Re: [Intel PMC TGPIO Driver 1/5] drivers/ptp: Add Enhanced handling of reserve fields
From: Jacob Keller
Date: Fri Jan 31 2020 - 11:54:22 EST
On 12/11/2019 1:48 PM, christopher.s.hall@xxxxxxxxx wrote:
> From: Christopher Hall <christopher.s.hall@xxxxxxxxx>
>
> Add functions that parameterize checking and zeroing of reserve fields in
> ioctl arguments. Eliminates need to change this code when repurposing
> reserve fields.
>
Nice!
> Signed-off-by: Christopher Hall <christopher.s.hall@xxxxxxxxx>
> ---
> drivers/ptp/ptp_chardev.c | 60 +++++++++++++++++++++------------------
> 1 file changed, 33 insertions(+), 27 deletions(-)
>
> diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c
> index 9d72ab593f13..f9ad6df57fa5 100644
> --- a/drivers/ptp/ptp_chardev.c
> +++ b/drivers/ptp/ptp_chardev.c
> @@ -12,6 +12,7 @@
> #include <linux/timekeeping.h>
>
> #include <linux/nospec.h>
> +#include <linux/string.h>
>
> #include "ptp_private.h"
>
> @@ -106,6 +107,28 @@ int ptp_open(struct posix_clock *pc, fmode_t fmode)
> return 0;
> }
>
> +/* Returns -1 if any reserved fields are non-zero */
> +static inline int _check_rsv_field(unsigned int *field, size_t size)
> +{
> + unsigned int *iter;
> + int ret = 0;
> +
> + for (iter = field; iter < field+size && ret == 0; ++iter)
> + ret = *iter == 0 ? 0 : -1;
> +
> + return ret;
> +}
> +#define check_rsv_field(field) _check_rsv_field(field, ARRAY_SIZE(field))
> +
This assumes that reserved fields will always be arrays. Seems like a
reasonable restriction to me.
Are the reserved fields always integers? Seems so. Ok.
> +static inline void _zero_rsv_field(unsigned int *field, size_t size)
> +{
> + unsigned int *iter;
> +
> + for (iter = field; iter < field+size; ++iter)
> + *iter = 0;
> +}
> +#define zero_rsv_field(field) _zero_rsv_field(field, ARRAY_SIZE(field))
> +
> long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
> {
> struct ptp_clock *ptp = container_of(pc, struct ptp_clock, clock);
> @@ -154,7 +177,7 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
> req.extts.flags |= PTP_STRICT_FLAGS;
> /* Make sure no reserved bit is set. */
> if ((req.extts.flags & ~PTP_EXTTS_VALID_FLAGS) ||
> - req.extts.rsv[0] || req.extts.rsv[1]) {
> + check_rsv_field(req.extts.rsv)) {
> err = -EINVAL;
> break;
> }
> @@ -166,8 +189,7 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
> }
> } else if (cmd == PTP_EXTTS_REQUEST) {
> req.extts.flags &= PTP_EXTTS_V1_VALID_FLAGS;
> - req.extts.rsv[0] = 0;
> - req.extts.rsv[1] = 0;
> + zero_rsv_field(req.extts.rsv);
> }
> if (req.extts.index >= ops->n_ext_ts) {
> err = -EINVAL;
> @@ -188,17 +210,13 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
> break;
> }
> if (((req.perout.flags & ~PTP_PEROUT_VALID_FLAGS) ||
> - req.perout.rsv[0] || req.perout.rsv[1] ||
> - req.perout.rsv[2] || req.perout.rsv[3]) &&
> - cmd == PTP_PEROUT_REQUEST2) {
> + check_rsv_field(req.perout.rsv)) &&
> + cmd == PTP_PEROUT_REQUEST2) {
> err = -EINVAL;
> break;
> } else if (cmd == PTP_PEROUT_REQUEST) {
> req.perout.flags &= PTP_PEROUT_V1_VALID_FLAGS;
> - req.perout.rsv[0] = 0;
> - req.perout.rsv[1] = 0;
> - req.perout.rsv[2] = 0;
> - req.perout.rsv[3] = 0;
> + zero_rsv_field(req.perout.rsv);
> }
> if (req.perout.index >= ops->n_per_out) {
> err = -EINVAL;
> @@ -258,7 +276,7 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
> break;
> }
> if (extoff->n_samples > PTP_MAX_SAMPLES
> - || extoff->rsv[0] || extoff->rsv[1] || extoff->rsv[2]) {
> + || check_rsv_field(extoff->rsv)) {
> err = -EINVAL;
> break;
> }
> @@ -318,17 +336,11 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
> err = -EFAULT;
> break;
> }
> - if ((pd.rsv[0] || pd.rsv[1] || pd.rsv[2]
> - || pd.rsv[3] || pd.rsv[4])
> - && cmd == PTP_PIN_GETFUNC2) {
> + if (check_rsv_field(pd.rsv) && cmd == PTP_PIN_GETFUNC2) {
Not that it's a big deal, but I think this might read more clearly if
this was "cmd == PTP_PIN_GETFUNC2 && check_rsv_field(pd.rsv)"
Thanks,
Jake