summaryrefslogtreecommitdiff
path: root/drivers/firmware/qemu_fw_cfg.c
AgeCommit message (Collapse)AuthorFilesLines
2022-01-14Merge tag 'char-misc-5.17-rc1' of ↵Linus Torvalds1-12/+9
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc and other driver updates from Greg KH: "Here is the large set of char, misc, and other "small" driver subsystem changes for 5.17-rc1. Lots of different things are in here for char/misc drivers such as: - habanalabs driver updates - mei driver updates - lkdtm driver updates - vmw_vmci driver updates - android binder driver updates - other small char/misc driver updates Also smaller driver subsystems have also been updated, including: - fpga subsystem updates - iio subsystem updates - soundwire subsystem updates - extcon subsystem updates - gnss subsystem updates - phy subsystem updates - coresight subsystem updates - firmware subsystem updates - comedi subsystem updates - mhi subsystem updates - speakup subsystem updates - rapidio subsystem updates - spmi subsystem updates - virtual driver updates - counter subsystem updates Too many individual changes to summarize, the shortlog contains the full details. All of these have been in linux-next for a while with no reported issues" * tag 'char-misc-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (406 commits) counter: 104-quad-8: Fix use-after-free by quad8_irq_handler dt-bindings: mux: Document mux-states property dt-bindings: ti-serdes-mux: Add defines for J721S2 SoC counter: remove old and now unused registration API counter: ti-eqep: Convert to new counter registration counter: stm32-lptimer-cnt: Convert to new counter registration counter: stm32-timer-cnt: Convert to new counter registration counter: microchip-tcb-capture: Convert to new counter registration counter: ftm-quaddec: Convert to new counter registration counter: intel-qep: Convert to new counter registration counter: interrupt-cnt: Convert to new counter registration counter: 104-quad-8: Convert to new counter registration counter: Update documentation for new counter registration functions counter: Provide alternative counter registration functions counter: stm32-timer-cnt: Convert to counter_priv() wrapper counter: stm32-lptimer-cnt: Convert to counter_priv() wrapper counter: ti-eqep: Convert to counter_priv() wrapper counter: ftm-quaddec: Convert to counter_priv() wrapper counter: intel-qep: Convert to counter_priv() wrapper counter: microchip-tcb-capture: Convert to counter_priv() wrapper ...
2022-01-06qemu_fw_cfg: use default_groups in kobj_typeGreg Kroah-Hartman1-2/+3
There are currently 2 ways to create a set of sysfs files for a kobj_type, through the default_attrs field, and the default_groups field. Move the firmware qemu_fw_cfg sysfs code to use default_groups field which has been the preferred way since aa30f47cf666 ("kobject: Add support for default attribute groups to kobj_type") so that we can soon get rid of the obsolete default_attrs field. Cc: Gabriel Somlo <somlo@cmu.edu> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: qemu-devel@nongnu.org Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://lore.kernel.org/r/20220105183133.2812848-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-21firmware: qemu_fw_cfg: remove sysfs entries explicitlyJohan Hovold1-0/+1
Explicitly remove the file entries from sysfs before dropping the final reference for symmetry reasons and for consistency with the rest of the driver. Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20211201132528.30025-5-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-21firmware: qemu_fw_cfg: fix sysfs information leakJohan Hovold1-1/+1
Make sure to always NUL-terminate file names retrieved from the firmware to avoid accessing data beyond the entry slab buffer and exposing it through sysfs in case the firmware data is corrupt. Fixes: 75f3e8e47f38 ("firmware: introduce sysfs driver for QEMU's fw_cfg device") Cc: stable@vger.kernel.org # 4.6 Cc: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20211201132528.30025-4-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-21firmware: qemu_fw_cfg: fix kobject leak in probe error pathJohan Hovold1-7/+6
An initialised kobject must be freed using kobject_put() to avoid leaking associated resources (e.g. the object name). Commit fe3c60684377 ("firmware: Fix a reference count leak.") "fixed" the leak in the first error path of the file registration helper but left the second one unchanged. This "fix" would however result in a NULL pointer dereference due to the release function also removing the never added entry from the fw_cfg_entry_cache list. This has now been addressed. Fix the remaining kobject leak by restoring the common error path and adding the missing kobject_put(). Fixes: 75f3e8e47f38 ("firmware: introduce sysfs driver for QEMU's fw_cfg device") Cc: stable@vger.kernel.org # 4.6 Cc: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20211201132528.30025-3-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-21firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entriesJohan Hovold1-4/+1
Commit fe3c60684377 ("firmware: Fix a reference count leak.") "fixed" a kobject leak in the file registration helper by properly calling kobject_put() for the entry in case registration of the object fails (e.g. due to a name collision). This would however result in a NULL pointer dereference when the release function tries to remove the never added entry from the fw_cfg_entry_cache list. Fix this by moving the list-removal out of the release function. Note that the offending commit was one of the benign looking umn.edu fixes which was reviewed but not reverted. [1][2] [1] https://lore.kernel.org/r/202105051005.49BFABCE@keescook [2] https://lore.kernel.org/all/YIg7ZOZvS3a8LjSv@kroah.com Fixes: fe3c60684377 ("firmware: Fix a reference count leak.") Cc: stable@vger.kernel.org # 5.8 Cc: Qiushi Wu <wu000273@umn.edu> Cc: Kees Cook <keescook@chromium.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20211201132528.30025-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-29qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attributeNathan Chancellor1-5/+3
fw_cfg_showrev() is called by an indirect call in kobj_attr_show(), which violates clang's CFI checking because fw_cfg_showrev()'s second parameter is 'struct attribute', whereas the ->show() member of 'struct kobj_structure' expects the second parameter to be of type 'struct kobj_attribute'. $ cat /sys/firmware/qemu_fw_cfg/rev 3 $ dmesg | grep "CFI failure" [ 26.016832] CFI failure (target: fw_cfg_showrev+0x0/0x8): Fix this by converting fw_cfg_rev_attr to 'struct kobj_attribute' where this would have been caught automatically by the incompatible pointer types compiler warning. Update fw_cfg_showrev() accordingly. Fixes: 75f3e8e47f38 ("firmware: introduce sysfs driver for QEMU's fw_cfg device") Link: https://github.com/ClangBuiltLinux/linux/issues/1299 Signed-off-by: Nathan Chancellor <nathan@kernel.org> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210211194258.4137998-1-nathan@kernel.org
2020-10-15fw_cfg: Add support for parisc architectureHelge Deller1-0/+3
Signed-off-by: Helge Deller <deller@gmx.de>
2020-07-29firmware: Fix a reference count leak.Qiushi Wu1-3/+4
kobject_init_and_add() takes reference even when it fails. If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Callback function fw_cfg_sysfs_release_entry() in kobject_put() can handle the pointer "entry" properly. Signed-off-by: Qiushi Wu <wu000273@umn.edu> Link: https://lore.kernel.org/r/20200613190533.15712-1-wu000273@umn.edu Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-08-02media: headers: fix linux/mod_devicetable.h inclusionsArnd Bergmann1-0/+1
A couple of drivers produced build errors after the mod_devicetable.h header was split out from the platform_device one, e.g. drivers/media/platform/davinci/vpbe_osd.c:42:40: error: array type has incomplete element type 'struct platform_device_id' drivers/media/platform/davinci/vpbe_venc.c:42:40: error: array type has incomplete element type 'struct platform_device_id' This adds the inclusion where needed. Fixes: ac3167257b9f ("headers: separate linux/mod_devicetable.h from linux/platform_device.h") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Lad, Prabhakar <prabhakar.csengg@gmail.com> Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
2018-03-20fw_cfg: write vmcoreinfo detailsMarc-André Lureau1-3/+142
If the "etc/vmcoreinfo" fw_cfg file is present and we are not running the kdump kernel, write the addr/size of the vmcoreinfo ELF note. The DMA operation is expected to run synchronously with today qemu, but the specification states that it may become async, so we run "control" field check in a loop for eventual changes. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: add DMA registerMarc-André Lureau1-12/+41
Add an optional <dma_off> kernel module (or command line) parameter using the following syntax: [qemu_fw_cfg.]ioport=<size>@<base>[:<ctrl_off>:<data_off>[:<dma_off>]] or [qemu_fw_cfg.]mmio=<size>@<base>[:<ctrl_off>:<data_off>[:<dma_off>]] and initializes the register address using given or default offset. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: add a public uapi headerMarc-André Lureau1-20/+2
Create a common header file for well-known values and structures to be shared by the Linux kernel with qemu or other projects. It is based from qemu/docs/specs/fw_cfg.txt which references qemu/include/hw/nvram/fw_cfg_keys.h "for the most up-to-date and authoritative list" & vmcoreinfo.txt. Those files don't have an explicit license, but qemu/hw/nvram/fw_cfg.c is BSD-license, so Michael S. Tsirkin suggested to use the same license. The patch intentionally left out DMA & vmcoreinfo structures & defines, which are added in the commits making usage of it. Suggested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: handle fw_cfg_read_blob() errorMarc-André Lureau1-10/+22
fw_cfg_read_blob() may fail, but does not return error. This may lead to surprising behaviours, like populating zero file entries (in register_file() or during read). Return an error if ACPI locking failed. Also, the following DMA read/write extension will add more error paths that should be handled appropriately. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: remove inline from fw_cfg_read_blob()Marc-André Lureau1-2/+2
The function is not small and getting bigger. Let the compiler decide instead. No profiling done, hopefully unnecessary. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: fix sparse warnings around FW_CFG_FILE_DIR readMarc-André Lureau1-3/+4
Use struct fw_cfg_files to read the directory size, fixing the sparse warnings: drivers/firmware/qemu_fw_cfg.c:485:17: warning: cast to restricted __be32 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: fix sparse warning reading FW_CFG_IDMarc-André Lureau1-2/+3
Use a restricted type for reading FW_CFG_ID, fixing sparse warning: drivers/firmware/qemu_fw_cfg.c:540:22: warning: cast to restricted __le32 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: fix sparse warnings with fw_cfg_fileMarc-André Lureau1-13/+15
Modify fw_cfg_sysfs_entry to store entry values, instead of reusing the restricted types. Fixes warnings such as: $ make C=1 CF=-D__CHECK_ENDIAN__ drivers/firmware/qemu_fw_cfg.o drivers/firmware/qemu_fw_cfg.c:491:29: warning: incorrect type in assignment (different base types) drivers/firmware/qemu_fw_cfg.c:491:29: expected restricted __be32 [usertype] size drivers/firmware/qemu_fw_cfg.c:491:29: got unsigned int drivers/firmware/qemu_fw_cfg.c:492:31: warning: incorrect type in assignment (different base types) drivers/firmware/qemu_fw_cfg.c:492:31: expected restricted __be16 [usertype] select drivers/firmware/qemu_fw_cfg.c:492:31: got int Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-03-20fw_cfg: fix sparse warnings in fw_cfg_sel_endianness()Marc-André Lureau1-3/+6
Dispatch to the appropriate iowrite() instead of casting restricted type to u16. - if fw_cfg_is_mmio: before: iowrite16(cpu_to_be16(key)) after: iowrite16be(key) - if !fw_cfg_is_mmio: before: iowrite16(cpu_to_le16(key)) after: iowrite16(key) which is equivalent on little-endian systems, where fw_cfg IO is supported. Fixes: $ make C=1 CF=-D__CHECK_ENDIAN__ drivers/firmware/qemu_fw_cfg.o drivers/firmware/qemu_fw_cfg.c:55:33: warning: restricted __be16 degrades to integer drivers/firmware/qemu_fw_cfg.c:55:52: warning: restricted __le16 degrades to integer Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-01-31firmware: Use PTR_ERR_OR_ZERO()Vasyl Gomonovych1-3/+1
Fix ptr_ret.cocci warnings: drivers/firmware/efi/efi.c:610:8-14: WARNING: PTR_ERR_OR_ZERO can be used Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Generated by: scripts/coccinelle/api/ptr_ret.cocci Signed-off-by: Vasyl Gomonovych <gomonovych@gmail.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-12-01fw_cfg: fix driver removeMarc-André Lureau1-1/+2
On driver remove(), all objects created during probe() should be removed, but sysfs qemu_fw_cfg/rev file was left. Also reorder functions to match probe() error cleanup code. Cc: stable@vger.kernel.org Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-11-14fw_cfg: fix the command line module nameMarc-André Lureau1-4/+4
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-05-20Merge tag 'driver-core-4.7-rc1' of ↵Linus Torvalds1-3/+1
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core updates from Greg KH: "Here's the "big" driver core update for 4.7-rc1. Mostly just debugfs changes, the long-known and messy races with removing debugfs files should be fixed thanks to the great work of Nicolai Stange. We also have some isa updates in here (the x86 maintainers told me to take it through this tree), a new warning when we run out of dynamic char major numbers, and a few other assorted changes, details in the shortlog. All have been in linux-next for some time with no reported issues" * tag 'driver-core-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (32 commits) Revert "base: dd: don't remove driver_data in -EPROBE_DEFER case" gpio: ws16c48: Utilize the ISA bus driver gpio: 104-idio-16: Utilize the ISA bus driver gpio: 104-idi-48: Utilize the ISA bus driver gpio: 104-dio-48e: Utilize the ISA bus driver watchdog: ebc-c384_wdt: Utilize the ISA bus driver iio: stx104: Utilize the module_isa_driver and max_num_isa_dev macros iio: stx104: Add X86 dependency to STX104 Kconfig option Documentation: Add ISA bus driver documentation isa: Implement the max_num_isa_dev macro isa: Implement the module_isa_driver macro pnp: pnpbios: Add explicit X86_32 dependency to PNPBIOS isa: Decouple X86_32 dependency from the ISA Kconfig option driver-core: use 'dev' argument in dev_dbg_ratelimited stub base: dd: don't remove driver_data in -EPROBE_DEFER case kernfs: Move faulting copy_user operations outside of the mutex devcoredump: add scatterlist support debugfs: unproxify files created through debugfs_create_u32_array() debugfs: unproxify files created through debugfs_create_blob() debugfs: unproxify files created through debugfs_create_bool() ...
2016-04-21firmware: qemu_fw_cfg.c: potential unintialized variableDan Carpenter1-1/+1
It acpi_acquire_global_lock() return AE_NOT_CONFIGURED then "glk" isn't initialized, which, if you got very unlucky, could cause a bug. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-04-19Merge 4.6-rc4 into driver-core-nextGreg Kroah-Hartman1-1/+23
We want those fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-04-07firmware: qemu_fw_cfg.c: hold ACPI global lock during device accessGabriel Somlo1-0/+16
Allowing for the future possibility of implementing AML-based (i.e., firmware-triggered) access to the QEMU fw_cfg device, acquire the global ACPI lock when accessing the device on behalf of the guest-side sysfs driver, to prevent any potential race conditions. Suggested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-04-07qemu_fw_cfg: don't leak kobj on init errorMichael S. Tsirkin1-1/+7
If platform_driver_register fails, we should cleanup fw_cfg_top_ko before exiting. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Gabriel Somlo <somlo@cmu.edu>
2016-03-29firmware: fw_cfg register offsets on supported architectures onlyGabriel Somlo1-3/+1
Refrain from defining default fw_cfg register offsets on unsupported architectures -- throw an error instead. If QEMU were to add fw_cfg support on additional architectures, we should add them to the FW_CFG_SYSFS depends statement in drivers/firmware/Kconfig, and provide default values for register offsets in drivers/firmware/qemu_fw_cfg.c at that time. Suggested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-02-11firmware: qemu_fw_cfg.c: fix typo FW_CFG_DATA_OFFValentin Rothberg1-1/+1
s/FW_CTRL_DATA_OFF/FW_CFG_DATA_OFF/ Signed-off-by: Valentin Rothberg <valentin.rothberg@posteo.net> Signed-off-by: Andreas Ziegler <andreas.ziegler@fau.de> Acked-by: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-02-09firmware: create directory hierarchy for sysfs fw_cfg entriesGabriel Somlo1-3/+106
Each fw_cfg entry of type "file" has an associated 56-char, nul-terminated ASCII string which represents its name. While the fw_cfg device doesn't itself impose any specific naming convention, QEMU developers have traditionally used path name semantics (i.e. "etc/acpi/rsdp") to descriptively name the various fw_cfg "blobs" passed into the guest. This patch attempts, on a best effort basis, to create a directory hierarchy representing the content of fw_cfg file names, under /sys/firmware/qemu_fw_cfg/by_name. Upon successful creation of all directories representing the "dirname" portion of a fw_cfg file, a symlink will be created to represent the "basename", pointing at the appropriate /sys/firmware/qemu_fw_cfg/by_key entry. If a file name is not suitable for this procedure (e.g., if its basename or dirname components collide with an already existing dirname component or basename, respectively) the corresponding fw_cfg blob is skipped and will remain available in sysfs only by its selector key value. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Cc: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-02-09firmware: introduce sysfs driver for QEMU's fw_cfg deviceGabriel Somlo1-0/+648
Make fw_cfg entries of type "file" available via sysfs. Entries are listed under /sys/firmware/qemu_fw_cfg/by_key, in folders named after each entry's selector key. Filename, selector value, and size read-only attributes are included for each entry. Also, a "raw" attribute allows retrieval of the full binary content of each entry. The fw_cfg device can be instantiated automatically from ACPI or the Device Tree, or manually by using a kernel module (or command line) parameter, with a syntax outlined in the documentation file. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>