1. 02 9月, 2020 3 次提交
  2. 21 12月, 2018 1 次提交
  3. 01 12月, 2018 1 次提交
    • M
      tools/testing/nvdimm: Fix the array size for dimm devices. · 08609aac
      Masayoshi Mizuma 提交于
      [ Upstream commit af31b04b67f4fd7f639fd465a507c154c46fc9fb ]
      
      KASAN reports following global out of bounds access while
      nfit_test is being loaded. The out of bound access happens
      the following reference to dimm_fail_cmd_flags[dimm]. 'dimm' is
      over than the index value, NUM_DCR (==5).
      
        static int override_return_code(int dimm, unsigned int func, int rc)
        {
                if ((1 << func) & dimm_fail_cmd_flags[dimm]) {
      
      dimm_fail_cmd_flags[] definition:
        static unsigned long dimm_fail_cmd_flags[NUM_DCR];
      
      'dimm' is the return value of get_dimm(), and get_dimm() returns
      the index of handle[] array. The handle[] has 7 index. Let's use
      ARRAY_SIZE(handle) as the array size.
      
      KASAN report:
      
      ==================================================================
      BUG: KASAN: global-out-of-bounds in nfit_test_ctl+0x47bb/0x55b0 [nfit_test]
      Read of size 8 at addr ffffffffc10cbbe8 by task kworker/u41:0/8
      ...
      Call Trace:
       dump_stack+0xea/0x1b0
       ? dump_stack_print_info.cold.0+0x1b/0x1b
       ? kmsg_dump_rewind_nolock+0xd9/0xd9
       print_address_description+0x65/0x22e
       ? nfit_test_ctl+0x47bb/0x55b0 [nfit_test]
       kasan_report.cold.6+0x92/0x1a6
       nfit_test_ctl+0x47bb/0x55b0 [nfit_test]
      ...
      The buggy address belongs to the variable:
       dimm_fail_cmd_flags+0x28/0xffffffffffffa440 [nfit_test]
      ==================================================================
      
      Fixes: 39611e83 ("tools/testing/nvdimm: Make DSM failure code injection...")
      Signed-off-by: NMasayoshi Mizuma <m.mizuma@jp.fujitsu.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      08609aac
  4. 01 8月, 2018 1 次提交
    • V
      tools/testing/nvdimm: improve emulation of smart injection · b4d4702f
      Vishal Verma 提交于
      The emulation for smart injection commands for nfit neglected to check
      the smart field validity flags before injecting to that field. This is
      required as a way to distinguish un-injection vs. leave-alone.
      
      The emulation was also missing support for un-injection entirely. To add
      this support, first, fix the above flags check. Second, use the
      'enable' field in the injection command to determine injection vs
      un-injection. Third, move the smart initialization struct to be a global
      static structure for the nfit_test module. Reference this to get the
      smart 'defaults' when un-injecting a smart field.
      Signed-off-by: NVishal Verma <vishal.l.verma@intel.com>
      Signed-off-by: NDave Jiang <dave.jiang@intel.com>
      b4d4702f
  5. 15 7月, 2018 2 次提交
  6. 01 7月, 2018 1 次提交
  7. 23 5月, 2018 1 次提交
    • D
      x86, nfit_test: Add unit test for memcpy_mcsafe() · 5d8beee2
      Dan Williams 提交于
      Given the fact that the ACPI "EINJ" (error injection) facility is not
      universally available, implement software infrastructure to validate the
      memcpy_mcsafe() exception handling implementation.
      
      For each potential read exception point in memcpy_mcsafe(), inject a
      emulated exception point at the address identified by 'mcsafe_inject'
      variable. With this infrastructure implement a test to validate that the
      'bytes remaining' calculation is correct for a range of various source
      buffer alignments.
      
      This code is compiled out by default. The CONFIG_MCSAFE_DEBUG
      configuration symbol needs to be manually enabled by editing
      Kconfig.debug. I.e. this functionality can not be accidentally enabled
      by a user / distro, it's only for development.
      
      Cc: <x86@kernel.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Reported-by: NTony Luck <tony.luck@intel.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      5d8beee2
  8. 16 4月, 2018 4 次提交
  9. 06 4月, 2018 2 次提交
  10. 07 3月, 2018 3 次提交
    • R
      nfit_test: prevent parsing error of nfit_test.0 · 1526f9e2
      Ross Zwisler 提交于
      When you load nfit_test you currently see the following error in dmesg:
      
       nfit_test nfit_test.0: found a zero length table '0' parsing nfit
      
      This happens because when we parse the nfit_test.0 table via
      acpi_nfit_init(), we specify a size of nfit_test->nfit_size.  For the first
      pass through nfit_test.0 where (t->setup_hotplug == 0) this is the size of
      the entire buffer we allocated, including space for the hot plug
      structures, not the size that we've actually filled in.
      
      Fix this by only trying to parse the size of the structures that we've
      filled in.
      Signed-off-by: NRoss Zwisler <ross.zwisler@linux.intel.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      1526f9e2
    • R
      nfit_test: fix buffer overrun, add sanity check · 9741a559
      Ross Zwisler 提交于
      It turns out that we were overrunning the 'nfit_buf' buffer in
      nfit_test0_setup() in the (t->setup_hotplug == 1) case because we failed to
      correctly account for all of the acpi_nfit_memory_map structures.
      
      Fix the structure count which will increase the allocation size of
      'nfit_buf' in nfit_test0_alloc().  Also add some WARN_ON()s to
      nfit_test0_setup() and nfit_test1_setup() to catch future issues where the
      size of the buffer doesn't match the amount of data we're writing.
      Signed-off-by: NRoss Zwisler <ross.zwisler@linux.intel.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      9741a559
    • R
      nfit_test: improve structure offset handling · d7d8464d
      Ross Zwisler 提交于
      In nfit_test0_setup() and nfit_test1_setup() we keep an 'offset' value
      which we use to calculate where in our 'nfit_buf' we will place our next
      structure.  The handling of 'offset' and the calculation of the placement
      of the next structure is a bit inconsistent, though.  We don't update
      'offset' after we insert each structure, sometimes causing us to update it
      for multiple structures' sizes at once.  When calculating the position of
      the next structure we aren't always able to just use 'offset', but
      sometimes have to add in other structure sizes as well.
      
      Fix this by updating 'offset' after each structure insertion in a
      consistent way, allowing us to always calculate the position of the next
      structure to be inserted by just using 'nfit_buf + offset'.
      Signed-off-by: NRoss Zwisler <ross.zwisler@linux.intel.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      d7d8464d
  11. 02 2月, 2018 4 次提交
  12. 05 12月, 2017 2 次提交
    • D
      tools/testing/nvdimm: smart alarm/threshold control · ed07c433
      Dan Williams 提交于
      Allow the smart_threshold values to be changed via the 'set smart
      threshold command' and trigger notifications when the thresholds are
      met.
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      ed07c433
    • D
      nfit, libnvdimm: deprecate the generic SMART ioctl · cdd77d3e
      Dan Williams 提交于
      The kernel's ND_IOCTL_SMART_THRESHOLD command is based on a payload
      definition that has become broken / out-of-sync with recent versions of
      the NVDIMM_FAMILY_INTEL definition. Deprecate the use of the
      ND_IOCTL_SMART_THRESHOLD command in favor of the ND_CMD_CALL approach
      taken by NVDIMM_FAMILY_{HPE,MSFT}, where we can manage the per-vendor
      variance in userspace.
      
      In a couple years, when the new scheme is widely deployed in userspace
      packages, the ND_IOCTL_SMART_THRESHOLD support can be removed. For now
      we prevent new binaries from compiling against the kernel header
      definitions, but kernel still compatible with old binaries. The
      libndctl.h [1] header is now the authoritative interface definition for
      NVDIMM SMART.
      
      [1]: https://github.com/pmem/ndctlSigned-off-by: NDan Williams <dan.j.williams@intel.com>
      cdd77d3e
  13. 14 11月, 2017 1 次提交
  14. 09 11月, 2017 1 次提交
  15. 03 11月, 2017 2 次提交
  16. 08 10月, 2017 1 次提交
  17. 19 9月, 2017 1 次提交
  18. 01 9月, 2017 1 次提交
    • R
      libnvdimm, nd_blk: remove mmio_flush_range() · 5deb67f7
      Robin Murphy 提交于
      mmio_flush_range() suffers from a lack of clearly-defined semantics,
      and is somewhat ambiguous to port to other architectures where the
      scope of the writeback implied by "flush" and ordering might matter,
      but MMIO would tend to imply non-cacheable anyway. Per the rationale
      in 67a3e8fe ("nd_blk: change aperture mapping from WC to WB"), the
      only existing use is actually to invalidate clean cache lines for
      ARCH_MEMREMAP_PMEM type mappings *without* writeback. Since the recent
      cleanup of the pmem API, that also now happens to be the exact purpose
      of arch_invalidate_pmem(), which would be a far more well-defined tool
      for the job.
      
      Rather than risk potentially inconsistent implementations of
      mmio_flush_range() for the sake of one callsite, streamline things by
      removing it entirely and instead move the ARCH_MEMREMAP_PMEM related
      definitions up to the libnvdimm level, so they can be shared by NFIT
      as well. This allows NFIT to be enabled for arm64.
      Signed-off-by: NRobin Murphy <robin.murphy@arm.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      5deb67f7
  19. 16 6月, 2017 1 次提交
    • Y
      tools/testing/nvdimm: fix nfit_test buffer overflow · a117699c
      Yasunori Goto 提交于
      The root cause of panic is the num_pm of nfit_test1 is wrong.
      Though 1 is specified for num_pm at nfit_test_init(), it must be 2,
      because nfit_test1->spa_set[] array has 2 elements.
      
      Since the array is smaller than expected, the driver breaks other area.
      (it is often the link list of devres).
      
      As a result, panic occurs like the following example.
      
          CPU: 4 PID: 2233 Comm: lt-libndctl Tainted: G           O    4.12.0-rc1+ #12
          RIP: 0010:__list_del_entry_valid+0x6c/0xa0
          Call Trace:
           release_nodes+0x76/0x260
           devres_release_all+0x3c/0x50
           device_release_driver_internal+0x159/0x200
           device_release_driver+0x12/0x20
           bus_remove_device+0xfd/0x170
           device_del+0x1e8/0x330
           platform_device_del+0x28/0x90
           platform_device_unregister+0x12/0x30
           nfit_test_exit+0x2a/0x93b [nfit_test]
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NYasunori Goto <y-goto@jp.fujitsu.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      a117699c
  20. 07 6月, 2017 1 次提交
  21. 19 4月, 2017 2 次提交
  22. 18 4月, 2017 1 次提交
  23. 01 3月, 2017 1 次提交
  24. 07 12月, 2016 1 次提交
    • D
      tools/testing/nvdimm: unit test acpi_nfit_ctl() · a7de92da
      Dan Williams 提交于
      A recent flurry of bug discoveries in the nfit driver's DSM marshalling
      routine has highlighted the fact that we do not have unit test coverage
      for this routine. Add a self-test of acpi_nfit_ctl() routine before
      probing the "nfit_test.0" device. This mocks stimulus to acpi_nfit_ctl()
      and if any of the tests fail "nfit_test.0" will be unavailable causing
      the rest of the tests to not run / fail.
      
      This unit test will also be a place to land reproductions of quirky BIOS
      behavior discovered in the field and ensure the kernel does not regress
      against implementations it has seen in practice.
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      a7de92da
  25. 19 10月, 2016 1 次提交