coredump.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (C) 2023 Google Corporation
  4. */
  5. #include <linux/devcoredump.h>
  6. #include <linux/unaligned.h>
  7. #include <net/bluetooth/bluetooth.h>
  8. #include <net/bluetooth/hci_core.h>
  9. enum hci_devcoredump_pkt_type {
  10. HCI_DEVCOREDUMP_PKT_INIT,
  11. HCI_DEVCOREDUMP_PKT_SKB,
  12. HCI_DEVCOREDUMP_PKT_PATTERN,
  13. HCI_DEVCOREDUMP_PKT_COMPLETE,
  14. HCI_DEVCOREDUMP_PKT_ABORT,
  15. };
  16. struct hci_devcoredump_skb_cb {
  17. u16 pkt_type;
  18. };
  19. struct hci_devcoredump_skb_pattern {
  20. u8 pattern;
  21. u32 len;
  22. } __packed;
  23. #define hci_dmp_cb(skb) ((struct hci_devcoredump_skb_cb *)((skb)->cb))
  24. #define DBG_UNEXPECTED_STATE() \
  25. bt_dev_dbg(hdev, \
  26. "Unexpected packet (%d) for state (%d). ", \
  27. hci_dmp_cb(skb)->pkt_type, hdev->dump.state)
  28. #define MAX_DEVCOREDUMP_HDR_SIZE 512 /* bytes */
  29. static int hci_devcd_update_hdr_state(char *buf, size_t size, int state)
  30. {
  31. int len = 0;
  32. if (!buf)
  33. return 0;
  34. len = scnprintf(buf, size, "Bluetooth devcoredump\nState: %d\n", state);
  35. return len + 1; /* scnprintf adds \0 at the end upon state rewrite */
  36. }
  37. /* Call with hci_dev_lock only. */
  38. static int hci_devcd_update_state(struct hci_dev *hdev, int state)
  39. {
  40. bt_dev_dbg(hdev, "Updating devcoredump state from %d to %d.",
  41. hdev->dump.state, state);
  42. hdev->dump.state = state;
  43. return hci_devcd_update_hdr_state(hdev->dump.head,
  44. hdev->dump.alloc_size, state);
  45. }
  46. static int hci_devcd_mkheader(struct hci_dev *hdev, struct sk_buff *skb)
  47. {
  48. char dump_start[] = "--- Start dump ---\n";
  49. char hdr[80];
  50. int hdr_len;
  51. hdr_len = hci_devcd_update_hdr_state(hdr, sizeof(hdr),
  52. HCI_DEVCOREDUMP_IDLE);
  53. skb_put_data(skb, hdr, hdr_len);
  54. if (hdev->dump.dmp_hdr)
  55. hdev->dump.dmp_hdr(hdev, skb);
  56. skb_put_data(skb, dump_start, strlen(dump_start));
  57. return skb->len;
  58. }
  59. /* Do not call with hci_dev_lock since this calls driver code. */
  60. static void hci_devcd_notify(struct hci_dev *hdev, int state)
  61. {
  62. if (hdev->dump.notify_change)
  63. hdev->dump.notify_change(hdev, state);
  64. }
  65. /* Call with hci_dev_lock only. */
  66. void hci_devcd_reset(struct hci_dev *hdev)
  67. {
  68. hdev->dump.head = NULL;
  69. hdev->dump.tail = NULL;
  70. hdev->dump.alloc_size = 0;
  71. hci_devcd_update_state(hdev, HCI_DEVCOREDUMP_IDLE);
  72. cancel_delayed_work(&hdev->dump.dump_timeout);
  73. skb_queue_purge(&hdev->dump.dump_q);
  74. }
  75. /* Call with hci_dev_lock only. */
  76. static void hci_devcd_free(struct hci_dev *hdev)
  77. {
  78. vfree(hdev->dump.head);
  79. hci_devcd_reset(hdev);
  80. }
  81. /* Call with hci_dev_lock only. */
  82. static int hci_devcd_alloc(struct hci_dev *hdev, u32 size)
  83. {
  84. hdev->dump.head = vmalloc(size);
  85. if (!hdev->dump.head)
  86. return -ENOMEM;
  87. hdev->dump.alloc_size = size;
  88. hdev->dump.tail = hdev->dump.head;
  89. hdev->dump.end = hdev->dump.head + size;
  90. hci_devcd_update_state(hdev, HCI_DEVCOREDUMP_IDLE);
  91. return 0;
  92. }
  93. /* Call with hci_dev_lock only. */
  94. static bool hci_devcd_copy(struct hci_dev *hdev, char *buf, u32 size)
  95. {
  96. if (hdev->dump.tail + size > hdev->dump.end)
  97. return false;
  98. memcpy(hdev->dump.tail, buf, size);
  99. hdev->dump.tail += size;
  100. return true;
  101. }
  102. /* Call with hci_dev_lock only. */
  103. static bool hci_devcd_memset(struct hci_dev *hdev, u8 pattern, u32 len)
  104. {
  105. if (hdev->dump.tail + len > hdev->dump.end)
  106. return false;
  107. memset(hdev->dump.tail, pattern, len);
  108. hdev->dump.tail += len;
  109. return true;
  110. }
  111. /* Call with hci_dev_lock only. */
  112. static int hci_devcd_prepare(struct hci_dev *hdev, u32 dump_size)
  113. {
  114. struct sk_buff *skb;
  115. int dump_hdr_size;
  116. int err = 0;
  117. skb = alloc_skb(MAX_DEVCOREDUMP_HDR_SIZE, GFP_ATOMIC);
  118. if (!skb)
  119. return -ENOMEM;
  120. dump_hdr_size = hci_devcd_mkheader(hdev, skb);
  121. if (hci_devcd_alloc(hdev, dump_hdr_size + dump_size)) {
  122. err = -ENOMEM;
  123. goto hdr_free;
  124. }
  125. /* Insert the device header */
  126. if (!hci_devcd_copy(hdev, skb->data, skb->len)) {
  127. bt_dev_err(hdev, "Failed to insert header");
  128. hci_devcd_free(hdev);
  129. err = -ENOMEM;
  130. goto hdr_free;
  131. }
  132. hdr_free:
  133. kfree_skb(skb);
  134. return err;
  135. }
  136. static void hci_devcd_handle_pkt_init(struct hci_dev *hdev, struct sk_buff *skb)
  137. {
  138. u32 dump_size;
  139. if (hdev->dump.state != HCI_DEVCOREDUMP_IDLE) {
  140. DBG_UNEXPECTED_STATE();
  141. return;
  142. }
  143. if (skb->len != sizeof(dump_size)) {
  144. bt_dev_dbg(hdev, "Invalid dump init pkt");
  145. return;
  146. }
  147. dump_size = get_unaligned_le32(skb_pull_data(skb, 4));
  148. if (!dump_size) {
  149. bt_dev_err(hdev, "Zero size dump init pkt");
  150. return;
  151. }
  152. if (hci_devcd_prepare(hdev, dump_size)) {
  153. bt_dev_err(hdev, "Failed to prepare for dump");
  154. return;
  155. }
  156. hci_devcd_update_state(hdev, HCI_DEVCOREDUMP_ACTIVE);
  157. queue_delayed_work(hdev->workqueue, &hdev->dump.dump_timeout,
  158. hdev->dump.timeout);
  159. }
  160. static void hci_devcd_handle_pkt_skb(struct hci_dev *hdev, struct sk_buff *skb)
  161. {
  162. if (hdev->dump.state != HCI_DEVCOREDUMP_ACTIVE) {
  163. DBG_UNEXPECTED_STATE();
  164. return;
  165. }
  166. if (!hci_devcd_copy(hdev, skb->data, skb->len))
  167. bt_dev_dbg(hdev, "Failed to insert skb");
  168. }
  169. static void hci_devcd_handle_pkt_pattern(struct hci_dev *hdev,
  170. struct sk_buff *skb)
  171. {
  172. struct hci_devcoredump_skb_pattern *pattern;
  173. if (hdev->dump.state != HCI_DEVCOREDUMP_ACTIVE) {
  174. DBG_UNEXPECTED_STATE();
  175. return;
  176. }
  177. if (skb->len != sizeof(*pattern)) {
  178. bt_dev_dbg(hdev, "Invalid pattern skb");
  179. return;
  180. }
  181. pattern = skb_pull_data(skb, sizeof(*pattern));
  182. if (!hci_devcd_memset(hdev, pattern->pattern, pattern->len))
  183. bt_dev_dbg(hdev, "Failed to set pattern");
  184. }
  185. static void hci_devcd_dump(struct hci_dev *hdev)
  186. {
  187. struct sk_buff *skb;
  188. u32 size;
  189. bt_dev_dbg(hdev, "state %d", hdev->dump.state);
  190. size = hdev->dump.tail - hdev->dump.head;
  191. /* Send a copy to monitor as a diagnostic packet */
  192. skb = bt_skb_alloc(size, GFP_ATOMIC);
  193. if (skb) {
  194. skb_put_data(skb, hdev->dump.head, size);
  195. hci_recv_diag(hdev, skb);
  196. }
  197. /* Emit a devcoredump with the available data */
  198. dev_coredumpv(&hdev->dev, hdev->dump.head, size, GFP_KERNEL);
  199. }
  200. static void hci_devcd_handle_pkt_complete(struct hci_dev *hdev,
  201. struct sk_buff *skb)
  202. {
  203. u32 dump_size;
  204. if (hdev->dump.state != HCI_DEVCOREDUMP_ACTIVE) {
  205. DBG_UNEXPECTED_STATE();
  206. return;
  207. }
  208. hci_devcd_update_state(hdev, HCI_DEVCOREDUMP_DONE);
  209. dump_size = hdev->dump.tail - hdev->dump.head;
  210. bt_dev_dbg(hdev, "complete with size %u (expect %zu)", dump_size,
  211. hdev->dump.alloc_size);
  212. hci_devcd_dump(hdev);
  213. }
  214. static void hci_devcd_handle_pkt_abort(struct hci_dev *hdev,
  215. struct sk_buff *skb)
  216. {
  217. u32 dump_size;
  218. if (hdev->dump.state != HCI_DEVCOREDUMP_ACTIVE) {
  219. DBG_UNEXPECTED_STATE();
  220. return;
  221. }
  222. hci_devcd_update_state(hdev, HCI_DEVCOREDUMP_ABORT);
  223. dump_size = hdev->dump.tail - hdev->dump.head;
  224. bt_dev_dbg(hdev, "aborted with size %u (expect %zu)", dump_size,
  225. hdev->dump.alloc_size);
  226. hci_devcd_dump(hdev);
  227. }
  228. /* Bluetooth devcoredump state machine.
  229. *
  230. * Devcoredump states:
  231. *
  232. * HCI_DEVCOREDUMP_IDLE: The default state.
  233. *
  234. * HCI_DEVCOREDUMP_ACTIVE: A devcoredump will be in this state once it has
  235. * been initialized using hci_devcd_init(). Once active, the driver
  236. * can append data using hci_devcd_append() or insert a pattern
  237. * using hci_devcd_append_pattern().
  238. *
  239. * HCI_DEVCOREDUMP_DONE: Once the dump collection is complete, the drive
  240. * can signal the completion using hci_devcd_complete(). A
  241. * devcoredump is generated indicating the completion event and
  242. * then the state machine is reset to the default state.
  243. *
  244. * HCI_DEVCOREDUMP_ABORT: The driver can cancel ongoing dump collection in
  245. * case of any error using hci_devcd_abort(). A devcoredump is
  246. * still generated with the available data indicating the abort
  247. * event and then the state machine is reset to the default state.
  248. *
  249. * HCI_DEVCOREDUMP_TIMEOUT: A timeout timer for HCI_DEVCOREDUMP_TIMEOUT sec
  250. * is started during devcoredump initialization. Once the timeout
  251. * occurs, the driver is notified, a devcoredump is generated with
  252. * the available data indicating the timeout event and then the
  253. * state machine is reset to the default state.
  254. *
  255. * The driver must register using hci_devcd_register() before using the hci
  256. * devcoredump APIs.
  257. */
  258. void hci_devcd_rx(struct work_struct *work)
  259. {
  260. struct hci_dev *hdev = container_of(work, struct hci_dev, dump.dump_rx);
  261. struct sk_buff *skb;
  262. int start_state;
  263. while ((skb = skb_dequeue(&hdev->dump.dump_q))) {
  264. /* Return if timeout occurs. The timeout handler function
  265. * hci_devcd_timeout() will report the available dump data.
  266. */
  267. if (hdev->dump.state == HCI_DEVCOREDUMP_TIMEOUT) {
  268. kfree_skb(skb);
  269. return;
  270. }
  271. hci_dev_lock(hdev);
  272. start_state = hdev->dump.state;
  273. switch (hci_dmp_cb(skb)->pkt_type) {
  274. case HCI_DEVCOREDUMP_PKT_INIT:
  275. hci_devcd_handle_pkt_init(hdev, skb);
  276. break;
  277. case HCI_DEVCOREDUMP_PKT_SKB:
  278. hci_devcd_handle_pkt_skb(hdev, skb);
  279. break;
  280. case HCI_DEVCOREDUMP_PKT_PATTERN:
  281. hci_devcd_handle_pkt_pattern(hdev, skb);
  282. break;
  283. case HCI_DEVCOREDUMP_PKT_COMPLETE:
  284. hci_devcd_handle_pkt_complete(hdev, skb);
  285. break;
  286. case HCI_DEVCOREDUMP_PKT_ABORT:
  287. hci_devcd_handle_pkt_abort(hdev, skb);
  288. break;
  289. default:
  290. bt_dev_dbg(hdev, "Unknown packet (%d) for state (%d). ",
  291. hci_dmp_cb(skb)->pkt_type, hdev->dump.state);
  292. break;
  293. }
  294. hci_dev_unlock(hdev);
  295. kfree_skb(skb);
  296. /* Notify the driver about any state changes before resetting
  297. * the state machine
  298. */
  299. if (start_state != hdev->dump.state)
  300. hci_devcd_notify(hdev, hdev->dump.state);
  301. /* Reset the state machine if the devcoredump is complete */
  302. hci_dev_lock(hdev);
  303. if (hdev->dump.state == HCI_DEVCOREDUMP_DONE ||
  304. hdev->dump.state == HCI_DEVCOREDUMP_ABORT)
  305. hci_devcd_reset(hdev);
  306. hci_dev_unlock(hdev);
  307. }
  308. }
  309. EXPORT_SYMBOL(hci_devcd_rx);
  310. void hci_devcd_timeout(struct work_struct *work)
  311. {
  312. struct hci_dev *hdev = container_of(work, struct hci_dev,
  313. dump.dump_timeout.work);
  314. u32 dump_size;
  315. hci_devcd_notify(hdev, HCI_DEVCOREDUMP_TIMEOUT);
  316. hci_dev_lock(hdev);
  317. cancel_work(&hdev->dump.dump_rx);
  318. hci_devcd_update_state(hdev, HCI_DEVCOREDUMP_TIMEOUT);
  319. dump_size = hdev->dump.tail - hdev->dump.head;
  320. bt_dev_dbg(hdev, "timeout with size %u (expect %zu)", dump_size,
  321. hdev->dump.alloc_size);
  322. hci_devcd_dump(hdev);
  323. hci_devcd_reset(hdev);
  324. hci_dev_unlock(hdev);
  325. }
  326. EXPORT_SYMBOL(hci_devcd_timeout);
  327. int hci_devcd_register(struct hci_dev *hdev, coredump_t coredump,
  328. dmp_hdr_t dmp_hdr, notify_change_t notify_change)
  329. {
  330. /* Driver must implement coredump() and dmp_hdr() functions for
  331. * bluetooth devcoredump. The coredump() should trigger a coredump
  332. * event on the controller when the device's coredump sysfs entry is
  333. * written to. The dmp_hdr() should create a dump header to identify
  334. * the controller/fw/driver info.
  335. */
  336. if (!coredump || !dmp_hdr)
  337. return -EINVAL;
  338. hci_dev_lock(hdev);
  339. hdev->dump.coredump = coredump;
  340. hdev->dump.dmp_hdr = dmp_hdr;
  341. hdev->dump.notify_change = notify_change;
  342. hdev->dump.supported = true;
  343. hdev->dump.timeout = DEVCOREDUMP_TIMEOUT;
  344. hci_dev_unlock(hdev);
  345. return 0;
  346. }
  347. EXPORT_SYMBOL(hci_devcd_register);
  348. static inline bool hci_devcd_enabled(struct hci_dev *hdev)
  349. {
  350. return hdev->dump.supported;
  351. }
  352. int hci_devcd_init(struct hci_dev *hdev, u32 dump_size)
  353. {
  354. struct sk_buff *skb;
  355. if (!hci_devcd_enabled(hdev))
  356. return -EOPNOTSUPP;
  357. skb = alloc_skb(sizeof(dump_size), GFP_ATOMIC);
  358. if (!skb)
  359. return -ENOMEM;
  360. hci_dmp_cb(skb)->pkt_type = HCI_DEVCOREDUMP_PKT_INIT;
  361. put_unaligned_le32(dump_size, skb_put(skb, 4));
  362. skb_queue_tail(&hdev->dump.dump_q, skb);
  363. queue_work(hdev->workqueue, &hdev->dump.dump_rx);
  364. return 0;
  365. }
  366. EXPORT_SYMBOL(hci_devcd_init);
  367. int hci_devcd_append(struct hci_dev *hdev, struct sk_buff *skb)
  368. {
  369. if (!skb)
  370. return -ENOMEM;
  371. if (!hci_devcd_enabled(hdev)) {
  372. kfree_skb(skb);
  373. return -EOPNOTSUPP;
  374. }
  375. hci_dmp_cb(skb)->pkt_type = HCI_DEVCOREDUMP_PKT_SKB;
  376. skb_queue_tail(&hdev->dump.dump_q, skb);
  377. queue_work(hdev->workqueue, &hdev->dump.dump_rx);
  378. return 0;
  379. }
  380. EXPORT_SYMBOL(hci_devcd_append);
  381. int hci_devcd_append_pattern(struct hci_dev *hdev, u8 pattern, u32 len)
  382. {
  383. struct hci_devcoredump_skb_pattern p;
  384. struct sk_buff *skb;
  385. if (!hci_devcd_enabled(hdev))
  386. return -EOPNOTSUPP;
  387. skb = alloc_skb(sizeof(p), GFP_ATOMIC);
  388. if (!skb)
  389. return -ENOMEM;
  390. p.pattern = pattern;
  391. p.len = len;
  392. hci_dmp_cb(skb)->pkt_type = HCI_DEVCOREDUMP_PKT_PATTERN;
  393. skb_put_data(skb, &p, sizeof(p));
  394. skb_queue_tail(&hdev->dump.dump_q, skb);
  395. queue_work(hdev->workqueue, &hdev->dump.dump_rx);
  396. return 0;
  397. }
  398. EXPORT_SYMBOL(hci_devcd_append_pattern);
  399. int hci_devcd_complete(struct hci_dev *hdev)
  400. {
  401. struct sk_buff *skb;
  402. if (!hci_devcd_enabled(hdev))
  403. return -EOPNOTSUPP;
  404. skb = alloc_skb(0, GFP_ATOMIC);
  405. if (!skb)
  406. return -ENOMEM;
  407. hci_dmp_cb(skb)->pkt_type = HCI_DEVCOREDUMP_PKT_COMPLETE;
  408. skb_queue_tail(&hdev->dump.dump_q, skb);
  409. queue_work(hdev->workqueue, &hdev->dump.dump_rx);
  410. return 0;
  411. }
  412. EXPORT_SYMBOL(hci_devcd_complete);
  413. int hci_devcd_abort(struct hci_dev *hdev)
  414. {
  415. struct sk_buff *skb;
  416. if (!hci_devcd_enabled(hdev))
  417. return -EOPNOTSUPP;
  418. skb = alloc_skb(0, GFP_ATOMIC);
  419. if (!skb)
  420. return -ENOMEM;
  421. hci_dmp_cb(skb)->pkt_type = HCI_DEVCOREDUMP_PKT_ABORT;
  422. skb_queue_tail(&hdev->dump.dump_q, skb);
  423. queue_work(hdev->workqueue, &hdev->dump.dump_rx);
  424. return 0;
  425. }
  426. EXPORT_SYMBOL(hci_devcd_abort);