kernel/linux.git/drivers/nfc/nfcsim.c, branch v6.18.21

nfcsim.c: Fix error checking for debugfs_create_dir

2023-05-26T11:18:35+00:00

This patch fixes the error checking in nfcsim.c. The DebugFS kernel API is developed in a way that the caller can safely ignore the errors that occur during the creation of DebugFS nodes. Signed-off-by: Osama Muhammad Reviewed-by: Simon Horman Signed-off-by: David S. Miller

drivers: nfc: nfcsim: remove return value check of `dev_dir`

2023-04-25T01:12:42+00:00

Smatch complains that: nfcsim_debugfs_init_dev() warn: 'dev_dir' is an error pointer or valid According to the documentation of the debugfs_create_dir() function, there is no need to check the return value of this function. Just delete the dead code. Signed-off-by: Jianuo Kuang Reviewed-by: Dongliang Mu Reviewed-by: Krzysztof Kozlowski Link: https://lore.kernel.org/r/20230424024140.34607-1-u202110722@hust.edu.cn Signed-off-by: Jakub Kicinski

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2021-07-31T16:14:46+00:00

Conflicting commits, all resolutions pretty trivial: drivers/bus/mhi/pci_generic.c 5c2c85315948 ("bus: mhi: pci-generic: configurable network interface MRU") 56f6f4c4eb2a ("bus: mhi: pci_generic: Apply no-op for wake using sideband wake boolean") drivers/nfc/s3fwrn5/firmware.c a0302ff5906a ("nfc: s3fwrn5: remove unnecessary label") 46573e3ab08f ("nfc: s3fwrn5: fix undefined parameter values in dev_err()") 801e541c79bb ("nfc: s3fwrn5: fix undefined parameter values in dev_err()") MAINTAINERS 7d901a1e878a ("net: phy: add Maxlinear GPY115/21x/24x driver") 8a7b46fa7902 ("MAINTAINERS: add Yasushi SHOJI as reviewer for the Microchip CAN BUS Analyzer Tool driver") Signed-off-by: Jakub Kicinski

nfc: nfcsim: constify drvdata (struct nfcsim)

2021-07-29T11:28:03+00:00

nfcsim_abort_cmd() does not modify struct nfcsim, so local variable can be a pointer to const. Signed-off-by: Krzysztof Kozlowski Signed-off-by: David S. Miller

nfc: nfcsim: fix use after free during module unload

2021-07-28T09:20:16+00:00

There is a use after free memory corruption during module exit: - nfcsim_exit() - nfcsim_device_free(dev0) - nfc_digital_unregister_device() This iterates over command queue and frees all commands, - dev->up = false - nfcsim_link_shutdown() - nfcsim_link_recv_wake() This wakes the sleeping thread nfcsim_link_recv_skb(). - nfcsim_link_recv_skb() Wake from wait_event_interruptible_timeout(), call directly the deb->cb callback even though (dev->up == false), - digital_send_cmd_complete() Dereference of "struct digital_cmd" cmd which was freed earlier by nfc_digital_unregister_device(). This causes memory corruption shortly after (with unrelated stack trace): nfc nfc0: NFC: nfcsim_recv_wq: Device is down llcp: nfc_llcp_recv: err -19 nfc nfc1: NFC: nfcsim_recv_wq: Device is down BUG: unable to handle page fault for address: ffffffffffffffed Call Trace: fsnotify+0x54b/0x5c0 __fsnotify_parent+0x1fe/0x300 ? vfs_write+0x27c/0x390 vfs_write+0x27c/0x390 ksys_write+0x63/0xe0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae KASAN report: BUG: KASAN: use-after-free in digital_send_cmd_complete+0x16/0x50 Write of size 8 at addr ffff88800a05f720 by task kworker/0:2/71 Workqueue: events nfcsim_recv_wq [nfcsim] Call Trace: dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x21/0x140 ? digital_send_cmd_complete+0x16/0x50 ? digital_send_cmd_complete+0x16/0x50 kasan_report.cold+0x7f/0x11b ? digital_send_cmd_complete+0x16/0x50 ? digital_dep_link_down+0x60/0x60 digital_send_cmd_complete+0x16/0x50 nfcsim_recv_wq+0x38f/0x3d5 [nfcsim] ? nfcsim_in_send_cmd+0x4a/0x4a [nfcsim] ? lock_is_held_type+0x98/0x110 ? finish_wait+0x110/0x110 ? rcu_read_lock_sched_held+0x9c/0xd0 ? rcu_read_lock_bh_held+0xb0/0xb0 ? lockdep_hardirqs_on_prepare+0x12e/0x1f0 This flow of calling digital_send_cmd_complete() callback on driver exit is specific to nfcsim which implements reading and sending work queues. Since the NFC digital device was unregistered, the callback should not be called. Fixes: 204bddcb508f ("NFC: nfcsim: Make use of the Digital layer") Cc: Signed-off-by: Krzysztof Kozlowski Signed-off-by: David S. Miller

nfc: constify nfc_digital_ops

2021-07-25T08:21:21+00:00

Neither the core nor the drivers modify the passed pointer to struct nfc_digital_ops, so make it a pointer to const for correctness and safety. Signed-off-by: Krzysztof Kozlowski Signed-off-by: David S. Miller

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288

2019-06-05T15:36:37+00:00

Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms and conditions of the gnu general public license version 2 as published by the free software foundation this program is distributed in the hope it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 263 file(s). Signed-off-by: Thomas Gleixner Reviewed-by: Allison Randal Reviewed-by: Alexios Zavras Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190529141901.208660670@linutronix.de Signed-off-by: Greg Kroah-Hartman

NFC: add NULL checks to avoid potential NULL pointer dereference

2017-06-22T22:34:56+00:00

NULL checks at line 457: if (!link0 || !link1) {, implies that both pointers link0 and link1 might be NULL. Function nfcsim_link_free() dereference pointers link0 and link1. Add NULL checks before calling nfcsim_link_free() to avoid a potential NULL pointer dereference. Addresses-Coverity-ID: 1364857 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Samuel Ortiz

NFC: nfcsim: Simulate lost frames through debugfs entry

2016-07-19T21:24:49+00:00

This patch allows to simulate the lost of frames exchanged between the 2 nfcsim devices through a control entry in the debugfs and is used as follow: echo n > /sys/kernel/debug/nfcsim/nfcX/dropframe Where n specifies the number of frames to be dropped between 0 and 255 and nfcX is either nfc0 or nfc1, one of the two nfcsim devices. In the following example, the next frame that should be sent by the nfc0 device will be dropped and thus not received by the nfc1 device: echo 1 > /sys/kernel/debug/nfcsim/nfc0/dropframe The value of 0 can be used to reset the dropframe counter. Signed-off-by: Thierry Escande Signed-off-by: Samuel Ortiz

NFC: nfcsim: Add support for sysfs control entry

2016-07-19T21:23:29+00:00

The idea is to have a way to control and/or modify the behavior of the nfcsim virtual devices. This patch creates a folder tree in the debug filesystem. The debugfs is usually mounted into /sys/kernel/debug and the nfcsim entries are located in DEBUGFS/nfcsim/nfcX/ where X is either 0 or 1 depending on the device you want to address. These folders are empty for now and control entries will be added by upcoming commits. Signed-off-by: Thierry Escande Signed-off-by: Samuel Ortiz