| Message ID | 20230516160753.32317-6-rf@opensource.cirrus.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp543353vqo;
Tue, 16 May 2023 09:11:28 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ5Y27rBA89CNha5E6r2jKFxp4uhWajUlzFetC6n0KO/7Pf5M+NJOQuMTz03cXR5wjON2tzD
X-Received: by 2002:a05:6808:1888:b0:396:e69:c624 with SMTP id
bi8-20020a056808188800b003960e69c624mr3994812oib.33.1684253488129;
Tue, 16 May 2023 09:11:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1684253488; cv=none;
d=google.com; s=arc-20160816;
b=Uy8XK0Gw0VJnEGhC0130pCClVmOdumZzUoMINXIsshLx6YxtDYoaJLvYmRPNeVj5jt
EZj+22gS2ZH9KNZtHs6SZLjWXtSlmjZc7JkQ5fA8au4RN50iXl7GIDLBNzFpXsliVDwV
K1Y4r1glN625983f7qDmQzYkiXEFag5hd7tcmiFdbW1KDB4IYLFYKK5bDt69kUr0qp1U
VFVJxrKezYKTavHH2NaTFUr9G7l4PHWfTus2B3WLJb2LxP4VQQ6fcvihfQMuBAmpdohO
pao8DObIcLbTBQsQS27tpbo/Vw7CBSPzUKeP026yTxQ57Vxsc1CZZEyQ7DQf1XvsNmpi
jyOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=NFIjHQw+dqpTNYvDnYxYQW3RAgGogay2/AQ3zCJQwvE=;
b=AEyRs41r01iegMQwDubg9E+Ov+KH51T1S/I2Pion1f+dLq7yZ+568qw56erxRDtBHQ
m+mtMs85ia8LUqghekLERUt9IIb53usqdMlyu4lbTQrjxhKj3oXXVIkL/xQVQM11NZjV
X3JhSIguDw/LxgHNO5WmIuOS7GnuFB1dVGDlkKxs3yBN44SKLdoXrcyHirwzUSGtn6LB
HT697d3NzqRQbbfAybMgSJhNsk8L6Lw6ROKq5YJMG2nLzaRl65kgz8tYSZKLAkGHdEfa
yT6rotpSxXGS9teFjZANcRllDRr27ILjvOXPiM4hVi6su+2P2qvCkViuLiDmj9jMkCGW
KTqQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@cirrus.com header.s=PODMain02222019
header.b=ldwvqhDo;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cirrus.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
fm7-20020a056808650700b003961d393f5dsi2329313oib.277.2023.05.16.09.11.14;
Tue, 16 May 2023 09:11:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@cirrus.com header.s=PODMain02222019
header.b=ldwvqhDo;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cirrus.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232585AbjEPQJc (ORCPT <rfc822;peekingduck44@gmail.com>
+ 99 others); Tue, 16 May 2023 12:09:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60622 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233643AbjEPQI6 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 16 May 2023 12:08:58 -0400
Received: from mx0b-001ae601.pphosted.com (mx0b-001ae601.pphosted.com
[67.231.152.168])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3303493FC
for <linux-kernel@vger.kernel.org>;
Tue, 16 May 2023 09:08:32 -0700 (PDT)
Received: from pps.filterd (m0077474.ppops.net [127.0.0.1])
by mx0b-001ae601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
34GFMCah029111;
Tue, 16 May 2023 11:08:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cirrus.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references : mime-version :
content-transfer-encoding : content-type; s=PODMain02222019;
bh=NFIjHQw+dqpTNYvDnYxYQW3RAgGogay2/AQ3zCJQwvE=;
b=ldwvqhDoaNVW8CPDVufWunIGvcwqF/CleVU+kYz0BKU1WRds8BiJyGJD46ryuoHqidxK
L0eDUrRqVhYtccuhW2M7blL4ezPA610EEFbrqanxcR/+HnqDc/jTF563nGzwxwzdsnKf
cnn/6tyeBnXr433shXDC54hs3bqVGyE11Uj52v9/ToL14fYwLXuzMIkw916QsyK5XwQF
VglVDybjJJ0E33CeKriTyz7JGKSALpkR0r1zuCCy3TKdgRPRzKr7sg/O0r7waus/s4HC
bQhMhfFgaIzJh+Yk9hLpJv9CwyUMjKwxEH9PKYIkrWxy3DSmVhPOrnpHPUgexhyf54hP eA==
Received: from ediex01.ad.cirrus.com ([84.19.233.68])
by mx0b-001ae601.pphosted.com (PPS) with ESMTPS id 3qj6ymvnvm-5
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT);
Tue, 16 May 2023 11:08:00 -0500
Received: from ediex02.ad.cirrus.com (198.61.84.81) by ediex01.ad.cirrus.com
(198.61.84.80) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 16 May
2023 11:07:57 -0500
Received: from ediswmail.ad.cirrus.com (198.61.86.93) by
anon-ediex02.ad.cirrus.com (198.61.84.81) with Microsoft SMTP Server id
15.2.1118.26 via Frontend Transport; Tue, 16 May 2023 11:07:57 -0500
Received: from EDIN4L06LR3.ad.cirrus.com (EDIN4L06LR3.ad.cirrus.com
[198.61.64.66])
by ediswmail.ad.cirrus.com (Postfix) with ESMTP id 50D16B38;
Tue, 16 May 2023 16:07:57 +0000 (UTC)
From: Richard Fitzgerald <rf@opensource.cirrus.com>
To: <gregkh@linuxfoundation.org>, <rafael@kernel.org>
CC: <linux-kernel@vger.kernel.org>, <patches@opensource.cirrus.com>,
Richard Fitzgerald <rf@opensource.cirrus.com>
Subject: [PATCH 5/5] debugfs: Add debugfs_create_const_str()
Date: Tue, 16 May 2023 17:07:53 +0100
Message-ID: <20230516160753.32317-6-rf@opensource.cirrus.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20230516160753.32317-1-rf@opensource.cirrus.com>
References: <20230516160753.32317-1-rf@opensource.cirrus.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: rzWXC6kM24RH8ev80R6c-1h1eGlYdk9q
X-Proofpoint-ORIG-GUID: rzWXC6kM24RH8ev80R6c-1h1eGlYdk9q
X-Proofpoint-Spam-Reason: safe
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,
T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1766067785537483183?=
X-GMAIL-MSGID: =?utf-8?q?1766067785537483183?=
|
| Series |
debugfs: Fixes and improvements to debugfs_create_str()
|
|
Commit Message
Richard Fitzgerald
May 16, 2023, 4:07 p.m. UTC
Add a wrapper for debugfs_create_str() that takes a const char **.
It's never nice to have to cast a const pointer to a non-const to be
able to pass it to an API. It always looks suspicious and it is relying
on "knowing" that it's safe. A function that explicitly takes a const
pointer is creating a contract that a const pointer is safe.
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
---
include/linux/debugfs.h | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
Comments
On Tue, May 16, 2023 at 05:07:53PM +0100, Richard Fitzgerald wrote: > Add a wrapper for debugfs_create_str() that takes a const char **. > > It's never nice to have to cast a const pointer to a non-const to be > able to pass it to an API. It always looks suspicious and it is relying > on "knowing" that it's safe. A function that explicitly takes a const > pointer is creating a contract that a const pointer is safe. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- > include/linux/debugfs.h | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h > index ea2d919fd9c7..2723690aedd1 100644 > --- a/include/linux/debugfs.h > +++ b/include/linux/debugfs.h > @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, > debugfs_create_x64(name, mode, parent, (u64 *)value); > } > > +/** > + * debugfs_create_const_str - create a debugfs file that is used to read a string value > + * @name: a pointer to a string containing the name of the file to create. > + * @mode: the permission that the file should have > + * @parent: a pointer to the parent dentry for this file. This should be a > + * directory dentry if set. If this parameter is %NULL, then the > + * file will be created in the root of the debugfs filesystem. > + * @value: a pointer to the variable that the file should read from. > + * The const char* pointer must not change, except from NULL to > + * non-NULL. > + * > + * This function creates a file in debugfs with the given name that > + * contains the value of the variable @value. > + * > + * The const char* pointed to by @value must not change after calling this > + * function EXCEPT that it may change from NULL to non-NULL. This is to > + * prevent the file read from accessing a stale pointer. A change from > + * NULL to non-NULL is the only safe change, because the read will > + * instantaneously see either NULL or the valid pointer. > + */ > +static inline void debugfs_create_const_str(const char *name, umode_t mode, > + struct dentry *parent, > + const char **value) > +{ > + debugfs_create_str(name, mode & ~0222, parent, (char **)value); You just "know" it's safe to do this? There is nothing in debugfs_create_str() that would prevent future changes from violating the "const" here, which makes this very unsafe to maintain over time. This feels backwards, why not make debugfs_create_str() take the const pointer instead? thanks, greg k-h
On Tue, May 16, 2023 at 05:07:53PM +0100, Richard Fitzgerald wrote: > Add a wrapper for debugfs_create_str() that takes a const char **. > > It's never nice to have to cast a const pointer to a non-const to be > able to pass it to an API. It always looks suspicious and it is relying > on "knowing" that it's safe. A function that explicitly takes a const > pointer is creating a contract that a const pointer is safe. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- > include/linux/debugfs.h | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h > index ea2d919fd9c7..2723690aedd1 100644 > --- a/include/linux/debugfs.h > +++ b/include/linux/debugfs.h > @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, > debugfs_create_x64(name, mode, parent, (u64 *)value); > } > > +/** > + * debugfs_create_const_str - create a debugfs file that is used to read a string value > + * @name: a pointer to a string containing the name of the file to create. > + * @mode: the permission that the file should have > + * @parent: a pointer to the parent dentry for this file. This should be a > + * directory dentry if set. If this parameter is %NULL, then the > + * file will be created in the root of the debugfs filesystem. > + * @value: a pointer to the variable that the file should read from. > + * The const char* pointer must not change, except from NULL to > + * non-NULL. > + * > + * This function creates a file in debugfs with the given name that > + * contains the value of the variable @value. > + * > + * The const char* pointed to by @value must not change after calling this > + * function EXCEPT that it may change from NULL to non-NULL. This is to > + * prevent the file read from accessing a stale pointer. A change from > + * NULL to non-NULL is the only safe change, because the read will > + * instantaneously see either NULL or the valid pointer. > + */ > +static inline void debugfs_create_const_str(const char *name, umode_t mode, > + struct dentry *parent, > + const char **value) > +{ > + debugfs_create_str(name, mode & ~0222, parent, (char **)value); > +} Also, we need a user of the new function in order to be able to add it, otherwise I'll just delete it eventually :) thanks, greg k-h
On Tue, May 16, 2023 at 05:07:53PM +0100, Richard Fitzgerald wrote: > Add a wrapper for debugfs_create_str() that takes a const char **. > > It's never nice to have to cast a const pointer to a non-const to be > able to pass it to an API. It always looks suspicious and it is relying > on "knowing" that it's safe. A function that explicitly takes a const > pointer is creating a contract that a const pointer is safe. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- > include/linux/debugfs.h | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h > index ea2d919fd9c7..2723690aedd1 100644 > --- a/include/linux/debugfs.h > +++ b/include/linux/debugfs.h > @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, > debugfs_create_x64(name, mode, parent, (u64 *)value); > } > > +/** > + * debugfs_create_const_str - create a debugfs file that is used to read a string value > + * @name: a pointer to a string containing the name of the file to create. > + * @mode: the permission that the file should have > + * @parent: a pointer to the parent dentry for this file. This should be a > + * directory dentry if set. If this parameter is %NULL, then the > + * file will be created in the root of the debugfs filesystem. > + * @value: a pointer to the variable that the file should read from. > + * The const char* pointer must not change, except from NULL to > + * non-NULL. > + * > + * This function creates a file in debugfs with the given name that > + * contains the value of the variable @value. > + * > + * The const char* pointed to by @value must not change after calling this > + * function EXCEPT that it may change from NULL to non-NULL. This is to > + * prevent the file read from accessing a stale pointer. A change from > + * NULL to non-NULL is the only safe change, because the read will > + * instantaneously see either NULL or the valid pointer. > + */ > +static inline void debugfs_create_const_str(const char *name, umode_t mode, > + struct dentry *parent, > + const char **value) > +{ > + debugfs_create_str(name, mode & ~0222, parent, (char **)value); > +} And you didn't include a version for when CONFIG_DEBUG_FS is not enabled, which would cause anyone who used this function, to break the build :( thanks, greg k-h
diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h index ea2d919fd9c7..2723690aedd1 100644 --- a/include/linux/debugfs.h +++ b/include/linux/debugfs.h @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode, debugfs_create_x64(name, mode, parent, (u64 *)value); } +/** + * debugfs_create_const_str - create a debugfs file that is used to read a string value + * @name: a pointer to a string containing the name of the file to create. + * @mode: the permission that the file should have + * @parent: a pointer to the parent dentry for this file. This should be a + * directory dentry if set. If this parameter is %NULL, then the + * file will be created in the root of the debugfs filesystem. + * @value: a pointer to the variable that the file should read from. + * The const char* pointer must not change, except from NULL to + * non-NULL. + * + * This function creates a file in debugfs with the given name that + * contains the value of the variable @value. + * + * The const char* pointed to by @value must not change after calling this + * function EXCEPT that it may change from NULL to non-NULL. This is to + * prevent the file read from accessing a stale pointer. A change from + * NULL to non-NULL is the only safe change, because the read will + * instantaneously see either NULL or the valid pointer. + */ +static inline void debugfs_create_const_str(const char *name, umode_t mode, + struct dentry *parent, + const char **value) +{ + debugfs_create_str(name, mode & ~0222, parent, (char **)value); +} + #endif