Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp4485580pxb; Sat, 6 Nov 2021 15:08:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwR5PsVmubQMi1BMm06BUlm0wMYs4L8pWFTUwKUGvuJJLNwu3hSVQHi5FKHHfPN372hBnVA X-Received: by 2002:a17:907:d89:: with SMTP id go9mr27096459ejc.330.1636236509969; Sat, 06 Nov 2021 15:08:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1636236509; cv=none; d=google.com; s=arc-20160816; b=azap2OaiDeVLwtdsCP6TZ1eVYq3jIoae+8eRgLASqQiT9F8QmAXcFp5HkyDVV9L9DB eB3xsGr7omiAUvvlYeJVhDE5yZLORqHeouqSSJuftgC7mCOFuJvLNTirwH1YyMtf+fQv Ax8/6/WmuC97EI5NUztRD9trOBAHn3FTNR8Zf45tlnisQfSJo2uq4Vs3xb1DIFGp7spI M1QtKYZ11JUS8a0CogjCa8TCxhzujE3Q5B4U7ZUykKvrzd9E4/53YmVNrMLGzA+uibeV Ehx8Vu0H5KAtmRaWqc7hWdKE2tOSbtuyh6P+1cnwjwcanoYwkJS7UftpHtZdxAQyIjgw /A+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=vUCgcOcoyknbYDpjOYGnYAK7UyQ22RuHrnyKyW1yECo=; b=ETTpPNNxOiUJdothupx6y2jbTzmoaKBrvZkPvPylOsubwuuLhE7A52oDYv45Zq48LF 9Xe668u/fnaHaA4oEgjmbKuG8Qb+0iQzqPzgrqD1SrertGBaK/DgO2mD72MAWHOG9DKe fjKTteozWLp8SCpFxz1SWRWblZwmA8oqDaOsopHFGa+WYJoPSbK15Aj/OTH3oUoY9+k1 0vzg636rgfDnL5h0y6XPFqkJrkXSo3LmcFKpSD97YCIJprdoZ5HdvrcQjCjS7wyTP0nM Kopr86cljthzxM/ssDVcY2p4ipZjJQOdZwoNSyeqCQKzFss58xtfOi0Q2iPFkx/1+HkZ /gwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id sc16si24548772ejc.599.2021.11.06.15.08.02; Sat, 06 Nov 2021 15:08:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234459AbhKFPSY (ORCPT + 99 others); Sat, 6 Nov 2021 11:18:24 -0400 Received: from mga17.intel.com ([192.55.52.151]:61492 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234441AbhKFPSY (ORCPT ); Sat, 6 Nov 2021 11:18:24 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10160"; a="212793734" X-IronPort-AV: E=Sophos;i="5.87,214,1631602800"; d="scan'208";a="212793734" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2021 08:15:42 -0700 X-IronPort-AV: E=Sophos;i="5.87,214,1631602800"; d="scan'208";a="450933974" Received: from chenyu-desktop.sh.intel.com (HELO chenyu-desktop) ([10.239.158.186]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2021 08:15:39 -0700 Date: Sat, 6 Nov 2021 23:14:56 +0800 From: Chen Yu To: Andy Shevchenko Cc: linux-acpi@vger.kernel.org, Greg Kroah-Hartman , "Rafael J. Wysocki" , Ard Biesheuvel , Len Brown , Ashok Raj , Mike Rapoport , Aubrey Li , linux-kernel@vger.kernel.org Subject: Re: [PATCH v8 2/4] drivers/acpi: Introduce Platform Firmware Runtime Update device driver Message-ID: <20211106151456.GA570347@chenyu-desktop> References: <01f8f7d23926dcdb054e5ac170ddcbbdb0aed560.1635953446.git.yu.c.chen@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 03, 2021 at 07:32:09PM +0200, Andy Shevchenko wrote: > On Wed, Nov 03, 2021 at 11:43:50PM +0800, Chen Yu wrote: > > Introduce the pfru_update driver which can be used for Platform Firmware > > Runtime code injection and driver update [1]. The user is expected to > > provide the update firmware in the form of capsule file, and pass it to > > the driver via ioctl. Then the driver would hand this capsule file to the > > Platform Firmware Runtime Update via the ACPI device _DSM method. At last > > the low level Management Mode would do the firmware update. > > > > The corresponding userspace tool and man page will be introduced at > > tools/power/acpi/pfru. > > ... > > > +#define PFRU_UUID "ECF9533B-4A3C-4E89-939E-C77112601C6D" > > +#define PFRU_CODE_INJ_UUID "B2F84B79-7B6E-4E45-885F-3FB9BB185402" > > +#define PFRU_DRV_UPDATE_UUID "4569DD8C-75F1-429A-A3D6-24DE8097A0DF" > > What stops you to have these being binaries? > GUID_INIT() / EFI_GUID_INIT() > Ok, will change to GUID_INIT(). > ... > > > +enum cap_index { > > + CAP_STATUS_IDX = 0, > > + CAP_UPDATE_IDX = 1, > > + CAP_CODE_TYPE_IDX = 2, > > + CAP_FW_VER_IDX = 3, > > + CAP_CODE_RT_VER_IDX = 4, > > + CAP_DRV_TYPE_IDX = 5, > > + CAP_DRV_RT_VER_IDX = 6, > > + CAP_DRV_SVN_IDX = 7, > > + CAP_PLAT_ID_IDX = 8, > > + CAP_OEM_ID_IDX = 9, > > + CAP_OEM_INFO_IDX = 10, > > > + CAP_NR_IDX = 11 > > Assignment here doesn't make any sense (it just adds unneeded churn and > burden). Same to the rest of similar cases below. > Greg mentioned that, we might need to "explicit about the numbers here, because it is uncerntain this is guaranteed by all C compilers or not." https://lore.kernel.org/lkml/YXj+QaMcCeV71XbI@kroah.com/ My understanding is that, this applys to both uapi headers and the kernel internal headers. > > +}; > > ... > > > +struct pfru_device { > > + guid_t uuid, code_uuid, drv_uuid; > > You don't need these. At least for now. > Ok, will drop these. > > + u32 rev_id, index; > > + struct device *parent_dev; > > + struct miscdevice miscdev; > > +}; > > ... > > > + m_hdr = (struct efi_manage_capsule_header *)(data + size); > > Do you need this casting? > Will drop this. > ... > > > + m_img_hdr = (struct efi_manage_capsule_image_header *)(data + size); > > Ditto. > > ... > > > + auth = (struct efi_image_auth *)(data + size); > > Ditto. > > ... > > > + ACPI_FREE(out_obj); > > Recently with Hans we realised that this (ACPI_FREE() API) is mostly > for ACPICA use. We may use simple kfree(). Sorry for getting back and > forward. > > ... > Will change it in next version. > > +static long pfru_ioctl(struct file *file, unsigned int cmd, unsigned long arg) > > +{ > > + struct pfru_update_cap_info cap_hdr; > > + struct pfru_device *pfru_dev = to_pfru_dev(file); > > + void __user *p = (void __user *)arg; > > + u32 rev; > > + int ret; > > + > > + switch (cmd) { > > + case PFRU_IOC_QUERY_CAP: > > + ret = query_capability(&cap_hdr, pfru_dev); > > + if (ret) > > + return ret; > > + > > + if (copy_to_user(p, &cap_hdr, sizeof(cap_hdr))) > > I'm wondering what will happen if p has less _real data_ than sizeof(cap_hdr)? > Here is my understanding: if the userspace has provided insufficient space, the userspace might either encounter segfault or data overwrite, and it is up to the userspace to avoid this situation from happening. for example: int my_test(void) { char *cap_on_heap = malloc(insufficient_size); char cap_on_stack[insufficient_size]; int victim; ... } copy_to_user(cap_on_heap) might cause segfault, and copy_to_user(cap_on_stack) might overwrite victim. > > + return -EFAULT; > > + > > + return 0; > > > + case PFRU_IOC_SET_REV: > > + if (copy_from_user(&rev, p, sizeof(u32))) > > sizeof(rev) > Ok. > > + return -EFAULT; > > + > > + if (!pfru_valid_revid(rev)) > > + return -EINVAL; > > + > > + pfru_dev->rev_id = rev; > > + > > + return 0; > > + case PFRU_IOC_STAGE: > > + return start_acpi_update(START_STAGE, pfru_dev); > > + case PFRU_IOC_ACTIVATE: > > + return start_acpi_update(START_ACTIVATE, pfru_dev); > > + case PFRU_IOC_STAGE_ACTIVATE: > > + return start_acpi_update(START_STAGE_ACTIVATE, pfru_dev); > > + default: > > + return -ENOTTY; > > + } > > +} > > ... > > > + /* map the communication buffer */ > > + phy_addr = (phys_addr_t)(buf_info.addr_lo | (buf_info.addr_hi << 32)); > > It's better to read if you start from MSB part to LSB. > Ok, will do. > ... > > > + ret = ida_alloc(&pfru_ida, GFP_KERNEL); > > + if (ret < 0) > > + return ret; > > (1) > > ... > > > + pfru_dev->miscdev.name = kasprintf(GFP_KERNEL, > > + "pfru%d", pfru_dev->index); > > devm_kasprinf() > > ... > > > + pfru_dev->miscdev.nodename = kasprintf(GFP_KERNEL, > > + "acpi_pfru%d", pfru_dev->index); > > Ditto. > > Yep, I know about (1), but do your homework and see how you can satisfy both > comments. > I did not realize devm_add_action_or_reset() could be used in (1) to deal with this situation, will do in next version. > ... > > > +static const struct acpi_device_id acpi_pfru_ids[] = { > > + {"INTC1080", 0}, > > 0 is redundant. > Ok. > > + {} > > +}; > > ... > > > +#include > > +#include > > Order? > Will adjust it. > ... > > > +#define PFRU_MAGIC 0xEE > > Perhaps PFRU_MAGIC_FOR_IOCTL. > Ok. Thanks, Chenyu