[RESEND v5 0/4] Add support for Vendor Defined Error Types in Einj Module

[RESEND v5 0/4] Add support for Vendor Defined Error Types in Einj Module

[Avadhut Naik]

This patchset adds support for Vendor Defined Error types in the einj
module by exporting a binary blob file in module's debugfs directory.
Userspace tools can write OEM Defined Structures into the blob file as
part of injecting Vendor defined errors. Similarly, the very tools can
also read from the blob file for information, if any, provided by the
firmware after error injection.

The first patch refactors available_error_type_show() function to ensure
all errors supported by the platform are output through einj module's
available_error_type file in debugfs.

The second patch adds a write callback for binary blobs created through
debugfs_create_blob() API.

The third patch fixes the permissions of panicinfo file in debugfs to
ensure it remains read-only

The fourth patch adds the required support i.e. establishing the memory
mapping and exporting it through debugfs blob file for Vendor-defined
Error types.

Changes in v2:
 - Split the v1 patch, as was recommended, to have a separate patch for
changes in debugfs.
 - Refactored available_error_type_show() function into a separate patch.
 - Changed file permissions to octal format to remove checkpatch warnings.

Changes in v3:
 - Use BIT macro for generating error masks instead of hex values since
ACPI spec uses bit numbers.
 - Handle the corner case of acpi_os_map_iomem() returning NULL through
a local variable to a store the size of OEM defined data structure.

Changes in v4:
 - Fix permissions for panicinfo file in debugfs.
 - Replace acpi_os_map_iomem() and acpi_os_unmap_iomem() calls with
   acpi_os_map_memory() and acpi_os_unmap_memory() respectively to avert
   sparse warnings as suggested by Alexey.

Changes in v5:
 - Change permissions of the "oem_error" file, being created in einj
   module's debugfs directory, from "w" to "rw" since system firmware
   in some cases might provide some information through OEM-defined
   structure for tools to consume.
 - Remove Reviewed-by: Alexey Kardashevskiy <aik@amd.com> from the
   fourth patch since permissions of the oem_error file have changed.
 - Add Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> for
   second and third patch.
 - Rebase on top of tip master.

Avadhut Naik (4):
  ACPI: APEI: EINJ: Refactor available_error_type_show()
  fs: debugfs: Add write functionality to debugfs blobs
  platform/chrome: cros_ec_debugfs: Fix permissions for panicinfo
  ACPI: APEI: EINJ: Add support for vendor defined error types

 drivers/acpi/apei/einj.c                  | 67 ++++++++++++++++-------
 drivers/platform/chrome/cros_ec_debugfs.c |  2 +-
 fs/debugfs/file.c                         | 28 ++++++++--
 3 files changed, 70 insertions(+), 27 deletions(-)

-- 
2.34.1

[RESEND v5 1/4] ACPI: APEI: EINJ: Refactor available_error_type_show()

[Avadhut Naik]

From: Avadhut Naik <Avadhut.Naik@amd.com>

OSPM can discover the error injection capabilities of the platform by
executing GET_ERROR_TYPE error injection action.[1] The action returns
a DWORD representing a bitmap of platform supported error injections.[2]

The available_error_type_show() function determines the bits set within
this DWORD and provides a verbose output, from einj_error_type_string
array, through /sys/kernel/debug/apei/einj/available_error_type file.

The function however, assumes one to one correspondence between an error's
position in the bitmap and its array entry offset. Consequently, some
errors like Vendor Defined Error Type fail this assumption and will
incorrectly be shown as not supported, even if their corresponding bit is
set in the bitmap and they have an entry in the array.

Navigate around the issue by converting einj_error_type_string into an
array of structures with a predetermined mask for all error types
corresponding to their bit position in the DWORD returned by GET_ERROR_TYPE
action. The same breaks the aforementioned assumption resulting in all
supported error types by a platform being outputted through the above
available_error_type file.

[1] ACPI specification 6.5, Table 18.25
[2] ACPI specification 6.5, Table 18.30

Suggested-by: Alexey Kardashevskiy <alexey.kardashevskiy@amd.com>
Signed-off-by: Avadhut Naik <Avadhut.Naik@amd.com>
---
 drivers/acpi/apei/einj.c | 43 ++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
index 013eb621dc92..ee360fcb1618 100644
--- a/drivers/acpi/apei/einj.c
+++ b/drivers/acpi/apei/einj.c
@@ -577,25 +577,25 @@ static u64 error_param2;
 static u64 error_param3;
 static u64 error_param4;
 static struct dentry *einj_debug_dir;
-static const char * const einj_error_type_string[] = {
-	"0x00000001\tProcessor Correctable\n",
-	"0x00000002\tProcessor Uncorrectable non-fatal\n",
-	"0x00000004\tProcessor Uncorrectable fatal\n",
-	"0x00000008\tMemory Correctable\n",
-	"0x00000010\tMemory Uncorrectable non-fatal\n",
-	"0x00000020\tMemory Uncorrectable fatal\n",
-	"0x00000040\tPCI Express Correctable\n",
-	"0x00000080\tPCI Express Uncorrectable non-fatal\n",
-	"0x00000100\tPCI Express Uncorrectable fatal\n",
-	"0x00000200\tPlatform Correctable\n",
-	"0x00000400\tPlatform Uncorrectable non-fatal\n",
-	"0x00000800\tPlatform Uncorrectable fatal\n",
-	"0x00001000\tCXL.cache Protocol Correctable\n",
-	"0x00002000\tCXL.cache Protocol Uncorrectable non-fatal\n",
-	"0x00004000\tCXL.cache Protocol Uncorrectable fatal\n",
-	"0x00008000\tCXL.mem Protocol Correctable\n",
-	"0x00010000\tCXL.mem Protocol Uncorrectable non-fatal\n",
-	"0x00020000\tCXL.mem Protocol Uncorrectable fatal\n",
+static struct { u32 mask; const char *str; } const einj_error_type_string[] = {
+	{BIT(0), "Processor Correctable"},
+	{BIT(1), "Processor Uncorrectable non-fatal"},
+	{BIT(2), "Processor Uncorrectable fatal"},
+	{BIT(3), "Memory Correctable"},
+	{BIT(4), "Memory Uncorrectable non-fatal"},
+	{BIT(5), "Memory Uncorrectable fatal"},
+	{BIT(6), "PCI Express Correctable"},
+	{BIT(7), "PCI Express Uncorrectable non-fatal"},
+	{BIT(8), "PCI Express Uncorrectable fatal"},
+	{BIT(9), "Platform Correctable"},
+	{BIT(10), "Platform Uncorrectable non-fatal"},
+	{BIT(11), "Platform Uncorrectable fatal"},
+	{BIT(12), "CXL.cache Protocol Correctable"},
+	{BIT(13), "CXL.cache Protocol Uncorrectable non-fatal"},
+	{BIT(14), "CXL.cache Protocol Uncorrectable fatal"},
+	{BIT(15), "CXL.mem Protocol Correctable"},
+	{BIT(16), "CXL.mem Protocol Uncorrectable non-fatal"},
+	{BIT(17), "CXL.mem Protocol Uncorrectable fatal"},
 };
 
 static int available_error_type_show(struct seq_file *m, void *v)
@@ -607,8 +607,9 @@ static int available_error_type_show(struct seq_file *m, void *v)
 	if (rc)
 		return rc;
 	for (int pos = 0; pos < ARRAY_SIZE(einj_error_type_string); pos++)
-		if (available_error_type & BIT(pos))
-			seq_puts(m, einj_error_type_string[pos]);
+		if (available_error_type & einj_error_type_string[pos].mask)
+			seq_printf(m, "0x%08x\t%s\n", einj_error_type_string[pos].mask,
+				   einj_error_type_string[pos].str);
 
 	return 0;
 }
-- 
2.34.1

[RESEND v5 2/4] fs: debugfs: Add write functionality to debugfs blobs

[Avadhut Naik]

From: Avadhut Naik <Avadhut.Naik@amd.com>

Currently, debugfs_create_blob() creates read-only debugfs binary blob
files.

In some cases, however, userspace tools need to write variable length
data structures into predetermined memory addresses. An example is when
injecting Vendor-defined error types through the einj module. In such
cases, the functionality to write to these blob files in debugfs would
be desired since the mapping aspect can be handled within the modules
with userspace tools only needing to write into the blob files.

Implement a write callback to enable writing to these blob files in
debugfs.

Signed-off-by: Avadhut Naik <Avadhut.Naik@amd.com>
Reviewed-by: Alexey Kardashevskiy <aik@amd.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/debugfs/file.c | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
index c45e8c2d62e1..dde1f5f30fb3 100644
--- a/fs/debugfs/file.c
+++ b/fs/debugfs/file.c
@@ -1008,17 +1008,35 @@ static ssize_t read_file_blob(struct file *file, char __user *user_buf,
 	return r;
 }
 
+static ssize_t write_file_blob(struct file *file, const char __user *user_buf,
+			       size_t count, loff_t *ppos)
+{
+	struct debugfs_blob_wrapper *blob = file->private_data;
+	struct dentry *dentry = F_DENTRY(file);
+	ssize_t r;
+
+	r = debugfs_file_get(dentry);
+	if (unlikely(r))
+		return r;
+	r = simple_write_to_buffer(blob->data, blob->size, ppos, user_buf,
+				   count);
+
+	debugfs_file_put(dentry);
+	return r;
+}
+
 static const struct file_operations fops_blob = {
 	.read =		read_file_blob,
+	.write =	write_file_blob,
 	.open =		simple_open,
 	.llseek =	default_llseek,
 };
 
 /**
- * debugfs_create_blob - create a debugfs file that is used to read a binary blob
+ * debugfs_create_blob - create a debugfs file that is used to read and write
+ * a binary blob
  * @name: a pointer to a string containing the name of the file to create.
- * @mode: the read permission that the file should have (other permissions are
- *	  masked out)
+ * @mode: the permission that the file should have
  * @parent: a pointer to the parent dentry for this file.  This should be a
  *          directory dentry if set.  If this parameter is %NULL, then the
  *          file will be created in the root of the debugfs filesystem.
@@ -1027,7 +1045,7 @@ static const struct file_operations fops_blob = {
  *
  * This function creates a file in debugfs with the given name that exports
  * @blob->data as a binary blob. If the @mode variable is so set it can be
- * read from. Writing is not supported.
+ * read from and written to.
  *
  * This function will return a pointer to a dentry if it succeeds.  This
  * pointer must be passed to the debugfs_remove() function when the file is
@@ -1042,7 +1060,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
 				   struct dentry *parent,
 				   struct debugfs_blob_wrapper *blob)
 {
-	return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
+	return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
 }
 EXPORT_SYMBOL_GPL(debugfs_create_blob);
 
-- 
2.34.1

[RESEND v5 3/4] platform/chrome: cros_ec_debugfs: Fix permissions for panicinfo

[Avadhut Naik]

From: Avadhut Naik <Avadhut.Naik@amd.com>

The debugfs_create_blob() function has been used to create read-only binary
blobs in debugfs. The function filters out permissions, other than S_IRUSR,
S_IRGRP and S_IROTH, provided while creating the blobs.

The very behavior though is being changed through previous patch in the
series (fs: debugfs: Add write functionality to debugfs blobs) which makes
the binary blobs writable.

As such, rectify the permissions of panicinfo file to ensure it remains
read-only.

Signed-off-by: Avadhut Naik <Avadhut.Naik@amd.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/platform/chrome/cros_ec_debugfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/platform/chrome/cros_ec_debugfs.c b/drivers/platform/chrome/cros_ec_debugfs.c
index 091fdc154d79..6bf6f0e7b597 100644
--- a/drivers/platform/chrome/cros_ec_debugfs.c
+++ b/drivers/platform/chrome/cros_ec_debugfs.c
@@ -454,7 +454,7 @@ static int cros_ec_create_panicinfo(struct cros_ec_debugfs *debug_info)
 	debug_info->panicinfo_blob.data = data;
 	debug_info->panicinfo_blob.size = ret;
 
-	debugfs_create_blob("panicinfo", S_IFREG | 0444, debug_info->dir,
+	debugfs_create_blob("panicinfo", 0444, debug_info->dir,
 			    &debug_info->panicinfo_blob);
 
 	return 0;
-- 
2.34.1

[RESEND v5 4/4] ACPI: APEI: EINJ: Add support for vendor defined error types

[Avadhut Naik]

From: Avadhut Naik <Avadhut.Naik@amd.com>

Vendor-Defined Error types are supported by the platform apart from
standard error types if bit 31 is set in the output of GET_ERROR_TYPE
Error Injection Action.[1] While the errors themselves and the length
of their associated "OEM Defined data structure" might vary between
vendors, the physical address of this structure can be computed through
vendor_extension and length fields of "SET_ERROR_TYPE_WITH_ADDRESS" and
"Vendor Error Type Extension" Structures respectively.[2][3]

Currently, however, the einj module only computes the physical address of
Vendor Error Type Extension Structure. Neither does it compute the physical
address of OEM Defined structure nor does it establish the memory mapping
required for injecting Vendor-defined errors. Consequently, userspace
tools have to establish the very mapping through /dev/mem, nopat kernel
parameter and system calls like mmap/munmap initially before injecting
Vendor-defined errors.

Circumvent the issue by computing the physical address of OEM Defined data
structure and establishing the required mapping with the structure. Create
a new file "oem_error", if the system supports Vendor-defined errors, to
export this mapping, through debugfs_create_blob(). Userspace tools can
then populate their respective OEM Defined structure instances and just
write to the file as part of injecting Vendor-defined Errors. Similarly,
the tools can also read from the file if the system firmware provides some
information through the OEM defined structure after error injection.

[1] ACPI specification 6.5, section 18.6.4
[2] ACPI specification 6.5, Table 18.31
[3] ACPI specification 6.5, Table 18.32

Suggested-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Avadhut Naik <Avadhut.Naik@amd.com>
---
 drivers/acpi/apei/einj.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
index ee360fcb1618..e2c5afdd42f2 100644
--- a/drivers/acpi/apei/einj.c
+++ b/drivers/acpi/apei/einj.c
@@ -73,6 +73,7 @@ static u32 notrigger;
 
 static u32 vendor_flags;
 static struct debugfs_blob_wrapper vendor_blob;
+static struct debugfs_blob_wrapper vendor_errors;
 static char vendor_dev[64];
 
 /*
@@ -182,6 +183,21 @@ static int einj_timedout(u64 *t)
 	return 0;
 }
 
+static void get_oem_vendor_struct(u64 paddr, int offset,
+				  struct vendor_error_type_extension *v)
+{
+	unsigned long vendor_size;
+	u64 target_pa = paddr + offset + sizeof(struct vendor_error_type_extension);
+
+	vendor_size = v->length - sizeof(struct vendor_error_type_extension);
+
+	if (vendor_size)
+		vendor_errors.data = acpi_os_map_memory(target_pa, vendor_size);
+
+	if (vendor_errors.data)
+		vendor_errors.size = vendor_size;
+}
+
 static void check_vendor_extension(u64 paddr,
 				   struct set_error_type_with_address *v5param)
 {
@@ -194,6 +210,7 @@ static void check_vendor_extension(u64 paddr,
 	v = acpi_os_map_iomem(paddr + offset, sizeof(*v));
 	if (!v)
 		return;
+	get_oem_vendor_struct(paddr, offset, v);
 	sbdf = v->pcie_sbdf;
 	sprintf(vendor_dev, "%x:%x:%x.%x vendor_id=%x device_id=%x rev_id=%x\n",
 		sbdf >> 24, (sbdf >> 16) & 0xff,
@@ -596,6 +613,7 @@ static struct { u32 mask; const char *str; } const einj_error_type_string[] = {
 	{BIT(15), "CXL.mem Protocol Correctable"},
 	{BIT(16), "CXL.mem Protocol Uncorrectable non-fatal"},
 	{BIT(17), "CXL.mem Protocol Uncorrectable fatal"},
+	{BIT(31), "Vendor Defined Error Types"},
 };
 
 static int available_error_type_show(struct seq_file *m, void *v)
@@ -768,6 +786,10 @@ static int __init einj_init(void)
 				   einj_debug_dir, &vendor_flags);
 	}
 
+	if (vendor_errors.size)
+		debugfs_create_blob("oem_error", 0600, einj_debug_dir,
+				    &vendor_errors);
+
 	pr_info("Error INJection is initialized.\n");
 
 	return 0;
@@ -793,6 +815,8 @@ static void __exit einj_exit(void)
 			sizeof(struct einj_parameter);
 
 		acpi_os_unmap_iomem(einj_param, size);
+		if (vendor_errors.size)
+			acpi_os_unmap_memory(vendor_errors.data, vendor_errors.size);
 	}
 	einj_exec_ctx_init(&ctx);
 	apei_exec_post_unmap_gars(&ctx);
-- 
2.34.1

RE: [RESEND v5 2/4] fs: debugfs: Add write functionality to debugfs blobs

[Luck, Tony]

> @@ -1042,7 +1060,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
> 				   struct dentry *parent,
> 				   struct debugfs_blob_wrapper *blob)
> {
> -	return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
> +	return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
> }

The minimalist change here would be to s/0444/0666/

That would just allow callers to ask for writeable files without letting them
add execute permission, or exotic modes like setuid etc.

-Tony

RE: [RESEND v5 3/4] platform/chrome: cros_ec_debugfs: Fix permissions for panicinfo

[Luck, Tony]

> @@ -454,7 +454,7 @@ static int cros_ec_create_panicinfo(struct cros_ec_debugfs *debug_info)
>       debug_info->panicinfo_blob.data = data;
>       debug_info->panicinfo_blob.size = ret;
>
> -     debugfs_create_blob("panicinfo", S_IFREG | 0444, debug_info->dir,
> +     debugfs_create_blob("panicinfo", 0444, debug_info->dir,
>                           &debug_info->panicinfo_blob);
>

This just looks like a bug that S_IFREG was passed in the "mode" argument.

Your change in part 2 doesn't really affect much here.

  debugfs_create_blob()
    debugfs_create_file_unsafe()
      __debugfs_create_file()

which does:

	if (!(mode & S_IFMT))
                	mode |= S_IFREG;
        	BUG_ON(!S_ISREG(mode));

So this is a fine cleanup. But your patch description about ensuring that
the file remains read-only isn't accurate. Your change didn't affect the mode
of this file.

-Tony

	

RE: [RESEND v5 4/4] ACPI: APEI: EINJ: Add support for vendor defined error types

[Luck, Tony]

> Circumvent the issue by computing the physical address of OEM Defined data
> structure and establishing the required mapping with the structure. Create
> a new file "oem_error", if the system supports Vendor-defined errors, to
> export this mapping, through debugfs_create_blob(). Userspace tools can
> then populate their respective OEM Defined structure instances and just
> write to the file as part of injecting Vendor-defined Errors. Similarly,
> the tools can also read from the file if the system firmware provides some
> information through the OEM defined structure after error injection.

Tried it out on an Intel Icelake machine.  Seems like it is doing something
reasonable: I end up with this "oem_error" file:

# ls -l oem_error
-rw-------. 1 root root 0 Nov  7 14:26 oem_error

Which is 24 bytes full of zeroes:

# od -t x1 oem_error
0000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000020 00 00 00 00 00 00 00 00
0000030

I'm not sure what OEM specific errors are implemented on this machine,
so that's as far as I'm able to test.

So apart from s/0444/0666/ in part 2, and a better commit description for
part 3 you can have a:

Reviewed-by: Tony Luck <tony.luck@intel.com>

-Tony

[RESEND v5 2/4] fs: debugfs: Add write functionality to debugfs blobs

[Avadhut Naik]

Hi,

On 11/7/2023 16:28, Luck, Tony wrote:
>> @@ -1042,7 +1060,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
>> 				   struct dentry *parent,
>> 				   struct debugfs_blob_wrapper *blob)
>> {
>> -	return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
>> +	return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
>> }
> 
> The minimalist change here would be to s/0444/0666/
> 
> That would just allow callers to ask for writeable files without letting them
> add execute permission, or exotic modes like setuid etc.
> 
Noted. Thanks for the clarification. Will change to something like below:

	return debugfs_create_file_unsafe(name, mode & 0666, parent, blob, &fops_blob);

> -Tony

-- 
Thanks,
Avadhut Naik

Re: [RESEND v5 3/4] platform/chrome: cros_ec_debugfs: Fix permissions for panicinfo

[Avadhut Naik]

Hi,

On 11/7/2023 16:35, Luck, Tony wrote:
>> @@ -454,7 +454,7 @@ static int cros_ec_create_panicinfo(struct cros_ec_debugfs *debug_info)
>>       debug_info->panicinfo_blob.data = data;
>>       debug_info->panicinfo_blob.size = ret;
>>
>> -     debugfs_create_blob("panicinfo", S_IFREG | 0444, debug_info->dir,
>> +     debugfs_create_blob("panicinfo", 0444, debug_info->dir,
>>                           &debug_info->panicinfo_blob);
>>
> 
> This just looks like a bug that S_IFREG was passed in the "mode" argument.
> 
> Your change in part 2 doesn't really affect much here.
> 
>   debugfs_create_blob()
>     debugfs_create_file_unsafe()
>       __debugfs_create_file()
> 
> which does:
> 
> 	if (!(mode & S_IFMT))
>                 	mode |= S_IFREG;
>         	BUG_ON(!S_ISREG(mode));
> 
> So this is a fine cleanup. But your patch description about ensuring that
> the file remains read-only isn't accurate. Your change didn't affect the mode
> of this file.
> 
Noted. Thanks for the explanation. Will change the patch description accordingly.

> -Tony
> 
> 	

-- 
Thanks,
Avadhut Naik

Re: [RESEND v5 1/4] ACPI: APEI: EINJ: Refactor available_error_type_show()

[Borislav Petkov]

On Tue, Nov 07, 2023 at 03:36:44PM -0600, Avadhut Naik wrote:
> +static struct { u32 mask; const char *str; } const einj_error_type_string[] = {
> +	{BIT(0), "Processor Correctable"},
> +	{BIT(1), "Processor Uncorrectable non-fatal"},
> +	{BIT(2), "Processor Uncorrectable fatal"},
> +	{BIT(3), "Memory Correctable"},
> +	{BIT(4), "Memory Uncorrectable non-fatal"},
> +	{BIT(5), "Memory Uncorrectable fatal"},
> +	{BIT(6), "PCI Express Correctable"},
> +	{BIT(7), "PCI Express Uncorrectable non-fatal"},
> +	{BIT(8), "PCI Express Uncorrectable fatal"},
> +	{BIT(9), "Platform Correctable"},
> +	{BIT(10), "Platform Uncorrectable non-fatal"},
> +	{BIT(11), "Platform Uncorrectable fatal"},
> +	{BIT(12), "CXL.cache Protocol Correctable"},
> +	{BIT(13), "CXL.cache Protocol Uncorrectable non-fatal"},
> +	{BIT(14), "CXL.cache Protocol Uncorrectable fatal"},
> +	{BIT(15), "CXL.mem Protocol Correctable"},
> +	{BIT(16), "CXL.mem Protocol Uncorrectable non-fatal"},
> +	{BIT(17), "CXL.mem Protocol Uncorrectable fatal"},

Might as well put spaces between the '{' and '}' brackets for better
readability.

>  static int available_error_type_show(struct seq_file *m, void *v)
> @@ -607,8 +607,9 @@ static int available_error_type_show(struct seq_file *m, void *v)
>  	if (rc)
>  		return rc;
>  	for (int pos = 0; pos < ARRAY_SIZE(einj_error_type_string); pos++)
> -		if (available_error_type & BIT(pos))
> -			seq_puts(m, einj_error_type_string[pos]);
> +		if (available_error_type & einj_error_type_string[pos].mask)

Call that variable simply "error_type". Those are simple functions, one
can see that it is the available error type.

> +			seq_printf(m, "0x%08x\t%s\n", einj_error_type_string[pos].mask,
> +				   einj_error_type_string[pos].str);
>  
>  	return 0;

But those are just nitpicks.

Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [RESEND v5 4/4] ACPI: APEI: EINJ: Add support for vendor defined error types

[Borislav Petkov]

On Tue, Nov 07, 2023 at 03:36:47PM -0600, Avadhut Naik wrote:
> From: Avadhut Naik <Avadhut.Naik@amd.com>
> 
> Vendor-Defined Error types are supported by the platform apart from
> standard error types if bit 31 is set in the output of GET_ERROR_TYPE
> Error Injection Action.[1] While the errors themselves and the length
> of their associated "OEM Defined data structure" might vary between
> vendors, the physical address of this structure can be computed through
> vendor_extension and length fields of "SET_ERROR_TYPE_WITH_ADDRESS" and
> "Vendor Error Type Extension" Structures respectively.[2][3]
> 
> Currently, however, the einj module only computes the physical address of
> Vendor Error Type Extension Structure. Neither does it compute the physical
> address of OEM Defined structure nor does it establish the memory mapping
> required for injecting Vendor-defined errors. Consequently, userspace
> tools have to establish the very mapping through /dev/mem, nopat kernel
> parameter and system calls like mmap/munmap initially before injecting
> Vendor-defined errors.
> 
> Circumvent the issue by computing the physical address of OEM Defined data
> structure and establishing the required mapping with the structure. Create
> a new file "oem_error", if the system supports Vendor-defined errors, to
> export this mapping, through debugfs_create_blob(). Userspace tools can
> then populate their respective OEM Defined structure instances and just
> write to the file as part of injecting Vendor-defined Errors. Similarly,
> the tools can also read from the file if the system firmware provides some
> information through the OEM defined structure after error injection.
> 
> [1] ACPI specification 6.5, section 18.6.4
> [2] ACPI specification 6.5, Table 18.31
> [3] ACPI specification 6.5, Table 18.32
> 
> Suggested-by: Yazen Ghannam <yazen.ghannam@amd.com>
> Signed-off-by: Avadhut Naik <Avadhut.Naik@amd.com>
> ---
>  drivers/acpi/apei/einj.c | 24 ++++++++++++++++++++++++
>  1 file changed, 24 insertions(+)

Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [RESEND v5 2/4] fs: debugfs: Add write functionality to debugfs blobs

[Avadhut Naik]

Hi Tony,

On 11/7/2023 16:28, Luck, Tony wrote:
>> @@ -1042,7 +1060,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
>> 				   struct dentry *parent,
>> 				   struct debugfs_blob_wrapper *blob)
>> {
>> -	return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
>> +	return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
>> }
> 
> The minimalist change here would be to s/0444/0666/
> 
Just realized that s/0444/0644/ might be an even more minimalist change since you anyways,
I think, need to be root for error injection through einj. Does that sound good?

In any case, using 0666 will result in the below checkpatch warning:

[root avadnaik-linux]# ./scripts/checkpatch.pl --strict -g HEAD
WARNING: Exporting world writable files is usually an error. Consider more restrictive permissions.
#84: FILE: fs/debugfs/file.c:1063:
+       return debugfs_create_file_unsafe(name, mode & 0666, parent, blob, &fops_blob);

total: 0 errors, 1 warnings, 0 checks, 54 lines checked

Would you be okay with s/0444/0644/?

-       return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
+       return debugfs_create_file_unsafe(name, mode & 0644, parent, blob, &fops_blob);

> That would just allow callers to ask for writeable files without letting them
> add execute permission, or exotic modes like setuid etc.
> 
> -Tony

-- 
Thanks,
Avadhut Naik

RE: [RESEND v5 2/4] fs: debugfs: Add write functionality to debugfs blobs

[Luck, Tony]

> > The minimalist change here would be to s/0444/0666/
> >
> Just realized that s/0444/0644/ might be an even more minimalist change since you anyways,
> I think, need to be root for error injection through einj. Does that sound good?

You need write access. I don't think you need to be root. E.g. a validation system might
set up an "einj" group and "chmod" all these files to 0664. But that's nitpicking.

>
> In any case, using 0666 will result in the below checkpatch warning:
>
> [root avadnaik-linux]# ./scripts/checkpatch.pl --strict -g HEAD
> WARNING: Exporting world writable files is usually an error. Consider more restrictive permissions.
> #84: FILE: fs/debugfs/file.c:1063:
> +       return debugfs_create_file_unsafe(name, mode & 0666, parent, blob, &fops_blob);
>
> total: 0 errors, 1 warnings, 0 checks, 54 lines checked

The warning is dubious. This code isn't necessarily exporting a world writeable file. But
it does allow a caller of this routine to do that.

>
> Would you be okay with s/0444/0644/?

> -       return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
> +       return debugfs_create_file_unsafe(name, mode & 0644, parent, blob, &fops_blob);


Yes. This is fine (better). Make sure to mention in the commit comment that this allows
callers to create files writeable by owner.

-Tony

Re: [RESEND v5 2/4] fs: debugfs: Add write functionality to debugfs blobs

[Avadhut Naik]

On 11/16/2023 12:44, Luck, Tony wrote:
>>> The minimalist change here would be to s/0444/0666/
>>>
>> Just realized that s/0444/0644/ might be an even more minimalist change since you anyways,
>> I think, need to be root for error injection through einj. Does that sound good?
> 
> You need write access. I don't think you need to be root. E.g. a validation system might
> set up an "einj" group and "chmod" all these files to 0664. But that's nitpicking.
> 
>>
>> In any case, using 0666 will result in the below checkpatch warning:
>>
>> [root avadnaik-linux]# ./scripts/checkpatch.pl --strict -g HEAD
>> WARNING: Exporting world writable files is usually an error. Consider more restrictive permissions.
>> #84: FILE: fs/debugfs/file.c:1063:
>> +       return debugfs_create_file_unsafe(name, mode & 0666, parent, blob, &fops_blob);
>>
>> total: 0 errors, 1 warnings, 0 checks, 54 lines checked
> 
> The warning is dubious. This code isn't necessarily exporting a world writeable file. But
> it does allow a caller of this routine to do that.
> 
>>
>> Would you be okay with s/0444/0644/?
> 
>> -       return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
>> +       return debugfs_create_file_unsafe(name, mode & 0644, parent, blob, &fops_blob);
> 
> 
> Yes. This is fine (better). Make sure to mention in the commit comment that this allows
> callers to create files writeable by owner.
> 
Will do. Thanks for the confirmation!
> -Tony
> 
> 

-- 
Thanks,
Avadhut Naik

Re: [RESEND v5 1/4] ACPI: APEI: EINJ: Refactor available_error_type_show()

[Avadhut Naik]

Hi,

On 11/8/2023 14:19, Borislav Petkov wrote:
> On Tue, Nov 07, 2023 at 03:36:44PM -0600, Avadhut Naik wrote:
>> +static struct { u32 mask; const char *str; } const einj_error_type_string[] = {
>> +	{BIT(0), "Processor Correctable"},
>> +	{BIT(1), "Processor Uncorrectable non-fatal"},
>> +	{BIT(2), "Processor Uncorrectable fatal"},
>> +	{BIT(3), "Memory Correctable"},
>> +	{BIT(4), "Memory Uncorrectable non-fatal"},
>> +	{BIT(5), "Memory Uncorrectable fatal"},
>> +	{BIT(6), "PCI Express Correctable"},
>> +	{BIT(7), "PCI Express Uncorrectable non-fatal"},
>> +	{BIT(8), "PCI Express Uncorrectable fatal"},
>> +	{BIT(9), "Platform Correctable"},
>> +	{BIT(10), "Platform Uncorrectable non-fatal"},
>> +	{BIT(11), "Platform Uncorrectable fatal"},
>> +	{BIT(12), "CXL.cache Protocol Correctable"},
>> +	{BIT(13), "CXL.cache Protocol Uncorrectable non-fatal"},
>> +	{BIT(14), "CXL.cache Protocol Uncorrectable fatal"},
>> +	{BIT(15), "CXL.mem Protocol Correctable"},
>> +	{BIT(16), "CXL.mem Protocol Uncorrectable non-fatal"},
>> +	{BIT(17), "CXL.mem Protocol Uncorrectable fatal"},
> 
> Might as well put spaces between the '{' and '}' brackets for better
> readability.
> 
>>  static int available_error_type_show(struct seq_file *m, void *v)
>> @@ -607,8 +607,9 @@ static int available_error_type_show(struct seq_file *m, void *v)
>>  	if (rc)
>>  		return rc;
>>  	for (int pos = 0; pos < ARRAY_SIZE(einj_error_type_string); pos++)
>> -		if (available_error_type & BIT(pos))
>> -			seq_puts(m, einj_error_type_string[pos]);
>> +		if (available_error_type & einj_error_type_string[pos].mask)
> 
> Call that variable simply "error_type". Those are simple functions, one
> can see that it is the available error type.
> 
>> +			seq_printf(m, "0x%08x\t%s\n", einj_error_type_string[pos].mask,
>> +				   einj_error_type_string[pos].str);
>>  
>>  	return 0;
> 
> But those are just nitpicks.
> 
> Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
> 
Thanks for reviewing. Will address this in v6.
> Thx.
> 

-- 
Thanks,
Avadhut Naik