Commit Graph

15 Commits

Author SHA1 Message Date
Jakub Kicinski
d2e11fd2b7 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Conflicting commits, all resolutions pretty trivial:

drivers/bus/mhi/pci_generic.c
  5c2c853159 ("bus: mhi: pci-generic: configurable network interface MRU")
  56f6f4c4eb ("bus: mhi: pci_generic: Apply no-op for wake using sideband wake boolean")

drivers/nfc/s3fwrn5/firmware.c
  a0302ff590 ("nfc: s3fwrn5: remove unnecessary label")
  46573e3ab0 ("nfc: s3fwrn5: fix undefined parameter values in dev_err()")
  801e541c79 ("nfc: s3fwrn5: fix undefined parameter values in dev_err()")

MAINTAINERS
  7d901a1e87 ("net: phy: add Maxlinear GPY115/21x/24x driver")
  8a7b46fa79 ("MAINTAINERS: add Yasushi SHOJI as reviewer for the Microchip CAN BUS Analyzer Tool driver")

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-07-31 09:14:46 -07:00
Krzysztof Kozlowski
582fdc98ad nfc: nfcsim: constify drvdata (struct nfcsim)
nfcsim_abort_cmd() does not modify struct nfcsim, so local variable
can be a pointer to const.

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-07-29 12:28:03 +01:00
Krzysztof Kozlowski
5e7b30d24a nfc: nfcsim: fix use after free during module unload
There is a use after free memory corruption during module exit:
 - nfcsim_exit()
  - nfcsim_device_free(dev0)
    - nfc_digital_unregister_device()
      This iterates over command queue and frees all commands,
    - dev->up = false
    - nfcsim_link_shutdown()
      - nfcsim_link_recv_wake()
        This wakes the sleeping thread nfcsim_link_recv_skb().

 - nfcsim_link_recv_skb()
   Wake from wait_event_interruptible_timeout(),
   call directly the deb->cb callback even though (dev->up == false),
   - digital_send_cmd_complete()
     Dereference of "struct digital_cmd" cmd which was freed earlier by
     nfc_digital_unregister_device().

This causes memory corruption shortly after (with unrelated stack
trace):

  nfc nfc0: NFC: nfcsim_recv_wq: Device is down
  llcp: nfc_llcp_recv: err -19
  nfc nfc1: NFC: nfcsim_recv_wq: Device is down
  BUG: unable to handle page fault for address: ffffffffffffffed
  Call Trace:
   fsnotify+0x54b/0x5c0
   __fsnotify_parent+0x1fe/0x300
   ? vfs_write+0x27c/0x390
   vfs_write+0x27c/0x390
   ksys_write+0x63/0xe0
   do_syscall_64+0x3b/0x90
   entry_SYSCALL_64_after_hwframe+0x44/0xae

KASAN report:

  BUG: KASAN: use-after-free in digital_send_cmd_complete+0x16/0x50
  Write of size 8 at addr ffff88800a05f720 by task kworker/0:2/71
  Workqueue: events nfcsim_recv_wq [nfcsim]
  Call Trace:
   dump_stack_lvl+0x45/0x59
   print_address_description.constprop.0+0x21/0x140
   ? digital_send_cmd_complete+0x16/0x50
   ? digital_send_cmd_complete+0x16/0x50
   kasan_report.cold+0x7f/0x11b
   ? digital_send_cmd_complete+0x16/0x50
   ? digital_dep_link_down+0x60/0x60
   digital_send_cmd_complete+0x16/0x50
   nfcsim_recv_wq+0x38f/0x3d5 [nfcsim]
   ? nfcsim_in_send_cmd+0x4a/0x4a [nfcsim]
   ? lock_is_held_type+0x98/0x110
   ? finish_wait+0x110/0x110
   ? rcu_read_lock_sched_held+0x9c/0xd0
   ? rcu_read_lock_bh_held+0xb0/0xb0
   ? lockdep_hardirqs_on_prepare+0x12e/0x1f0

This flow of calling digital_send_cmd_complete() callback on driver exit
is specific to nfcsim which implements reading and sending work queues.
Since the NFC digital device was unregistered, the callback should not
be called.

Fixes: 204bddcb50 ("NFC: nfcsim: Make use of the Digital layer")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-07-28 10:20:16 +01:00
Krzysztof Kozlowski
7186aac9c2 nfc: constify nfc_digital_ops
Neither the core nor the drivers modify the passed pointer to struct
nfc_digital_ops, so make it a pointer to const for correctness and safety.

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-07-25 09:21:21 +01:00
Thomas Gleixner
2025cf9e19 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
Based on 1 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms and conditions of the gnu general public license
  version 2 as published by the free software foundation this program
  is distributed in the hope it will be useful but without any
  warranty without even the implied warranty of merchantability or
  fitness for a particular purpose see the gnu general public license
  for more details

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 263 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Alexios Zavras <alexios.zavras@intel.com>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190529141901.208660670@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-05 17:36:37 +02:00
Gustavo A. R. Silva
6f874bafac NFC: add NULL checks to avoid potential NULL pointer dereference
NULL checks at line 457: if (!link0 || !link1) {, implies that both
pointers link0 and link1 might be NULL.
Function nfcsim_link_free() dereference pointers link0 and link1.
Add NULL checks before calling nfcsim_link_free() to avoid a
potential NULL pointer dereference.

Addresses-Coverity-ID: 1364857
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-23 00:34:56 +02:00
Thierry Escande
2a0fe4fe5b NFC: nfcsim: Simulate lost frames through debugfs entry
This patch allows to simulate the lost of frames exchanged between the 2
nfcsim devices through a control entry in the debugfs and is used as
follow:

 echo n > /sys/kernel/debug/nfcsim/nfcX/dropframe

Where n specifies the number of frames to be dropped between 0 and 255
and nfcX is either nfc0 or nfc1, one of the two nfcsim devices.

In the following example, the next frame that should be sent by the nfc0
device will be dropped and thus not received by the nfc1 device:

 echo 1 > /sys/kernel/debug/nfcsim/nfc0/dropframe

The value of 0 can be used to reset the dropframe counter.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-19 23:24:49 +02:00
Thierry Escande
f9ac6273e5 NFC: nfcsim: Add support for sysfs control entry
The idea is to have a way to control and/or modify the behavior of the
nfcsim virtual devices.

This patch creates a folder tree in the debug filesystem. The debugfs is
usually mounted into /sys/kernel/debug and the nfcsim entries are
located in DEBUGFS/nfcsim/nfcX/ where X is either 0 or 1 depending on
the device you want to address.

These folders are empty for now and control entries will be added by
upcoming commits.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-19 23:23:29 +02:00
Thierry Escande
204bddcb50 NFC: nfcsim: Make use of the Digital layer
With this complete rewrite, the loopback nfcsim driver now relies on the
Digital layer of the nfc stack. As with the previous version, 2 nfc
devices are declared when the driver is initialized. The driver supports
the NFC_DEP protocol in NFC-A and NFC-F technologies.

The 2 devices are using a pair of virtual links for sk_buff exchange.
The out-link of one device is the in-link of the other and conversely.

To receive data, a device calls nfcsim_link_recv_skb() on its in-link
and waits for incoming data on a wait queue. To send data, a device
calls nfcsim_link_send_skb() on its out-link which stores the passed skb
and signals its wait queue. If the peer device was in the
nfcsim_link_recv_skb() call, it will be signaled and will be able to
pass the received sk_buff up to the Digital layer.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-04 12:36:30 +02:00
Saurabh Sengar
a440f1aa74 NFC: add rx delay sysfs parameter for nfcsim workqueue
added the rx delay parameter as a device tunable parameter.

Signed-off-by: Saurabh Sengar <saurabh.truth@gmail.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2015-12-21 00:07:27 +01:00
Christophe Ricard
96d4581f0b NFC: netlink: Add mode parameter to deactivate_target functions
In order to manage in a better way the nci poll mode state machine,
add mode parameter to deactivate_target functions.
This way we can manage different target state.
mode parameter make sense only in nci core.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2015-10-27 03:55:12 +01:00
Joe Perches
073a625f0b NFC: Convert nfc_dev_info and nfc_dev_err to nfc_<level>
Use a more standard kernel style macro logging name.

Standardize the spacing of the "NFC: " prefix.
Add \n to uses, remove from macro.
Fix the defective uses that already had a \n.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-09-25 01:35:39 +02:00
Joe Perches
b48348395f NFC: Replace nfc_dev_dbg with dev_dbg
Use the generic kernel function instead of a home-grown
one that does the same thing.

Add \n to uses not at the macro.  Don't add \n where
the nfc_dev_dbg macro mistakenly had them already.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-09-25 01:35:39 +02:00
Thierry Escande
40dac370ef NFC: Fix missing static declarations
This patch fixes 3 sparse warnings:
nfcsim.c:63:25: sparse: symbol 'wq' was not declared.
nfcsim.c:484:12: sparse: symbol 'nfcsim_init' was not declared.
nfcsim.c:525:13: sparse: symbol 'nfcsim_exit' was not declared.

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-08-14 00:28:16 +02:00
Thierry Escande
7cbe0ff3e4 NFC: Add a nfc hardware simulation driver
This driver declares two virtual NFC devices supporting NFC-DEP protocol.
An LLCP connection can be established between them and all packets sent
from one device is sent back to the other, acting as loopback devices.

Once established, the LLCP link can be disconnected by disabling the target
device (with rfkill, nfctool, or neard disable-adapter test script).

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-06-14 13:45:06 +02:00