[RFC,1/4] HID: treat fixed up report as const

Message ID	20240730-hid-const-fixup-v1-1-f667f9a653ba@weissschuh.net (mailing list archive)
State	New
Delegated to:	Jiri Kosina
Headers	show Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8B6E145FEF; Tue, 30 Jul 2024 21:36:09 +0000 (UTC) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net> Date: Tue, 30 Jul 2024 23:35:57 +0200 Subject: [PATCH RFC 1/4] HID: treat fixed up report as const Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Message-Id: <20240730-hid-const-fixup-v1-1-f667f9a653ba@weissschuh.net> References: <20240730-hid-const-fixup-v1-0-f667f9a653ba@weissschuh.net> In-Reply-To: <20240730-hid-const-fixup-v1-0-f667f9a653ba@weissschuh.net> To: Jiri Kosina <jikos@kernel.org>, Benjamin Tissoires <bentiss@kernel.org> Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, =?utf-8?q?Tho?= =?utf-8?q?mas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Series	HID: constify static fixed up report descriptors \| expand [RFC,0/4] HID: constify static fixed up report descriptors [RFC,1/4] HID: treat fixed up report as const [RFC,2/4] HID: cmedia: directly return fixed up rdesc [RFC,3/4] HID: change return type of report_fixup() to const [RFC,4/4] HID: cmedia: constify fixed up report descriptor

Message ID

20240730-hid-const-fixup-v1-1-f667f9a653ba@weissschuh.net (mailing list archive)

State

New

Delegated to:

Jiri Kosina

Headers

From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Tue, 30 Jul 2024 23:35:57 +0200
Subject: [PATCH RFC 1/4] HID: treat fixed up report as const
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-Id: <20240730-hid-const-fixup-v1-1-f667f9a653ba@weissschuh.net>
References: <20240730-hid-const-fixup-v1-0-f667f9a653ba@weissschuh.net>
In-Reply-To: <20240730-hid-const-fixup-v1-0-f667f9a653ba@weissschuh.net>
To: Jiri Kosina <jikos@kernel.org>, Benjamin Tissoires <bentiss@kernel.org>
Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, =?utf-8?q?Tho?=
	=?utf-8?q?mas_Wei=C3=9Fschuh?= <linux@weissschuh.net>

Series

HID: constify static fixed up report descriptors | expand

Commit Message

Thomas Weißschuh July 30, 2024, 9:35 p.m. UTC

Prepare the HID core for the ->report_fixup() callback to return const
data. This will then allow the HID drivers to store their static reports
in read-only memory.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
---
 drivers/hid/hid-core.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Benjamin Tissoires July 31, 2024, 1:59 p.m. UTC | #1

On Jul 30 2024, Thomas Weißschuh wrote:
> Prepare the HID core for the ->report_fixup() callback to return const
> data. This will then allow the HID drivers to store their static reports
> in read-only memory.
> 
> Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
> ---
>  drivers/hid/hid-core.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> index 988d0acbdf04..dc233599ae56 100644
> --- a/drivers/hid/hid-core.c
> +++ b/drivers/hid/hid-core.c
> @@ -1203,6 +1203,7 @@ int hid_open_report(struct hid_device *device)
>  {
>  	struct hid_parser *parser;
>  	struct hid_item item;
> +	const __u8 *fixed_up;
>  	unsigned int size;
>  	__u8 *start;
>  	__u8 *buf;
> @@ -1232,11 +1233,11 @@ int hid_open_report(struct hid_device *device)
>  		return -ENOMEM;
>  
>  	if (device->driver->report_fixup)
> -		start = device->driver->report_fixup(device, buf, &size);
> +		fixed_up = device->driver->report_fixup(device, buf, &size);
>  	else
> -		start = buf;
> +		fixed_up = buf;
>  
> -	start = kmemdup(start, size, GFP_KERNEL);
> +	start = kmemdup(fixed_up, size, GFP_KERNEL);

I think that kmemdup makes all of your efforts pointless because from
now, there is no guarantees that the report descriptor is a const.

How about you also change the struct hid_device to have both .dev_rdesc
and .rdesc as const u8 *, and then also amend the function here so that
start and end are properly handled?

This will make a slightly bigger patch but at least the compiler should
then shout at us if we try to change the content of those buffers
outside of the authorized entry points.

Cheers,
Benjamin

>  	kfree(buf);
>  	if (start == NULL)
>  		return -ENOMEM;
> 
> -- 
> 2.45.2
>

Thomas Weißschuh Aug. 3, 2024, 12:30 p.m. UTC | #2

On 2024-07-31 15:59:21+0000, Benjamin Tissoires wrote:
> On Jul 30 2024, Thomas Weißschuh wrote:
> > Prepare the HID core for the ->report_fixup() callback to return const
> > data. This will then allow the HID drivers to store their static reports
> > in read-only memory.
> > 
> > Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
> > ---
> >  drivers/hid/hid-core.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> > 
> > diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> > index 988d0acbdf04..dc233599ae56 100644
> > --- a/drivers/hid/hid-core.c
> > +++ b/drivers/hid/hid-core.c
> > @@ -1203,6 +1203,7 @@ int hid_open_report(struct hid_device *device)
> >  {
> >  	struct hid_parser *parser;
> >  	struct hid_item item;
> > +	const __u8 *fixed_up;
> >  	unsigned int size;
> >  	__u8 *start;
> >  	__u8 *buf;
> > @@ -1232,11 +1233,11 @@ int hid_open_report(struct hid_device *device)
> >  		return -ENOMEM;
> >  
> >  	if (device->driver->report_fixup)
> > -		start = device->driver->report_fixup(device, buf, &size);
> > +		fixed_up = device->driver->report_fixup(device, buf, &size);
> >  	else
> > -		start = buf;
> > +		fixed_up = buf;
> >  
> > -	start = kmemdup(start, size, GFP_KERNEL);
> > +	start = kmemdup(fixed_up, size, GFP_KERNEL);
> 
> I think that kmemdup makes all of your efforts pointless because from
> now, there is no guarantees that the report descriptor is a const.

The patch was meant to clarify the API to driver authors, not to make
the HID core safer. So I think it would not be pointless :-)

> How about you also change the struct hid_device to have both .dev_rdesc
> and .rdesc as const u8 *, and then also amend the function here so that
> start and end are properly handled?
> 
> This will make a slightly bigger patch but at least the compiler should
> then shout at us if we try to change the content of those buffers
> outside of the authorized entry points.

That sounds indeed like the correct solution.
It also completely avoids to introduction of yet another variable.

> Cheers,
> Benjamin
> 
> >  	kfree(buf);
> >  	if (start == NULL)
> >  		return -ENOMEM;
> > 
> > -- 
> > 2.45.2
> >

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 988d0acbdf04..dc233599ae56 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1203,6 +1203,7 @@  int hid_open_report(struct hid_device *device)
 {
 	struct hid_parser *parser;
 	struct hid_item item;
+	const __u8 *fixed_up;
 	unsigned int size;
 	__u8 *start;
 	__u8 *buf;
@@ -1232,11 +1233,11 @@  int hid_open_report(struct hid_device *device)
 		return -ENOMEM;
 
 	if (device->driver->report_fixup)
-		start = device->driver->report_fixup(device, buf, &size);
+		fixed_up = device->driver->report_fixup(device, buf, &size);
 	else
-		start = buf;
+		fixed_up = buf;
 
-	start = kmemdup(start, size, GFP_KERNEL);
+	start = kmemdup(fixed_up, size, GFP_KERNEL);
 	kfree(buf);
 	if (start == NULL)
 		return -ENOMEM;

[RFC,1/4] HID: treat fixed up report as const

Commit Message

Comments

Patch