Zaid Alali wrote:
> Enable the driver to inject EINJv2 type errors. The component
> array values are parsed from user_input and expected to contain
> hex values for component id and syndrome separated by space,
> and multiple components are separated by new line as follows:
>
> component_id1 component_syndrome1
> component_id2 component_syndrome2
> :
> component_id(n) component_syndrome(n)
>
> for example:
>
> $comp_arr="0x1 0x2
> >0x1 0x4
> >0x2 0x4"
> $cd /sys/kernel/debug/apei/einj/
> $echo "$comp_arr" > einjv2_component_array
>
> Signed-off-by: Zaid Alali <zaidal@xxxxxxxxxxxxxxxxxxxxxx>
> ---
[snip]
> @@ -483,10 +513,10 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> return rc;
> apei_exec_ctx_set_input(&ctx, type);
> if (acpi5) {
> - struct set_error_type_with_address *v5param, v5_struct;
> + struct set_error_type_with_address *v5param;
>
> - v5param = &v5_struct;
> - memcpy_fromio(v5param, einj_param, sizeof(*v5param));
> + v5param = kmalloc(v5param_size, GFP_KERNEL);
> + memcpy_fromio(v5param, einj_param, v5param_size);
> v5param->type = type;
> if (type & ACPI5_VENDOR_BIT) {
> switch (vendor_flags) {
> @@ -506,8 +536,50 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> v5param->flags = flags;
> v5param->memory_address = param1;
> v5param->memory_address_range = param2;
> - v5param->apicid = param3;
> - v5param->pcie_sbdf = param4;
> +
> + if (is_V2) {
> + int count = 0, bytes_read, pos = 0, nr_parsed = 0, str_len;
> + unsigned int comp, synd;
> + struct syndrome_array *component_arr;
> +
> + component_arr = v5param->einjv2_struct.component_arr;
> + str_len = strlen(user_input);
> +
> + while ((nr_parsed = sscanf(user_input + pos, "%x %x\n%n", &comp,
> + &synd, &bytes_read))) {
> + pos += bytes_read;
> +
> + if (nr_parsed != 2)
> + goto err_out;
> + if (count >= nr_components)
> + goto err_out;
It is hard to tell but I think these err_out's skip the kfree?
Regardless it is better to use the cleanup functions[1] on that kmalloc and let
the destructors clean up for you.
Ira
[1] include/linux/cleanup.h
> +
> + switch (type) {
> + case EINJV2_PROCESSOR_ERROR:
> + component_arr[count].comp_id.acpi_id = comp;
> + component_arr[count].comp_synd.proc_synd = synd;
> + break;
> + case EINJV2_MEMORY_ERROR:
> + component_arr[count].comp_id.device_id = comp;
> + component_arr[count].comp_synd.mem_synd = synd;
> + break;
> + case EINJV2_PCIE_ERROR:
> + component_arr[count].comp_id.pcie_sbdf = comp;
> + component_arr[count].comp_synd.pcie_synd = synd;
> + break;
> + }
> + count++;
> + if (pos >= str_len)
> + break;
> + }
> + v5param->einjv2_struct.component_arr_count = count;
> +
> + /* clear buffer after user input for next injection */
> + memset(user_input, 0, COMP_ARR_SIZE);
> + } else {
> + v5param->apicid = param3;
> + v5param->pcie_sbdf = param4;
> + }
> } else {
> switch (type) {
> case ACPI_EINJ_PROCESSOR_CORRECTABLE:
> @@ -531,7 +603,8 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> break;
> }
> }
> - memcpy_toio(einj_param, v5param, sizeof(*v5param));
> + memcpy_toio(einj_param, v5param, v5param_size);
> + kfree(v5param);
> } else {
> rc = apei_exec_run(&ctx, ACPI_EINJ_SET_ERROR_TYPE);
> if (rc)
> @@ -583,6 +656,9 @@ static int __einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
> rc = apei_exec_run_optional(&ctx, ACPI_EINJ_END_OPERATION);
>
> return rc;
> +err_out:
> + memset(user_input, 0, COMP_ARR_SIZE);
> + return -EINVAL;
> }
>
[snip]
