From 833c95456a70826d1384883b73fd23aff24d366f Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 12 Sep 2014 09:01:56 +0200 Subject: device coredump: add new device coredump class Many devices run firmware and/or complex hardware, and most of that can have bugs. When it misbehaves, however, it is often much harder to debug than software running on the host. Introduce a "device coredump" mechanism to allow dumping internal device/firmware state through a generalized mechanism. As devices are different and information needed can vary accordingly, this doesn't prescribe a file format - it just provides mechanism to get data to be able to capture it in a generalized way (e.g. in distributions.) The dumped data will be readable in sysfs in the virtual device's data file under /sys/class/devcoredump/devcd*/. Writing to it will free the data and remove the device, as does a 5-minute timeout. Note that generalized capturing of such data may result in privacy issues, so users generally need to be involved. In order to allow certain users/system integrators/... to disable the feature at all, introduce a Kconfig option to override the drivers that would like to have the feature. For now, this provides two ways of dumping data: 1) with a vmalloc'ed area, that is then given to the subsystem and freed after retrieval or timeout 2) with a generalized reader/free function method We could/should add more options, e.g. a list of pages, since the vmalloc area is very limited on some architectures. Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- drivers/base/Kconfig | 21 ++++ drivers/base/Makefile | 1 + drivers/base/devcoredump.c | 265 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 287 insertions(+) create mode 100644 drivers/base/devcoredump.c (limited to 'drivers/base') diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig index 4e7f0ff..134f763 100644 --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -165,6 +165,27 @@ config FW_LOADER_USER_HELPER_FALLBACK If you are unsure about this, say N here. +config WANT_DEV_COREDUMP + bool + help + Drivers should "select" this option if they desire to use the + device coredump mechanism. + +config DISABLE_DEV_COREDUMP + bool "Disable device coredump" if EXPERT + help + Disable the device coredump mechanism despite drivers wanting to + use it; this allows for more sensitive systems or systems that + don't want to ever access the information to not have the code, + nor keep any data. + + If unsure, say N. + +config DEV_COREDUMP + bool + default y if WANT_DEV_COREDUMP + depends on !DISABLE_DEV_COREDUMP + config DEBUG_DRIVER bool "Driver Core verbose debug messages" depends on DEBUG_KERNEL diff --git a/drivers/base/Makefile b/drivers/base/Makefile index 4aab26e..6922cd6 100644 --- a/drivers/base/Makefile +++ b/drivers/base/Makefile @@ -21,6 +21,7 @@ obj-$(CONFIG_SYS_HYPERVISOR) += hypervisor.o obj-$(CONFIG_REGMAP) += regmap/ obj-$(CONFIG_SOC_BUS) += soc.o obj-$(CONFIG_PINCTRL) += pinctrl.o +obj-$(CONFIG_DEV_COREDUMP) += devcoredump.o ccflags-$(CONFIG_DEBUG_DRIVER) := -DDEBUG diff --git a/drivers/base/devcoredump.c b/drivers/base/devcoredump.c new file mode 100644 index 0000000..96614b0 --- /dev/null +++ b/drivers/base/devcoredump.c @@ -0,0 +1,265 @@ +/* + * This file is provided under the GPLv2 license. + * + * GPL LICENSE SUMMARY + * + * Copyright(c) 2014 Intel Mobile Communications GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * The full GNU General Public License is included in this distribution + * in the file called COPYING. + * + * Contact Information: + * Intel Linux Wireless + * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 + * + * Author: Johannes Berg + */ +#include +#include +#include +#include +#include +#include +#include + +/* if data isn't read by userspace after 5 minutes then delete it */ +#define DEVCD_TIMEOUT (HZ * 60 * 5) + +struct devcd_entry { + struct device devcd_dev; + const void *data; + size_t datalen; + struct module *owner; + ssize_t (*read)(char *buffer, loff_t offset, size_t count, + const void *data, size_t datalen); + void (*free)(const void *data); + struct delayed_work del_wk; + struct device *failing_dev; +}; + +static struct devcd_entry *dev_to_devcd(struct device *dev) +{ + return container_of(dev, struct devcd_entry, devcd_dev); +} + +static void devcd_dev_release(struct device *dev) +{ + struct devcd_entry *devcd = dev_to_devcd(dev); + + devcd->free(devcd->data); + module_put(devcd->owner); + + /* + * this seems racy, but I don't see a notifier or such on + * a struct device to know when it goes away? + */ + if (devcd->failing_dev->kobj.sd) + sysfs_delete_link(&devcd->failing_dev->kobj, &dev->kobj, + "devcoredump"); + + put_device(devcd->failing_dev); + kfree(devcd); +} + +static void devcd_del(struct work_struct *wk) +{ + struct devcd_entry *devcd; + + devcd = container_of(wk, struct devcd_entry, del_wk.work); + + device_del(&devcd->devcd_dev); + put_device(&devcd->devcd_dev); +} + +static ssize_t devcd_data_read(struct file *filp, struct kobject *kobj, + struct bin_attribute *bin_attr, + char *buffer, loff_t offset, size_t count) +{ + struct device *dev = kobj_to_dev(kobj); + struct devcd_entry *devcd = dev_to_devcd(dev); + + return devcd->read(buffer, offset, count, devcd->data, devcd->datalen); +} + +static ssize_t devcd_data_write(struct file *filp, struct kobject *kobj, + struct bin_attribute *bin_attr, + char *buffer, loff_t offset, size_t count) +{ + struct device *dev = kobj_to_dev(kobj); + struct devcd_entry *devcd = dev_to_devcd(dev); + + mod_delayed_work(system_wq, &devcd->del_wk, 0); + + return count; +} + +static struct bin_attribute devcd_attr_data = { + .attr = { .name = "data", .mode = S_IRUSR | S_IWUSR, }, + .size = 0, + .read = devcd_data_read, + .write = devcd_data_write, +}; + +static struct bin_attribute *devcd_dev_bin_attrs[] = { + &devcd_attr_data, NULL, +}; + +static const struct attribute_group devcd_dev_group = { + .bin_attrs = devcd_dev_bin_attrs, +}; + +static const struct attribute_group *devcd_dev_groups[] = { + &devcd_dev_group, NULL, +}; + +static struct class devcd_class = { + .name = "devcoredump", + .owner = THIS_MODULE, + .dev_release = devcd_dev_release, + .dev_groups = devcd_dev_groups, +}; + +static ssize_t devcd_readv(char *buffer, loff_t offset, size_t count, + const void *data, size_t datalen) +{ + if (offset > datalen) + return -EINVAL; + + if (offset + count > datalen) + count = datalen - offset; + + if (count) + memcpy(buffer, ((u8 *)data) + offset, count); + + return count; +} + +/** + * dev_coredumpv - create device coredump with vmalloc data + * @dev: the struct device for the crashed device + * @data: vmalloc data containing the device coredump + * @datalen: length of the data + * @gfp: allocation flags + * + * This function takes ownership of the vmalloc'ed data and will free + * it when it is no longer used. See dev_coredumpm() for more information. + */ +void dev_coredumpv(struct device *dev, const void *data, size_t datalen, + gfp_t gfp) +{ + dev_coredumpm(dev, NULL, data, datalen, gfp, devcd_readv, vfree); +} +EXPORT_SYMBOL_GPL(dev_coredumpv); + +static int devcd_match_failing(struct device *dev, const void *failing) +{ + struct devcd_entry *devcd = dev_to_devcd(dev); + + return devcd->failing_dev == failing; +} + +/** + * dev_coredumpm - create device coredump with read/free methods + * @dev: the struct device for the crashed device + * @owner: the module that contains the read/free functions, use %THIS_MODULE + * @data: data cookie for the @read/@free functions + * @datalen: length of the data + * @gfp: allocation flags + * @read: function to read from the given buffer + * @free: function to free the given buffer + * + * Creates a new device coredump for the given device. If a previous one hasn't + * been read yet, the new coredump is discarded. The data lifetime is determined + * by the device coredump framework and when it is no longer needed the @free + * function will be called to free the data. + */ +void dev_coredumpm(struct device *dev, struct module *owner, + const void *data, size_t datalen, gfp_t gfp, + ssize_t (*read)(char *buffer, loff_t offset, size_t count, + const void *data, size_t datalen), + void (*free)(const void *data)) +{ + static atomic_t devcd_count = ATOMIC_INIT(0); + struct devcd_entry *devcd; + struct device *existing; + + existing = class_find_device(&devcd_class, NULL, dev, + devcd_match_failing); + if (existing) { + put_device(existing); + goto free; + } + + if (!try_module_get(owner)) + goto free; + + devcd = kzalloc(sizeof(*devcd), gfp); + if (!devcd) + goto put_module; + + devcd->owner = owner; + devcd->data = data; + devcd->datalen = datalen; + devcd->read = read; + devcd->free = free; + devcd->failing_dev = get_device(dev); + + device_initialize(&devcd->devcd_dev); + + dev_set_name(&devcd->devcd_dev, "devcd%d", + atomic_inc_return(&devcd_count)); + devcd->devcd_dev.class = &devcd_class; + + if (device_add(&devcd->devcd_dev)) + goto put_device; + + if (sysfs_create_link(&devcd->devcd_dev.kobj, &dev->kobj, + "failing_device")) + /* nothing - symlink will be missing */; + + if (sysfs_create_link(&dev->kobj, &devcd->devcd_dev.kobj, + "devcoredump")) + /* nothing - symlink will be missing */; + + INIT_DELAYED_WORK(&devcd->del_wk, devcd_del); + schedule_delayed_work(&devcd->del_wk, DEVCD_TIMEOUT); + + return; + put_device: + put_device(&devcd->devcd_dev); + put_module: + module_put(owner); + free: + free(data); +} +EXPORT_SYMBOL_GPL(dev_coredumpm); + +static int __init devcoredump_init(void) +{ + return class_register(&devcd_class); +} +__initcall(devcoredump_init); + +static int devcd_free(struct device *dev, void *data) +{ + struct devcd_entry *devcd = dev_to_devcd(dev); + + flush_delayed_work(&devcd->del_wk); + return 0; +} + +static void __exit devcoredump_exit(void) +{ + class_for_each_device(&devcd_class, NULL, NULL, devcd_free); + class_unregister(&devcd_class); +} +__exitcall(devcoredump_exit); -- cgit v1.1 From 655e5b7c031e84cf8c07cfd6a5944ce53cba1add Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 26 Aug 2014 00:34:44 -0700 Subject: drivers/base: Fix length checks in create_syslog_header()/dev_vprintk_emit() snprintf() returns the number of bytes that could have been written (excluding the null), not the actual number of bytes written. Given a long enough subsystem or device name, these functions will advance beyond the end of the on-stack buffer in dev_vprintk_exit(), resulting in an information leak or stack corruption. I don't know whether such a long name is currently possible. In case snprintf() returns a value >= the buffer size, do not add structured logging information. Also WARN if this happens, so we can fix the driver or increase the buffer size. Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman --- drivers/base/core.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'drivers/base') diff --git a/drivers/base/core.c b/drivers/base/core.c index 20da3ad..28b808c 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -2007,6 +2007,8 @@ create_syslog_header(const struct device *dev, char *hdr, size_t hdrlen) return 0; pos += snprintf(hdr + pos, hdrlen - pos, "SUBSYSTEM=%s", subsys); + if (pos >= hdrlen) + goto overflow; /* * Add device identifier DEVICE=: @@ -2038,7 +2040,14 @@ create_syslog_header(const struct device *dev, char *hdr, size_t hdrlen) "DEVICE=+%s:%s", subsys, dev_name(dev)); } + if (pos >= hdrlen) + goto overflow; + return pos; + +overflow: + dev_WARN(dev, "device/subsystem name too long"); + return 0; } int dev_vprintk_emit(int level, const struct device *dev, -- cgit v1.1 From 24a7d36a7260a30b8477d1fe0335c87ad846ed56 Mon Sep 17 00:00:00 2001 From: Tina Johnson Date: Tue, 12 Aug 2014 02:54:08 +0530 Subject: attribute_container: fix whitespace errors This is a clean-up patch to the attribute_container.c file to fix the whitespace errors. Signed-off-by: Tina Johnson Signed-off-by: Greg Kroah-Hartman --- drivers/base/attribute_container.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'drivers/base') diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c index b84ca8f..5917cc3 100644 --- a/drivers/base/attribute_container.c +++ b/drivers/base/attribute_container.c @@ -76,7 +76,7 @@ attribute_container_register(struct attribute_container *cont) INIT_LIST_HEAD(&cont->node); klist_init(&cont->containers,internal_container_klist_get, internal_container_klist_put); - + mutex_lock(&attribute_container_mutex); list_add_tail(&cont->node, &attribute_container_list); mutex_unlock(&attribute_container_mutex); @@ -104,14 +104,14 @@ attribute_container_unregister(struct attribute_container *cont) spin_unlock(&cont->containers.k_lock); mutex_unlock(&attribute_container_mutex); return retval; - + } EXPORT_SYMBOL_GPL(attribute_container_unregister); /* private function used as class release */ static void attribute_container_release(struct device *classdev) { - struct internal_container *ic + struct internal_container *ic = container_of(classdev, struct internal_container, classdev); struct device *dev = classdev->parent; @@ -185,7 +185,7 @@ attribute_container_add_device(struct device *dev, n ? container_of(n, typeof(*pos), member) : \ ({ klist_iter_exit(iter) ; NULL; }); \ }) ) != NULL; ) - + /** * attribute_container_remove_device - make device eligible for removal. @@ -247,7 +247,7 @@ attribute_container_remove_device(struct device *dev, * container, then use attribute_container_trigger() instead. */ void -attribute_container_device_trigger(struct device *dev, +attribute_container_device_trigger(struct device *dev, int (*fn)(struct attribute_container *, struct device *, struct device *)) -- cgit v1.1 From 287f9bd9325b982ed19371697d4af7032c5a3b0b Mon Sep 17 00:00:00 2001 From: Tina Johnson Date: Tue, 12 Aug 2014 02:54:09 +0530 Subject: attribute_container: fix coding style issues Fix checkpatch.pl issues with coding style. Added and removed spaces accordingly. Signed-off-by: Tina Johnson Signed-off-by: Greg Kroah-Hartman --- drivers/base/attribute_container.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/base') diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c index 5917cc3..3ead3af 100644 --- a/drivers/base/attribute_container.c +++ b/drivers/base/attribute_container.c @@ -74,7 +74,7 @@ int attribute_container_register(struct attribute_container *cont) { INIT_LIST_HEAD(&cont->node); - klist_init(&cont->containers,internal_container_klist_get, + klist_init(&cont->containers, internal_container_klist_get, internal_container_klist_put); mutex_lock(&attribute_container_mutex); @@ -184,7 +184,7 @@ attribute_container_add_device(struct device *dev, struct klist_node *n = klist_next(iter); \ n ? container_of(n, typeof(*pos), member) : \ ({ klist_iter_exit(iter) ; NULL; }); \ - }) ) != NULL; ) + })) != NULL;) /** -- cgit v1.1 From 41575335ed026339e07f265ede3a21e995bee8e6 Mon Sep 17 00:00:00 2001 From: Thierry Reding Date: Fri, 8 Aug 2014 15:56:36 +0200 Subject: driver core: Remove kerneldoc from local function The deferred_probe_work_func() function is locally scoped, therefore an associated kerneldoc comment isn't very useful. Replace the kerneldoc opening marker (/**) with a regular block comment marker (/*) to avoid the comment from being parsed by kerneldoc. This gets rid of a warning caused by a missing description for the "work" argument. Signed-off-by: Thierry Reding Signed-off-by: Greg Kroah-Hartman --- drivers/base/dd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/base') diff --git a/drivers/base/dd.c b/drivers/base/dd.c index e4ffbcf..cdc779c 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -54,7 +54,7 @@ static LIST_HEAD(deferred_probe_active_list); static struct workqueue_struct *deferred_wq; static atomic_t deferred_trigger_count = ATOMIC_INIT(0); -/** +/* * deferred_probe_work_func() - Retry probing devices in the active list. */ static void deferred_probe_work_func(struct work_struct *work) -- cgit v1.1 From 471b095dfe0d693a8d624cbc716d1ee4d74eb437 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 18 Sep 2014 11:25:37 -0700 Subject: firmware_class: make sure fw requests contain a name An empty firmware request name will trigger warnings when building device names. Make sure this is caught earlier and rejected. The warning was visible via the test_firmware.ko module interface: echo -ne "\x00" > /sys/devices/virtual/misc/test_firmware/trigger_request Reported-by: Sasha Levin Signed-off-by: Kees Cook Cc: stable@vger.kernel.org Tested-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/base/firmware_class.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'drivers/base') diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c index bf42430..3d785eb 100644 --- a/drivers/base/firmware_class.c +++ b/drivers/base/firmware_class.c @@ -1105,6 +1105,9 @@ _request_firmware(const struct firmware **firmware_p, const char *name, if (!firmware_p) return -EINVAL; + if (!name || name[0] == '\0') + return -EINVAL; + ret = _request_firmware_prepare(&fw, name, device); if (ret <= 0) /* error or already assigned */ goto out; -- cgit v1.1 From bef59c5024be687ef4f228915af9961307a779ab Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Wed, 20 Aug 2014 15:26:35 +0200 Subject: devres: Improve devm_kasprintf()/kvasprintf() support - Add devm_kasprintf()/kvasprintf(), introduced by commit 75f2a4ead5d5890ada9c2663a70fb58613c0d9f2 ("devres: Add devm_kasprintf and devm_kvasprintf API"), to Documentation/driver-model/devres.txt, - Improve kernel doc: the string is not an existing formatted string, but is formatted into the newly-allocated buffer, - Add a __printf() annotation to devm_kasprintf(), so the compiler will verify the format string argument types. Signed-off-by: Geert Uytterhoeven Signed-off-by: Greg Kroah-Hartman --- drivers/base/devres.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'drivers/base') diff --git a/drivers/base/devres.c b/drivers/base/devres.c index 69d9b0c..c8a53d1 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -817,13 +817,13 @@ char *devm_kstrdup(struct device *dev, const char *s, gfp_t gfp) EXPORT_SYMBOL_GPL(devm_kstrdup); /** - * devm_kvasprintf - Allocate resource managed space - * for the formatted string. + * devm_kvasprintf - Allocate resource managed space and format a string + * into that. * @dev: Device to allocate memory for * @gfp: the GFP mask used in the devm_kmalloc() call when * allocating memory - * @fmt: the formatted string to duplicate - * @ap: the list of tokens to be placed in the formatted string + * @fmt: The printf()-style format string + * @ap: Arguments for the format string * RETURNS: * Pointer to allocated string on success, NULL on failure. */ @@ -849,12 +849,13 @@ char *devm_kvasprintf(struct device *dev, gfp_t gfp, const char *fmt, EXPORT_SYMBOL(devm_kvasprintf); /** - * devm_kasprintf - Allocate resource managed space - * and copy an existing formatted string into that + * devm_kasprintf - Allocate resource managed space and format a string + * into that. * @dev: Device to allocate memory for * @gfp: the GFP mask used in the devm_kmalloc() call when * allocating memory - * @fmt: the string to duplicate + * @fmt: The printf()-style format string + * @...: Arguments for the format string * RETURNS: * Pointer to allocated string on success, NULL on failure. */ -- cgit v1.1 From 33ead538f642a33b1d658782a5d14a40b5014d1f Mon Sep 17 00:00:00 2001 From: Yasuaki Ishimatsu Date: Fri, 3 Oct 2014 19:06:03 +0900 Subject: driver/base/node: remove unnecessary kfree of node struct from unregister_one_node Commit 92d585ef067d ("numa: fix NULL pointer access and memory leak in unregister_one_node()") added kfree() of node struct in unregister_one_node(). But node struct is freed by node_device_release() which is called in unregister_node(). So by adding the kfree(), node struct is freed two times. While hot removing memory, the commit leads the following BUG_ON(): kernel BUG at mm/slub.c:3346! invalid opcode: 0000 [#1] SMP [...] Call Trace: [...] unregister_one_node [...] try_offline_node [...] remove_memory [...] acpi_memory_device_remove [...] acpi_bus_trim [...] acpi_bus_trim [...] acpi_device_hotplug [...] acpi_hotplug_work_fn [...] process_one_work [...] worker_thread [...] ? rescuer_thread [...] kthread [...] ? kthread_create_on_node [...] ret_from_fork [...] ? kthread_create_on_node This patch removes unnecessary kfree() from unregister_one_node(). Signed-off-by: Yasuaki Ishimatsu Cc: Xishi Qiu Cc: stable@vger.kernel.org # v3.16+ Fixes: 92d585ef067d "numa: fix NULL pointer access and memory leak in unregister_one_node()" Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman --- drivers/base/node.c | 1 - 1 file changed, 1 deletion(-) (limited to 'drivers/base') diff --git a/drivers/base/node.c b/drivers/base/node.c index c6d3ae0..d51c49c 100644 --- a/drivers/base/node.c +++ b/drivers/base/node.c @@ -603,7 +603,6 @@ void unregister_one_node(int nid) return; unregister_node(node_devices[nid]); - kfree(node_devices[nid]); node_devices[nid] = NULL; } -- cgit v1.1