From: sashiko-bot@kernel.org
To: "Rodrigo Alencar via B4 Relay"
<devnull+rodrigo.alencar.analog.com@kernel.org>
Cc: devicetree@vger.kernel.org, robh@kernel.org, krzk+dt@kernel.org,
conor+dt@kernel.org
Subject: Re: [PATCH RFC v4 02/10] iio: core: support 64-bit register through debugfs
Date: Fri, 08 May 2026 22:20:30 +0000 [thread overview]
Message-ID: <20260508222031.19E23C2BCB0@smtp.kernel.org> (raw)
In-Reply-To: <20260508-ad9910-iio-driver-v4-2-d26bfd20ee3d@analog.com>
Thank you for your contribution! Sashiko AI review found 4 potential issue(s) to consider:
- [High] Uninitialized stack memory read when file offset is non-zero
- [Medium] Missing newline character in debugfs read output
- [Medium] Silent truncation of 64-bit values for 32-bit registers
- [Low] Format specifier type mismatch in sscanf
--
commit 2208ef2b9ad567bd166f4ac44a53f42c899c021b
Author: Rodrigo Alencar <rodrigo.alencar@analog.com>
iio: core: support 64-bit register through debugfs
This patch adds a debugfs_reg64_access function pointer to iio_info to
support 64-bit registers. It also updates the read and write debugfs file
operations to use the 64-bit variant when available, falling back to 32-bit.
> diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
> index bd6f4f9f45330..cb4e2ade25c0e 100644
> --- a/drivers/iio/industrialio-core.c
> +++ b/drivers/iio/industrialio-core.c
[ ... ]
> @@ -403,7 +412,7 @@ static ssize_t iio_debugfs_read_reg(struct file *file, char __user *userbuf,
>
> iio_dev_opaque->read_buf_len = snprintf(iio_dev_opaque->read_buf,
> sizeof(iio_dev_opaque->read_buf),
> - "0x%X\n", val);
> + "0x%llX", val64);
Does this inadvertently drop the newline character?
[ ... ]
> @@ -429,7 +439,7 @@ static ssize_t iio_debugfs_write_reg(struct file *file,
>
> buf[ret] = '\0';
Could buf be read uninitialized here if *ppos > 0?
fs/libfs.c:simple_write_to_buffer() writes user data to buf + *ppos and
returns the number of bytes written:
res = copy_from_user(to + pos, from, count);
if (res == count)
return -EFAULT;
count -= res;
*ppos = pos + count;
return count;
If *ppos > 0, the first *ppos bytes of buf remain uninitialized. The
subsequent sscanf() reads starting from buf[0], parsing up to count bytes
of uninitialized kernel stack memory.
>
> - ret = sscanf(buf, "%i %i", ®, &val);
> + ret = sscanf(buf, "%i %lli", ®, &val64);
Can this trigger compiler warnings? val64 is of type u64, but %lli is the
specifier for a signed long long pointer.
>
> switch (ret) {
> case 1:
> @@ -437,8 +447,12 @@ static ssize_t iio_debugfs_write_reg(struct file *file,
> break;
> case 2:
> iio_dev_opaque->cached_reg_addr = reg;
> - ret = indio_dev->info->debugfs_reg_access(indio_dev, reg,
> - val, NULL);
> + if (indio_dev->info->debugfs_reg64_access)
> + ret = indio_dev->info->debugfs_reg64_access(indio_dev, reg,
> + val64, NULL);
> + else
> + ret = indio_dev->info->debugfs_reg_access(indio_dev, reg,
> + val64, NULL);
Does this silently truncate 64-bit values for 32-bit registers?
If a user provides a 64-bit value but the driver only implements the 32-bit
debugfs_reg_access callback, val64 is passed directly as the unsigned int
argument. This discards the upper 32 bits without returning an error.
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260508-ad9910-iio-driver-v4-0-d26bfd20ee3d@analog.com?part=2
next prev parent reply other threads:[~2026-05-08 22:20 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-08 17:00 [PATCH RFC v4 00/10] AD9910 Direct Digital Synthesizer Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-08 17:00 ` [PATCH RFC v4 01/10] dt-bindings: iio: frequency: add ad9910 Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-08 22:02 ` sashiko-bot
2026-05-12 18:31 ` Jonathan Cameron
2026-05-13 15:09 ` Rodrigo Alencar
2026-05-16 10:40 ` Jonathan Cameron
2026-05-08 17:00 ` [PATCH RFC v4 02/10] iio: core: support 64-bit register through debugfs Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-08 22:20 ` sashiko-bot [this message]
2026-05-10 10:07 ` Andy Shevchenko
2026-05-11 10:47 ` Rodrigo Alencar
2026-05-08 17:00 ` [PATCH RFC v4 03/10] iio: frequency: ad9910: initial driver implementation Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-08 22:51 ` sashiko-bot
2026-05-08 17:00 ` [PATCH RFC v4 04/10] iio: frequency: ad9910: add basic parallel port support Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-08 23:19 ` sashiko-bot
2026-05-08 17:00 ` [PATCH RFC v4 05/10] iio: frequency: ad9910: add digital ramp generator support Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-08 23:53 ` sashiko-bot
2026-05-08 17:00 ` [PATCH RFC v4 06/10] iio: frequency: ad9910: add RAM mode support Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-09 0:33 ` sashiko-bot
2026-05-08 17:00 ` [PATCH RFC v4 07/10] iio: frequency: ad9910: add output shift keying support Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-09 1:08 ` sashiko-bot
2026-05-08 17:00 ` [PATCH RFC v4 08/10] iio: frequency: ad9910: show channel priority in debugfs Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-09 1:49 ` sashiko-bot
2026-05-08 17:00 ` [PATCH RFC v4 09/10] Documentation: ABI: testing: add docs for ad9910 sysfs entries Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-09 1:24 ` sashiko-bot
2026-05-08 17:00 ` [PATCH RFC v4 10/10] docs: iio: add documentation for ad9910 driver Rodrigo Alencar
2026-05-08 17:00 ` Rodrigo Alencar via B4 Relay
2026-05-09 1:21 ` sashiko-bot
2026-05-09 23:42 ` David Lechner
2026-05-10 9:30 ` Rodrigo Alencar
2026-05-11 14:46 ` David Lechner
2026-05-11 15:02 ` Rodrigo Alencar
2026-05-11 15:23 ` David Lechner
2026-05-11 16:01 ` Rodrigo Alencar
2026-05-15 15:47 ` Rodrigo Alencar
2026-05-09 22:31 ` [PATCH RFC v4 00/10] AD9910 Direct Digital Synthesizer David Lechner
2026-05-10 8:50 ` Rodrigo Alencar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260508222031.19E23C2BCB0@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=devnull+rodrigo.alencar.analog.com@kernel.org \
--cc=krzk+dt@kernel.org \
--cc=robh@kernel.org \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.