Re: [PATCH 4/4] drivers/mailbox: Add ASpeed mailbox driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Tue, 2017-02-07 at 16:10 +1030, Joel Stanley wrote:

> > +static ssize_t aspeed_mbox_read(struct file *file, char __user *buf,
> > +                               size_t count, loff_t *ppos)
> > +{
> > +       struct aspeed_mbox *mbox = file_mbox(file);
> > +       char __user *p = buf;
> > +       ssize_t ret;
> > +       int i;
> > +
> > +       if (!access_ok(VERIFY_WRITE, buf, count))
> > +               return -EFAULT;
> 
> As discussed in the LPC driver review:
> 
>  "And don't call access_ok(), it's racy and no driver should ever do that."
> 
> Make sure all of the things you fixed in that driver are fixed in this one.

Well... I don't entirely agree with Greg on that one :-) In this specific
case, since he's using __put_user() below, he must use access_ok() first.

The "alternate" option is to bounce everything via a local memory array,
copy_to/from_user (to/from that array) and then do the loop of inb/outb,
but in the grand scheme of things, what is written here is correct *and*
more efficient than the alternate approach. On such a slow SoC, those
cycles do count.

> > +
> > +       if (count + *ppos > ASPEED_MBOX_NUM_REGS)
> > +               return -EINVAL;
> > +
> > +       if (file->f_flags & O_NONBLOCK) {
> > +               if (!(aspeed_mbox_inb(mbox, ASPEED_MBOX_BMC_CTRL) &
> > +                               ASPEED_MBOX_CTRL_RECV))
> > +                       return -EAGAIN;
> > +       } else if (wait_event_interruptible(mbox->queue,
> > +                               aspeed_mbox_inb(mbox, ASPEED_MBOX_BMC_CTRL) &
> > +                               ASPEED_MBOX_CTRL_RECV)) {
> > +               return -ERESTARTSYS;
> > +       }
> > +
> > +       mutex_lock(&mbox->mutex);
> > +
> > +       for (i = *ppos; count > 0 && i < ASPEED_MBOX_NUM_REGS; i++) {
> > +               uint8_t reg = aspeed_mbox_inb(mbox, ASPEED_MBOX_DATA_0 + (i * 4));
> > +
> > +               ret = __put_user(reg, p);
> > +               if (ret)
> > +                       goto out_unlock;
> > +
> > +               p++;
> > +               count--;
> > +       }
> > +
> > +       /* ASPEED_MBOX_CTRL_RECV bit is W1C, this also unmasks in 1 step */
> 
> W1C? Write to clear?
> 
> > +       aspeed_mbox_outb(mbox, ASPEED_MBOX_CTRL_RECV, ASPEED_MBOX_BMC_CTRL);
> > +       ret = p - buf;
> > +
> > +out_unlock:
> > +       mutex_unlock(&mbox->mutex);
> > +       return ret;
> > +}
> > +
> > +module_platform_driver(aspeed_mbox_driver);
> > +
> > +MODULE_DEVICE_TABLE(of, aspeed_mbox_match);
> > +MODULE_LICENSE("GPL");
> > > > +MODULE_AUTHOR("Cyril Bur <cyrilbur@xxxxxxxxx>");
> > +MODULE_DESCRIPTION("ASpeed mailbox device driver");
> 
> ASPEED or Aspeed.
> 
> > --
> > 2.11.0
> > 
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Device Tree Compilter]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux PCI Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Yosemite Backpacking]
  Powered by Linux