| Message ID | 20231026-strncpy-drivers-iio-proximity-sx9324-c-v2-1-cee6e5db700c@google.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [v2] iio: sx9324: avoid copying property strings | expand |
On Thu, Oct 26, 2023 at 11:53:28PM +0000, Justin Stitt wrote: > We're doing some needless string copies when trying to assign the proper > `prop` string. We can make `prop` a const char* and simply assign to > string literals. > > For the case where a format string is used, let's allocate some memory > via kasprintf() and point prop to it. > > This also cleans up some deprecated strncpy() uses [1]. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> Looks like a reasonable way to go. Reviewed-by: Kees Cook <keescook@chromium.org>
On Thu, 26 Oct 2023 23:53:28 +0000 Justin Stitt <justinstitt@google.com> wrote: > We're doing some needless string copies when trying to assign the proper > `prop` string. We can make `prop` a const char* and simply assign to > string literals. > > For the case where a format string is used, let's allocate some memory > via kasprintf() and point prop to it. > > This also cleans up some deprecated strncpy() uses [1]. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@vger.kernel.org > Signed-off-by: Justin Stitt <justinstitt@google.com> Seems reasonable to me. +CC Gwendal (+ Stephen) as it's Gwendal's driver and I think they are still actively maintaining it. > --- > Changes in v2: > - make prop a const char* and do simple assignments (thanks Jonathan) > - rebase onto 3a568e3a961ba330 > - Link to v1: https://lore.kernel.org/r/20230921-strncpy-drivers-iio-proximity-sx9324-c-v1-1-4e8d28fd1e7c@google.com > --- > Note: build-tested > --- > drivers/iio/proximity/sx9324.c | 17 +++++++---------- > 1 file changed, 7 insertions(+), 10 deletions(-) > > diff --git a/drivers/iio/proximity/sx9324.c b/drivers/iio/proximity/sx9324.c > index 438f9c9aba6e..c8547035cb47 100644 > --- a/drivers/iio/proximity/sx9324.c > +++ b/drivers/iio/proximity/sx9324.c > @@ -885,7 +885,7 @@ sx9324_get_default_reg(struct device *dev, int idx, > #define SX9324_RESOLUTION_DEF "semtech,ph01-resolution" > #define SX9324_PROXRAW_DEF "semtech,ph01-proxraw-strength" > unsigned int pin_defs[SX9324_NUM_PINS]; > - char prop[] = SX9324_PROXRAW_DEF; > + const char *prop = SX9324_PROXRAW_DEF; > u32 start = 0, raw = 0, pos = 0; > int ret, count, ph, pin; > const char *res; > @@ -899,7 +899,7 @@ sx9324_get_default_reg(struct device *dev, int idx, > case SX9324_REG_AFE_PH2: > case SX9324_REG_AFE_PH3: > ph = reg_def->reg - SX9324_REG_AFE_PH0; > - snprintf(prop, ARRAY_SIZE(prop), "semtech,ph%d-pin", ph); > + prop = kasprintf(GFP_KERNEL, "semtech,ph%d-pin", ph); > > count = device_property_count_u32(dev, prop); > if (count != ARRAY_SIZE(pin_defs)) > @@ -913,6 +913,7 @@ sx9324_get_default_reg(struct device *dev, int idx, > raw |= (pin_defs[pin] << (2 * pin)) & > SX9324_REG_AFE_PH0_PIN_MASK(pin); > reg_def->def = raw; > + kfree(prop); > break; > case SX9324_REG_AFE_CTRL0: > ret = device_property_read_string(dev, > @@ -937,11 +938,9 @@ sx9324_get_default_reg(struct device *dev, int idx, > case SX9324_REG_AFE_CTRL4: > case SX9324_REG_AFE_CTRL7: > if (reg_def->reg == SX9324_REG_AFE_CTRL4) > - strncpy(prop, "semtech,ph01-resolution", > - ARRAY_SIZE(prop)); > + prop = "semtech,ph01-resolution"; > else > - strncpy(prop, "semtech,ph23-resolution", > - ARRAY_SIZE(prop)); > + prop = "semtech,ph23-resolution"; > > ret = device_property_read_u32(dev, prop, &raw); > if (ret) > @@ -1012,11 +1011,9 @@ sx9324_get_default_reg(struct device *dev, int idx, > case SX9324_REG_PROX_CTRL0: > case SX9324_REG_PROX_CTRL1: > if (reg_def->reg == SX9324_REG_PROX_CTRL0) > - strncpy(prop, "semtech,ph01-proxraw-strength", > - ARRAY_SIZE(prop)); > + prop = "semtech,ph01-proxraw-strength"; > else > - strncpy(prop, "semtech,ph23-proxraw-strength", > - ARRAY_SIZE(prop)); > + prop = "semtech,ph23-proxraw-strength"; > ret = device_property_read_u32(dev, prop, &raw); > if (ret) > break; > > --- > base-commit: 3a568e3a961ba330091cd031647e4c303fa0badb > change-id: 20230921-strncpy-drivers-iio-proximity-sx9324-c-8c3437676039 > > Best regards, > -- > Justin Stitt <justinstitt@google.com> >
Quoting Jonathan Cameron (2023-10-28 08:26:38) > On Thu, 26 Oct 2023 23:53:28 +0000 > Justin Stitt <justinstitt@google.com> wrote: > > > We're doing some needless string copies when trying to assign the proper > > `prop` string. We can make `prop` a const char* and simply assign to > > string literals. > > > > For the case where a format string is used, let's allocate some memory > > via kasprintf() and point prop to it. > > > > This also cleans up some deprecated strncpy() uses [1]. > > > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] > > Link: https://github.com/KSPP/linux/issues/90 > > Cc: linux-hardening@vger.kernel.org > > Signed-off-by: Justin Stitt <justinstitt@google.com> > > Seems reasonable to me. > > +CC Gwendal (+ Stephen) as it's Gwendal's driver and I think they are still actively > maintaining it. Thanks! I have some review comments. > > diff --git a/drivers/iio/proximity/sx9324.c b/drivers/iio/proximity/sx9324.c > > index 438f9c9aba6e..c8547035cb47 100644 > > --- a/drivers/iio/proximity/sx9324.c > > +++ b/drivers/iio/proximity/sx9324.c > > @@ -885,7 +885,7 @@ sx9324_get_default_reg(struct device *dev, int idx, > > #define SX9324_RESOLUTION_DEF "semtech,ph01-resolution" > > #define SX9324_PROXRAW_DEF "semtech,ph01-proxraw-strength" > > unsigned int pin_defs[SX9324_NUM_PINS]; > > - char prop[] = SX9324_PROXRAW_DEF; > > + const char *prop = SX9324_PROXRAW_DEF; Do we need this define anymore, or the initialization? > > u32 start = 0, raw = 0, pos = 0; > > int ret, count, ph, pin; > > const char *res; > > @@ -899,7 +899,7 @@ sx9324_get_default_reg(struct device *dev, int idx, > > case SX9324_REG_AFE_PH2: > > case SX9324_REG_AFE_PH3: > > ph = reg_def->reg - SX9324_REG_AFE_PH0; > > - snprintf(prop, ARRAY_SIZE(prop), "semtech,ph%d-pin", ph); > > + prop = kasprintf(GFP_KERNEL, "semtech,ph%d-pin", ph); Do we not care if the allocation fails? We just use the default? > > > > count = device_property_count_u32(dev, prop); > > if (count != ARRAY_SIZE(pin_defs)) > > @@ -913,6 +913,7 @@ sx9324_get_default_reg(struct device *dev, int idx, > > raw |= (pin_defs[pin] << (2 * pin)) & > > SX9324_REG_AFE_PH0_PIN_MASK(pin); > > reg_def->def = raw; > > + kfree(prop); We need to free it in other places too, like if the count doesn't match. It may be easier to extract this section and just have 4 string literals. switch (reg_def->reg) { case SX9324_REG_AFE_PH0: reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph0-pin"); break; case SX9324_REG_AFE_PH1: reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph1-pin"); break; case SX9324_REG_AFE_PH2: reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph2-pin"); break; case SX9324_REG_AFE_PH3: reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph3-pin"); break; > > case SX9324_REG_AFE_CTRL0: > > ret = device_property_read_string(dev,
Hi, On Mon, Oct 30, 2023 at 2:44 PM Stephen Boyd <swboyd@chromium.org> wrote: > > > We need to free it in other places too, like if the count doesn't match. > It may be easier to extract this section and just have 4 string > literals. > > switch (reg_def->reg) { > case SX9324_REG_AFE_PH0: > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph0-pin"); > break; > case SX9324_REG_AFE_PH1: > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph1-pin"); > break; > case SX9324_REG_AFE_PH2: > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph2-pin"); > break; > case SX9324_REG_AFE_PH3: > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph3-pin"); > break; > I've submitted v3 of this patch [1] trying out Stephen's idea. I'd appreciate feedback. [1]: https://lore.kernel.org/all/20231212-strncpy-drivers-iio-proximity-sx9324-c-v3-1-b8ae12fc8a5d@google.com/ Thanks Justin
Reviewed-by: Gwendal Grignou <gwendal@chromium.org> On Mon, Dec 11, 2023 at 4:46 PM Justin Stitt <justinstitt@google.com> wrote: > > Hi, > > On Mon, Oct 30, 2023 at 2:44 PM Stephen Boyd <swboyd@chromium.org> wrote: > > > > > > We need to free it in other places too, like if the count doesn't match. > > It may be easier to extract this section and just have 4 string > > literals. > > > > switch (reg_def->reg) { > > case SX9324_REG_AFE_PH0: > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph0-pin"); > > break; > > case SX9324_REG_AFE_PH1: > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph1-pin"); > > break; > > case SX9324_REG_AFE_PH2: > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph2-pin"); > > break; > > case SX9324_REG_AFE_PH3: > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph3-pin"); > > break; > > > > I've submitted v3 of this patch [1] trying out Stephen's idea. I'd > appreciate feedback. > > [1]: https://lore.kernel.org/all/20231212-strncpy-drivers-iio-proximity-sx9324-c-v3-1-b8ae12fc8a5d@google.com/ > > Thanks > Justin
On Tue, 12 Dec 2023 15:51:04 -0800 Gwendal Grignou <gwendal@chromium.org> wrote: > Reviewed-by: Gwendal Grignou <gwendal@chromium.org> Hi Gwendal I'll ignore this tag given the email you've replied to says there is a different implementation. Please take a look at that version instead. Jonathan > > On Mon, Dec 11, 2023 at 4:46 PM Justin Stitt <justinstitt@google.com> wrote: > > > > Hi, > > > > On Mon, Oct 30, 2023 at 2:44 PM Stephen Boyd <swboyd@chromium.org> wrote: > > > > > > > > > We need to free it in other places too, like if the count doesn't match. > > > It may be easier to extract this section and just have 4 string > > > literals. > > > > > > switch (reg_def->reg) { > > > case SX9324_REG_AFE_PH0: > > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph0-pin"); > > > break; > > > case SX9324_REG_AFE_PH1: > > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph1-pin"); > > > break; > > > case SX9324_REG_AFE_PH2: > > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph2-pin"); > > > break; > > > case SX9324_REG_AFE_PH3: > > > reg_def = sx9324_parse_phase_prop(dev, reg_def, "semtech,ph3-pin"); > > > break; > > > > > > > I've submitted v3 of this patch [1] trying out Stephen's idea. I'd > > appreciate feedback. > > > > [1]: https://lore.kernel.org/all/20231212-strncpy-drivers-iio-proximity-sx9324-c-v3-1-b8ae12fc8a5d@google.com/ > > > > Thanks > > Justin
diff --git a/drivers/iio/proximity/sx9324.c b/drivers/iio/proximity/sx9324.c index 438f9c9aba6e..c8547035cb47 100644 --- a/drivers/iio/proximity/sx9324.c +++ b/drivers/iio/proximity/sx9324.c @@ -885,7 +885,7 @@ sx9324_get_default_reg(struct device *dev, int idx, #define SX9324_RESOLUTION_DEF "semtech,ph01-resolution" #define SX9324_PROXRAW_DEF "semtech,ph01-proxraw-strength" unsigned int pin_defs[SX9324_NUM_PINS]; - char prop[] = SX9324_PROXRAW_DEF; + const char *prop = SX9324_PROXRAW_DEF; u32 start = 0, raw = 0, pos = 0; int ret, count, ph, pin; const char *res; @@ -899,7 +899,7 @@ sx9324_get_default_reg(struct device *dev, int idx, case SX9324_REG_AFE_PH2: case SX9324_REG_AFE_PH3: ph = reg_def->reg - SX9324_REG_AFE_PH0; - snprintf(prop, ARRAY_SIZE(prop), "semtech,ph%d-pin", ph); + prop = kasprintf(GFP_KERNEL, "semtech,ph%d-pin", ph); count = device_property_count_u32(dev, prop); if (count != ARRAY_SIZE(pin_defs)) @@ -913,6 +913,7 @@ sx9324_get_default_reg(struct device *dev, int idx, raw |= (pin_defs[pin] << (2 * pin)) & SX9324_REG_AFE_PH0_PIN_MASK(pin); reg_def->def = raw; + kfree(prop); break; case SX9324_REG_AFE_CTRL0: ret = device_property_read_string(dev, @@ -937,11 +938,9 @@ sx9324_get_default_reg(struct device *dev, int idx, case SX9324_REG_AFE_CTRL4: case SX9324_REG_AFE_CTRL7: if (reg_def->reg == SX9324_REG_AFE_CTRL4) - strncpy(prop, "semtech,ph01-resolution", - ARRAY_SIZE(prop)); + prop = "semtech,ph01-resolution"; else - strncpy(prop, "semtech,ph23-resolution", - ARRAY_SIZE(prop)); + prop = "semtech,ph23-resolution"; ret = device_property_read_u32(dev, prop, &raw); if (ret) @@ -1012,11 +1011,9 @@ sx9324_get_default_reg(struct device *dev, int idx, case SX9324_REG_PROX_CTRL0: case SX9324_REG_PROX_CTRL1: if (reg_def->reg == SX9324_REG_PROX_CTRL0) - strncpy(prop, "semtech,ph01-proxraw-strength", - ARRAY_SIZE(prop)); + prop = "semtech,ph01-proxraw-strength"; else - strncpy(prop, "semtech,ph23-proxraw-strength", - ARRAY_SIZE(prop)); + prop = "semtech,ph23-proxraw-strength"; ret = device_property_read_u32(dev, prop, &raw); if (ret) break;
We're doing some needless string copies when trying to assign the proper `prop` string. We can make `prop` a const char* and simply assign to string literals. For the case where a format string is used, let's allocate some memory via kasprintf() and point prop to it. This also cleans up some deprecated strncpy() uses [1]. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt <justinstitt@google.com> --- Changes in v2: - make prop a const char* and do simple assignments (thanks Jonathan) - rebase onto 3a568e3a961ba330 - Link to v1: https://lore.kernel.org/r/20230921-strncpy-drivers-iio-proximity-sx9324-c-v1-1-4e8d28fd1e7c@google.com --- Note: build-tested --- drivers/iio/proximity/sx9324.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) --- base-commit: 3a568e3a961ba330091cd031647e4c303fa0badb change-id: 20230921-strncpy-drivers-iio-proximity-sx9324-c-8c3437676039 Best regards, -- Justin Stitt <justinstitt@google.com>