| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Mar 2016 18:57:01 +0200
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Gabriel Somlo <somlo@....edu>
Cc: Greg KH <gregkh@...uxfoundation.org>, robh+dt@...nel.org,
pawel.moll@....com, mark.rutland@....com,
ijc+devicetree@...lion.org.uk, galak@...eaurora.org, arnd@...db.de,
lersek@...hat.com, ralf@...ux-mips.org,
rmk+kernel@....linux.org.uk, eric@...olt.net,
hanjun.guo@...aro.org, zajec5@...il.com, sudeep.holla@....com,
agross@...eaurora.org, linux-api@...r.kernel.org,
linux-kernel@...r.kernel.org, devicetree@...r.kernel.org,
qemu-devel@...gnu.org, imammedo@...hat.com,
peter.maydell@...aro.org, leif.lindholm@...aro.org,
ard.biesheuvel@...aro.org, pbonzini@...hat.com, kraxel@...hat.com,
ehabkost@...hat.com, luto@...capital.net, stefanha@...il.com,
revol@...e.fr, matt@...eblueprint.co.uk, rth@...ddle.net
Subject: Re: [PATCH v2] firmware: qemu_fw_cfg.c: hold ACPI global lock during
device access
On Tue, Mar 08, 2016 at 01:30:50PM -0500, Gabriel Somlo wrote:
> Allowing for the future possibility of implementing AML-based
> (i.e., firmware-triggered) access to the QEMU fw_cfg device,
> acquire the global ACPI lock when accessing the device on behalf
> of the guest-side sysfs driver, to prevent any potential race
> conditions.
>
> Suggested-by: Michael S. Tsirkin <mst@...hat.com>
> Signed-off-by: Gabriel Somlo <somlo@....edu>
So this patch makes sense of course.
Given the recent discussion on QEMU mailing list,
I think there is an additional patch that we need:
filter the files exposed to userspace by "opt/" prefix.
This will ensure that we can change all other fw cfg files
at will without breaking guest scripts.
Gabriel, could you code this up? Or do you see a
pressing need to expose internal QEMU registers to
userspace?
> ---
>
> Changes since v1:
> - no more "#ifdef CONFIG_ACPI"; instead we proceed if
> acpi_acquire_global_lock() returns either OK or NOT_CONFIGURED,
> and only throw a warning/error message otherwise.
>
> - didn't get any *negative* feedback from the QEMU crowd, so
> this is now a bona-fide "please apply this", rather than just
> an RFC :)
>
> - tested on ACPI-enabled x86_64, and acpi_less ARM (32 and 64 bit)
> QEMU VMs (I don't have handy access to an ACPI-enabled ARM VM)
>
> Thanks much,
> --Gabriel
>
> drivers/firmware/qemu_fw_cfg.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/drivers/firmware/qemu_fw_cfg.c b/drivers/firmware/qemu_fw_cfg.c
> index 7bba76c..a44dc32 100644
> --- a/drivers/firmware/qemu_fw_cfg.c
> +++ b/drivers/firmware/qemu_fw_cfg.c
> @@ -77,12 +77,28 @@ static inline u16 fw_cfg_sel_endianness(u16 key)
> static inline void fw_cfg_read_blob(u16 key,
> void *buf, loff_t pos, size_t count)
> {
> + u32 glk;
> + acpi_status status;
> +
> + /* If we have ACPI, ensure mutual exclusion against any potential
> + * device access by the firmware, e.g. via AML methods:
> + */
> + status = acpi_acquire_global_lock(ACPI_WAIT_FOREVER, &glk);
> + if (ACPI_FAILURE(status) && status != AE_NOT_CONFIGURED) {
> + /* Should never get here */
> + WARN(1, "fw_cfg_read_blob: Failed to lock ACPI!\n");
> + memset(buf, 0, count);
> + return;
> + }
> +
> mutex_lock(&fw_cfg_dev_lock);
> iowrite16(fw_cfg_sel_endianness(key), fw_cfg_reg_ctrl);
> while (pos-- > 0)
> ioread8(fw_cfg_reg_data);
> ioread8_rep(fw_cfg_reg_data, buf, count);
> mutex_unlock(&fw_cfg_dev_lock);
> +
> + acpi_release_global_lock(glk);
> }
>
> /* clean up fw_cfg device i/o */
> --
> 2.4.3
Powered by blists - more mailing lists