Re: [PATCH 5/5] debugfs: Add debugfs_create_const_str()

From: Greg KH
Date: Tue May 16 2023 - 12:38:45 EST

Next message: Dmitry Baryshkov: "Re: [PATCH 1/2] arm64: dts: qcom: sm8550-qrd: add PCIe0"
Previous message: Greg KH: "Re: [PATCH 5/5] debugfs: Add debugfs_create_const_str()"
In reply to: Greg KH: "Re: [PATCH 5/5] debugfs: Add debugfs_create_const_str()"
Next in thread: Richard Fitzgerald: "[PATCH 1/5] debugfs: Prevent NULL dereference reading from string property"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 16, 2023 at 05:07:53PM +0100, Richard Fitzgerald wrote:
> Add a wrapper for debugfs_create_str() that takes a const char **.
>
> It's never nice to have to cast a const pointer to a non-const to be
> able to pass it to an API. It always looks suspicious and it is relying
> on "knowing" that it's safe. A function that explicitly takes a const
> pointer is creating a contract that a const pointer is safe.
>
> Signed-off-by: Richard Fitzgerald <rf@xxxxxxxxxxxxxxxxxxxxx>
> ---
> include/linux/debugfs.h | 27 +++++++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h
> index ea2d919fd9c7..2723690aedd1 100644
> --- a/include/linux/debugfs.h
> +++ b/include/linux/debugfs.h
> @@ -401,4 +401,31 @@ static inline void debugfs_create_xul(const char *name, umode_t mode,
> debugfs_create_x64(name, mode, parent, (u64 *)value);
> }
>
> +/**
> + * debugfs_create_const_str - create a debugfs file that is used to read a string value
> + * @name: a pointer to a string containing the name of the file to create.
> + * @mode: the permission that the file should have
> + * @parent: a pointer to the parent dentry for this file. This should be a
> + * directory dentry if set. If this parameter is %NULL, then the
> + * file will be created in the root of the debugfs filesystem.
> + * @value: a pointer to the variable that the file should read from.
> + * The const char* pointer must not change, except from NULL to
> + * non-NULL.
> + *
> + * This function creates a file in debugfs with the given name that
> + * contains the value of the variable @value.
> + *
> + * The const char* pointed to by @value must not change after calling this
> + * function EXCEPT that it may change from NULL to non-NULL. This is to
> + * prevent the file read from accessing a stale pointer. A change from
> + * NULL to non-NULL is the only safe change, because the read will
> + * instantaneously see either NULL or the valid pointer.
> + */
> +static inline void debugfs_create_const_str(const char *name, umode_t mode,
> + struct dentry *parent,
> + const char **value)
> +{
> + debugfs_create_str(name, mode & ~0222, parent, (char **)value);
> +}

And you didn't include a version for when CONFIG_DEBUG_FS is not
enabled, which would cause anyone who used this function, to break the
build :(

thanks,

greg k-h

Next message: Dmitry Baryshkov: "Re: [PATCH 1/2] arm64: dts: qcom: sm8550-qrd: add PCIe0"
Previous message: Greg KH: "Re: [PATCH 5/5] debugfs: Add debugfs_create_const_str()"
In reply to: Greg KH: "Re: [PATCH 5/5] debugfs: Add debugfs_create_const_str()"
Next in thread: Richard Fitzgerald: "[PATCH 1/5] debugfs: Prevent NULL dereference reading from string property"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]