type(client->irq);
> >> >> +	struct irq_desc *irq_desc = irq_to_desc(client->irq);
> >> >> +
> >> >> +	/*
> >> >> +	 * According to Windows Precsiontion Touchpad's specs
> >> >> +	 * https://docs.microsoft.com/en-us/windows-hardware/design/component-guidelines/windows-precision-touchpad-device-bus-connectivity,
> >> >> +	 * GPIO Interrupt Assertion Leve could be either ActiveLow or
> >> >> +	 * ActiveHigh.
> >> >> +	 */
> >> >> +	if (trigger_type & IRQF_TRIGGER_LOW)
> >> >> +		return !get_gpio_pin_state(irq_desc);
> >> >> +
> >> >> +	return get_gpio_pin_state(irq_desc);
> >> >> +}
> >> >
> >> >Excuse my ignorance, but I think some kind of error handling regarding the return
> >> >value of `get_gpio_pin_state()` should be present here.
> >> >
> >> What kind of errors would you expect? It seems (struct gpio_chip *)->get
> >> only return 0 or 1.
> >> >
> >
> >I read the code of a couple gpio chips and - I may be wrong, but - it seems they
> >can return an arbitrary errno.
> >
> I thought all GPIO chip return 0 or 1 since !!val is returned. I find
> an example which could return negative value,
>

Yes, when a function returns `int`, there is a very high chance that the return
value may be an errno.


> >
> >> >> +
> >> >> +static int i2c_hid_polling_thread(void *i2c_hid)
> >> >> +{
> >> >> +	struct i2c_hid *ihid = i2c_hid;
> >> >> +	struct i2c_client *client = ihid->client;
> >> >> +	unsigned int polling_interval_idle;
> >> >> +
> >> >> +	while (1) {
> >> >> +		/*
> >> >> +		 * re-calculate polling_interval_idle
> >> >> +		 * so the module parameters polling_interval_idle_ms can be
> >> >> +		 * changed dynamically through sysfs as polling_interval_active_us
> >> >> +		 */
> >> >> +		polling_interval_idle = polling_interval_idle_ms * 1000;
> >> >> +		if (test_bit(I2C_HID_READ_PENDING, &ihid->flags))
> >> >> +			usleep_range(50000, 100000);
> >> >> +
> >> >> +		if (kthread_should_stop())
> >> >> +			break;
> >> >> +
> >> >> +		while (interrupt_line_active(client)) {
> >> >
> >> >I realize it's quite unlikely, but can't this be a endless loop if data is coming
> >> >in at a high enough rate? Maybe the maximum number of iterations could be limited here?
> >> >
> >> If we find HID reports are constantly read and send to front-end
> >> application like libinput, won't it help expose the problem of the I2C
> >> HiD device?
> >> >
> >
> >I'm not sure I completely understand your point. The reason why I wrote what I wrote
> >is that this kthread could potentially could go on forever (since `kthread_should_stop()`
> >is not checked in the inner while loop) if the data is supplied at a high enough rate.
> >That's why I said, to avoid this problem, only allow a certain number of iterations
> >for the inner loop, to guarantee that the kthread can stop in any case.
> >
> I mean if "data is supplied at a high enough rate" does happen, this is
> an abnormal case and indicates a bug. So we shouldn't cover it up. We
> expect the user to report it to us.
> >

I agree in principle, but if this abnormal case ever occurs, that'll prevent
this module from being unloaded since `kthread_stop()` will hang because the
thread is "stuck" in the inner loop, never checking `kthread_should_stop()`.
That's why I think it makes sense to only allow a certain number of operations
for the inner loop, and maybe show a warning if that's exceeded:

 for (i = 0; i < max_iter && interrupt_line_active(...); i++) {
    ....
 }

 WARN_ON[CE](i == max_iter[, "data is coming in at an unreasonably high rate"]);

or something like this, where `max_iter` could possibly be some value dependent on
`polling_interval_active_us`, or even just a constant.


> >> >> +			i2c_hid_get_input(ihid);
> >> >> +			usleep_range(polling_interval_active_us,
> >> >> +				     polling_interval_active_us + 100);
> >> >> +		}
> >> >> +
> >> >> +		usleep_range(polling_interval_idle,
> >> >> +			     polling_interval_idle + 1000);
> >> >> +	}
> >> >> +
> >> >> +	do_exit(0);
> >> >> +	return 0;
> >> >> +}
> [...]
> Thank you for offering your understandings on this patch. When I'm going
> to submit next version, I will add a "Signed-off-by" tag with your name
> and email, does it look good to you?
> [...]

I'm not sure if that follows proper procedures.

 "The sign-off is a simple line at the end of the explanation for the patch, which
  certifies that you wrote it or otherwise have the right to pass it on as an
  open-source patch."[1]

I'm not the author, nor co-author, nor am I going to pass this patch on, so I don't
think that's appropriate.

Furthermore, please note that

 "[...] you may optionally add a Cc: tag to the patch. **This is the only tag which
  might be added without an explicit action by the person it names** - but it should
  indicate that this person was copied on the patch."[2]
  (emphasis mine)


Regards,
Barnabás Pőcze


[1]: https://www.kernel.org/doc/html/latest/process/submitting-patches.html#sign-your-work-the-developer-s-certificate-of-origin
[2]: https://www.kernel.org/doc/html/latest/process/submitting-patches.html#when-to-use-acked-by-cc-and-co-developed-by

Powered by blists - more mailing lists