| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Dec 2019 11:20:21 -0800
From: Gwendal Grignou <gwendal@...omium.org>
To: Enric Balletbo i Serra <enric.balletbo@...labora.com>
Cc: Yicheng Li <yichengli@...omium.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
Benson Leung <bleung@...omium.org>
Subject: Re: [PATCH v4] mfd / platform: cros_ec: Query EC protocol version if
EC transitions between RO/RW
On Tue, Nov 26, 2019 at 1:56 AM Enric Balletbo i Serra
<enric.balletbo@...labora.com> wrote:
>
> Hi Yicheng,
>
> I looked at this patch deeply and I have a question.
>
> On 25/11/19 23:15, Yicheng Li wrote:
> > RO and RW of EC may have different EC protocol version. If EC transitions
> > between RO and RW, but AP does not reboot (this is true for fingerprint
> > microcontroller / cros_fp, but not true for main ec / cros_ec), the AP
> > still uses the protocol version queried before transition, which can
> > cause problems. In the case of fingerprint microcontroller, this causes
> > AP to send the wrong version of EC_CMD_GET_NEXT_EVENT to RO in the
> > interrupt handler, which in turn prevents RO to clear the interrupt
> > line to AP, in an infinite loop.
> >
> > Once an EC_HOST_EVENT_INTERFACE_READY is received, we know that there
> > might have been a transition between RO and RW, so re-query the protocol.
> >
> > Signed-off-by: Yicheng Li <yichengli@...omium.org>
> > ---
> > drivers/platform/chrome/cros_ec.c | 24 +++++++++++++++++++++
> > include/linux/platform_data/cros_ec_proto.h | 3 +++
> > 2 files changed, 27 insertions(+)
> >
> > diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c
> > index 9b2d07422e17..38ec1fb409a5 100644
> > --- a/drivers/platform/chrome/cros_ec.c
> > +++ b/drivers/platform/chrome/cros_ec.c
> > @@ -104,6 +104,23 @@ static int cros_ec_sleep_event(struct cros_ec_device *ec_dev, u8 sleep_event)
> > return ret;
> > }
> >
> > +static int cros_ec_ready_event(struct notifier_block *nb,
> > + unsigned long queued_during_suspend, void *_notify)
> > +{
> > + struct cros_ec_device *ec_dev = container_of(nb, struct cros_ec_device,
> > + notifier_ready);
> > + u32 host_event = cros_ec_get_host_event(ec_dev);
> > +
> > + if (host_event & EC_HOST_EVENT_MASK(EC_HOST_EVENT_INTERFACE_READY)) {
> > + mutex_lock(&ec_dev->lock);
> > + cros_ec_query_all(ec_dev);
>
> I am wondering if instead of calling cros_ec_query_all we can just set the proto
> version to unknown:
>
> ec_dev->proto_version == EC_PROTO_VERSION_UNKNOWN
>
> and let the cros_ec_cmd_xfer function do its magic.
This has actually been used in cros_ec_query_all itself, when the EC
is not responding: when cros_ec_cmd_xfer is called,
cros_ec_query_all() is called again. This is used when
cros_ec_query_all() is called cros_ec_register(), but this is not
working properly anymore, because the irq and device driver will not
be registered anymore. See in cros_ec_register when cros_ec_query_all
is called and set _UNKNOWN, ret is not 0 and cros_ec_register() will
bail. I will work on it later. (crbug.com/1030373 for reference).
For our case at hand, we can not wait for a command coming from user
space to unlock us. Internal commands could use send_command directly,
if a new interrupt comes up for instance). Let's put all the check
code from cros_ec_cmd_xfer() in send_command() and indeed reset the
proto_version.
Gwendal.
>
> Should that work?
>
> Thanks,
> Enric
>
> > + mutex_unlock(&ec_dev->lock);
> > + return NOTIFY_OK;
> > + }
> > +
> > + return NOTIFY_DONE;
> > +}
> > +
> > /**
> > * cros_ec_register() - Register a new ChromeOS EC, using the provided info.
> > * @ec_dev: Device to register.
> > @@ -201,6 +218,13 @@ int cros_ec_register(struct cros_ec_device *ec_dev)
> > dev_dbg(ec_dev->dev, "Error %d clearing sleep event to ec",
> > err);
> >
> > + /* Register the notifier for EC_HOST_EVENT_INTERFACE_READY event. */
> > + ec_dev->notifier_ready.notifier_call = cros_ec_ready_event;
> > + err = blocking_notifier_chain_register(&ec_dev->event_notifier,
> > + &ec_dev->notifier_ready);
> > + if (err)
> > + return err;
> > +
> > dev_info(dev, "Chrome EC device registered\n");
> >
> > return 0;
> > diff --git a/include/linux/platform_data/cros_ec_proto.h b/include/linux/platform_data/cros_ec_proto.h
> > index 0d4e4aaed37a..a1c545c464e7 100644
> > --- a/include/linux/platform_data/cros_ec_proto.h
> > +++ b/include/linux/platform_data/cros_ec_proto.h
> > @@ -121,6 +121,8 @@ struct cros_ec_command {
> > * @event_data: Raw payload transferred with the MKBP event.
> > * @event_size: Size in bytes of the event data.
> > * @host_event_wake_mask: Mask of host events that cause wake from suspend.
> > + * @notifier_ready: The notifier_block to let the kernel re-query EC
> > + * communication protocol when the EC sends EC_HOST_EVENT_INTERFACE_READY.
> > * @ec: The platform_device used by the mfd driver to interface with the
> > * main EC.
> > * @pd: The platform_device used by the mfd driver to interface with the
> > @@ -161,6 +163,7 @@ struct cros_ec_device {
> > int event_size;
> > u32 host_event_wake_mask;
> > u32 last_resume_result;
> > + struct notifier_block notifier_ready;
> >
> > /* The platform devices used by the mfd driver */
> > struct platform_device *ec;
> >
Powered by blists - more mailing lists