| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Nov 2019 11:02:57 -0700
From: Jeffrey Hugo <jeffrey.l.hugo@...il.com>
To: Bjorn Andersson <bjorn.andersson@...aro.org>
Cc: Ohad Ben-Cohen <ohad@...ery.com>,
Avaneesh Kumar Dwivedi <akdwived@...eaurora.org>,
MSM <linux-arm-msm@...r.kernel.org>,
linux-remoteproc@...r.kernel.org,
lkml <linux-kernel@...r.kernel.org>,
Sibi Sankar <sibis@...eaurora.org>, stable@...r.kernel.org
Subject: Re: [PATCH v2 1/2] remoteproc: qcom_q6v5_mss: Don't reassign mpss
region on shutdown
On Tue, Nov 12, 2019 at 10:01 AM Jeffrey Hugo <jeffrey.l.hugo@...il.com> wrote:
>
> On Fri, Nov 8, 2019 at 5:40 PM Bjorn Andersson
> <bjorn.andersson@...aro.org> wrote:
> >
> > Trying to reclaim mpss memory while the mba is not running causes the
> > system to crash on devices with security fuses blown, so leave it
> > assigned to the remote on shutdown and recover it on a subsequent boot.
> >
> > Fixes: 6c5a9dc2481b ("remoteproc: qcom: Make secure world call for mem ownership switch")
> > Cc: stable@...r.kernel.org
> > Signed-off-by: Bjorn Andersson <bjorn.andersson@...aro.org>
>
> Stuff still works on the laptop, and I don't hit the access violation
> with the crash dump scenario on the mtp.
>
> Reviewed-by: Jeffrey Hugo <jeffrey.l.hugo@...il.com>
> Tested-by: Jeffrey Hugo <jeffrey.l.hugo@...il.com>
Actually, nack that. See comment below.
>
> > ---
> >
> > Changes since v1:
> > - Assign memory back to Linux in coredump case
> >
> > drivers/remoteproc/qcom_q6v5_mss.c | 20 ++++++++++----------
> > 1 file changed, 10 insertions(+), 10 deletions(-)
> >
> > diff --git a/drivers/remoteproc/qcom_q6v5_mss.c b/drivers/remoteproc/qcom_q6v5_mss.c
> > index de919f2e8b94..efab574b2e12 100644
> > --- a/drivers/remoteproc/qcom_q6v5_mss.c
> > +++ b/drivers/remoteproc/qcom_q6v5_mss.c
> > @@ -875,11 +875,6 @@ static void q6v5_mba_reclaim(struct q6v5 *qproc)
> > writel(val, qproc->reg_base + QDSP6SS_PWR_CTL_REG);
> > }
> >
> > - ret = q6v5_xfer_mem_ownership(qproc, &qproc->mpss_perm,
> > - false, qproc->mpss_phys,
> > - qproc->mpss_size);
> > - WARN_ON(ret);
> > -
> > q6v5_reset_assert(qproc);
> >
> > q6v5_clk_disable(qproc->dev, qproc->reset_clks,
> > @@ -969,6 +964,10 @@ static int q6v5_mpss_load(struct q6v5 *qproc)
> > max_addr = ALIGN(phdr->p_paddr + phdr->p_memsz, SZ_4K);
> > }
> >
> > + /* Try to reset ownership back to Linux */
> > + q6v5_xfer_mem_ownership(qproc, &qproc->mpss_perm, false,
> > + qproc->mpss_phys, qproc->mpss_size);
> > +
> > mpss_reloc = relocate ? min_addr : qproc->mpss_phys;
> > qproc->mpss_reloc = mpss_reloc;
> > /* Load firmware segments */
> > @@ -1058,9 +1057,14 @@ static void qcom_q6v5_dump_segment(struct rproc *rproc,
> > void *ptr = rproc_da_to_va(rproc, segment->da, segment->size);
> >
> > /* Unlock mba before copying segments */
> > - if (!qproc->dump_mba_loaded)
> > + if (!qproc->dump_mba_loaded) {
> > ret = q6v5_mba_load(qproc);
> >
> > + /* Try to reset ownership back to Linux */
> > + q6v5_xfer_mem_ownership(qproc, &qproc->mpss_perm, false,
> > + qproc->mpss_phys, qproc->mpss_size);
If the load fails, we can't pull the memory otherwise we'll hit the
access violation (serror). I happened to see this on a production
device, where I think the load fails because crashdumps are not
enabled.
> > + }
> > +
> > if (!ptr || ret)
> > memset(dest, 0xff, segment->size);
> > else
> > @@ -1111,10 +1115,6 @@ static int q6v5_start(struct rproc *rproc)
> > return 0;
> >
> > reclaim_mpss:
> > - xfermemop_ret = q6v5_xfer_mem_ownership(qproc, &qproc->mpss_perm,
> > - false, qproc->mpss_phys,
> > - qproc->mpss_size);
> > - WARN_ON(xfermemop_ret);
> > q6v5_mba_reclaim(qproc);
> >
> > return ret;
> > --
> > 2.23.0
> >
Powered by blists - more mailing lists