[7/8] mtd: rawnand: qcom: Early structure initialization

Message ID	20230716144612.32132-8-miquel.raynal@bootlin.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-arm-kernel-bounces+lwn-linux-arm-kernel=archive.lwn.net@lists.infradead.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: Miquel Raynal <miquel.raynal@bootlin.com> Subject: [PATCH 7/8] mtd: rawnand: qcom: Early structure initialization Date: Sun, 16 Jul 2023 16:46:11 +0200 Message-Id: <20230716144612.32132-8-miquel.raynal@bootlin.com> In-Reply-To: <20230716144612.32132-1-miquel.raynal@bootlin.com> References: <20230716144612.32132-1-miquel.raynal@bootlin.com> MIME-Version: 1.0 List-Id: <linux-arm-kernel.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/> List-Post: <mailto:linux-arm-kernel@lists.infradead.org> List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+lwn-linux-arm-kernel=archive.lwn.net@lists.infradead.org List-Archive: <http://archive.lwn.net:8080/linux-arm-kernel/> To: Manivannan Sadhasivam <mani@kernel.org>, Md Sadre Alam <quic_mdalam@quicinc.com>, Sricharan Ramabadhran <quic_srichara@quicinc.com> Cc: Richard Weinberger <richard@nod.at>, Vignesh Raghavendra <vigneshr@ti.com>, Tudor Ambarus <tudor.ambarus@linaro.org>, Pratyush Yadav <pratyush@kernel.org>, Michael Walle <michael@walle.cc>, linux-mtd@lists.infradead.org, linux-arm-kernel@lists.infradead.org, Miquel Raynal <miquel.raynal@bootlin.com>
Series	mtd: rawnand: qcom: Misc fixes \| expand [0/8] mtd: rawnand: qcom: Misc fixes [1/8] mtd: rawnand: qcom: Use the BIT() macro [2/8] mtd: rawnand: qcom: Use u8 instead of uint8_t [3/8] mtd: rawnand: qcom: Fix alignment with open parenthesis [4/8] mtd: rawnand: qcom: Fix the spacing [5/8] mtd: rawnand: qcom: Fix wrong indentation [6/8] mtd: rawnand: qcom: Fix a typo [7/8] mtd: rawnand: qcom: Early structure initialization [8/8] mtd: rawnand: qcom: Fix address parsing within ->exec_op()

Miquel Raynal July 16, 2023, 2:46 p.m. UTC

Instead of allocating a structure on the stack with random data and then
expect the callee to perform the initialization (which is, in general,
error prone), prefer zeroing the structure explicitly at allocation and
provide the already zeroed area, so no explicit memset operation is
needed. It is probably safer to do so, so we limit the timeframe when
dirty data could actually be accessed by mistake.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
 drivers/mtd/nand/raw/qcom_nandc.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

Manivannan Sadhasivam July 17, 2023, 2:31 a.m. UTC | #1

On Sun, Jul 16, 2023 at 04:46:11PM +0200, Miquel Raynal wrote:
> Instead of allocating a structure on the stack with random data and then
> expect the callee to perform the initialization (which is, in general,
> error prone), prefer zeroing the structure explicitly at allocation and
> provide the already zeroed area, so no explicit memset operation is
> needed. It is probably safer to do so, so we limit the timeframe when
> dirty data could actually be accessed by mistake.
> 
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>

Acked-by: Manivannan Sadhasivam <mani@kernel.org>

- Mani

> ---
>  drivers/mtd/nand/raw/qcom_nandc.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c
> index cb6ccaa19224..4fc8dafa8f03 100644
> --- a/drivers/mtd/nand/raw/qcom_nandc.c
> +++ b/drivers/mtd/nand/raw/qcom_nandc.c
> @@ -2600,8 +2600,6 @@ static void qcom_parse_instructions(struct nand_chip *chip,
>  	unsigned int op_id;
>  	int i;
>  
> -	memset(q_op, 0, sizeof(*q_op));
> -
>  	for (op_id = 0; op_id < subop->ninstrs; op_id++) {
>  		unsigned int offset, naddrs;
>  		const u8 *addrs;
> @@ -2681,7 +2679,7 @@ static int qcom_read_status_exec(struct nand_chip *chip,
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
>  	struct nand_ecc_ctrl *ecc = &chip->ecc;
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	const struct nand_op_instr *instr = NULL;
>  	unsigned int op_id = 0;
>  	unsigned int len = 0;
> @@ -2744,7 +2742,7 @@ static int qcom_read_id_type_exec(struct nand_chip *chip, const struct nand_subo
>  {
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	const struct nand_op_instr *instr = NULL;
>  	unsigned int op_id = 0;
>  	unsigned int len = 0;
> @@ -2795,7 +2793,7 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub
>  {
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	int ret = 0;
>  
>  	qcom_parse_instructions(chip, subop, &q_op);
> @@ -2838,7 +2836,7 @@ static int qcom_param_page_type_exec(struct nand_chip *chip,  const struct nand_
>  {
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	const struct nand_op_instr *instr = NULL;
>  	unsigned int op_id = 0;
>  	unsigned int len = 0;
> @@ -2935,7 +2933,7 @@ static int qcom_erase_cmd_type_exec(struct nand_chip *chip, const struct nand_su
>  {
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	int ret = 0;
>  
>  	qcom_parse_instructions(chip, subop, &q_op);
> -- 
> 2.34.1
>

Tudor Ambarus July 27, 2023, 3:03 p.m. UTC | #2

On 7/16/23 15:46, Miquel Raynal wrote:
> Instead of allocating a structure on the stack with random data and then
> expect the callee to perform the initialization (which is, in general,
> error prone), prefer zeroing the structure explicitly at allocation and
> provide the already zeroed area, so no explicit memset operation is
> needed. It is probably safer to do so, so we limit the timeframe when
> dirty data could actually be accessed by mistake.

Why is zeroed data considered safe or sane?

Miquel Raynal July 27, 2023, 3:14 p.m. UTC | #3

Hi Tudor,

tudor.ambarus@linaro.org wrote on Thu, 27 Jul 2023 16:03:40 +0100:

> On 7/16/23 15:46, Miquel Raynal wrote:
> > Instead of allocating a structure on the stack with random data and then
> > expect the callee to perform the initialization (which is, in general,
> > error prone), prefer zeroing the structure explicitly at allocation and
> > provide the already zeroed area, so no explicit memset operation is
> > needed. It is probably safer to do so, so we limit the timeframe when
> > dirty data could actually be accessed by mistake.  
> 
> Why is zeroed data considered safe or sane?

I believe allocating structures like that on the stack will make their
content inherit from previous values used there, which is generally a
bad idea if we expect the structure to be zeroed, which is the case
here.

This structure is meant to be zeroed before being used, so instead of
carrying stale data that will be wiped off later, I prefer to have it
zeroed earlier. Reducing the time when one could access stale data or
write something that will be reset does not sound totally useless to
me, in particular given the number of changes this driver has been
subject to recently.

Thanks,
Miquèl

Tudor Ambarus July 28, 2023, 2:23 a.m. UTC | #4

On 7/16/23 15:46, Miquel Raynal wrote:
> Instead of allocating a structure on the stack with random data and then
> expect the callee to perform the initialization (which is, in general,
> error prone), prefer zeroing the structure explicitly at allocation and
> provide the already zeroed area, so no explicit memset operation is
> needed. It is probably safer to do so, so we limit the timeframe when
> dirty data could actually be accessed by mistake.
> 
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>

Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org>

> ---
>  drivers/mtd/nand/raw/qcom_nandc.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c
> index cb6ccaa19224..4fc8dafa8f03 100644
> --- a/drivers/mtd/nand/raw/qcom_nandc.c
> +++ b/drivers/mtd/nand/raw/qcom_nandc.c
> @@ -2600,8 +2600,6 @@ static void qcom_parse_instructions(struct nand_chip *chip,
>  	unsigned int op_id;
>  	int i;
>  
> -	memset(q_op, 0, sizeof(*q_op));
> -
>  	for (op_id = 0; op_id < subop->ninstrs; op_id++) {
>  		unsigned int offset, naddrs;
>  		const u8 *addrs;
> @@ -2681,7 +2679,7 @@ static int qcom_read_status_exec(struct nand_chip *chip,
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
>  	struct nand_ecc_ctrl *ecc = &chip->ecc;
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	const struct nand_op_instr *instr = NULL;
>  	unsigned int op_id = 0;
>  	unsigned int len = 0;
> @@ -2744,7 +2742,7 @@ static int qcom_read_id_type_exec(struct nand_chip *chip, const struct nand_subo
>  {
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	const struct nand_op_instr *instr = NULL;
>  	unsigned int op_id = 0;
>  	unsigned int len = 0;
> @@ -2795,7 +2793,7 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub
>  {
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	int ret = 0;
>  
>  	qcom_parse_instructions(chip, subop, &q_op);
> @@ -2838,7 +2836,7 @@ static int qcom_param_page_type_exec(struct nand_chip *chip,  const struct nand_
>  {
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	const struct nand_op_instr *instr = NULL;
>  	unsigned int op_id = 0;
>  	unsigned int len = 0;
> @@ -2935,7 +2933,7 @@ static int qcom_erase_cmd_type_exec(struct nand_chip *chip, const struct nand_su
>  {
>  	struct qcom_nand_host *host = to_qcom_nand_host(chip);
>  	struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip);
> -	struct qcom_op q_op;
> +	struct qcom_op q_op = {};
>  	int ret = 0;
>  
>  	qcom_parse_instructions(chip, subop, &q_op);

Miquel Raynal July 28, 2023, 12:34 p.m. UTC | #5

On Sun, 2023-07-16 at 14:46:11 UTC, Miquel Raynal wrote:
> Instead of allocating a structure on the stack with random data and then
> expect the callee to perform the initialization (which is, in general,
> error prone), prefer zeroing the structure explicitly at allocation and
> provide the already zeroed area, so no explicit memset operation is
> needed. It is probably safer to do so, so we limit the timeframe when
> dirty data could actually be accessed by mistake.
> 
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> Acked-by: Manivannan Sadhasivam <mani@kernel.org>
> Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org>

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next.

Miquel

[7/8] mtd: rawnand: qcom: Early structure initialization

Commit Message

Comments

Patch