lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3514241.rTi7VbLdux@harkonnen>
Date:   Fri, 17 Aug 2018 19:44:26 +0200
From:   Federico Vaga <federico.vaga@...n.ch>
To:     Moritz Fischer <moritz.fischer.private@...il.com>
CC:     Alan Tull <atull@...nel.org>, Jonathan Corbet <corbet@....net>,
        "Randy Dunlap" <rdunlap@...radead.org>,
        Dinh Nguyen <dinguyen@...nel.org>,
        "Appana Durga Kedareswara Rao" <appanad@...inx.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        <linux-fpga@...r.kernel.org>,
        "Linux Doc Mailing List" <linux-doc@...r.kernel.org>,
        Alan Tull <atull@...nsource.altera.com>,
        Matthew Gerlach <matthew.gerlach@...ux.intel.com>
Subject: Re: [PATCH 2/2] fpga: add FPGA manager debugfs

Hi,

On Friday, August 17, 2018 5:22:56 PM CEST Moritz Fischer wrote:
> Hi Alan, Federico,
> 
> On Fri, Aug 17, 2018 at 6:19 AM, Alan Tull <atull@...nel.org> wrote:
> > On Fri, Aug 17, 2018, 2:00 AM Federico Vaga <federico.vaga@...n.ch> 
wrote:
> >> Hi Mortiz,
> >> 
> >> I'm not 100% into the problem to understand all cases. I'm putting on
> >> the table the point of view, mainly, of an user. If you say there are
> >> problems here or there I believe you. At the beginning, you did not
> >> say that this interface may introduce problems (and I'm interested in
> >> those problems since I
> >> implemented one and we are using it), but that you fear that it
> >> becomes
> >> the
> >> default (usually, being a default is a good thing).
> >> 
> >> Since you and Alan are working on this for a long time, you can read
> >> each other mind, but I need a more verbose email to understand ^_^'
> >> 
> >> Of course the interface must be safe, I totally agree. In order to
> >> make me understand what are the issues, can you list some of them?
> 
> Say you have kernel drivers (a network driver in the FPGA, or an I2C
> controller) for example bound to hardware on a MMIO bus in the the FPGA.
> You reprogram the FPGA using the debugfs interface, and the drivers don't
> get unloaded correctly, the driver will try to access the registers and
> depending on your system / bus either give you bad values or lock up.
> Now userland locked up your system. Bad.

I think I got confused by your reference to the MMIO, but now it sound like 
it was just a very specific example of a more general problem. Because this 
is true for any device driver for FPGA soft-IP/IP-core, it is not strictly 
an MMIO problem. Am I missing something?

I get the problem, I have to fight with **this** problem daily because I'm 
loading images with:

cat hello.bin > /dev/fpga0

And then, somehow I have to load the device drivers (memory, IRQ, ...). But 
I will not say publicly what I do (it is a "don't try this at home" thing).

> I'm not saying it isn't possible to do this if you're careful, of
> course you could
> first unload the drivers using rrmod and it would work just fine.

Or having some reference counter on the last loaded FPGA image may work. 
This way it will be possible to detect if there are users of the current 
FPGA and inhibit any unwanted FPGA load (like the module counter forbid 
rmmod when the device is in use). If a device driver is using some FPGA 
component the reference counter increase. How to do it? Need more studies, 
but probably this is a safe way that perhaps worth to look at.
 
> I just feel an interface like this might make it easier to create the
> wrong design.
> I've seen plenty of Application notes from vendors where they literally
> did "cat foo.bin > /dev/fpga" followed by mmap(/dev/mem...).

Actually, I'm doing worst than this (to compensate the lack of 
infrastructure). You tried, but you are not scaring me :P
 
> > Before we repeat what the doc l posted says, could you look at it and
> > comment on what I'm not saying there?
> > 
> > https://lkml.org/lkml/2018/8/15/525
> 
> Alan, maybe I didn't express myself well. I'm fine with the debugfs
> interface as a debug interface, just not for general usage ;-) I think
> your document is clear on that.
> 
> Thanks,
> 
> Moritz


-- 
Federico Vaga
[BE-CO-HT]


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ