From patchwork Fri May 29 22:03:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pratyush Yadav X-Patchwork-Id: 246853 List-Id: U-Boot discussion From: p.yadav at ti.com (Pratyush Yadav) Date: Sat, 30 May 2020 03:33:55 +0530 Subject: [RFC PATCH 1/1] gpio: Handle NULL pointers gracefully In-Reply-To: <20200529220355.4396-1-p.yadav@ti.com> References: <20200529220355.4396-1-p.yadav@ti.com> Message-ID: <20200529220355.4396-2-p.yadav@ti.com> Prepare the way for a managed GPIO API by handling NULL pointers without crashing or failing. validate_desc() comes from Linux with the prints removed to reduce code size. Signed-off-by: Jean-Jacques Hiblot Signed-off-by: Pratyush Yadav --- drivers/gpio/Kconfig | 9 ++++ drivers/gpio/gpio-uclass.c | 86 ++++++++++++++++++++++++++++++++++---- include/asm-generic/gpio.h | 2 +- 3 files changed, 88 insertions(+), 9 deletions(-) -- 2.26.2 diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig index d87f6cc105..f8b6bcdf44 100644 --- a/drivers/gpio/Kconfig +++ b/drivers/gpio/Kconfig @@ -36,6 +36,15 @@ config TPL_DM_GPIO particular GPIOs that they provide. The uclass interface is defined in include/asm-generic/gpio.h. +config GPIO_VALIDATE_DESC + bool "Check if GPIO descriptor is NULL and bail out if it is" + depends on DM_GPIO + default y + help + If a GPIO is optional, the GPIO descriptor is NULL. In that + case, calls should bail out instead of causing NULL pointer + access. + config GPIO_HOG bool "Enable GPIO hog support" depends on DM_GPIO diff --git a/drivers/gpio/gpio-uclass.c b/drivers/gpio/gpio-uclass.c index 9eeab22eef..6b97d3aaff 100644 --- a/drivers/gpio/gpio-uclass.c +++ b/drivers/gpio/gpio-uclass.c @@ -20,6 +20,25 @@ DECLARE_GLOBAL_DATA_PTR; +#ifdef CONFIG_GPIO_VALIDATE_DESC +/* + * This descriptor validation needs to be inserted verbatim into each + * function taking a descriptor, so we need to use a preprocessor + * macro to avoid endless duplication. If the desc is NULL it is an + * optional GPIO and calls should just bail out. + */ +static inline int validate_desc(const struct gpio_desc *desc) +{ + if (!desc) + return 0; + if (IS_ERR(desc)) + return PTR_ERR(desc); + if (!desc->dev) + return -EINVAL; + return 1; +} +#endif + /** * gpio_desc_init() - Initialize the GPIO descriptor * @@ -303,11 +322,19 @@ int gpio_hog_lookup_name(const char *name, struct gpio_desc **desc) int dm_gpio_request(struct gpio_desc *desc, const char *label) { - struct udevice *dev = desc->dev; + struct udevice *dev; struct gpio_dev_priv *uc_priv; char *str; int ret; +#ifdef CONFIG_GPIO_VALIDATE_DESC + ret = validate_desc(desc); + if (ret <= 0) + return ret; +#endif + + dev = desc->dev; + uc_priv = dev_get_uclass_priv(dev); if (uc_priv->name[desc->offset]) return -EBUSY; @@ -434,6 +461,14 @@ static int check_reserved(const struct gpio_desc *desc, const char *func) { struct gpio_dev_priv *uc_priv; +#ifdef CONFIG_GPIO_VALIDATE_DESC + int ret; + + ret = validate_desc(desc); + if (ret <= 0) + return ret; +#endif + if (!dm_gpio_is_valid(desc)) return -ENOENT; @@ -510,6 +545,12 @@ int dm_gpio_get_value(const struct gpio_desc *desc) { int ret; +#ifdef CONFIG_GPIO_VALIDATE_DESC + ret = validate_desc(desc); + if (ret <= 0) + return ret; +#endif + ret = check_reserved(desc, "get_value"); if (ret) return ret; @@ -521,6 +562,12 @@ int dm_gpio_set_value(const struct gpio_desc *desc, int value) { int ret; +#ifdef CONFIG_GPIO_VALIDATE_DESC + ret = validate_desc(desc); + if (ret <= 0) + return ret; +#endif + ret = check_reserved(desc, "set_value"); if (ret) return ret; @@ -572,11 +619,21 @@ static int check_dir_flags(ulong flags) static int _dm_gpio_set_dir_flags(struct gpio_desc *desc, ulong flags) { - struct udevice *dev = desc->dev; - struct dm_gpio_ops *ops = gpio_get_ops(dev); - struct gpio_dev_priv *uc_priv = dev_get_uclass_priv(dev); + struct udevice *dev; + struct dm_gpio_ops *ops; + struct gpio_dev_priv *uc_priv; int ret = 0; +#ifdef CONFIG_GPIO_VALIDATE_DESC + ret = validate_desc(desc); + if (ret <= 0) + return ret; +#endif + + dev = desc->dev; + ops = gpio_get_ops(dev); + uc_priv = dev_get_uclass_priv(dev); + ret = check_dir_flags(flags); if (ret) { dev_dbg(dev, @@ -1043,6 +1100,14 @@ int gpio_get_list_count(struct udevice *dev, const char *list_name) int dm_gpio_free(struct udevice *dev, struct gpio_desc *desc) { +#ifdef CONFIG_GPIO_VALIDATE_DESC + int ret; + + ret = validate_desc(desc); + if (ret <= 0) + return ret; +#endif + /* For now, we don't do any checking of dev */ return _dm_gpio_free(desc->dev, desc->offset); } @@ -1091,12 +1156,17 @@ static int gpio_renumber(struct udevice *removed_dev) int gpio_get_number(const struct gpio_desc *desc) { - struct udevice *dev = desc->dev; struct gpio_dev_priv *uc_priv; - if (!dev) - return -1; - uc_priv = dev->uclass_priv; +#ifdef CONFIG_GPIO_VALIDATE_DESC + int ret; + + ret = validate_desc(desc); + if (ret <= 0) + return ret; +#endif + + uc_priv = dev_get_uclass_priv(desc->dev); return uc_priv->gpio_base + desc->offset; } diff --git a/include/asm-generic/gpio.h b/include/asm-generic/gpio.h index e16c2f31d9..46007b1283 100644 --- a/include/asm-generic/gpio.h +++ b/include/asm-generic/gpio.h @@ -149,7 +149,7 @@ struct gpio_desc { */ static inline bool dm_gpio_is_valid(const struct gpio_desc *desc) { - return desc->dev != NULL; + return desc && desc->dev; } /**