This patchset adds support for Vendor Defined Error types in the einj
module by exporting a binary blob file in module's debugfs directory.
Userspace tools can write OEM Defined Structures into the blob file as
part of injecting Vendor defined errors.
The first patch refactors available_error_type_show() function to ensure
all errors supported by the platform are output through einj module's
available_error_type file in debugfs.
The second patch adds a write callback for binary blobs created through
debugfs_create_blob() API.
The third adds the required support i.e. establishing the memory mapping
and exporting it through debugfs blob file for Vendor-defined Error types.
Changes in v2:
- Split the v1 patch, as was recommended, to have a separate patch for
changes in debugfs.
- Refactored available_error_type_show() function into a separate patch.
- Changed file permissions to octal format to remove checkpatch warnings.
Changes in v3:
- Use BIT macro for generating error masks instead of hex values since
ACPI spec uses bit numbers.
- Handle the corner case of acpi_os_map_iomem() returning NULL through
a local variable to a store the size of OEM defined data structure.
Avadhut Naik (3):
ACPI: APEI: EINJ: Refactor available_error_type_show()
fs: debugfs: Add write functionality to debugfs blobs
ACPI: APEI: EINJ: Add support for vendor defined error types
drivers/acpi/apei/einj.c | 67 +++++++++++++++++++++++++++-------------
fs/debugfs/file.c | 28 ++++++++++++++---
2 files changed, 69 insertions(+), 26 deletions(-)
--
2.34.1
OSPM can discover the error injection capabilities of the platform by
executing GET_ERROR_TYPE error injection action.[1] The action returns
a DWORD representing a bitmap of platform supported error injections.[2]
The available_error_type_show() function determines the bits set within
this DWORD and provides a verbose output, from einj_error_type_string
array, through /sys/kernel/debug/apei/einj/available_error_type file.
The function however, assumes one to one correspondence between an error's
position in the bitmap and its array entry offset. Consequently, some
errors like Vendor Defined Error Type fail this assumption and will
incorrectly be shown as not supported, even if their corresponding bit is
set in the bitmap and they have an entry in the array.
Navigate around the issue by converting einj_error_type_string into an
array of structures with a predetermined mask for all error types
corresponding to their bit position in the DWORD returned by GET_ERROR_TYPE
action. The same breaks the aforementioned assumption resulting in all
supported error types by a platform being outputted through the above
available_error_type file.
[1] ACPI specification 6.5, Table 18.25
[2] ACPI specification 6.5, Table 18.30
Suggested-by: Alexey Kardashevskiy <[email protected]>
Signed-off-by: Avadhut Naik <[email protected]>
---
drivers/acpi/apei/einj.c | 43 ++++++++++++++++++++--------------------
1 file changed, 22 insertions(+), 21 deletions(-)
diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
index 013eb621dc92..ee360fcb1618 100644
--- a/drivers/acpi/apei/einj.c
+++ b/drivers/acpi/apei/einj.c
@@ -577,25 +577,25 @@ static u64 error_param2;
static u64 error_param3;
static u64 error_param4;
static struct dentry *einj_debug_dir;
-static const char * const einj_error_type_string[] = {
- "0x00000001\tProcessor Correctable\n",
- "0x00000002\tProcessor Uncorrectable non-fatal\n",
- "0x00000004\tProcessor Uncorrectable fatal\n",
- "0x00000008\tMemory Correctable\n",
- "0x00000010\tMemory Uncorrectable non-fatal\n",
- "0x00000020\tMemory Uncorrectable fatal\n",
- "0x00000040\tPCI Express Correctable\n",
- "0x00000080\tPCI Express Uncorrectable non-fatal\n",
- "0x00000100\tPCI Express Uncorrectable fatal\n",
- "0x00000200\tPlatform Correctable\n",
- "0x00000400\tPlatform Uncorrectable non-fatal\n",
- "0x00000800\tPlatform Uncorrectable fatal\n",
- "0x00001000\tCXL.cache Protocol Correctable\n",
- "0x00002000\tCXL.cache Protocol Uncorrectable non-fatal\n",
- "0x00004000\tCXL.cache Protocol Uncorrectable fatal\n",
- "0x00008000\tCXL.mem Protocol Correctable\n",
- "0x00010000\tCXL.mem Protocol Uncorrectable non-fatal\n",
- "0x00020000\tCXL.mem Protocol Uncorrectable fatal\n",
+static struct { u32 mask; const char *str; } const einj_error_type_string[] = {
+ {BIT(0), "Processor Correctable"},
+ {BIT(1), "Processor Uncorrectable non-fatal"},
+ {BIT(2), "Processor Uncorrectable fatal"},
+ {BIT(3), "Memory Correctable"},
+ {BIT(4), "Memory Uncorrectable non-fatal"},
+ {BIT(5), "Memory Uncorrectable fatal"},
+ {BIT(6), "PCI Express Correctable"},
+ {BIT(7), "PCI Express Uncorrectable non-fatal"},
+ {BIT(8), "PCI Express Uncorrectable fatal"},
+ {BIT(9), "Platform Correctable"},
+ {BIT(10), "Platform Uncorrectable non-fatal"},
+ {BIT(11), "Platform Uncorrectable fatal"},
+ {BIT(12), "CXL.cache Protocol Correctable"},
+ {BIT(13), "CXL.cache Protocol Uncorrectable non-fatal"},
+ {BIT(14), "CXL.cache Protocol Uncorrectable fatal"},
+ {BIT(15), "CXL.mem Protocol Correctable"},
+ {BIT(16), "CXL.mem Protocol Uncorrectable non-fatal"},
+ {BIT(17), "CXL.mem Protocol Uncorrectable fatal"},
};
static int available_error_type_show(struct seq_file *m, void *v)
@@ -607,8 +607,9 @@ static int available_error_type_show(struct seq_file *m, void *v)
if (rc)
return rc;
for (int pos = 0; pos < ARRAY_SIZE(einj_error_type_string); pos++)
- if (available_error_type & BIT(pos))
- seq_puts(m, einj_error_type_string[pos]);
+ if (available_error_type & einj_error_type_string[pos].mask)
+ seq_printf(m, "0x%08x\t%s\n", einj_error_type_string[pos].mask,
+ einj_error_type_string[pos].str);
return 0;
}
--
2.34.1
Currently, debugfs_create_blob() creates read-only debugfs binary blob
files.
In some cases, however, userspace tools need to write variable length
data structures into predetermined memory addresses. An example is when
injecting Vendor-defined error types through the einj module. In such
cases, the functionality to write to these blob files in debugfs would
be desired since the mapping aspect can be handled within the modules
with userspace tools only needing to write into the blob files.
Implement a write callback to enable writing to these blob files in
debugfs.
Signed-off-by: Avadhut Naik <[email protected]>
Reviewed-by: Alexey Kardashevskiy <[email protected]>
---
fs/debugfs/file.c | 28 +++++++++++++++++++++++-----
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
index 1f971c880dde..fab5a562b57c 100644
--- a/fs/debugfs/file.c
+++ b/fs/debugfs/file.c
@@ -973,17 +973,35 @@ static ssize_t read_file_blob(struct file *file, char __user *user_buf,
return r;
}
+static ssize_t write_file_blob(struct file *file, const char __user *user_buf,
+ size_t count, loff_t *ppos)
+{
+ struct debugfs_blob_wrapper *blob = file->private_data;
+ struct dentry *dentry = F_DENTRY(file);
+ ssize_t r;
+
+ r = debugfs_file_get(dentry);
+ if (unlikely(r))
+ return r;
+ r = simple_write_to_buffer(blob->data, blob->size, ppos, user_buf,
+ count);
+
+ debugfs_file_put(dentry);
+ return r;
+}
+
static const struct file_operations fops_blob = {
.read = read_file_blob,
+ .write = write_file_blob,
.open = simple_open,
.llseek = default_llseek,
};
/**
- * debugfs_create_blob - create a debugfs file that is used to read a binary blob
+ * debugfs_create_blob - create a debugfs file that is used to read and write
+ * a binary blob
* @name: a pointer to a string containing the name of the file to create.
- * @mode: the read permission that the file should have (other permissions are
- * masked out)
+ * @mode: the permission that the file should have
* @parent: a pointer to the parent dentry for this file. This should be a
* directory dentry if set. If this parameter is %NULL, then the
* file will be created in the root of the debugfs filesystem.
@@ -992,7 +1010,7 @@ static const struct file_operations fops_blob = {
*
* This function creates a file in debugfs with the given name that exports
* @blob->data as a binary blob. If the @mode variable is so set it can be
- * read from. Writing is not supported.
+ * read from and written to.
*
* This function will return a pointer to a dentry if it succeeds. This
* pointer must be passed to the debugfs_remove() function when the file is
@@ -1007,7 +1025,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
struct dentry *parent,
struct debugfs_blob_wrapper *blob)
{
- return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
+ return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
}
EXPORT_SYMBOL_GPL(debugfs_create_blob);
--
2.34.1
Vendor-Defined Error types are supported by the platform apart from
standard error types if bit 31 is set in the output of GET_ERROR_TYPE
Error Injection Action.[1] While the errors themselves and the length
of their associated "OEM Defined data structure" might vary between
vendors, the physical address of this structure can be computed through
vendor_extension and length fields of "SET_ERROR_TYPE_WITH_ADDRESS" and
"Vendor Error Type Extension" Structures respectively.[2][3]
Currently, however, the einj module only computes the physical address of
Vendor Error Type Extension Structure. Neither does it compute the physical
address of OEM Defined structure nor does it establish the memory mapping
required for injecting Vendor-defined errors. Consequently, userspace
tools have to establish the very mapping through /dev/mem, nopat kernel
parameter and system calls like mmap/munmap initially before injecting
Vendor-defined errors.
Circumvent the issue by computing the physical address of OEM Defined data
structure and establishing the required mapping with the structure. Create
a new file "oem_error", if the system supports Vendor-defined errors, to
export this mapping, through debugfs_create_blob(). Userspace tools can
then populate their respective OEM Defined structure instances and just
write to the file as part of injecting Vendor-defined Errors.
[1] ACPI specification 6.5, section 18.6.4
[2] ACPI specification 6.5, Table 18.31
[3] ACPI specification 6.5, Table 18.32
Suggested-by: Yazen Ghannam <[email protected]>
Signed-off-by: Avadhut Naik <[email protected]>
Reviewed-by: Alexey Kardashevskiy <[email protected]>
---
drivers/acpi/apei/einj.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
index ee360fcb1618..292dd252cf65 100644
--- a/drivers/acpi/apei/einj.c
+++ b/drivers/acpi/apei/einj.c
@@ -73,6 +73,7 @@ static u32 notrigger;
static u32 vendor_flags;
static struct debugfs_blob_wrapper vendor_blob;
+static struct debugfs_blob_wrapper vendor_errors;
static char vendor_dev[64];
/*
@@ -182,6 +183,21 @@ static int einj_timedout(u64 *t)
return 0;
}
+static void get_oem_vendor_struct(u64 paddr, int offset,
+ struct vendor_error_type_extension *v)
+{
+ unsigned long vendor_size;
+ u64 target_pa = paddr + offset + sizeof(struct vendor_error_type_extension);
+
+ vendor_size = v->length - sizeof(struct vendor_error_type_extension);
+
+ if (vendor_size)
+ vendor_errors.data = acpi_os_map_iomem(target_pa, vendor_size);
+
+ if (vendor_errors.data)
+ vendor_errors.size = vendor_size;
+}
+
static void check_vendor_extension(u64 paddr,
struct set_error_type_with_address *v5param)
{
@@ -194,6 +210,7 @@ static void check_vendor_extension(u64 paddr,
v = acpi_os_map_iomem(paddr + offset, sizeof(*v));
if (!v)
return;
+ get_oem_vendor_struct(paddr, offset, v);
sbdf = v->pcie_sbdf;
sprintf(vendor_dev, "%x:%x:%x.%x vendor_id=%x device_id=%x rev_id=%x\n",
sbdf >> 24, (sbdf >> 16) & 0xff,
@@ -596,6 +613,7 @@ static struct { u32 mask; const char *str; } const einj_error_type_string[] = {
{BIT(15), "CXL.mem Protocol Correctable"},
{BIT(16), "CXL.mem Protocol Uncorrectable non-fatal"},
{BIT(17), "CXL.mem Protocol Uncorrectable fatal"},
+ {BIT(31), "Vendor Defined Error Types"},
};
static int available_error_type_show(struct seq_file *m, void *v)
@@ -768,6 +786,10 @@ static int __init einj_init(void)
einj_debug_dir, &vendor_flags);
}
+ if (vendor_errors.size)
+ debugfs_create_blob("oem_error", 0200, einj_debug_dir,
+ &vendor_errors);
+
pr_info("Error INJection is initialized.\n");
return 0;
@@ -793,6 +815,8 @@ static void __exit einj_exit(void)
sizeof(struct einj_parameter);
acpi_os_unmap_iomem(einj_param, size);
+ if (vendor_errors.size)
+ acpi_os_unmap_iomem(vendor_errors.data, vendor_errors.size);
}
einj_exec_ctx_init(&ctx);
apei_exec_post_unmap_gars(&ctx);
--
2.34.1
On Mon, Jun 12, 2023 at 09:51:38PM +0000, Avadhut Naik wrote:
> /**
> - * debugfs_create_blob - create a debugfs file that is used to read a binary blob
> + * debugfs_create_blob - create a debugfs file that is used to read and write
> + * a binary blob
> * @name: a pointer to a string containing the name of the file to create.
> - * @mode: the read permission that the file should have (other permissions are
> - * masked out)
> + * @mode: the permission that the file should have
> * @parent: a pointer to the parent dentry for this file. This should be a
> * directory dentry if set. If this parameter is %NULL, then the
> * file will be created in the root of the debugfs filesystem.
> @@ -992,7 +1010,7 @@ static const struct file_operations fops_blob = {
> *
> * This function creates a file in debugfs with the given name that exports
> * @blob->data as a binary blob. If the @mode variable is so set it can be
> - * read from. Writing is not supported.
> + * read from and written to.
> *
> * This function will return a pointer to a dentry if it succeeds. This
> * pointer must be passed to the debugfs_remove() function when the file is
> @@ -1007,7 +1025,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
> struct dentry *parent,
> struct debugfs_blob_wrapper *blob)
> {
> - return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
> + return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
Have you audited all calls to this function to verify that you haven't
just turned on write access to some debugfs files?
Why not rename this to debugfs_create_blob_wo() and then make a new
debugfs_create_blob_rw() call to ensure that it all is ok?
thanks,
greg k-h
On Mon, Jun 12, 2023 at 09:51:36PM +0000, Avadhut Naik wrote:
> This patchset adds support for Vendor Defined Error types in the einj
> module by exporting a binary blob file in module's debugfs directory.
> Userspace tools can write OEM Defined Structures into the blob file as
> part of injecting Vendor defined errors.
>
> The first patch refactors available_error_type_show() function to ensure
> all errors supported by the platform are output through einj module's
> available_error_type file in debugfs.
>
> The second patch adds a write callback for binary blobs created through
> debugfs_create_blob() API.
>
> The third adds the required support i.e. establishing the memory mapping
> and exporting it through debugfs blob file for Vendor-defined Error types.
>
> Changes in v2:
> - Split the v1 patch, as was recommended, to have a separate patch for
> changes in debugfs.
> - Refactored available_error_type_show() function into a separate patch.
> - Changed file permissions to octal format to remove checkpatch warnings.
>
> Changes in v3:
> - Use BIT macro for generating error masks instead of hex values since
> ACPI spec uses bit numbers.
> - Handle the corner case of acpi_os_map_iomem() returning NULL through
> a local variable to a store the size of OEM defined data structure.
>
> Avadhut Naik (3):
> ACPI: APEI: EINJ: Refactor available_error_type_show()
> fs: debugfs: Add write functionality to debugfs blobs
> ACPI: APEI: EINJ: Add support for vendor defined error types
>
> drivers/acpi/apei/einj.c | 67 +++++++++++++++++++++++++++-------------
> fs/debugfs/file.c | 28 ++++++++++++++---
> 2 files changed, 69 insertions(+), 26 deletions(-)
>
> --
> 2.34.1
>
Why is a RFC series at v3? What is left to be done with it to make you
confident that it can be merged?
I almost never review RFC patches as obviously the submitter doesn't
think it is good enough to be reviewed, and hundreds of other patches in
my review queue are from people who think they are ready to be merged,
so this puts your stuff always at the bottom of the list...
When submitting something with "RFC" ask what type of comments you are
looking for and why you do not think this is ready yet, otherwise we
have no idea...
thanks,
greg k-h
On 13/6/23 17:59, Greg KH wrote:
> On Mon, Jun 12, 2023 at 09:51:38PM +0000, Avadhut Naik wrote:
>> /**
>> - * debugfs_create_blob - create a debugfs file that is used to read a binary blob
>> + * debugfs_create_blob - create a debugfs file that is used to read and write
>> + * a binary blob
>> * @name: a pointer to a string containing the name of the file to create.
>> - * @mode: the read permission that the file should have (other permissions are
>> - * masked out)
>> + * @mode: the permission that the file should have
>> * @parent: a pointer to the parent dentry for this file. This should be a
>> * directory dentry if set. If this parameter is %NULL, then the
>> * file will be created in the root of the debugfs filesystem.
>> @@ -992,7 +1010,7 @@ static const struct file_operations fops_blob = {
>> *
>> * This function creates a file in debugfs with the given name that exports
>> * @blob->data as a binary blob. If the @mode variable is so set it can be
>> - * read from. Writing is not supported.
>> + * read from and written to.
>> *
>> * This function will return a pointer to a dentry if it succeeds. This
>> * pointer must be passed to the debugfs_remove() function when the file is
>> @@ -1007,7 +1025,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
>> struct dentry *parent,
>> struct debugfs_blob_wrapper *blob)
>> {
>> - return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
>> + return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
>
> Have you audited all calls to this function to verify that you haven't
> just turned on write access to some debugfs files?
I just did, it is one of S_IRUGO/S_IRUSR/0444/0400/(S_IFREG | 0444). So
we are quite safe here. Except (S_IFREG | 0444) in
drivers/platform/chrome/cros_ec_debugfs.c which seems wrong as debugfs
files are not regular files.
> Why not rename this to debugfs_create_blob_wo() and then make a new
> debugfs_create_blob_rw() call to ensure that it all is ok?
It is already taking the mode for this purpose. imho just
cros_ec_create_panicinfo()'s debugfs_create_blob("panicinfo", S_IFREG |
0444,...) needs fixing.
>
> thanks,
>
> greg k-h
--
Alexey
On Tue, Jun 13, 2023 at 08:05:41PM +1000, Alexey Kardashevskiy wrote:
>
>
> On 13/6/23 17:59, Greg KH wrote:
> > On Mon, Jun 12, 2023 at 09:51:38PM +0000, Avadhut Naik wrote:
> > > /**
> > > - * debugfs_create_blob - create a debugfs file that is used to read a binary blob
> > > + * debugfs_create_blob - create a debugfs file that is used to read and write
> > > + * a binary blob
> > > * @name: a pointer to a string containing the name of the file to create.
> > > - * @mode: the read permission that the file should have (other permissions are
> > > - * masked out)
> > > + * @mode: the permission that the file should have
> > > * @parent: a pointer to the parent dentry for this file. This should be a
> > > * directory dentry if set. If this parameter is %NULL, then the
> > > * file will be created in the root of the debugfs filesystem.
> > > @@ -992,7 +1010,7 @@ static const struct file_operations fops_blob = {
> > > *
> > > * This function creates a file in debugfs with the given name that exports
> > > * @blob->data as a binary blob. If the @mode variable is so set it can be
> > > - * read from. Writing is not supported.
> > > + * read from and written to.
> > > *
> > > * This function will return a pointer to a dentry if it succeeds. This
> > > * pointer must be passed to the debugfs_remove() function when the file is
> > > @@ -1007,7 +1025,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
> > > struct dentry *parent,
> > > struct debugfs_blob_wrapper *blob)
> > > {
> > > - return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
> > > + return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
> >
> > Have you audited all calls to this function to verify that you haven't
> > just turned on write access to some debugfs files?
>
> I just did, it is one of S_IRUGO/S_IRUSR/0444/0400/(S_IFREG | 0444). So we
> are quite safe here. Except (S_IFREG | 0444) in
> drivers/platform/chrome/cros_ec_debugfs.c which seems wrong as debugfs files
> are not regular files.
>
> > Why not rename this to debugfs_create_blob_wo() and then make a new
> > debugfs_create_blob_rw() call to ensure that it all is ok?
>
> It is already taking the mode for this purpose. imho just
> cros_ec_create_panicinfo()'s debugfs_create_blob("panicinfo", S_IFREG |
> 0444,...) needs fixing.
Yes, well it's taking the mode, but silently modifying it :)
Ok, thanks for the audit, respin this with that fix and then I don't
have a problem with it (other than binary debugfs files fill me with
dread, what could go wrong...)
thanks,
greg k-h
On 6/13/2023 03:01, Greg KH wrote:
> On Mon, Jun 12, 2023 at 09:51:36PM +0000, Avadhut Naik wrote:
>> This patchset adds support for Vendor Defined Error types in the einj
>> module by exporting a binary blob file in module's debugfs directory.
>> Userspace tools can write OEM Defined Structures into the blob file as
>> part of injecting Vendor defined errors.
>>
>> The first patch refactors available_error_type_show() function to ensure
>> all errors supported by the platform are output through einj module's
>> available_error_type file in debugfs.
>>
>> The second patch adds a write callback for binary blobs created through
>> debugfs_create_blob() API.
>>
>> The third adds the required support i.e. establishing the memory mapping
>> and exporting it through debugfs blob file for Vendor-defined Error types.
>>
>> Changes in v2:
>> - Split the v1 patch, as was recommended, to have a separate patch for
>> changes in debugfs.
>> - Refactored available_error_type_show() function into a separate patch.
>> - Changed file permissions to octal format to remove checkpatch warnings.
>>
>> Changes in v3:
>> - Use BIT macro for generating error masks instead of hex values since
>> ACPI spec uses bit numbers.
>> - Handle the corner case of acpi_os_map_iomem() returning NULL through
>> a local variable to a store the size of OEM defined data structure.
>>
>> Avadhut Naik (3):
>> ACPI: APEI: EINJ: Refactor available_error_type_show()
>> fs: debugfs: Add write functionality to debugfs blobs
>> ACPI: APEI: EINJ: Add support for vendor defined error types
>>
>> drivers/acpi/apei/einj.c | 67 +++++++++++++++++++++++++++-------------
>> fs/debugfs/file.c | 28 ++++++++++++++---
>> 2 files changed, 69 insertions(+), 26 deletions(-)
>>
>> --
>> 2.34.1
>>
>
> Why is a RFC series at v3? What is left to be done with it to make you
> confident that it can be merged?
>
Wasn't very confident of the debugfs changes since the binary blobs
created through debugfs_create_blob() have been read-only for a considerable
amount of time. Was wondering if there were some known issues in making them
writable. So, wanted to seek opinion on the changes while also incorporating
the feedback received. Having said that, since you confirmed that you are okay
with the debugfs changes, will remove the RFC tag in subsequent revision.
Apologies for the confusion and inconvenience caused, if any.
> I almost never review RFC patches as obviously the submitter doesn't
> think it is good enough to be reviewed, and hundreds of other patches in
> my review queue are from people who think they are ready to be merged,
> so this puts your stuff always at the bottom of the list...
>
> When submitting something with "RFC" ask what type of comments you are
> looking for and why you do not think this is ready yet, otherwise we
> have no idea...
>
Thank you so much for patiently clearing that up! Will surely keep
this in mind for the next time.
Thanks,
Avadhut Naik
> thanks,
>
> greg k-h
--
Hi,
Thanks for reviewing!
On 6/13/2023 05:22, Greg KH wrote:
> On Tue, Jun 13, 2023 at 08:05:41PM +1000, Alexey Kardashevskiy wrote:
>>
>>
>> On 13/6/23 17:59, Greg KH wrote:
>>> On Mon, Jun 12, 2023 at 09:51:38PM +0000, Avadhut Naik wrote:
>>>> /**
>>>> - * debugfs_create_blob - create a debugfs file that is used to read a binary blob
>>>> + * debugfs_create_blob - create a debugfs file that is used to read and write
>>>> + * a binary blob
>>>> * @name: a pointer to a string containing the name of the file to create.
>>>> - * @mode: the read permission that the file should have (other permissions are
>>>> - * masked out)
>>>> + * @mode: the permission that the file should have
>>>> * @parent: a pointer to the parent dentry for this file. This should be a
>>>> * directory dentry if set. If this parameter is %NULL, then the
>>>> * file will be created in the root of the debugfs filesystem.
>>>> @@ -992,7 +1010,7 @@ static const struct file_operations fops_blob = {
>>>> *
>>>> * This function creates a file in debugfs with the given name that exports
>>>> * @blob->data as a binary blob. If the @mode variable is so set it can be
>>>> - * read from. Writing is not supported.
>>>> + * read from and written to.
>>>> *
>>>> * This function will return a pointer to a dentry if it succeeds. This
>>>> * pointer must be passed to the debugfs_remove() function when the file is
>>>> @@ -1007,7 +1025,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
>>>> struct dentry *parent,
>>>> struct debugfs_blob_wrapper *blob)
>>>> {
>>>> - return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
>>>> + return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
>>>
>>> Have you audited all calls to this function to verify that you haven't
>>> just turned on write access to some debugfs files?
>>
>> I just did, it is one of S_IRUGO/S_IRUSR/0444/0400/(S_IFREG | 0444). So we
>> are quite safe here. Except (S_IFREG | 0444) in
>> drivers/platform/chrome/cros_ec_debugfs.c which seems wrong as debugfs files
>> are not regular files.
>>
>>> Why not rename this to debugfs_create_blob_wo() and then make a new
>>> debugfs_create_blob_rw() call to ensure that it all is ok?
>>
>> It is already taking the mode for this purpose. imho just
>> cros_ec_create_panicinfo()'s debugfs_create_blob("panicinfo", S_IFREG |
>> 0444,...) needs fixing.
>
> Yes, well it's taking the mode, but silently modifying it :)
>
> Ok, thanks for the audit, respin this with that fix and then I don't
> have a problem with it (other than binary debugfs files fill me with
> dread, what could go wrong...)
>
Will add the fix for cros_ec_create_panicinfo()'s debugfs_create_blob()
usage.
Thanks,
Avadhut Naik
> thanks,
>
> greg k-h
--