nfcsim.c: Fix error checking for debugfs_create_dir

This patch fixes the error checking in nfcsim.c.
The DebugFS kernel API is developed in
a way that the caller can safely ignore the errors that
occur during the creation of DebugFS nodes.

Signed-off-by: Osama Muhammad <osmtendev@gmail.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers: nfc: nfcsim: remove return value check of `dev_dir`

Smatch complains that:
nfcsim_debugfs_init_dev() warn: 'dev_dir' is an error pointer or valid

According to the documentation of the debugfs_create_dir() function,
there is no need to check the return value of this function.
Just delete the dead code.

Signed-off-by: Jianuo Kuang <u202110722@hust.edu.cn>
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20230424024140.34607-1-u202110722@hust.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

nfc: nfcsim: constify drvdata (struct nfcsim)

nfcsim_abort_cmd() does not modify struct nfcsim, so local variable
can be a pointer to const.

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

nfc: constify nfc_digital_ops

Neither the core nor the drivers modify the passed pointer to struct
nfc_digital_ops, so make it a pointer to const for correctness and safety.

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

nfc: nfcsim: fix use after free during module unload

There is a use after free memory corruption during module exit:
- nfcsim_exit()
- nfcsim_device_free(dev0)
- nfc_digital_unregister_device()
This iterates over command queue and frees all commands,
- dev->up = false
- nfcsim_link_shutdown()
- nfcsim_link_recv_wake()
This wakes the sleeping thread nfcsim_link_recv_skb().

- nfcsim_link_recv_skb()
Wake from wait_event_interruptible_timeout(),
call directly the deb->cb callback even though (dev->up == false),
- digital_send_cmd_complete()
Dereference of "struct digital_cmd" cmd which was freed earlier by
nfc_digital_unregister_device().

This causes memory corruption shortly after (with unrelated stack
trace):

nfc nfc0: NFC: nfcsim_recv_wq: Device is down
llcp: nfc_llcp_recv: err -19
nfc nfc1: NFC: nfcsim_recv_wq: Device is down
BUG: unable to handle page fault for address: ffffffffffffffed
Call Trace:
fsnotify+0x54b/0x5c0
__fsnotify_parent+0x1fe/0x300
? vfs_write+0x27c/0x390
vfs_write+0x27c/0x390
ksys_write+0x63/0xe0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae

KASAN report:

BUG: KASAN: use-after-free in digital_send_cmd_complete+0x16/0x50
Write of size 8 at addr ffff88800a05f720 by task kworker/0:2/71
Workqueue: events nfcsim_recv_wq [nfcsim]
Call Trace:
 dump_stack_lvl+0x45/0x59
 print_address_description.constprop.0+0x21/0x140
 ? digital_send_cmd_complete+0x16/0x50
 ? digital_send_cmd_complete+0x16/0x50
 kasan_report.cold+0x7f/0x11b
 ? digital_send_cmd_complete+0x16/0x50
 ? digital_dep_link_down+0x60/0x60
 digital_send_cmd_complete+0x16/0x50
 nfcsim_recv_wq+0x38f/0x3d5 [nfcsim]
 ? nfcsim_in_send_cmd+0x4a/0x4a [nfcsim]
 ? lock_is_held_type+0x98/0x110
 ? finish_wait+0x110/0x110
 ? rcu_read_lock_sched_held+0x9c/0xd0
 ? rcu_read_lock_bh_held+0xb0/0xb0
 ? lockdep_hardirqs_on_prepare+0x12e/0x1f0

This flow of calling digital_send_cmd_complete() callback on driver exit
is specific to nfcsim which implements reading and sending work queues.
Since the NFC digital device was unregistered, the callback should not
be called.

Fixes: 204bddcb508f ("NFC: nfcsim: Make use of the Digital layer")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288

Based on 1 normalized pattern(s):

this program is free software you can redistribute it and or modify
it under the terms and conditions of the gnu general public license
version 2 as published by the free software foundation this program
is distributed in the hope it will be useful but without any
warranty without even the implied warranty of merchantability or
fitness for a particular purpose see the gnu general public license
for more details

extracted by the scancode license scanner the SPDX license identifier

GPL-2.0-only

has been chosen to replace the boilerplate/reference in 263 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Alexios Zavras <alexios.zavras@intel.com>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190529141901.208660670@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

NFC: add NULL checks to avoid potential NULL pointer dereference

NULL checks at line 457: if (!link0 || !link1) {, implies that both
pointers link0 and link1 might be NULL.
Function nfcsim_link_free() dereference pointers link0 and link1.
Add NULL checks before calling nfcsim_link_free() to avoid a
potential NULL pointer dereference.

Addresses-Coverity-ID: 1364857
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: nfcsim: Simulate lost frames through debugfs entry

This patch allows to simulate the lost of frames exchanged between the 2
nfcsim devices through a control entry in the debugfs and is used as
follow:

echo n > /sys/kernel/debug/nfcsim/nfcX/dropframe

Where n specifies the number of frames to be dropped between 0 and 255
and nfcX is either nfc0 or nfc1, one of the two nfcsim devices.

In the following example, the next frame that should be sent by the nfc0
device will be dropped and thus not received by the nfc1 device:

echo 1 > /sys/kernel/debug/nfcsim/nfc0/dropframe

The value of 0 can be used to reset the dropframe counter.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: nfcsim: Add support for sysfs control entry

The idea is to have a way to control and/or modify the behavior of the
nfcsim virtual devices.

This patch creates a folder tree in the debug filesystem. The debugfs is
usually mounted into /sys/kernel/debug and the nfcsim entries are
located in DEBUGFS/nfcsim/nfcX/ where X is either 0 or 1 depending on
the device you want to address.

These folders are empty for now and control entries will be added by
upcoming commits.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: nfcsim: Make use of the Digital layer

With this complete rewrite, the loopback nfcsim driver now relies on the
Digital layer of the nfc stack. As with the previous version, 2 nfc
devices are declared when the driver is initialized. The driver supports
the NFC_DEP protocol in NFC-A and NFC-F technologies.

The 2 devices are using a pair of virtual links for sk_buff exchange.
The out-link of one device is the in-link of the other and conversely.

To receive data, a device calls nfcsim_link_recv_skb() on its in-link
and waits for incoming data on a wait queue. To send data, a device
calls nfcsim_link_send_skb() on its out-link which stores the passed skb
and signals its wait queue. If the peer device was in the
nfcsim_link_recv_skb() call, it will be signaled and will be able to
pass the received sk_buff up to the Digital layer.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: add rx delay sysfs parameter for nfcsim workqueue

added the rx delay parameter as a device tunable parameter.

Signed-off-by: Saurabh Sengar <saurabh.truth@gmail.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: netlink: Add mode parameter to deactivate_target functions

In order to manage in a better way the nci poll mode state machine,
add mode parameter to deactivate_target functions.
This way we can manage different target state.
mode parameter make sense only in nci core.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: Convert nfc_dev_info and nfc_dev_err to nfc_<level>

Use a more standard kernel style macro logging name.

Standardize the spacing of the "NFC: " prefix.
Add \n to uses, remove from macro.
Fix the defective uses that already had a \n.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: Replace nfc_dev_dbg with dev_dbg

Use the generic kernel function instead of a home-grown
one that does the same thing.

Add \n to uses not at the macro. Don't add \n where
the nfc_dev_dbg macro mistakenly had them already.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: Fix missing static declarations

This patch fixes 3 sparse warnings:
nfcsim.c:63:25: sparse: symbol 'wq' was not declared.
nfcsim.c:484:12: sparse: symbol 'nfcsim_init' was not declared.
nfcsim.c:525:13: sparse: symbol 'nfcsim_exit' was not declared.

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

NFC: Add a nfc hardware simulation driver

This driver declares two virtual NFC devices supporting NFC-DEP protocol.
An LLCP connection can be established between them and all packets sent
from one device is sent back to the other, acting as loopback devices.

Once established, the LLCP link can be disconnected by disabling the target
device (with rfkill, nfctool, or neard disable-adapter test script).

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>