On Mon, 14 Apr 2025 14:26:29 -0700 Jacob Keller <jacob.e.keller@xxxxxxxxx> wrote: > Both the PTP_EXTTS_REQUEST(2) and PTP_PEROUT_REQUEST(2) ioctls take flags > from userspace to modify their behavior. Drivers are supposed to check > these flags, rejecting requests for flags they do not support. > > Many drivers today do not check these flags, despite many attempts to > squash individual drivers as these mistakes are discovered. Additionally, > any new flags added can require updating every driver if their validation > checks are poorly implemented. > > It is clear that driver authors will not reliably check for unsupported > flags. The root of the issue is that drivers must essentially opt out of > every flag, rather than opt in to the ones they support. > > Instead, lets introduce .supported_perout_flags and .supported_extts_flags > to the ptp_clock_info structure. This is a pattern taken from several > ethtool ioctls which enabled validation to move out of the drivers and into > the shared ioctl handlers. This pattern has worked quite well and makes it > much more difficult for drivers to accidentally accept flags they do not > support. > > With this approach, drivers which do not set the supported fields will have > the core automatically reject any request which has flags. Drivers must opt > in to each flag they support by adding it to the list, with the sole > exception being the PTP_ENABLE_FEATURE flag of the PTP_EXTTS_REQUEST ioctl > since it is entirely handled by the ptp_chardev.c file. > > This change will ensure that all current and future drivers are safe for > extension when we need to extend these ioctls. > > I opted to keep all the driver changes into one patch per ioctl type. The > changes are relatively small and straight forward. Splitting it per-driver > would make the series large, and also break flags between the introduction > of the supported field and setting it in each driver. > > The non-Intel drivers are compile-tested only, and I would appreciate > confirmation and testing from their respective maintainers. (It is also > likely that I missed some of the driver authors especially for drivers > which didn't make any checks at all and do not set either of the supported > flags yet) > > Signed-off-by: Jacob Keller <jacob.e.keller@xxxxxxxxx> Reviewed-by: Kory Maincent <kory.maincent@xxxxxxxxxxx> Thank you! -- Köry Maincent, Bootlin Embedded Linux and kernel engineering https://bootlin.com
