lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z_7ZC9w8Yu3Ybm-g@zaid-VirtualBox>
Date: Tue, 15 Apr 2025 15:09:15 -0700
From: Zaid Alali <zaidal@...amperecomputing.com>
To: Ira Weiny <ira.weiny@...el.com>
Cc: rafael@...nel.org, lenb@...nel.org, james.morse@....com,
	tony.luck@...el.com, bp@...en8.de, robert.moore@...el.com,
	dan.j.williams@...el.com, Jonathan.Cameron@...wei.com,
	Benjamin.Cheatham@....com, Avadhut.Naik@....com,
	viro@...iv.linux.org.uk, arnd@...db.de, dave.jiang@...el.com,
	sthanneeru.opensrc@...ron.com, linux-acpi@...r.kernel.org,
	linux-kernel@...r.kernel.org, acpica-devel@...ts.linux.dev
Subject: Re: [PATCH v5 8/9] ACPI: APEI: EINJ: Enable EINJv2 error injections

On Fri, Apr 04, 2025 at 09:56:05AM -0500, Ira Weiny wrote:
> Zaid Alali wrote:
> > Enable the driver to inject EINJv2 type errors. The component
> > array values are parsed from user_input and expected to contain
> > hex values for component id and syndrome separated by space,
> > and multiple components are separated by new line as follows:
> > 
> > component_id1 component_syndrome1
> > component_id2 component_syndrome2
> >  :
> > component_id(n) component_syndrome(n)
> > 
> > for example:
> > 
> > $comp_arr="0x1 0x2
> > >0x1 0x4
> > >0x2 0x4"
> > $cd /sys/kernel/debug/apei/einj/
> > $echo "$comp_arr" > einjv2_component_array
> > 
> > Signed-off-by: Zaid Alali <zaidal@...amperecomputing.com>
> > ---
> 
> [snip]
> 
> > @@ -483,10 +513,10 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> >  		return rc;
> >  	apei_exec_ctx_set_input(&ctx, type);
> >  	if (acpi5) {
> > -		struct set_error_type_with_address *v5param, v5_struct;
> > +		struct set_error_type_with_address *v5param;
> >  
> > -		v5param = &v5_struct;
> > -		memcpy_fromio(v5param, einj_param, sizeof(*v5param));
> > +		v5param = kmalloc(v5param_size, GFP_KERNEL);
> > +		memcpy_fromio(v5param, einj_param, v5param_size);
> >  		v5param->type = type;
> >  		if (type & ACPI5_VENDOR_BIT) {
> >  			switch (vendor_flags) {
> > @@ -506,8 +536,50 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> >  			v5param->flags = flags;
> >  			v5param->memory_address = param1;
> >  			v5param->memory_address_range = param2;
> > -			v5param->apicid = param3;
> > -			v5param->pcie_sbdf = param4;
> > +
> > +			if (is_V2) {
> > +				int count = 0, bytes_read, pos = 0, nr_parsed = 0, str_len;
> > +				unsigned int comp, synd;
> > +				struct syndrome_array *component_arr;
> > +
> > +				component_arr = v5param->einjv2_struct.component_arr;
> > +				str_len = strlen(user_input);
> > +
> > +				while ((nr_parsed = sscanf(user_input + pos, "%x %x\n%n", &comp,
> > +					&synd, &bytes_read))) {
> > +					pos += bytes_read;
> > +
> > +					if (nr_parsed != 2)
> > +						goto err_out;
> > +					if (count >= nr_components)
> > +						goto err_out;
> 
> It is hard to tell but I think these err_out's skip the kfree?
> 
> Regardless it is better to use the cleanup functions[1] on that kmalloc and let
> the destructors clean up for you.
> 
> Ira
> 
> [1] include/linux/cleanup.h

Good catch! I will fix this in the next revision.

Zaid

> 
> > +
> > +					switch (type) {
> > +					case EINJV2_PROCESSOR_ERROR:
> > +						component_arr[count].comp_id.acpi_id = comp;
> > +						component_arr[count].comp_synd.proc_synd = synd;
> > +						break;
> > +					case EINJV2_MEMORY_ERROR:
> > +						component_arr[count].comp_id.device_id = comp;
> > +						component_arr[count].comp_synd.mem_synd = synd;
> > +						break;
> > +					case EINJV2_PCIE_ERROR:
> > +						component_arr[count].comp_id.pcie_sbdf = comp;
> > +						component_arr[count].comp_synd.pcie_synd = synd;
> > +						break;
> > +					}
> > +					count++;
> > +					if (pos >= str_len)
> > +						break;
> > +				}
> > +				v5param->einjv2_struct.component_arr_count = count;
> > +
> > +				/* clear buffer after user input for next injection */
> > +				memset(user_input, 0, COMP_ARR_SIZE);
> > +			} else {
> > +				v5param->apicid = param3;
> > +				v5param->pcie_sbdf = param4;
> > +			}
> >  		} else {
> >  			switch (type) {
> >  			case ACPI_EINJ_PROCESSOR_CORRECTABLE:
> > @@ -531,7 +603,8 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> >  				break;
> >  			}
> >  		}
> > -		memcpy_toio(einj_param, v5param, sizeof(*v5param));
> > +		memcpy_toio(einj_param, v5param, v5param_size);
> > +		kfree(v5param);
> >  	} else {
> >  		rc = apei_exec_run(&ctx, ACPI_EINJ_SET_ERROR_TYPE);
> >  		if (rc)
> > @@ -583,6 +656,9 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> >  	rc = apei_exec_run_optional(&ctx, ACPI_EINJ_END_OPERATION);
> >  
> >  	return rc;
> > +err_out:
> > +	memset(user_input, 0, COMP_ARR_SIZE);
> > +	return -EINVAL;
> >  }
> >  
> 
> [snip]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ