[U-Boot] [PATCH] RFC: dm: Add pointer checking for allocated data

Masahiro Yamada yamada.masahiro at socionext.com
Tue Jul 14 06:36:21 CEST 2015 

Hi Simon,




2015-07-09 23:15 GMT+09:00 Simon Glass <sjg at chromium.org>:
> With driver model drivers can have things stored in several places. There is
> driver-private data, then the uclass can attach things to a device. If the
> device is on a bus then its bus may attach parent data to the device too.
>
> At present everything is done through void pointers.

This is also true for driver private data in Linux.



> It would be nice to
> have a way to check that the correct C struct is used in each case.
>
> Here is a proposed implementation of a way of checking structures in driver
> model. It relies on turning the existing dev_get_priv() function into a
> macro which (if checking is enabled) checks that the structure names match.
> Each xxx_auto_alloc_size turns into a structure containing a string (the
> structure name) and the size.
>
> The dev_get_priv() macro has an extra parameter which is the structure being
> accessed:
>
>         struct eth_pdata *priv = dev_get_priv(dev, struct eth_pdata);
>
> and you get an error like this when things are wrong:

In which scenario do things go wrong?
It is still unclear to me why we need this sanity check.



> Invalid access to device priv: dev=eth at 10002000, expecting
>    'struct eth_sandbox_priv', requested 'struct eth_pdata'
>
> A new Kconfg option is added to turn this on, since it bloats the code a
> little.
>
> The next step would be to extend it to all pointers in the device and
> uclass. This is mostly a mechanical code change.
>
> Finally we should have a way of checking that the device pointer itself is
> valid. For example if someone passes an invalid address like 0x12345 as the
> 'struct udevice' then at present we will dutifully look for the devices'
> driver and perform an invalid memory access.
>
> If we want to check for memory corruption one way would be to add a magic
> numnber before each allocated memory area. Perhaps this is more the role
> of dlmalloc(), but if required it could be attached to Masahiro's devres
> feature, which already prepends some data to every allocated area.
>
> Comments welcome. I'd like to figure this out soon as it involves trivial
> but invasive patches to change each driver.
>
> Signed-off-by: Simon Glass <sjg at chromium.org>
> ---








> diff --git a/arch/x86/cpu/mp_init.c b/arch/x86/cpu/mp_init.c
> index e686b28..e835b43 100644
> --- a/arch/x86/cpu/mp_init.c
> +++ b/arch/x86/cpu/mp_init.c
> @@ -238,7 +238,7 @@ static int load_sipi_vector(atomic_t **ap_countp)
>
>         params->stack_size = CONFIG_AP_STACK_SIZE;
>         size = params->stack_size * CONFIG_MAX_CPUS;
> -       stack = memalign(size, 4096);
> +       stack = memalign(4096, size);
>         if (!stack)
>                 return -ENOMEM;
>         params->stack_top = (u32)(stack + size);


This change seems unrelated to the subject of this patch.




-- 
Best Regards
Masahiro Yamada

More information about the U-Boot mailing list