From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
To: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Linux Media Mailing List <linux-media@vger.kernel.org>,
Mauro Carvalho Chehab <mchehab@infradead.org>,
Hans Verkuil <hansverk@cisco.com>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Daniel Mentz <danielmentz@google.com>
Subject: Re: [PATCH RESEND 6/6] media: v4l2-compat-ioctl32: simplify casts
Date: Thu, 19 Apr 2018 12:27:55 -0300 [thread overview]
Message-ID: <20180419122755.38c01e58@vento.lan> (raw)
In-Reply-To: <c1cce70e-1f4e-42c1-9206-4aaf5c791b9f@xs4all.nl>
Em Thu, 19 Apr 2018 13:37:52 +0200
Hans Verkuil <hverkuil@xs4all.nl> escreveu:
> On 04/19/18 13:15, Mauro Carvalho Chehab wrote:
> > Making the cast right for get_user/put_user is not trivial, as
> > it needs to ensure that the types are the correct ones.
> >
> > Improve it by using macros.
> >
> > Tested with vivid with:
> > $ sudo modprobe vivid no_error_inj=1
> > $ v4l2-compliance-32bits -a -s10 >32bits && v4l2-compliance-64bits -a -s10 > 64bits && diff -U0 32bits 64bits
> > --- 32bits 2018-04-17 11:18:29.141240772 -0300
> > +++ 64bits 2018-04-17 11:18:40.635282341 -0300
> > @@ -1 +1 @@
> > -v4l2-compliance SHA : bc71e4a67c6fbc5940062843bc41e7c8679634ce, 32 bits
> > +v4l2-compliance SHA : bc71e4a67c6fbc5940062843bc41e7c8679634ce, 64 bits
> >
> > Using the latest version of v4l-utils with this patch applied:
> > https://patchwork.linuxtv.org/patch/48746/
> >
> > Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
> > ---
> > drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 40 ++++++++++++++++++---------
> > 1 file changed, 27 insertions(+), 13 deletions(-)
> >
> > diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> > index 8c05dd9660d3..d2f0268427c2 100644
> > --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> > +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> > @@ -30,6 +30,24 @@
> > get_user(__assign_tmp, from) || put_user(__assign_tmp, to); \
> > })
> >
> > +#define get_user_cast(__x, __ptr) \
> > +({ \
> > + get_user(__x, (typeof(*__ptr) __user *)(__ptr)); \
> > +})
> > +
> > +#define put_user_force(__x, __ptr) \
> > +({ \
> > + put_user((typeof(*__x) __force *)(__x), __ptr); \
> > +})
> > +
> > +#define assign_in_user_cast(to, from) \
> > +({ \
> > + typeof(*from) __assign_tmp; \
> > + \
> > + get_user_cast(__assign_tmp, from) || put_user(__assign_tmp, to);\
> > +})
>
> Please add comments for these macros. It's not trivially obvious what they
> do and why they are needed.
Ok. Would the comments below be acceptable?
I may eventually post it as a separate patch, adding documentation to some
other functions (maybe adding it to some .rst file).
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index d2f0268427c2..9530661d9b43 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -22,7 +22,18 @@
#include <media/v4l2-ctrls.h>
#include <media/v4l2-ioctl.h>
-/* Use the same argument order as copy_in_user */
+/**
+ * assign_in_user() - Copy from one __user var to another one
+ *
+ * @to: __user var where data will be stored
+ * @from: __user var were data will be retrieved.
+ *
+ * As this code very often needs to allocate userspace memory, it is easier
+ * to have a macro that will do both get_user() and put_user() at once.
+ *
+ * This function complements the macros defined at asm-generic/uaccess.h.
+ * It uses the same argument order as copy_in_user()
+ */
#define assign_in_user(to, from) \
({ \
typeof(*from) __assign_tmp; \
@@ -30,16 +41,57 @@
get_user(__assign_tmp, from) || put_user(__assign_tmp, to); \
})
+/**
+ * get_user_cast() - Stores at a kernelspace local var the contents from a
+ * pointer with userspace data that is not tagged with __user.
+ *
+ * @__x: var where data will be stored
+ * @ptr: var were data will be retrieved.
+ *
+ * Sometimes, we need to declare a pointer without __user, because it
+ * comes from a pointer struct field that will be retrieved from userspace
+ * by the 64-bit native ioctl handler. This function ensures that the
+ * @ptr will be casted to __user before calling get_user(), in order to
+ * avoid warnings with static code analyzers like smatch.
+ */
#define get_user_cast(__x, __ptr) \
({ \
get_user(__x, (typeof(*__ptr) __user *)(__ptr)); \
})
+/**
+ * put_user_force() - Stores at the contents of a kernelspace local var
+ * into an userspace pointer, removing any __user cast.
+ *
+ * @__x: var where data will be stored
+ * @ptr: var were data will be retrieved.
+ *
+ * As the compat32 code now handles with 32-bits and 64-bits __user
+ * structs, sometimes we need to remove the __user atributes from some data,
+ * by passing __force macro. This function ensures that the
+ * @ptr will be casted with __force before calling put_user(), in order to
+ * avoid warnings with static code analyzers like smatch.
+ */
#define put_user_force(__x, __ptr) \
({ \
put_user((typeof(*__x) __force *)(__x), __ptr); \
})
+/**
+ * assign_in_user_cast() - Copy from one __user var to another one
+ *
+ * @to: __user var where data will be stored
+ * @from: var were data will be retrieved that needs to be cast to __user.
+ *
+ * As this code very often needs to allocate userspace memory, it is easier
+ * to have a macro that will do both get_user_cast() and put_user() at once.
+ *
+ * This function should be used instead of assign_in_user() when the @from
+ * variable was not declared as __user. See get_user_cast() for more details.
+ *
+ * This function complements the macros defined at asm-generic/uaccess.h.
+ * It uses the same argument order as copy_in_user()
+ */
#define assign_in_user_cast(to, from) \
({ \
typeof(*from) __assign_tmp; \
Thanks,
Mauro
prev parent reply other threads:[~2018-04-19 15:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-19 11:15 [PATCH RESEND 0/6] Remaining COMPILE_TEST and smatch cleanups Mauro Carvalho Chehab
2018-04-19 11:15 ` [PATCH RESEND 1/6] omap: omap-iommu.h: allow building drivers with COMPILE_TEST Mauro Carvalho Chehab
2018-04-19 11:24 ` Hans Verkuil
2018-04-19 11:15 ` [PATCH RESEND 2/6] media: omap3isp: Enable driver compilation on ARM " Mauro Carvalho Chehab
2018-04-19 11:25 ` Hans Verkuil
2018-04-19 11:15 ` [PATCH RESEND 3/6] media: omap3isp: Allow it to build " Mauro Carvalho Chehab
2018-04-19 11:27 ` Hans Verkuil
2018-04-19 11:15 ` [PATCH RESEND 4/6] media: v4l2-compat-ioctl32: fix several __user annotations Mauro Carvalho Chehab
2018-04-19 11:32 ` Hans Verkuil
2018-04-19 11:15 ` [PATCH RESEND 5/6] media: v4l2-compat-ioctl32: better name userspace pointers Mauro Carvalho Chehab
2018-04-19 11:15 ` [PATCH RESEND 6/6] media: v4l2-compat-ioctl32: simplify casts Mauro Carvalho Chehab
2018-04-19 11:37 ` Hans Verkuil
2018-04-19 15:27 ` Mauro Carvalho Chehab [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180419122755.38c01e58@vento.lan \
--to=mchehab@s-opensource.com \
--cc=danielmentz@google.com \
--cc=hansverk@cisco.com \
--cc=hverkuil@xs4all.nl \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
--cc=sakari.ailus@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).