diff mbox series

[-next,v2,1/2] ptp: Check timespec64 before call settime64()

Message ID 20240906034806.1161083-2-ruanjinjie@huawei.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series ptp: Check timespec64 before call settime64() | expand

Checks

Context Check Description
netdev/series_format warning Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 2 of 2 maintainers
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 16 this patch: 16
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 16 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest fail net-next-2024-09-06--06-00 (tests: 722)

Commit Message

Jinjie Ruan Sept. 6, 2024, 3:48 a.m. UTC
As Andrew pointed out, it will make sence that the PTP core
checked timespec64 struct's tv_sec and tv_nsec range before calling
ptp->info->settime64(), so check it ahead.

There are some drivers that use tp->tv_sec and tp->tv_nsec directly to
write registers without validity checks and assume that the PTP core has
been checked, which is dangerous and will benefit from this, such as
hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),
and some drivers can remove the checks of itself.

Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Suggested-by: Andrew Lunn <andrew@lunn.ch>
---
 drivers/ptp/ptp_clock.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

Richard Cochran Sept. 6, 2024, 4:15 a.m. UTC | #1
On Fri, Sep 06, 2024 at 11:48:05AM +0800, Jinjie Ruan wrote:
> As Andrew pointed out, it will make sence that the PTP core

s/sence/sense/

Thanks,
Richard
Richard Cochran Sept. 6, 2024, 4:27 a.m. UTC | #2
On Fri, Sep 06, 2024 at 11:48:05AM +0800, Jinjie Ruan wrote:

> diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
> index c56cd0f63909..cf75899a6681 100644
> --- a/drivers/ptp/ptp_clock.c
> +++ b/drivers/ptp/ptp_clock.c
> @@ -100,6 +100,16 @@ static int ptp_clock_settime(struct posix_clock *pc, const struct timespec64 *tp
>  		return -EBUSY;
>  	}
>  
> +	if (!tp) {
> +		pr_warn("ptp: tp == NULL\n");
> +		return -EINVAL;
> +	}

This check is pointless because `tp` cannot be null.

See SYSCALL_DEFINE2(clock_settime, ...)

> +	if (!timespec64_valid(tp)) {
> +		pr_warn("ptp: tv_sec or tv_usec out of range\n");
> +		return -ERANGE;
> +	}

Shouldn't this be done at the higher layer, in clock_settime() ?

Thanks,
Richard
Jinjie Ruan Sept. 6, 2024, 6:37 a.m. UTC | #3
On 2024/9/6 12:27, Richard Cochran wrote:
> On Fri, Sep 06, 2024 at 11:48:05AM +0800, Jinjie Ruan wrote:
> 
>> diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
>> index c56cd0f63909..cf75899a6681 100644
>> --- a/drivers/ptp/ptp_clock.c
>> +++ b/drivers/ptp/ptp_clock.c
>> @@ -100,6 +100,16 @@ static int ptp_clock_settime(struct posix_clock *pc, const struct timespec64 *tp
>>  		return -EBUSY;
>>  	}
>>  
>> +	if (!tp) {
>> +		pr_warn("ptp: tp == NULL\n");
>> +		return -EINVAL;
>> +	}
> 
> This check is pointless because `tp` cannot be null.

Yes, this one is unnecessary and it is also unnecessary in the
lan743x_ptpci_settime64().

> 
> See SYSCALL_DEFINE2(clock_settime, ...)
> 
>> +	if (!timespec64_valid(tp)) {
>> +		pr_warn("ptp: tv_sec or tv_usec out of range\n");
>> +		return -ERANGE;
>> +	}
> 
> Shouldn't this be done at the higher layer, in clock_settime() ?

Maybe it is more reasonable?

> 
> Thanks,
> Richard
Andrew Lunn Sept. 6, 2024, 11:51 a.m. UTC | #4
On Fri, Sep 06, 2024 at 11:48:05AM +0800, Jinjie Ruan wrote:
> As Andrew pointed out, it will make sence that the PTP core
> checked timespec64 struct's tv_sec and tv_nsec range before calling
> ptp->info->settime64(), so check it ahead.
> 
> There are some drivers that use tp->tv_sec and tp->tv_nsec directly to
> write registers without validity checks and assume that the PTP core has
> been checked, which is dangerous and will benefit from this, such as
> hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),
> and some drivers can remove the checks of itself.
> 
> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
> Suggested-by: Andrew Lunn <andrew@lunn.ch>

FYI: Your Signed-off-by: should be last. Please fix this when you
respin as requested by Richard.


    Andrew

---
pw-bot: cr
Richard Cochran Sept. 6, 2024, 2:07 p.m. UTC | #5
On Fri, Sep 06, 2024 at 02:37:58PM +0800, Jinjie Ruan wrote:

> > See SYSCALL_DEFINE2(clock_settime, ...)
> > 
> >> +	if (!timespec64_valid(tp)) {
> >> +		pr_warn("ptp: tv_sec or tv_usec out of range\n");
> >> +		return -ERANGE;
> >> +	}
> > 
> > Shouldn't this be done at the higher layer, in clock_settime() ?
> 
> Maybe it is more reasonable?

I think so.  If you code that up, please include lkml and the time
keeping folks (Miroslav, John Stultz, tglx) on CC.

Thanks,
Richard
diff mbox series

Patch

diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
index c56cd0f63909..cf75899a6681 100644
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -100,6 +100,16 @@  static int ptp_clock_settime(struct posix_clock *pc, const struct timespec64 *tp
 		return -EBUSY;
 	}
 
+	if (!tp) {
+		pr_warn("ptp: tp == NULL\n");
+		return -EINVAL;
+	}
+
+	if (!timespec64_valid(tp)) {
+		pr_warn("ptp: tv_sec or tv_usec out of range\n");
+		return -ERANGE;
+	}
+
 	return  ptp->info->settime64(ptp->info, tp);
 }