Message ID | 20230516160753.32317-6-rf@opensource.cirrus.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp543353vqo; Tue, 16 May 2023 09:11:28 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5Y27rBA89CNha5E6r2jKFxp4uhWajUlzFetC6n0KO/7Pf5M+NJOQuMTz03cXR5wjON2tzD X-Received: by 2002:a05:6808:1888:b0:396:e69:c624 with SMTP id bi8-20020a056808188800b003960e69c624mr3994812oib.33.1684253488129; Tue, 16 May 2023 09:11:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684253488; cv=none; d=google.com; s=arc-20160816; b=Uy8XK0Gw0VJnEGhC0130pCClVmOdumZzUoMINXIsshLx6YxtDYoaJLvYmRPNeVj5jt EZj+22gS2ZH9KNZtHs6SZLjWXtSlmjZc7JkQ5fA8au4RN50iXl7GIDLBNzFpXsliVDwV K1Y4r1glN625983f7qDmQzYkiXEFag5hd7tcmiFdbW1KDB4IYLFYKK5bDt69kUr0qp1U VFVJxrKezYKTavHH2NaTFUr9G7l4PHWfTus2B3WLJb2LxP4VQQ6fcvihfQMuBAmpdohO pao8DObIcLbTBQsQS27tpbo/Vw7CBSPzUKeP026yTxQ57Vxsc1CZZEyQ7DQf1XvsNmpi jyOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NFIjHQw+dqpTNYvDnYxYQW3RAgGogay2/AQ3zCJQwvE=; b=AEyRs41r01iegMQwDubg9E+Ov+KH51T1S/I2Pion1f+dLq7yZ+568qw56erxRDtBHQ m+mtMs85ia8LUqghekLERUt9IIb53usqdMlyu4lbTQrjxhKj3oXXVIkL/xQVQM11NZjV X3JhSIguDw/LxgHNO5WmIuOS7GnuFB1dVGDlkKxs3yBN44SKLdoXrcyHirwzUSGtn6LB HT697d3NzqRQbbfAybMgSJhNsk8L6Lw6ROKq5YJMG2nLzaRl65kgz8tYSZKLAkGHdEfa yT6rotpSxXGS9teFjZANcRllDRr27ILjvOXPiM4hVi6su+2P2qvCkViuLiDmj9jMkCGW KTqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cirrus.com header.s=PODMain02222019 header.b=ldwvqhDo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cirrus.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fm7-20020a056808650700b003961d393f5dsi2329313oib.277.2023.05.16.09.11.14; Tue, 16 May 2023 09:11:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cirrus.com header.s=PODMain02222019 header.b=ldwvqhDo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cirrus.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232585AbjEPQJc (ORCPT <rfc822;peekingduck44@gmail.com> + 99 others); Tue, 16 May 2023 12:09:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60622 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233643AbjEPQI6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 16 May 2023 12:08:58 -0400 Received: from mx0b-001ae601.pphosted.com (mx0b-001ae601.pphosted.com [67.231.152.168]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3303493FC for <linux-kernel@vger.kernel.org>; Tue, 16 May 2023 09:08:32 -0700 (PDT) Received: from pps.filterd (m0077474.ppops.net [127.0.0.1]) by mx0b-001ae601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34GFMCah029111; Tue, 16 May 2023 11:08:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cirrus.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=PODMain02222019; bh=NFIjHQw+dqpTNYvDnYxYQW3RAgGogay2/AQ3zCJQwvE=; b=ldwvqhDoaNVW8CPDVufWunIGvcwqF/CleVU+kYz0BKU1WRds8BiJyGJD46ryuoHqidxK L0eDUrRqVhYtccuhW2M7blL4ezPA610EEFbrqanxcR/+HnqDc/jTF563nGzwxwzdsnKf cnn/6tyeBnXr433shXDC54hs3bqVGyE11Uj52v9/ToL14fYwLXuzMIkw916QsyK5XwQF VglVDybjJJ0E33CeKriTyz7JGKSALpkR0r1zuCCy3TKdgRPRzKr7sg/O0r7waus/s4HC bQhMhfFgaIzJh+Yk9hLpJv9CwyUMjKwxEH9PKYIkrWxy3DSmVhPOrnpHPUgexhyf54hP eA== Received: from ediex01.ad.cirrus.com ([84.19.233.68]) by mx0b-001ae601.pphosted.com (PPS) with ESMTPS id 3qj6ymvnvm-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 16 May 2023 11:08:00 -0500 Received: from ediex02.ad.cirrus.com (198.61.84.81) by ediex01.ad.cirrus.com (198.61.84.80) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 16 May 2023 11:07:57 -0500 Received: from ediswmail.ad.cirrus.com (198.61.86.93) by anon-ediex02.ad.cirrus.com (198.61.84.81) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 16 May 2023 11:07:57 -0500 Received: from EDIN4L06LR3.ad.cirrus.com (EDIN4L06LR3.ad.cirrus.com [198.61.64.66]) by ediswmail.ad.cirrus.com (Postfix) with ESMTP id 50D16B38; Tue, 16 May 2023 16:07:57 +0000 (UTC) From: Richard Fitzgerald <rf@opensource.cirrus.com> To: <gregkh@linuxfoundation.org>, <rafael@kernel.org> CC: <linux-kernel@vger.kernel.org>, <patches@opensource.cirrus.com>, Richard Fitzgerald <rf@opensource.cirrus.com> Subject: [PATCH 5/5] debugfs: Add debugfs_create_const_str() Date: Tue, 16 May 2023 17:07:53 +0100 Message-ID: <20230516160753.32317-6-rf@opensource.cirrus.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230516160753.32317-1-rf@opensource.cirrus.com> References: <20230516160753.32317-1-rf@opensource.cirrus.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: rzWXC6kM24RH8ev80R6c-1h1eGlYdk9q X-Proofpoint-ORIG-GUID: rzWXC6kM24RH8ev80R6c-1h1eGlYdk9q X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766067785537483183?= X-GMAIL-MSGID: =?utf-8?q?1766067785537483183?= |
Series |
debugfs: Fixes and improvements to debugfs_create_str()
|
|
Commit Message
Richard Fitzgerald
May 16, 2023, 4:07 p.m. UTC
Add a wrapper for debugfs_create_str() that takes a const char **.
It's never nice to have to cast a const pointer to a non-const to be
able to pass it to an API. It always looks suspicious and it is relying
on "knowing" that it's safe. A function that explicitly takes a const
pointer is creating a contract that a const pointer is safe.
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
---
include/linux/debugfs.h | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
Comments
On Tue, May 16, 2023 at 05:07:53PM +0100, Richard Fitzgerald wrote: > Add a wrapper for debugfs_create_str() that takes a const char **. > > It's never nice to have to cast a const pointer to a non-const to be > able to pass it to an API. It always looks suspicious and it is relying > on "knowing" that it's safe. A function that explicitly takes a const > pointer is creating a contract that a const pointer is safe. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- > include/linux/debugfs.h | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h > index ea2d919fd9c7..2723690aedd1 100644 > --- a/include/linux/debugfs.h > +++ b/include/linux/debugfs.h > @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, > debugfs_create_x64(name, mode, parent, (u64 *)value); > } > > +/** > + * debugfs_create_const_str - create a debugfs file that is used to read a string value > + * @name: a pointer to a string containing the name of the file to create. > + * @mode: the permission that the file should have > + * @parent: a pointer to the parent dentry for this file. This should be a > + * directory dentry if set. If this parameter is %NULL, then the > + * file will be created in the root of the debugfs filesystem. > + * @value: a pointer to the variable that the file should read from. > + * The const char* pointer must not change, except from NULL to > + * non-NULL. > + * > + * This function creates a file in debugfs with the given name that > + * contains the value of the variable @value. > + * > + * The const char* pointed to by @value must not change after calling this > + * function EXCEPT that it may change from NULL to non-NULL. This is to > + * prevent the file read from accessing a stale pointer. A change from > + * NULL to non-NULL is the only safe change, because the read will > + * instantaneously see either NULL or the valid pointer. > + */ > +static inline void debugfs_create_const_str(const char *name, umode_t mode, > + struct dentry *parent, > + const char **value) > +{ > + debugfs_create_str(name, mode & ~0222, parent, (char **)value); You just "know" it's safe to do this? There is nothing in debugfs_create_str() that would prevent future changes from violating the "const" here, which makes this very unsafe to maintain over time. This feels backwards, why not make debugfs_create_str() take the const pointer instead? thanks, greg k-h
On Tue, May 16, 2023 at 05:07:53PM +0100, Richard Fitzgerald wrote: > Add a wrapper for debugfs_create_str() that takes a const char **. > > It's never nice to have to cast a const pointer to a non-const to be > able to pass it to an API. It always looks suspicious and it is relying > on "knowing" that it's safe. A function that explicitly takes a const > pointer is creating a contract that a const pointer is safe. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- > include/linux/debugfs.h | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h > index ea2d919fd9c7..2723690aedd1 100644 > --- a/include/linux/debugfs.h > +++ b/include/linux/debugfs.h > @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, > debugfs_create_x64(name, mode, parent, (u64 *)value); > } > > +/** > + * debugfs_create_const_str - create a debugfs file that is used to read a string value > + * @name: a pointer to a string containing the name of the file to create. > + * @mode: the permission that the file should have > + * @parent: a pointer to the parent dentry for this file. This should be a > + * directory dentry if set. If this parameter is %NULL, then the > + * file will be created in the root of the debugfs filesystem. > + * @value: a pointer to the variable that the file should read from. > + * The const char* pointer must not change, except from NULL to > + * non-NULL. > + * > + * This function creates a file in debugfs with the given name that > + * contains the value of the variable @value. > + * > + * The const char* pointed to by @value must not change after calling this > + * function EXCEPT that it may change from NULL to non-NULL. This is to > + * prevent the file read from accessing a stale pointer. A change from > + * NULL to non-NULL is the only safe change, because the read will > + * instantaneously see either NULL or the valid pointer. > + */ > +static inline void debugfs_create_const_str(const char *name, umode_t mode, > + struct dentry *parent, > + const char **value) > +{ > + debugfs_create_str(name, mode & ~0222, parent, (char **)value); > +} Also, we need a user of the new function in order to be able to add it, otherwise I'll just delete it eventually :) thanks, greg k-h
On Tue, May 16, 2023 at 05:07:53PM +0100, Richard Fitzgerald wrote: > Add a wrapper for debugfs_create_str() that takes a const char **. > > It's never nice to have to cast a const pointer to a non-const to be > able to pass it to an API. It always looks suspicious and it is relying > on "knowing" that it's safe. A function that explicitly takes a const > pointer is creating a contract that a const pointer is safe. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- > include/linux/debugfs.h | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h > index ea2d919fd9c7..2723690aedd1 100644 > --- a/include/linux/debugfs.h > +++ b/include/linux/debugfs.h > @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, > debugfs_create_x64(name, mode, parent, (u64 *)value); > } > > +/** > + * debugfs_create_const_str - create a debugfs file that is used to read a string value > + * @name: a pointer to a string containing the name of the file to create. > + * @mode: the permission that the file should have > + * @parent: a pointer to the parent dentry for this file. This should be a > + * directory dentry if set. If this parameter is %NULL, then the > + * file will be created in the root of the debugfs filesystem. > + * @value: a pointer to the variable that the file should read from. > + * The const char* pointer must not change, except from NULL to > + * non-NULL. > + * > + * This function creates a file in debugfs with the given name that > + * contains the value of the variable @value. > + * > + * The const char* pointed to by @value must not change after calling this > + * function EXCEPT that it may change from NULL to non-NULL. This is to > + * prevent the file read from accessing a stale pointer. A change from > + * NULL to non-NULL is the only safe change, because the read will > + * instantaneously see either NULL or the valid pointer. > + */ > +static inline void debugfs_create_const_str(const char *name, umode_t mode, > + struct dentry *parent, > + const char **value) > +{ > + debugfs_create_str(name, mode & ~0222, parent, (char **)value); > +} And you didn't include a version for when CONFIG_DEBUG_FS is not enabled, which would cause anyone who used this function, to break the build :( thanks, greg k-h
diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h index ea2d919fd9c7..2723690aedd1 100644 --- a/include/linux/debugfs.h +++ b/include/linux/debugfs.h @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, debugfs_create_x64(name, mode, parent, (u64 *)value); } +/** + * debugfs_create_const_str - create a debugfs file that is used to read a string value + * @name: a pointer to a string containing the name of the file to create. + * @mode: the permission that the file should have + * @parent: a pointer to the parent dentry for this file. This should be a + * directory dentry if set. If this parameter is %NULL, then the + * file will be created in the root of the debugfs filesystem. + * @value: a pointer to the variable that the file should read from. + * The const char* pointer must not change, except from NULL to + * non-NULL. + * + * This function creates a file in debugfs with the given name that + * contains the value of the variable @value. + * + * The const char* pointed to by @value must not change after calling this + * function EXCEPT that it may change from NULL to non-NULL. This is to + * prevent the file read from accessing a stale pointer. A change from + * NULL to non-NULL is the only safe change, because the read will + * instantaneously see either NULL or the valid pointer. + */ +static inline void debugfs_create_const_str(const char *name, umode_t mode, + struct dentry *parent, + const char **value) +{ + debugfs_create_str(name, mode & ~0222, parent, (char **)value); +} + #endif