[v2,RFC] dpaa2: replace system("echo ...") with file i/o
Checks
Commit Message
From: Stephen Hemminger <stephen@networkplumber.org>
Using system() is a bad idea in driver code because it introduces
a number of potential security issues. The codeql analysis tool
flags this a potential security issue.
Instead just use normal stdio to do the same thing.
Compile test only, do not have this hardware and therefore can
not test this.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Sachin Saxena <sachin.saxena@oss.nxp.com>
---
drivers/bus/fslmc/portal/dpaa2_hw_dpio.c | 45 ++++++++++++++++--------
1 file changed, 31 insertions(+), 14 deletions(-)
Comments
On 2023-05-02 11:54, Sachin Saxena (OSS) wrote:
> From: Stephen Hemminger <stephen@networkplumber.org>
>
> Using system() is a bad idea in driver code because it introduces
> a number of potential security issues. The codeql analysis tool
> flags this a potential security issue.
>
> Instead just use normal stdio to do the same thing.
>
> Compile test only, do not have this hardware and therefore can
> not test this.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Reviewed-by: Sachin Saxena <sachin.saxena@oss.nxp.com>
> ---
> drivers/bus/fslmc/portal/dpaa2_hw_dpio.c | 45 ++++++++++++++++--------
> 1 file changed, 31 insertions(+), 14 deletions(-)
>
> diff --git a/drivers/bus/fslmc/portal/dpaa2_hw_dpio.c b/drivers/bus/fslmc/portal/dpaa2_hw_dpio.c
> index 4aec7b2cd8..990cfc5d3b 100644
> --- a/drivers/bus/fslmc/portal/dpaa2_hw_dpio.c
> +++ b/drivers/bus/fslmc/portal/dpaa2_hw_dpio.c
> @@ -125,14 +125,21 @@ static void
> dpaa2_affine_dpio_intr_to_respective_core(int32_t dpio_id, int cpu_id)
> {
> #define STRING_LEN 28
> -#define COMMAND_LEN 50
> +#define AFFINITY_LEN 128
> +#define CMD_LEN 300
> uint32_t cpu_mask = 1;
> - int ret;
> - size_t len = 0;
> - char *temp = NULL, *token = NULL;
> - char string[STRING_LEN], command[COMMAND_LEN];
> + size_t len = CMD_LEN;
> + char *temp, *token = NULL;
> + char string[STRING_LEN];
> + char smp_affinity[AFFINITY_LEN];
> FILE *file;
>
> + temp = (char *)malloc(len * sizeof(char));
No cast is necessary to go from void * to any other pointer.
sizeof(char) is by definition one. What you allocate from the heap are
in units of chars, so multiplying with sizeof(char) doesn't make sense.
How is pre-allocating the buffer an improvement over the old code
(deferring memory allocation to getline())?
> + if (temp == NULL) {
> + DPAA2_BUS_WARN("Unable to allocate temp buffer");
> + return;
> + }
> +
> snprintf(string, STRING_LEN, "dpio.%d", dpio_id);
> file = fopen("/proc/interrupts", "r");
> if (!file) {
> @@ -155,17 +162,27 @@ dpaa2_affine_dpio_intr_to_respective_core(int32_t dpio_id, int cpu_id)
> }
>
> cpu_mask = cpu_mask << cpu_id;
> - snprintf(command, COMMAND_LEN, "echo %X > /proc/irq/%s/smp_affinity",
> - cpu_mask, token);
> - ret = system(command);
> - if (ret < 0)
> - DPAA2_BUS_DEBUG(
> - "Failed to affine interrupts on respective core");
> - else
> - DPAA2_BUS_DEBUG(" %s command is executed", command);
> -
> + snprintf(smp_affinity, AFFINITY_LEN,
> + "/proc/irq/%s/smp_affinity", token);
> + /* Free 'temp' memory after using the substring 'token' */
> free(temp);
> fclose(file);
> +
> + file = fopen(smp_affinity, "w");
> + if (file == NULL) {
> + DPAA2_BUS_WARN("Failed to open %s", smp_affinity);
> + return;
> + }
> + fprintf(file, "%X\n", cpu_mask);
> + fflush(file);
> +
> + if (ferror(file)) {
> + fclose(file);
> + DPAA2_BUS_WARN("Failed to write to %s", smp_affinity);
> + return;
> + }
> +
> + fclose(file);
> }
>
> static int dpaa2_dpio_intr_init(struct dpaa2_dpio_dev *dpio_dev)
@@ -125,14 +125,21 @@ static void
dpaa2_affine_dpio_intr_to_respective_core(int32_t dpio_id, int cpu_id)
{
#define STRING_LEN 28
-#define COMMAND_LEN 50
+#define AFFINITY_LEN 128
+#define CMD_LEN 300
uint32_t cpu_mask = 1;
- int ret;
- size_t len = 0;
- char *temp = NULL, *token = NULL;
- char string[STRING_LEN], command[COMMAND_LEN];
+ size_t len = CMD_LEN;
+ char *temp, *token = NULL;
+ char string[STRING_LEN];
+ char smp_affinity[AFFINITY_LEN];
FILE *file;
+ temp = (char *)malloc(len * sizeof(char));
+ if (temp == NULL) {
+ DPAA2_BUS_WARN("Unable to allocate temp buffer");
+ return;
+ }
+
snprintf(string, STRING_LEN, "dpio.%d", dpio_id);
file = fopen("/proc/interrupts", "r");
if (!file) {
@@ -155,17 +162,27 @@ dpaa2_affine_dpio_intr_to_respective_core(int32_t dpio_id, int cpu_id)
}
cpu_mask = cpu_mask << cpu_id;
- snprintf(command, COMMAND_LEN, "echo %X > /proc/irq/%s/smp_affinity",
- cpu_mask, token);
- ret = system(command);
- if (ret < 0)
- DPAA2_BUS_DEBUG(
- "Failed to affine interrupts on respective core");
- else
- DPAA2_BUS_DEBUG(" %s command is executed", command);
-
+ snprintf(smp_affinity, AFFINITY_LEN,
+ "/proc/irq/%s/smp_affinity", token);
+ /* Free 'temp' memory after using the substring 'token' */
free(temp);
fclose(file);
+
+ file = fopen(smp_affinity, "w");
+ if (file == NULL) {
+ DPAA2_BUS_WARN("Failed to open %s", smp_affinity);
+ return;
+ }
+ fprintf(file, "%X\n", cpu_mask);
+ fflush(file);
+
+ if (ferror(file)) {
+ fclose(file);
+ DPAA2_BUS_WARN("Failed to write to %s", smp_affinity);
+ return;
+ }
+
+ fclose(file);
}
static int dpaa2_dpio_intr_init(struct dpaa2_dpio_dev *dpio_dev)