From: Paolo Abeni <pabeni@redhat.com>
To: Vladimir Oltean <olteanv@gmail.com>, Jakub Kicinski <kuba@kernel.org>
Cc: "Austin, Alex (DCCG)" <alexaust@amd.com>,
Alex Austin <alex.austin@amd.com>,
netdev@vger.kernel.org, linux-net-drivers@amd.com,
ecree.xilinx@gmail.com, habetsm.xilinx@gmail.com,
davem@davemloft.net, edumazet@google.com,
richardcochran@gmail.com, lorenzo@kernel.org, memxor@gmail.com,
alardam@gmail.com, bhelgaas@google.com
Subject: Re: [PATCH net-next 1/2] sfc: Implement ndo_hwtstamp_(get|set)
Date: Tue, 05 Dec 2023 09:52:34 +0100 [thread overview]
Message-ID: <1f1c04902562c58736862ce24316f5bc85757bcb.camel@redhat.com> (raw)
In-Reply-To: <20231204184532.jukt3qvk7iqv6y4k@skbuf>
On Mon, 2023-12-04 at 20:45 +0200, Vladimir Oltean wrote:
> On Mon, Dec 04, 2023 at 10:17:05AM -0800, Jakub Kicinski wrote:
> > On Mon, 4 Dec 2023 13:00:35 +0200 Vladimir Oltean wrote:
> > > If I may intervene. The "request state" will ultimately go away once all
> > > drivers are converted. I know it's more fragile and not all fields are
> > > valid, but I think I would like drivers to store the kernel_ variant of
> > > the structure, because more stuff will be added to the kernel_ variant
> > > in the future (the hwtstamp provider + qualifier), and doing this from
> > > the beginning will avoid reworking them again.
> >
> > Okay, you know the direction of this work better, so:
> >
> > pw-bot: under-review
>
> I mean your observation is in principle fair. If drivers save the struct
> kernel_hwtstamp_config in the set() method and give it back in the get()
> method (this is very widespread BTW), it's reasonable to question what
> happens with the temporary fields, ifr and copied_to_user. Won't we
> corrupt the teporary fields of the kernel_hwtstamp_config structure from
> the set() with the previous ones from the get()?
>
> The answer, I think, is that we do, but in a safe way. Because we implement
> ndo_hwtstamp_set(), the copied_to_user that we save is false (aka "the
> driver implementation didn't call copy_to_user()"). And when we give
> this structure back in ndo_hwtstamp_get(), we overwrite false with false,
> and a good ifr pointer with a bad one.
>
> But the only reason we transport the ifr along with the
> kernel_hwtstamp_config is for generic_hwtstamp_ioctl_lower() to work,
> aka a new API upper driver on top of an old API real driver. Which is
> not the case here, and no one looks at the stale ifr pointer.
>
> It's a lot to think about to make sure that something bad won't happen,
> I agree. I still don't believe it will break in subtle ways, but nonetheless
> I do recognize the tradeoff. One approach is more straightforward
> code-wise but more subtle behavior-wise, and the other is the opposite.
I tried to dig into the relevant code as far as I can, and I tend to
agree with Vladimir: the current approach looks reasonably safe, and
forward looking.
I think any eventual bugs (I could not find any) would be pre-existent
to this patch, rooted in dev_ioctl.c and to be addressed there.
I think this patches should go in the current form.
Cheers,
Paolo
next prev parent reply other threads:[~2023-12-05 8:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-30 13:58 [PATCH net-next 0/2] sfc: Implement ndo_hwtstamp_(get|set) Alex Austin
2023-11-30 13:58 ` [PATCH net-next 1/2] " Alex Austin
2023-11-30 19:04 ` Edward Cree
2023-12-02 3:25 ` Jakub Kicinski
2023-12-04 10:26 ` Austin, Alex (DCCG)
2023-12-04 11:00 ` Vladimir Oltean
2023-12-04 18:17 ` Jakub Kicinski
2023-12-04 18:45 ` Vladimir Oltean
2023-12-05 8:52 ` Paolo Abeni [this message]
2023-12-05 13:45 ` Austin, Alex (DCCG)
2023-12-05 13:46 ` Vladimir Oltean
2023-11-30 13:58 ` [PATCH net-next 2/2] sfc-siena: " Alex Austin
2023-11-30 19:05 ` Edward Cree
2023-12-05 13:47 ` Vladimir Oltean
2023-12-05 17:20 ` [PATCH net-next 0/2] sfc: " patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1f1c04902562c58736862ce24316f5bc85757bcb.camel@redhat.com \
--to=pabeni@redhat.com \
--cc=alardam@gmail.com \
--cc=alex.austin@amd.com \
--cc=alexaust@amd.com \
--cc=bhelgaas@google.com \
--cc=davem@davemloft.net \
--cc=ecree.xilinx@gmail.com \
--cc=edumazet@google.com \
--cc=habetsm.xilinx@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-net-drivers@amd.com \
--cc=lorenzo@kernel.org \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=olteanv@gmail.com \
--cc=richardcochran@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).