lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Oct 2018 16:20:24 -0500
From:   Suman Anna <s-anna@...com>
To:     Loic Pallardy <loic.pallardy@...com>, <bjorn.andersson@...aro.org>,
        <ohad@...ery.com>
CC:     <linux-remoteproc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <arnaud.pouliquen@...com>, <benjamin.gaignard@...aro.org>
Subject: Re: [PATCH v4 08/17] remoteproc: add alloc ops in rproc_mem_entry
 struct

Hi Loic,

On 7/27/18 8:14 AM, Loic Pallardy wrote:
> Memory entry could be allocated in different ways (ioremap,
> dma_alloc_coherent, internal RAM allocator...).
> This patch introduces an alloc ops in rproc_mem_entry structure
> to associate dedicated allocation mechanism to each memory entry
> descriptor in order to do remote core agnostic from memory allocators.
> 
> The introduction of this ops allows to perform allocation of all registered
> carveout at the same time, just before calling rproc_start().
> It simplifies and makes uniform carveout management whatever origin.

This patch is causing a kernel crash with trace entries. Please see
further below for the cause.

> 
> Signed-off-by: Loic Pallardy <loic.pallardy@...com>
> ---
>  drivers/remoteproc/remoteproc_core.c | 261 ++++++++++++++++++++++-------------
>  include/linux/remoteproc.h           |   7 +
>  2 files changed, 175 insertions(+), 93 deletions(-)
> 
> diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c
> index 77b39ba..2c51549 100644
> --- a/drivers/remoteproc/remoteproc_core.c
> +++ b/drivers/remoteproc/remoteproc_core.c
> @@ -642,74 +642,31 @@ static int rproc_handle_devmem(struct rproc *rproc, struct fw_rsc_devmem *rsc,
>  }
>  
>  /**
> - * rproc_release_carveout() - release acquired carveout
> + * rproc_alloc_carveout() - allocated specified carveout
>   * @rproc: rproc handle
> - * @mem: the memory entry to release
> - *
> - * This function releases specified memory entry @mem allocated via
> - * dma_alloc_coherent() function by @rproc.
> - */
> -static int rproc_release_carveout(struct rproc *rproc,
> -				  struct rproc_mem_entry *mem)
> -{
> -	struct device *dev = &rproc->dev;
> -
> -	/* clean up carveout allocations */
> -	dma_free_coherent(dev->parent, mem->len, mem->va, mem->dma);
> -	return 0;
> -}
> -
> -/**
> - * rproc_handle_carveout() - handle phys contig memory allocation requests
> - * @rproc: rproc handle
> - * @rsc: the resource entry
> - * @avail: size of available data (for image validation)
> - *
> - * This function will handle firmware requests for allocation of physically
> - * contiguous memory regions.
> - *
> - * These request entries should come first in the firmware's resource table,
> - * as other firmware entries might request placing other data objects inside
> - * these memory regions (e.g. data/code segments, trace resource entries, ...).
> + * @mem: the memory entry to allocate
>   *
> - * Allocating memory this way helps utilizing the reserved physical memory
> - * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries
> - * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB
> - * pressure is important; it may have a substantial impact on performance.
> + * This function allocate specified memory entry @mem using
> + * dma_alloc_coherent() as default allocator
>   */
> -static int rproc_handle_carveout(struct rproc *rproc,
> -				 struct fw_rsc_carveout *rsc,
> -				 int offset, int avail)
> +static int rproc_alloc_carveout(struct rproc *rproc,
> +				struct rproc_mem_entry *mem)
>  {
> -	struct rproc_mem_entry *carveout, *mapping = NULL;
> +	struct rproc_mem_entry *mapping = NULL;
>  	struct device *dev = &rproc->dev;
>  	dma_addr_t dma;
>  	void *va;
>  	int ret;
>  
> -	if (sizeof(*rsc) > avail) {
> -		dev_err(dev, "carveout rsc is truncated\n");
> -		return -EINVAL;
> -	}
> -
> -	/* make sure reserved bytes are zeroes */
> -	if (rsc->reserved) {
> -		dev_err(dev, "carveout rsc has non zero reserved bytes\n");
> -		return -EINVAL;
> -	}
> -
> -	dev_dbg(dev, "carveout rsc: name: %s, da 0x%x, pa 0x%x, len 0x%x, flags 0x%x\n",
> -		rsc->name, rsc->da, rsc->pa, rsc->len, rsc->flags);
> -
> -	va = dma_alloc_coherent(dev->parent, rsc->len, &dma, GFP_KERNEL);
> +	va = dma_alloc_coherent(dev->parent, mem->len, &dma, GFP_KERNEL);
>  	if (!va) {
>  		dev_err(dev->parent,
> -			"failed to allocate dma memory: len 0x%x\n", rsc->len);
> +			"failed to allocate dma memory: len 0x%x\n", mem->len);
>  		return -ENOMEM;
>  	}
>  
>  	dev_dbg(dev, "carveout va %pK, dma %pad, len 0x%x\n",
> -		va, &dma, rsc->len);
> +		va, &dma, mem->len);
>  
>  	/*
>  	 * Ok, this is non-standard.
> @@ -729,22 +686,22 @@ static int rproc_handle_carveout(struct rproc *rproc,
>  	 * physical address in this case.
>  	 */
>  
> -	if (rsc->da != FW_RSC_ADDR_ANY && !rproc->domain) {
> -		dev_err(dev->parent,
> -			"Bad carveout rsc configuration\n");
> -		ret = -ENOMEM;
> -		goto dma_free;
> -	}
> +	if (mem->da != FW_RSC_ADDR_ANY) {
> +		if (!rproc->domain) {
> +			dev_err(dev->parent,
> +				"Bad carveout rsc configuration\n");
> +			ret = -ENOMEM;
> +			goto dma_free;
> +		}

Same comment from Patch 1.

>  
> -	if (rsc->da != FW_RSC_ADDR_ANY && rproc->domain) {
>  		mapping = kzalloc(sizeof(*mapping), GFP_KERNEL);
>  		if (!mapping) {
>  			ret = -ENOMEM;
>  			goto dma_free;
>  		}
>  
> -		ret = iommu_map(rproc->domain, rsc->da, dma, rsc->len,
> -				rsc->flags);
> +		ret = iommu_map(rproc->domain, mem->da, dma, mem->len,
> +				mem->flags);
>  		if (ret) {
>  			dev_err(dev, "iommu_map failed: %d\n", ret);
>  			goto free_mapping;
> @@ -757,52 +714,102 @@ static int rproc_handle_carveout(struct rproc *rproc,
>  		 * We can't trust the remote processor not to change the
>  		 * resource table, so we must maintain this info independently.
>  		 */
> -		mapping->da = rsc->da;
> -		mapping->len = rsc->len;
> +		mapping->da = mem->da;
> +		mapping->len = mem->len;
>  		list_add_tail(&mapping->node, &rproc->mappings);
>  
>  		dev_dbg(dev, "carveout mapped 0x%x to %pad\n",
> -			rsc->da, &dma);
> +			mem->da, &dma);
> +	} else {
> +		mem->da = (u32)dma;

Hmm, what was the purpose of this? So, this appears to be handling the
missing implementation for the comment in the fw_rsc_carveout about
FW_RSC_ADDR_ANY.

>  	}
>  
> -	/*
> -	 * Some remote processors might need to know the pa
> -	 * even though they are behind an IOMMU. E.g., OMAP4's
> -	 * remote M3 processor needs this so it can control
> -	 * on-chip hardware accelerators that are not behind
> -	 * the IOMMU, and therefor must know the pa.
> -	 *
> -	 * Generally we don't want to expose physical addresses
> -	 * if we don't have to (remote processors are generally
> -	 * _not_ trusted), so we might want to do this only for
> -	 * remote processor that _must_ have this (e.g. OMAP4's
> -	 * dual M3 subsystem).
> -	 *
> -	 * Non-IOMMU processors might also want to have this info.
> -	 * In this case, the device address and the physical address
> -	 * are the same.
> -	 */
> -	rsc->pa = (u32)rproc_va_to_pa(va);
> -
> -	carveout = rproc_mem_entry_init(dev, va, dma, rsc->len, rsc->da,
> -					rproc_release_carveout, rsc->name);
> -	if (!carveout)
> -		goto free_carv;
> -
> -	rproc_add_carveout(rproc, carveout);
> +	mem->dma = (u32)dma;

We don't need the typecast, mem->dma is already of type dma_addr_t. Same
comment above on the else part as well.

> +	mem->va = va;
>  
>  	return 0;
>  
> -free_carv:
> -	kfree(carveout);
>  free_mapping:
>  	kfree(mapping);
>  dma_free:
> -	dma_free_coherent(dev->parent, rsc->len, va, dma);
> +	dma_free_coherent(dev->parent, mem->len, va, dma);
>  	return ret;
>  }
>  
>  /**
> + * rproc_release_carveout() - release acquired carveout
> + * @rproc: rproc handle
> + * @mem: the memory entry to release
> + *
> + * This function releases specified memory entry @mem allocated via
> + * rproc_alloc_carveout() function by @rproc.
> + */
> +static int rproc_release_carveout(struct rproc *rproc,
> +				  struct rproc_mem_entry *mem)
> +{
> +	struct device *dev = &rproc->dev;
> +
> +	/* clean up carveout allocations */
> +	dma_free_coherent(dev->parent, mem->len, mem->va, mem->dma);
> +	return 0;
> +}
> +
> +/**
> + * rproc_handle_carveout() - handle phys contig memory allocation requests
> + * @rproc: rproc handle
> + * @rsc: the resource entry
> + * @avail: size of available data (for image validation)
> + *
> + * This function will handle firmware requests for allocation of physically
> + * contiguous memory regions.
> + *
> + * These request entries should come first in the firmware's resource table,
> + * as other firmware entries might request placing other data objects inside
> + * these memory regions (e.g. data/code segments, trace resource entries, ...).
> + *
> + * Allocating memory this way helps utilizing the reserved physical memory
> + * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries
> + * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB
> + * pressure is important; it may have a substantial impact on performance.
> + */
> +static int rproc_handle_carveout(struct rproc *rproc,
> +				 struct fw_rsc_carveout *rsc,
> +				 int offset, int avail)
> +{
> +	struct rproc_mem_entry *carveout;
> +	struct device *dev = &rproc->dev;
> +
> +	if (sizeof(*rsc) > avail) {
> +		dev_err(dev, "carveout rsc is truncated\n");
> +		return -EINVAL;
> +	}
> +
> +	/* make sure reserved bytes are zeroes */
> +	if (rsc->reserved) {
> +		dev_err(dev, "carveout rsc has non zero reserved bytes\n");
> +		return -EINVAL;
> +	}
> +
> +	dev_dbg(dev, "carveout rsc: name: %s, da 0x%x, pa 0x%x, len 0x%x, flags 0x%x\n",
> +		rsc->name, rsc->da, rsc->pa, rsc->len, rsc->flags);
> +
> +	/* Register carveout in in list */
> +	carveout = rproc_mem_entry_init(dev, 0, 0, rsc->len, rsc->da,
> +					rproc_alloc_carveout,
> +					rproc_release_carveout, rsc->name);
> +	if (!carveout) {
> +		dev_err(dev, "Can't allocate memory entry structure\n");
> +		return -ENOMEM;
> +	}
> +
> +	carveout->flags = rsc->flags;
> +	carveout->rsc_offset = offset;
> +	rproc_add_carveout(rproc, carveout);

Once we get rid of rproc_add_carveout, the list addition will mostly be
handled in rproc_mem_entry_init itself.

> +
> +	return 0;
> +}
> +
> +/**
>   * rproc_add_carveout() - register an allocated carveout region
>   * @rproc: rproc handle
>   * @mem: memory entry to register
> @@ -832,6 +839,7 @@ void rproc_add_carveout(struct rproc *rproc, struct rproc_mem_entry *mem)
>  struct rproc_mem_entry *
>  rproc_mem_entry_init(struct device *dev,
>  		     void *va, dma_addr_t dma, int len, u32 da,
> +		     int (*alloc)(struct rproc *, struct rproc_mem_entry *),
>  		     int (*release)(struct rproc *, struct rproc_mem_entry *),
>  		     const char *name, ...)
>  {
> @@ -846,7 +854,9 @@ struct rproc_mem_entry *
>  	mem->dma = dma;
>  	mem->da = da;
>  	mem->len = len;
> +	mem->alloc = alloc;
>  	mem->release = release;
> +	mem->rsc_offset = FW_RSC_ADDR_ANY;
>  
>  	va_start(args, name);
>  	vsnprintf(mem->name, sizeof(mem->name), name, args);
> @@ -978,6 +988,63 @@ static void rproc_unprepare_subdevices(struct rproc *rproc)
>  }
>  
>  /**
> + * rproc_alloc_registered_carveouts() - allocate all carveouts registered
> + * in the list
> + * @rproc: the remote processor handle
> + *
> + * This function parses registered carveout list, performs allocation
> + * if alloc() ops registered and updates resource table information
> + * if rsc_offset set.
> + *
> + * Return: 0 on success
> + */
> +static int rproc_alloc_registered_carveouts(struct rproc *rproc)
> +{
> +	struct rproc_mem_entry *entry, *tmp;
> +	struct fw_rsc_carveout *rsc;
> +	struct device *dev = &rproc->dev;
> +	int ret;
> +
> +	list_for_each_entry_safe(entry, tmp, &rproc->carveouts, node) {
> +		if (entry->alloc) {
> +			ret = entry->alloc(rproc, entry);
> +			if (ret) {
> +				dev_err(dev, "Unable to allocate carveout %s: %d\n",
> +					entry->name, ret);
> +				return -ENOMEM;
> +			}
> +		}
> +
> +		if (entry->rsc_offset != FW_RSC_ADDR_ANY) {
> +			/* update resource table */
> +			rsc = (void *)rproc->table_ptr + entry->rsc_offset;
> +
> +			/*
> +			 * Some remote processors might need to know the pa
> +			 * even though they are behind an IOMMU. E.g., OMAP4's
> +			 * remote M3 processor needs this so it can control
> +			 * on-chip hardware accelerators that are not behind
> +			 * the IOMMU, and therefor must know the pa.
> +			 *
> +			 * Generally we don't want to expose physical addresses
> +			 * if we don't have to (remote processors are generally
> +			 * _not_ trusted), so we might want to do this only for
> +			 * remote processor that _must_ have this (e.g. OMAP4's
> +			 * dual M3 subsystem).
> +			 *
> +			 * Non-IOMMU processors might also want to have this info.
> +			 * In this case, the device address and the physical address
> +			 * are the same.
> +			 */
> +			if (entry->va)
> +				rsc->pa = (u32)rproc_va_to_pa(entry->va);
> +		}
> +	}
> +
> +	return 0;
> +}
> +
> +/**
>   * rproc_coredump_cleanup() - clean up dump_segments list
>   * @rproc: the remote processor handle
>   */
> @@ -1148,6 +1215,14 @@ static int rproc_fw_boot(struct rproc *rproc, const struct firmware *fw)
>  		goto clean_up_resources;
>  	}
>  
> +	/* Allocate carveout resources associated to rproc */
> +	ret = rproc_alloc_registered_carveouts(rproc);
> +	if (ret) {
> +		dev_err(dev, "Failed to allocate associated carveouts: %d\n",
> +			ret);
> +		goto clean_up_resources;
> +	}

This is causing an issue with RSC_TRACE on where the trace region on the
remote processor is actually backed by a DDR carveout address. The
allocations are now being done after processing the resources from the
rproc_loading_handlers, which causes the RSC_TRACE to be configured with
an incorrect kernel va, and accessing it through debugfs then results in
a kernel crash.

regards
Suman

> +
>  	ret = rproc_start(rproc, fw);
>  	if (ret)
>  		goto clean_up_resources;
> diff --git a/include/linux/remoteproc.h b/include/linux/remoteproc.h
> index 55f30fc..ea95b04 100644
> --- a/include/linux/remoteproc.h
> +++ b/include/linux/remoteproc.h
> @@ -317,6 +317,9 @@ struct fw_rsc_vdev {
>   * @priv: associated data
>   * @name: associated memory region name (optional)
>   * @node: list node
> + * @rsc_offset: offset in resource table
> + * @flags: iommu protection flags
> + * @alloc: specific memory allocator function
>   */
>  struct rproc_mem_entry {
>  	void *va;
> @@ -326,6 +329,9 @@ struct rproc_mem_entry {
>  	void *priv;
>  	char name[32];
>  	struct list_head node;
> +	u32 rsc_offset;
> +	u32 flags;
> +	int (*alloc)(struct rproc *rproc, struct rproc_mem_entry *mem);
>  	int (*release)(struct rproc *rproc, struct rproc_mem_entry *mem);
>  };
>  
> @@ -563,6 +569,7 @@ struct rproc *rproc_alloc(struct device *dev, const char *name,
>  struct rproc_mem_entry *
>  rproc_mem_entry_init(struct device *dev,
>  		     void *va, dma_addr_t dma, int len, u32 da,
> +		     int (*alloc)(struct rproc *, struct rproc_mem_entry *),
>  		     int (*release)(struct rproc *, struct rproc_mem_entry *),
>  		     const char *name, ...);
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ