From: Arnd Bergmann on
On Friday 02 July 2010 17:45:18 Chris Metcalf wrote:
>
> This change reflects some feedback from Arnd Bergmann, and also
> fixes a compat issue by removing the requirement that the cpumask
> pointer passed to the ioctl point to memory whose size is a
> multiple of sizeof(long), since that is awkward when userspace
> has a different sizeof(long).
>
> The compat_ptr() declaration was fixed and used to pass the
> compat_ioctl argument to the normal ioctl. So far we limit compat
> code to 2GB, so the difference between zero-extend and sign-extend
> (the latter being correct, eventually) had been overlooked.
>
> Remove the file_to_hardwall() abstractions since they're not
> really needed.

Looks good.

> In addition, use <linux/list_types.h> to simplify hardwall code.
> Instead of using a bogus hardwall_list type, we can now use
> the proper list_head type directly.

It sounds like this is now ending up in linux/types.h,
so you'll have to change that again.

> Signed-off-by: Chris Metcalf <cmetcalf(a)tilera.com>

Acked-by: Arnd Bergmann <arnd(a)arndb.de>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Paul Mundt on
On Fri, Jul 02, 2010 at 11:45:18AM -0400, Chris Metcalf wrote:
> #define for_each_hardwall_task_safe(pos, n, head) \
> - hardwall_for_each_entry_safe(pos, n, head, thread.hardwall_list)
> + list_for_each_entry_safe(pos, n, head, thread.hardwall_list)
>
If you've killed off the rest of the wrappers due to them not really
having to do anything special, you could do the same for this one, too.

> static struct hardwall_info *hardwall_create(
> - size_t size, const unsigned long __user *bits)
> + size_t size, const unsigned char __user *bits)
> {
> struct hardwall_info *iter, *rect;
> struct cpumask mask;
> unsigned long flags;
> - int rc, cpu, maxcpus = smp_height * smp_width;
> + int rc;
>
> - /* If "size" is not a multiple of long, it's invalid. */
> - if (size % sizeof(long))
> + /* Reject crazy sizes out of hand, a la sys_mbind(). */
> + if (size > PAGE_SIZE)
> return ERR_PTR(-EINVAL);
>
Does it even make any sense to accept > sizeof(struct cpumask) ? Your
case below obviously handles this by making sure the rest of the bits are
zeroed, but that still seems a bit excessive. If anything, the
sizeof(struct cpumask) should be your worst case (or just rejected out of
hand), and you could use cpumask_size() for everything else.

> - /* Validate that all the bits we are given fit in our coordinates. */
> - cpumask_clear(&mask);
> - for (cpu = 0; size > 0; ++bits, size -= sizeof(long)) {
> - int i;
> - unsigned long m;
> - if (get_user(m, bits) != 0)
> - return ERR_PTR(-EFAULT);
> - for (i = 0; i < BITS_PER_LONG; ++i, ++cpu)
> - if (m & (1UL << i)) {
> - if (cpu >= maxcpus)
> - return ERR_PTR(-EINVAL);
> - cpumask_set_cpu(cpu, &mask);
> - }
> + /* Copy whatever fits into a cpumask. */
> + if (copy_from_user(&mask, bits, min(sizeof(struct cpumask), size)))
> + return ERR_PTR(-EFAULT);
> +
> + /*
> + * If the size was short, clear the rest of the mask;
> + * otherwise validate that the rest of the user mask was zero
> + * (we don't try hard to be efficient when validating huge masks).
> + */
> + if (size < sizeof(struct cpumask)) {
> + memset((char *)&mask + size, 0, sizeof(struct cpumask) - size);
> + } else if (size > sizeof(struct cpumask)) {
> + size_t i;
> + for (i = sizeof(struct cpumask); i < size; ++i) {
> + char c;
> + if (get_user(c, &bits[i]))
> + return ERR_PTR(-EFAULT);
> + if (c)
> + return ERR_PTR(-EINVAL);
> + }
> }
>
Surely you can just replace all of this with cpumask_parse_user()?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Chris Metcalf on
On 7/3/2010 11:57 PM, Paul Mundt wrote:
> On Fri, Jul 02, 2010 at 11:45:18AM -0400, Chris Metcalf wrote:
>
>> #define for_each_hardwall_task_safe(pos, n, head) \
>> - hardwall_for_each_entry_safe(pos, n, head, thread.hardwall_list)
>> + list_for_each_entry_safe(pos, n, head, thread.hardwall_list)
>>
>>
> If you've killed off the rest of the wrappers due to them not really
> having to do anything special, you could do the same for this one, too.
>

Good point, thanks. Done.

>> static struct hardwall_info *hardwall_create(
>> - size_t size, const unsigned long __user *bits)
>> + size_t size, const unsigned char __user *bits)
>> {
>> [...]
>>
>>
> Does it even make any sense to accept > sizeof(struct cpumask) ? Your
> case below obviously handles this by making sure the rest of the bits are
> zeroed, but that still seems a bit excessive. If anything, the
> sizeof(struct cpumask) should be your worst case (or just rejected out of
> hand), and you could use cpumask_size() for everything else.
>

Yes, it does make sense; see get_nodes() in mm/mempolicy.c for a similar
API philosophy. The idea is that you don't want to tie userspace code
to the particular NR_CPUS that you happened to build your kernel with.
So you let userspace use any reasonable value for its bitmask, and as
long as it's passing zeroes for the >NR_CPUS positions, that's OK.

cpumask_parse_user() won't help here, since we're not parsing an ASCII
string input. The main flow is just a copy_from_user() for the bits in
the mask, then an optional memset() if the user specified fewer than
NR_CPUS cpus, or a scan to check for set bits if the user specified more
than NR_CPUS cpus.

--
Chris Metcalf, Tilera Corp.
http://www.tilera.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/