patches: add factory-drop-kernel-write (c1.2)
Follow-up to staging-prep-series: remove kernel_write() + filp_open(O_CREAT) from factory_section_write_file() in bes2600_factory.c. Serialised blob now lives only in-memory + file_buffer for the session; no longer persists to /lib/firmware/bes2600/bes2600_factory.txt across reboots. Deployed + verified on ohm (srcversion BD0D1AEC...): WiFi associated, KFENCE / sdio_tx_work splat / RX failure / PS Mode Error / factory cali data get failed all 0. Standalone single- patch series in both Mobian-paths and drivers/staging/bes2600/ paths variants, checkpatch --strict clean.
This commit is contained in:
+156
@@ -0,0 +1,156 @@
|
||||
From 5f475a9624490b07c305329f12016ff4a4df3b47 Mon Sep 17 00:00:00 2001
|
||||
From: Markus Fritsche <fritsche.markus@gmail.com>
|
||||
Date: Thu, 23 Apr 2026 19:31:25 +0200
|
||||
Subject: [PATCH] bes2600: drop kernel_write() persistence from factory cali
|
||||
save
|
||||
|
||||
Following the conversion of the factory-calibration READ path to
|
||||
request_firmware() (earlier in this series), the factory-calibration
|
||||
WRITE path in factory_section_write_file() was still using
|
||||
filp_open(O_CREAT | O_TRUNC | O_RDWR) + kernel_write() to persist
|
||||
updated calibration data back to FACTORY_PATH
|
||||
(default /lib/firmware/bes2600/bes2600_factory.txt).
|
||||
|
||||
Writing to files under /lib/firmware/ from kernel code is a
|
||||
standing upstream blocker for staging and for drivers/net/wireless/
|
||||
submission generally:
|
||||
|
||||
- filp_open()/kernel_write() bypass the firmware-class abstraction,
|
||||
the LSM framework, and user/group/mode enforcement that governs
|
||||
the firmware search paths. They have been repeatedly called out
|
||||
in staging-prep reviews.
|
||||
- The kernel runs with capabilities that userspace does not (CAP_
|
||||
DAC_OVERRIDE effectively); quietly rewriting firmware blobs that
|
||||
userspace owns is a surprise contract.
|
||||
- A module unload / reboot immediately after the write races the
|
||||
writeback and can leave a truncated calibration file on disk.
|
||||
|
||||
Remove factory_section_write_file() and its two call sites in
|
||||
bes2600_wifi_cali_table_save(). The in-memory factory_save_p
|
||||
remains authoritative for the duration of the session: the WSM
|
||||
command handlers that triggered this path (power-cali-table,
|
||||
freq-cali, efuse-flag, power-cali-flag) already update the live
|
||||
struct factory_t, and reads served from file_buffer pick up the
|
||||
rebuilt serialised form immediately. On the next probe the
|
||||
firmware-class file is re-read read-only via request_firmware(),
|
||||
as set up by the earlier patch.
|
||||
|
||||
If cross-reboot persistence of runtime-updated calibration becomes
|
||||
a requirement, the expected route is a userspace-visible dump
|
||||
interface -- a read-only debugfs file exporting the serialised
|
||||
blob, or an nl80211 vendor command -- that lets userspace copy the
|
||||
values to a chosen location under its own privileges. Such a
|
||||
facility can land as a follow-up without touching the core driver
|
||||
write path again.
|
||||
|
||||
Signed-off-by: Markus Fritsche <fritsche.markus@gmail.com>
|
||||
---
|
||||
bes2600/bes2600_factory.c | 63 +++++++++++----------------------------
|
||||
1 file changed, 17 insertions(+), 46 deletions(-)
|
||||
|
||||
diff --git a/bes2600/bes2600_factory.c b/bes2600/bes2600_factory.c
|
||||
index 1cda447..1b43b41 100644
|
||||
--- a/bes2600/bes2600_factory.c
|
||||
+++ b/bes2600/bes2600_factory.c
|
||||
@@ -179,34 +179,6 @@ static int factory_section_read_file(char *path, void *buffer)
|
||||
return ret;
|
||||
}
|
||||
|
||||
-/**
|
||||
- * factory_section_write_file - Write data of specified length to file
|
||||
- * @path: path of the file
|
||||
- * @buffer: storage of write data
|
||||
- * @size: length of data to write
|
||||
- *
|
||||
- * Return: length on success, negative error code otherwise.
|
||||
- */
|
||||
-static int factory_section_write_file(char *path, void *buffer, int size)
|
||||
-{
|
||||
- int ret = 0;
|
||||
- struct file *fp;
|
||||
-
|
||||
- bes_devel("writing %s \n", path);
|
||||
-
|
||||
- fp = filp_open(path, O_TRUNC | O_CREAT | O_RDWR, S_IRUSR);
|
||||
- if (IS_ERR(fp)) {
|
||||
- bes_devel("BES2600 : can't open %s\n",path);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- ret = kernel_write(fp, buffer, size, &fp->f_pos);
|
||||
-
|
||||
- filp_close(fp,NULL);
|
||||
-
|
||||
- return ret;
|
||||
-}
|
||||
-
|
||||
static inline int factory_parse(uint8_t *source_buf, struct factory_t *factory)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -898,9 +870,22 @@ static inline int factory_build(uint8_t *dest_buf, struct factory_t *factory)
|
||||
#endif
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Rebuild the serialised calibration blob in file_buffer from the live
|
||||
+ * in-memory factory_save_p. Previously this function also persisted the
|
||||
+ * blob back to FACTORY_PATH via filp_open(O_CREAT) + kernel_write(); that
|
||||
+ * is not acceptable in mainline, so the persistence step has been removed.
|
||||
+ *
|
||||
+ * The in-memory factory_save_p remains authoritative for the duration of
|
||||
+ * the session; on the next probe the firmware-class file is read back
|
||||
+ * read-only via request_firmware(). If cross-reboot persistence of runtime
|
||||
+ * calibration updates becomes a requirement, the expected route is a
|
||||
+ * userspace-facing dump interface (debugfs read-only blob, or nl80211
|
||||
+ * vendor command) that lets userspace read the serialised form and store
|
||||
+ * it under its own privileges.
|
||||
+ */
|
||||
static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *factory_save_p)
|
||||
{
|
||||
- int ret = 0;
|
||||
int w_size;
|
||||
u32 crc_len = sizeof(factory_data_t);
|
||||
#ifndef STANDARD_FACTORY_EFUSE_FLAG
|
||||
@@ -909,13 +894,11 @@ static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *facto
|
||||
|
||||
bes_devel("enter %s\n", __func__);
|
||||
|
||||
- if (!file_buffer) {
|
||||
+ if (!file_buffer)
|
||||
return -ENOMEM;
|
||||
- }
|
||||
|
||||
- if (!factory_save_p) {
|
||||
+ if (!factory_save_p)
|
||||
return -ENOENT;
|
||||
- }
|
||||
|
||||
/* All initialized to space */
|
||||
memset(file_buffer, 32, FACTORY_MAX_SIZE);
|
||||
@@ -927,22 +910,10 @@ static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *facto
|
||||
w_size = factory_build(file_buffer, factory_save_p);
|
||||
|
||||
if (w_size < 0 || w_size > FACTORY_MAX_SIZE) {
|
||||
- bes_err("%s: build failed! ret = %d.", __func__, ret);
|
||||
+ bes_err("%s: build failed! w_size = %d.", __func__, w_size);
|
||||
return -ETXTBSY;
|
||||
}
|
||||
|
||||
-#ifdef FACTORY_SAVE_MULTI_PATH
|
||||
- /* avoid trailing characters '\0' */
|
||||
- file_buffer[w_size] = 32;
|
||||
- ret = factory_section_write_file(FACTORY_PATH, file_buffer, FACTORY_MAX_SIZE);
|
||||
-#else
|
||||
- ret = factory_section_write_file(FACTORY_PATH, file_buffer, w_size);
|
||||
-#endif
|
||||
- if(ret < 0) {
|
||||
- bes_err("%s: write failed! ret = %d.", __func__, ret);
|
||||
- return ret;
|
||||
- }
|
||||
-
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
2.53.0
|
||||
|
||||
Reference in New Issue
Block a user