Re: [PATCH v2 6/7] EDAC: add edac_check_mc_owner() to check MC owner

[Kani, Toshimitsu]

On Fri, 2017-08-04 at 10:30 +0200, Borislav Petkov wrote:
> On Thu, Aug 03, 2017 at 03:57:52PM -0600, Toshi Kani wrote:
> > Only a single edac driver can be enabled for EDAC MC.ÂÂWhen
> > ghes_edac is enabled, a regular edac driver for the CPU type /
> > platform still attempts to register itself and fails in
> > edac_mc_add_mc().
> > 
> > Add edac_check_mc_owner() so that regular edac drivers can check
> > the owner of EDAC MC at the beginning of initialization.
> > 
> > Also change the owner check to string comparison from address
> > check.
> > 
> > Signed-off-by: Toshi Kani <toshi.kani@xxxxxxx>
> > Cc: Borislav Petkov <bp@xxxxxxxxx>
> > Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx>
> > Cc: Tony Luck <tony.luck@xxxxxxxxx>
> > ---
> > Âdrivers/edac/edac_mc.c |ÂÂÂ15 ++++++++++++++-
> > Âdrivers/edac/edac_mc.h |ÂÂÂ12 ++++++++++++
> > Â2 files changed, 26 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
> > index 4800721..52d8d5e 100644
> > --- a/drivers/edac/edac_mc.c
> > +++ b/drivers/edac/edac_mc.c
> > @@ -701,6 +701,19 @@ struct mem_ctl_info *edac_mc_find(int idx)
> > Â}
> > ÂEXPORT_SYMBOL(edac_mc_find);
> > Â
> > +/*
> > + * Returns:
> > + *	1 when EDAC MC is free or owned by the module name
> 
> 1 for free OR owned?!? WTF?

1 means the caller's init function can continue its initialization --
such conditions are free or owned by itself.

> > + *	0 when EDAC MC is owned by other module
> > + */
> > +int edac_check_mc_owner(const char *mod_name)
> > +{
> > +	if (edac_mc_owner && strcmp(edac_mc_owner, mod_name))
> 
> strncmp() of course, with sensible maximal string length.

strcmp() breaks when either edac_mc_owner or mod_name string ends. 
strncmp() assumes mod_name string is valid for a given length.  Hence,
the caller needs to supply the length to this function by adding a new
arg 'length', which does not make it any safer.  I think using
strncmp() would require all edac drivers to declare a pre-defined
length of module name...

> > +		return 0;
> > +
> > +	return 1;
> > +}
> > +EXPORT_SYMBOL(edac_check_mc_owner);
> 
> EXPORT_SYMBOL_GPL

Will do.

> > Â
> > Â/* FIXME - should a warning be printed if no error detection?
> > correction? */
> > Âint edac_mc_add_mc_with_groups(struct mem_ctl_info *mci,
> > @@ -742,7 +755,7 @@ int edac_mc_add_mc_with_groups(struct
> > mem_ctl_info *mci,
> > Â#endif
> > Â	mutex_lock(&mem_ctls_mutex);
> > Â
> > -	if (edac_mc_owner && edac_mc_owner != mci->mod_name) {
> > +	if (!edac_check_mc_owner(mci->mod_name)) {
> > Â		ret = -EPERM;
> > Â		goto fail0;
> > Â	}
> > diff --git a/drivers/edac/edac_mc.h b/drivers/edac/edac_mc.h
> > index 5357800..0e95eba 100644
> > --- a/drivers/edac/edac_mc.h
> > +++ b/drivers/edac/edac_mc.h
> > @@ -128,6 +128,18 @@ struct mem_ctl_info *edac_mc_alloc(unsigned
> > mc_num,
> > Â				ÂÂÂunsigned sz_pvt);
> > Â
> > Â/**
> > + *
> > + * edac_check_mc_owner - Check the owner of EDAC MC
> > + *
> > + * @mod_name: pointer to the module name
> > + *
> > + * Returns:
> > + *	1 when EDAC MC is free or owned by the module name
> > + *	0 when EDAC MC is owned by other module
> > + */
> 
> Documenting that function only once is enough.

I personally prefer to document in .c, but since other funcs documented
in dac_mc.h, I will keep the same style.  Will remove the document in
edac_mc.c. 

> > +extern int edac_check_mc_owner(const char *mod_name);
> > +
> > +/*
> > Â * edac_mc_add_mc_with_groups() - Insert the @mci structure into
> > the mci
> > Â *	global list and create sysfs entries associated with
> > @mci structure.
> > Â *

Thanks,
-Toshi