| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55cf525d734878369f936834cca60ce7972d268a.camel@baylibre.com>
Date: Fri, 31 Oct 2025 09:04:58 +0100
From: Francesco Lavra <flavra@...libre.com>
To: Lorenzo Bianconi <lorenzo@...nel.org>
Cc: Jonathan Cameron <jic23@...nel.org>, David Lechner
<dlechner@...libre.com>, Nuno Sá <nuno.sa@...log.com>,
Andy Shevchenko <andy@...nel.org>, linux-iio@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/9] iio: imu: st_lsm6dsx: dynamically initialize
iio_chan_spec data
On Thu, 2025-10-30 at 17:42 +0100, Lorenzo Bianconi wrote:
> > Using the ST_LSM6DSX_CHANNEL_ACC() macro as a static initializer
> > for the iio_chan_spec struct arrays makes all sensors advertise
> > channel event capabilities regardless of whether they actually
> > support event generation. And if userspace tries to configure
> > accelerometer wakeup events on a sensor device that does not
> > support them (e.g. LSM6DS0), st_lsm6dsx_write_event() dereferences
> > a NULL pointer when trying to write to the wakeup register.
> > Replace usage of the ST_LSM6DSX_CHANNEL_ACC() and
> > ST_LSM6DSX_CHANNEL() macros with dynamic allocation and
> > initialization of struct iio_chan_spec arrays, where the
> > st_lsm6dsx_event structure is only used for sensors that support
> > wakeup events; besides fixing the above bug, this serves as a
> > preliminary step for adding support for more event types.
>
> I agree we are missing the Fixes tag here.
Ack
[...]
> > +static int st_lsm6dsx_chan_init(struct iio_chan_spec *channels, struct
> > st_lsm6dsx_hw *hw,
> > + enum st_lsm6dsx_sensor_id id, int
> > index)
>
> please try to respect the 79 column limit (I still like it :))
OK
> > +{
> > + struct iio_chan_spec *chan = &channels[index];
> > +
> > + chan->type = (id == ST_LSM6DSX_ID_ACC) ? IIO_ACCEL :
> > IIO_ANGL_VEL;
>
> I think you should return an error here if id is not ST_LSM6DSX_ID_ACC or
> ST_LSM6DSX_ID_GYRO.
Will do
> > + chan->address = hw->settings->chan_addr_base[id] + index *
> > ST_LSM6DSX_CHAN_SIZE;
> > + chan->modified = 1;
> > + chan->channel2 = IIO_MOD_X + index;
> > + chan->info_mask_separate = BIT(IIO_CHAN_INFO_RAW);
> > + chan->info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE);
> > + chan->info_mask_shared_by_all = BIT(IIO_CHAN_INFO_SAMP_FREQ);
> > + chan->scan_index = index;
> > + chan->scan_type.sign = 's';
> > + chan->scan_type.realbits = 16;
> > + chan->scan_type.storagebits = 16;
> > + chan->scan_type.endianness = IIO_LE;
>
> what about reducing the scope of
> ST_LSM6DSX_CHANNEL_ACC/ST_LSM6DSX_CHANNEL here
> to improve the iio_chan_spec struct initialization since most of the
> fields are
> always the same between different sensors.
Do you mean declaring a local struct variable initialized via
ST_LSM6DSX_CHANNEL() and then copying its contents to the dynamically
allocated struct? I'm not clear what benefits that would give us; in fact,
I think it would increase the code size (both in terms of LOC and compiled
binary size), besides the additional overhead of memory copying.
>
> > + chan->ext_info = st_lsm6dsx_ext_info;
> > + if (id == ST_LSM6DSX_ID_ACC) {
> > + if (hw->settings->event_settings.wakeup_reg.addr) {
>
> if (id == ST_LSM6DSX_ID_ACC &&
> hw->settings->event_settings.wakeup_reg.addr) {
> ...
> }
>
> > + chan->event_spec = &st_lsm6dsx_event;
> > + chan->num_event_specs = 1;
> > + }
> > + }
> > + return 0;
> > +}
> > +
> > static struct iio_dev *st_lsm6dsx_alloc_iiodev(struct st_lsm6dsx_hw
> > *hw,
> > enum
> > st_lsm6dsx_sensor_id id,
> > const char *name)
> > {
> > struct st_lsm6dsx_sensor *sensor;
> > struct iio_dev *iio_dev;
> > + struct iio_chan_spec *channels;
>
> nit: chan to be consistent
>
> > + int i;
> >
> > iio_dev = devm_iio_device_alloc(hw->dev, sizeof(*sensor));
> > if (!iio_dev)
> > return NULL;
> >
> > + channels = devm_kzalloc(hw->dev, sizeof(*channels) *
> > ST_LSM6DSX_CHAN_COUNT, GFP_KERNEL);
>
> 79 column limit here. I guess you can use even devm_kcalloc() here.
Will do
> > + if (!channels)
> > + return NULL;
> > +
> > + for (i = 0; i < 3; i++) {
> > + if (st_lsm6dsx_chan_init(channels, hw, id, i) < 0)
> > + return NULL;
> > + }
>
> new line here.
>
> > + channels[3].type = IIO_TIMESTAMP;
> > + channels[3].channel = -1;
> > + channels[3].scan_index = 3;
> > + channels[3].scan_type.sign = 's';
> > + channels[3].scan_type.realbits = 64;
> > + channels[3].scan_type.storagebits = 64;
> > iio_dev->modes = INDIO_DIRECT_MODE;
> > iio_dev->available_scan_masks =
> > st_lsm6dsx_available_scan_masks;
> > - iio_dev->channels = hw->settings->channels[id].chan;
> > - iio_dev->num_channels = hw->settings->channels[id].len;
> > + iio_dev->channels = channels;
> > + iio_dev->num_channels = ST_LSM6DSX_CHAN_COUNT;
> >
> > sensor = iio_priv(iio_dev);
> > sensor->id = id;
> > --
> > 2.39.5
> >
Download attachment "signature.asc" of type "application/pgp-signature" (660 bytes)
Powered by blists - more mailing lists