Message ID | 20240626180031.4050226-22-cassel@kernel.org (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | ata,libsas: Assign the unique id used for printing earlier | expand |
On Wed, Jun 26, 2024 at 08:00:37PM +0200, Niklas Cassel wrote: > @@ -5908,12 +5903,13 @@ int ata_host_register(struct ata_host *host, const struct scsi_host_template *sh > return -EINVAL; > } > > - /* Blow away unused ports. This happens when LLD can't > - * determine the exact number of ports to allocate at > - * allocation time. > + /* > + * For a driver using ata_host_register(), the ports are allocated by > + * ata_host_alloc(), which also allocates the host->ports array. > + * The number of array elements must match host->n_ports. > */ > for (i = host->n_ports; host->ports[i]; i++) > - kfree(host->ports[i]); > + WARN_ON(host->ports[i]); Nit: Even though we replace the kfree() with a WARN_ON() here, the strictly correct thing would have been for the earlier patch in this series: "ata,scsi: libata-core: Add ata_port_free()" to have replaced the kfree() with ata_port_free(), and then for this patch to replace the ata_port_free() with a WARN_ON(). Kind regards, Niklas
On 6/27/24 03:00, Niklas Cassel wrote: > Commit f31871951b38 ("libata: separate out ata_host_alloc() and > ata_host_register()") added ata_host_alloc(), where the API allowed > a LLD to overallocate the number of ports supplied to ata_host_alloc(), > as long as the LLD decreased host->n_ports before calling > ata_host_register(). > > However, this functionally has never ever been used by a single LLD. > > Because of the current API design, the assignment of ap->print_id is > deferred until registration time, which is bad, because that means that > the ata_port_*() print functions cannot be used by a LLD until after > registration time, which means that a LLD is forced to use a print > function that is non-port specific, even for a port specific error. > > Remove the support for decreasing the number of ports, such that it will > be possible to assign ap->print_id earlier. > > Signed-off-by: Niklas Cassel <cassel@kernel.org> With your own nit applied, Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
On 6/26/24 20:00, Niklas Cassel wrote: > Commit f31871951b38 ("libata: separate out ata_host_alloc() and > ata_host_register()") added ata_host_alloc(), where the API allowed > a LLD to overallocate the number of ports supplied to ata_host_alloc(), > as long as the LLD decreased host->n_ports before calling > ata_host_register(). > > However, this functionally has never ever been used by a single LLD. > > Because of the current API design, the assignment of ap->print_id is > deferred until registration time, which is bad, because that means that > the ata_port_*() print functions cannot be used by a LLD until after > registration time, which means that a LLD is forced to use a print > function that is non-port specific, even for a port specific error. > > Remove the support for decreasing the number of ports, such that it will > be possible to assign ap->print_id earlier. > > Signed-off-by: Niklas Cassel <cassel@kernel.org> > --- > drivers/ata/libata-core.c | 24 ++++++++++-------------- > include/linux/libata.h | 2 +- > 2 files changed, 11 insertions(+), 15 deletions(-) > > diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c > index 591020ea8989..a213a9c0d0a5 100644 > --- a/drivers/ata/libata-core.c > +++ b/drivers/ata/libata-core.c > @@ -5550,24 +5550,19 @@ EXPORT_SYMBOL_GPL(ata_host_put); > /** > * ata_host_alloc - allocate and init basic ATA host resources > * @dev: generic device this host is associated with > - * @max_ports: maximum number of ATA ports associated with this host > + * @n_ports: the number of ATA ports associated with this host > * > * Allocate and initialize basic ATA host resources. LLD calls > * this function to allocate a host, initializes it fully and > * attaches it using ata_host_register(). > * > - * @max_ports ports are allocated and host->n_ports is > - * initialized to @max_ports. The caller is allowed to decrease > - * host->n_ports before calling ata_host_register(). The unused > - * ports will be automatically freed on registration. > - * > * RETURNS: > * Allocate ATA host on success, NULL on failure. > * > * LOCKING: > * Inherited from calling layer (may sleep). > */ > -struct ata_host *ata_host_alloc(struct device *dev, int max_ports) > +struct ata_host *ata_host_alloc(struct device *dev, int n_ports) > { > struct ata_host *host; > size_t sz; > @@ -5575,7 +5570,7 @@ struct ata_host *ata_host_alloc(struct device *dev, int max_ports) > void *dr; > > /* alloc a container for our list of ATA ports (buses) */ > - sz = sizeof(struct ata_host) + (max_ports + 1) * sizeof(void *); > + sz = sizeof(struct ata_host) + (n_ports + 1) * sizeof(void *); > host = kzalloc(sz, GFP_KERNEL); > if (!host) > return NULL; > @@ -5595,11 +5590,11 @@ struct ata_host *ata_host_alloc(struct device *dev, int max_ports) > spin_lock_init(&host->lock); > mutex_init(&host->eh_mutex); > host->dev = dev; > - host->n_ports = max_ports; > + host->n_ports = n_ports; > kref_init(&host->kref); > > /* allocate ports bound to this host */ > - for (i = 0; i < max_ports; i++) { > + for (i = 0; i < n_ports; i++) { > struct ata_port *ap; > > ap = ata_port_alloc(host); > @@ -5908,12 +5903,13 @@ int ata_host_register(struct ata_host *host, const struct scsi_host_template *sh > return -EINVAL; > } > > - /* Blow away unused ports. This happens when LLD can't > - * determine the exact number of ports to allocate at > - * allocation time. > + /* > + * For a driver using ata_host_register(), the ports are allocated by > + * ata_host_alloc(), which also allocates the host->ports array. > + * The number of array elements must match host->n_ports. > */ > for (i = host->n_ports; host->ports[i]; i++) > - kfree(host->ports[i]); > + WARN_ON(host->ports[i]); > What a patently ugly check. So you are relying on the caller to have zeroed the memory upfront. But what happens if the caller allocated n_ports, zeroed the memory up to that point, and then filled in all 'ports' slots? ports[n_ports - 1] is set to a pointer, but ports[n_ports] is _not_ allocated, and there is no guarantee it'll be zero. Causing a memory overrun and all sorts of things. This needs to go, as it's now pointless anyway. Cheers, Hannes
On Thu, Jun 27, 2024 at 08:35:49AM +0200, Hannes Reinecke wrote: > On 6/26/24 20:00, Niklas Cassel wrote: > > Commit f31871951b38 ("libata: separate out ata_host_alloc() and > > ata_host_register()") added ata_host_alloc(), where the API allowed > > a LLD to overallocate the number of ports supplied to ata_host_alloc(), > > as long as the LLD decreased host->n_ports before calling > > ata_host_register(). > > > > However, this functionally has never ever been used by a single LLD. > > > > Because of the current API design, the assignment of ap->print_id is > > deferred until registration time, which is bad, because that means that > > the ata_port_*() print functions cannot be used by a LLD until after > > registration time, which means that a LLD is forced to use a print > > function that is non-port specific, even for a port specific error. > > > > Remove the support for decreasing the number of ports, such that it will > > be possible to assign ap->print_id earlier. > > > > Signed-off-by: Niklas Cassel <cassel@kernel.org> > > --- > > drivers/ata/libata-core.c | 24 ++++++++++-------------- > > include/linux/libata.h | 2 +- > > 2 files changed, 11 insertions(+), 15 deletions(-) > > > > diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c > > index 591020ea8989..a213a9c0d0a5 100644 > > --- a/drivers/ata/libata-core.c > > +++ b/drivers/ata/libata-core.c > > @@ -5550,24 +5550,19 @@ EXPORT_SYMBOL_GPL(ata_host_put); > > /** > > * ata_host_alloc - allocate and init basic ATA host resources > > * @dev: generic device this host is associated with > > - * @max_ports: maximum number of ATA ports associated with this host > > + * @n_ports: the number of ATA ports associated with this host > > * > > * Allocate and initialize basic ATA host resources. LLD calls > > * this function to allocate a host, initializes it fully and > > * attaches it using ata_host_register(). > > * > > - * @max_ports ports are allocated and host->n_ports is > > - * initialized to @max_ports. The caller is allowed to decrease > > - * host->n_ports before calling ata_host_register(). The unused > > - * ports will be automatically freed on registration. > > - * > > * RETURNS: > > * Allocate ATA host on success, NULL on failure. > > * > > * LOCKING: > > * Inherited from calling layer (may sleep). > > */ > > -struct ata_host *ata_host_alloc(struct device *dev, int max_ports) > > +struct ata_host *ata_host_alloc(struct device *dev, int n_ports) > > { > > struct ata_host *host; > > size_t sz; > > @@ -5575,7 +5570,7 @@ struct ata_host *ata_host_alloc(struct device *dev, int max_ports) > > void *dr; > > /* alloc a container for our list of ATA ports (buses) */ > > - sz = sizeof(struct ata_host) + (max_ports + 1) * sizeof(void *); > > + sz = sizeof(struct ata_host) + (n_ports + 1) * sizeof(void *); > > host = kzalloc(sz, GFP_KERNEL); > > if (!host) > > return NULL; > > @@ -5595,11 +5590,11 @@ struct ata_host *ata_host_alloc(struct device *dev, int max_ports) > > spin_lock_init(&host->lock); > > mutex_init(&host->eh_mutex); > > host->dev = dev; > > - host->n_ports = max_ports; > > + host->n_ports = n_ports; > > kref_init(&host->kref); > > /* allocate ports bound to this host */ > > - for (i = 0; i < max_ports; i++) { > > + for (i = 0; i < n_ports; i++) { > > struct ata_port *ap; > > ap = ata_port_alloc(host); > > @@ -5908,12 +5903,13 @@ int ata_host_register(struct ata_host *host, const struct scsi_host_template *sh > > return -EINVAL; > > } > > - /* Blow away unused ports. This happens when LLD can't > > - * determine the exact number of ports to allocate at > > - * allocation time. > > + /* > > + * For a driver using ata_host_register(), the ports are allocated by > > + * ata_host_alloc(), which also allocates the host->ports array. > > + * The number of array elements must match host->n_ports. > > */ > > for (i = host->n_ports; host->ports[i]; i++) > > - kfree(host->ports[i]); > > + WARN_ON(host->ports[i]); > What a patently ugly check. > So you are relying on the caller to have zeroed the memory upfront. > But what happens if the caller allocated n_ports, zeroed the memory up to > that point, and then filled in all 'ports' slots? > ports[n_ports - 1] is set to a pointer, but ports[n_ports] is _not_ > allocated, and there is no guarantee it'll be zero. > Causing a memory overrun and all sorts of things. > > This needs to go, as it's now pointless anyway. For what it is worth, this ugly code was there before this patch :) However, it seems that ata_host_alloc() allocates max_ports + 1: https://github.com/torvalds/linux/blob/v6.10-rc5/drivers/ata/libata-core.c#L5568-L5570 So I think this should be safe.... But yes, super ugly... Kind regards, Niklas
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 591020ea8989..a213a9c0d0a5 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -5550,24 +5550,19 @@ EXPORT_SYMBOL_GPL(ata_host_put); /** * ata_host_alloc - allocate and init basic ATA host resources * @dev: generic device this host is associated with - * @max_ports: maximum number of ATA ports associated with this host + * @n_ports: the number of ATA ports associated with this host * * Allocate and initialize basic ATA host resources. LLD calls * this function to allocate a host, initializes it fully and * attaches it using ata_host_register(). * - * @max_ports ports are allocated and host->n_ports is - * initialized to @max_ports. The caller is allowed to decrease - * host->n_ports before calling ata_host_register(). The unused - * ports will be automatically freed on registration. - * * RETURNS: * Allocate ATA host on success, NULL on failure. * * LOCKING: * Inherited from calling layer (may sleep). */ -struct ata_host *ata_host_alloc(struct device *dev, int max_ports) +struct ata_host *ata_host_alloc(struct device *dev, int n_ports) { struct ata_host *host; size_t sz; @@ -5575,7 +5570,7 @@ struct ata_host *ata_host_alloc(struct device *dev, int max_ports) void *dr; /* alloc a container for our list of ATA ports (buses) */ - sz = sizeof(struct ata_host) + (max_ports + 1) * sizeof(void *); + sz = sizeof(struct ata_host) + (n_ports + 1) * sizeof(void *); host = kzalloc(sz, GFP_KERNEL); if (!host) return NULL; @@ -5595,11 +5590,11 @@ struct ata_host *ata_host_alloc(struct device *dev, int max_ports) spin_lock_init(&host->lock); mutex_init(&host->eh_mutex); host->dev = dev; - host->n_ports = max_ports; + host->n_ports = n_ports; kref_init(&host->kref); /* allocate ports bound to this host */ - for (i = 0; i < max_ports; i++) { + for (i = 0; i < n_ports; i++) { struct ata_port *ap; ap = ata_port_alloc(host); @@ -5908,12 +5903,13 @@ int ata_host_register(struct ata_host *host, const struct scsi_host_template *sh return -EINVAL; } - /* Blow away unused ports. This happens when LLD can't - * determine the exact number of ports to allocate at - * allocation time. + /* + * For a driver using ata_host_register(), the ports are allocated by + * ata_host_alloc(), which also allocates the host->ports array. + * The number of array elements must match host->n_ports. */ for (i = host->n_ports; host->ports[i]; i++) - kfree(host->ports[i]); + WARN_ON(host->ports[i]); /* give ports names and add SCSI hosts */ for (i = 0; i < host->n_ports; i++) { diff --git a/include/linux/libata.h b/include/linux/libata.h index 580971e11804..b7c5d3f33368 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -1069,7 +1069,7 @@ extern int sata_std_hardreset(struct ata_link *link, unsigned int *class, unsigned long deadline); extern void ata_std_postreset(struct ata_link *link, unsigned int *classes); -extern struct ata_host *ata_host_alloc(struct device *dev, int max_ports); +extern struct ata_host *ata_host_alloc(struct device *dev, int n_ports); extern struct ata_host *ata_host_alloc_pinfo(struct device *dev, const struct ata_port_info * const * ppi, int n_ports); extern void ata_host_get(struct ata_host *host);
Commit f31871951b38 ("libata: separate out ata_host_alloc() and ata_host_register()") added ata_host_alloc(), where the API allowed a LLD to overallocate the number of ports supplied to ata_host_alloc(), as long as the LLD decreased host->n_ports before calling ata_host_register(). However, this functionally has never ever been used by a single LLD. Because of the current API design, the assignment of ap->print_id is deferred until registration time, which is bad, because that means that the ata_port_*() print functions cannot be used by a LLD until after registration time, which means that a LLD is forced to use a print function that is non-port specific, even for a port specific error. Remove the support for decreasing the number of ports, such that it will be possible to assign ap->print_id earlier. Signed-off-by: Niklas Cassel <cassel@kernel.org> --- drivers/ata/libata-core.c | 24 ++++++++++-------------- include/linux/libata.h | 2 +- 2 files changed, 11 insertions(+), 15 deletions(-)