From: "Arnd Bergmann" <arnd@arndb.de>
To: "Akshay Gupta" <akshay.gupta@amd.com>,
linux-hwmon@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: "Guenter Roeck" <linux@roeck-us.net>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
shyam-sundar.s-k@amd.com, gautham.shenoy@amd.com,
"Mario Limonciello" <mario.limonciello@amd.com>,
naveenkrishna.chatradhi@amd.com
Subject: Re: [PATCH v5 06/11] misc: amd-sbi: Add support for AMD_SBI IOCTL
Date: Mon, 03 Mar 2025 17:18:10 +0100 [thread overview]
Message-ID: <c3c1fee9-d119-456e-827b-04ba6cdd8d7d@app.fastmail.com> (raw)
In-Reply-To: <20250303105902.215009-7-akshay.gupta@amd.com>
On Mon, Mar 3, 2025, at 11:58, Akshay Gupta wrote:
> +static long sbrmi_ioctl(struct file *fp, unsigned int cmd, unsigned
> long arg)
> +{
> + int __user *arguser = (int __user *)arg;
> + struct apml_message msg = { 0 };
> + bool read = false;
> + int ret;
> +
> + struct sbrmi_data *data = container_of(fp->private_data, struct
> sbrmi_data,
> + sbrmi_misc_dev);
> + if (!data)
> + return -ENODEV;
> +
> + /* Copy the structure from user */
> + if (copy_struct_from_user(&msg, sizeof(msg), arguser,
> + sizeof(struct apml_message)))
> + return -EFAULT;
This is not how ioctl commands work: you need to check the
'cmd' argument, which includes the length of the data.
copy_struct_from_user() makes no sense here since the length
is fixed (for a given command).
> + switch (msg.cmd) {
> + case 0 ... 0x999:
> + /* Mailbox protocol */
> + ret = rmi_mailbox_xfer(data, &msg);
> + break;
This looks like you are blindly passing through any command
from userspace, which is generally not the preferred way.
Usually this should be a known set of high-level commands
accepted by the driver.
> +static const struct file_operations sbrmi_fops = {
> + .owner = THIS_MODULE,
> + .unlocked_ioctl = sbrmi_ioctl,
> + .compat_ioctl = sbrmi_ioctl,
Change this to
.compat_ioctl = compat_ptr_ioctl,
> + data->sbrmi_misc_dev.name = devm_kasprintf(dev,
> + GFP_KERNEL,
> + "sbrmi-%x",
> + data->dev_static_addr);
> + data->sbrmi_misc_dev.minor = MISC_DYNAMIC_MINOR;
> + data->sbrmi_misc_dev.fops = &sbrmi_fops;
> + data->sbrmi_misc_dev.parent = dev;
> + data->sbrmi_misc_dev.nodename = devm_kasprintf(dev,
> + GFP_KERNEL,
> + "sbrmi-%x",
> + data->dev_static_addr);
> + data->sbrmi_misc_dev.mode = 0600;
> +
> + return misc_register(&data->sbrmi_misc_dev);
What is 'dev_static_addr'? Usually you want a miscdevice to
have a constant name and a static structure definition, not
dynamic allocation.
Are there multiple devices of this type in a given system?
> +struct apml_message {
> + /* message ids:
> + * Mailbox Messages: 0x0 ... 0x999
> + */
> + __u32 cmd;
> +
> + /*
> + * 8 bit data for reg read,
> + * 32 bit data in case of mailbox,
> + */
> + union {
> + __u32 mb_out[2];
> + __u8 reg_out[8];
> + } data_out;
> +
> + /*
> + * [0]...[3] mailbox 32bit input
> + * [7] read/write functionality
> + */
> + union {
> + __u32 mb_in[2];
> + __u8 reg_in[8];
> + } data_in;
> +} __attribute__((packed));
You normally want to have the in-kernel data aligned. Even
if userspace has it at a misaligned offset, it will still
work without the __packed.
Arnd
next prev parent reply other threads:[~2025-03-03 16:18 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-03 10:58 [PATCH v5 00/11] misc: Move AMD side band interface(SBI) functionality Akshay Gupta
2025-03-03 10:58 ` [PATCH v5 01/11] hwmon/misc: amd-sbi: Move core sbrmi from hwmon to misc Akshay Gupta
2025-03-03 13:59 ` Guenter Roeck
2025-03-03 10:58 ` [PATCH v5 02/11] misc: amd-sbi: Move protocol functionality to core file Akshay Gupta
2025-03-06 12:23 ` kernel test robot
2025-03-03 10:58 ` [PATCH v5 03/11] misc: amd-sbi: Move hwmon device sensor as separate entity Akshay Gupta
2025-03-06 10:59 ` kernel test robot
2025-03-03 10:58 ` [PATCH v5 04/11] misc: amd-sbi: Use regmap subsystem Akshay Gupta
2025-03-03 10:58 ` [PATCH v5 05/11] misc: amd-sbi: Optimize the wait condition for mailbox command completion Akshay Gupta
2025-03-03 10:58 ` [PATCH v5 06/11] misc: amd-sbi: Add support for AMD_SBI IOCTL Akshay Gupta
2025-03-03 16:18 ` Arnd Bergmann [this message]
2025-03-07 10:43 ` Gupta, Akshay
2025-03-03 10:58 ` [PATCH v5 07/11] misc: amd-sbi: Add support for mailbox error codes Akshay Gupta
2025-03-03 10:58 ` [PATCH v5 08/11] misc: amd-sbi: Add support for CPUID protocol Akshay Gupta
2025-03-03 10:59 ` [PATCH v5 09/11] misc: amd-sbi: Add support for read MCA register protocol Akshay Gupta
2025-03-03 10:59 ` Akshay Gupta
2025-03-03 10:59 ` [PATCH v5 10/11] misc: amd-sbi: Add support for register xfer Akshay Gupta
2025-03-03 10:59 ` [PATCH v5 11/11] misc: amd-sbi: Add document for AMD SB IOCTL description Akshay Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c3c1fee9-d119-456e-827b-04ba6cdd8d7d@app.fastmail.com \
--to=arnd@arndb.de \
--cc=akshay.gupta@amd.com \
--cc=gautham.shenoy@amd.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-hwmon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=mario.limonciello@amd.com \
--cc=naveenkrishna.chatradhi@amd.com \
--cc=shyam-sundar.s-k@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox