On Tue, Aug 01, 2023 at 02:54:45PM +0200, Takashi Iwai wrote:
> On Mon, 31 Jul 2023 21:40:20 +0200,
> Mark Brown wrote:
> > On Mon, Jul 31, 2023 at 09:30:29PM +0200, Takashi Iwai wrote:
> > > Mark Brown wrote:
> >
> > > > It really feels like we ought to rename, or add an alias for, the type
> > > > if we're going to start using it more widely - it's not helping to make
> > > > the code clearer.
> >
> > > That was my very first impression, too, but I changed my mind after
> > > seeing the already used code. An alias might work, either typedef or
> > > define genptr_t or such as sockptr_t. But we'll need to copy the
> > > bunch of helper functions, too...
> >
> > I would predict that if the type becomes more widely used that'll happen
> > eventually and the longer it's left the more work it'll be.
>
> That's true. The question is how more widely it'll be used, then.
>
> Is something like below what you had in mind, too?
I agree with your proposal (uniptr_t also works for me), but see below.
...
> +#include <linux/slab.h>
> +#include <linux/uaccess.h>
But let make the list of the headers right this time.
It seems to me that
err.h
minmax.h // maybe not, see a remark at the bottom
string.h
types.h
are missing.
More below.
...
> + void *p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN);
> +
> + if (!p)
> + return ERR_PTR(-ENOMEM);
This can use cleanup.h.
> + if (copy_from_uniptr(p, src, len)) {
> + kfree(p);
> + return ERR_PTR(-EFAULT);
> + }
> + return p;
> +}
> +
> +static inline void *memdup_uniptr_nul(uniptr_t src, size_t len)
> +{
> + char *p = kmalloc_track_caller(len + 1, GFP_KERNEL);
Ditto.
> + if (!p)
> + return ERR_PTR(-ENOMEM);
> + if (copy_from_uniptr(p, src, len)) {
> + kfree(p);
> + return ERR_PTR(-EFAULT);
> + }
> + p[len] = '\0';
> + return p;
> +}
...
> +static inline long strncpy_from_uniptr(char *dst, uniptr_t src, size_t count)
> +{
> + if (uniptr_is_kernel(src)) {
> + size_t len = min(strnlen(src.kernel, count - 1) + 1, count);
I didn't get why do we need min()? To check the count == 0 case?
Wouldn't
size_t len;
len = strnlen(src.kernel, count);
if (len == 0)
return 0;
/* Copy a trailing NUL if found */
if (len < count)
len++;
be a good equivalent?
> + memcpy(dst, src.kernel, len);
> + return len;
> + }
> + return strncpy_from_user(dst, src.user, count);
> +}
...
> +static inline int check_zeroed_uniptr(uniptr_t src, size_t offset, size_t
> size)
> +{
> + if (!uniptr_is_kernel(src))
Why not to align all the functions to use same conditional (either always
positive or negative)?
> + return check_zeroed_user(src.user + offset, size);
> + return memchr_inv(src.kernel + offset, 0, size) == NULL;
> +}
...
Taking all remarks into account I would rather go with sockptr.h being
untouched for now, just a big
/* DO NOT USE, it's obsolete, use uniptr.h instead! */
to be added.
--
With Best Regards,
Andy Shevchenko
