| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jan 2020 12:55:12 +0100
From: Fabien Lahoudere <fabien.lahoudere@...labora.com>
To: Yicheng Li <yichengli@...gle.com>
Cc: Yicheng Li <yichengli@...omium.org>,
LKML <linux-kernel@...r.kernel.org>,
Benson Leung <bleung@...omium.org>,
Gwendal Grignou <gwendal@...omium.org>,
Enric Balletbo i Serra <enric.balletbo@...labora.com>
Subject: Re: [PATCH] mfd / platform: cros_ec: Query EC protocol version if
EC transitions between RO/RW
Hi,
With the patch applied,
root@...ian:/src/ec# ./build/bds/util/ectool --name=cros_fp
reboot_ec
ioctl -1, errno 110 (Connection timed out), EC result 255
(<unknown>)
root@...ian:/src/ec# ./build/bds/util/ectool --name=cros_fp version
RO version: nocturne_fp_v2.2.64-58cf5974e
RW version: nocturne_fp_v2.2.191-1d529566e
Firmware copy: RW
Build info: nocturne_fp_v2.2.191-1d529566e 2019-11-01 20:30:58
@chromeos-ci-legacy-us-central1-b-x32-72-dltd
Tool version: v2.0.3074-a5052d4e7 2020-01-16 10:23:05 debian@...ian
in that case we see that the firmware copy is RW after the reboot.
Without the patch :
root@...ian:/src/ec# ./build/bds/util/ectool --name=cros_fp
reboot_ec
ioctl -1, errno 110 (Connection timed out), EC result 255
(<unknown>)
root@...ian:/src/ec# ./build/bds/util/ectool --name=cros_fp version
RO version: nocturne_fp_v2.2.64-58cf5974e
RW version: nocturne_fp_v2.2.191-1d529566e
Firmware copy: RO
Build info: nocturne_fp_v2.2.64-58cf5974e 2018-10-01 19:11:56
@cros-beefy532-c2
Tool version: v2.0.3074-a5052d4e7 2020-01-16 10:23:05 debian@...ian
root@...ian:/src/ec#
The firmware copy stays RO
For me the patch works fine
Tested-by: Fabien Lahoudere <fabien.lahoudere@...labora.com>
Thanks
Le mardi 21 janvier 2020 à 10:13 -0800, Yicheng Li a écrit :
> Hi Fabien,
>
> error 4 is EC_RES_ACCESS_DENIED. I think it's because you are trying
> to directly reboot to RO, which issues the command EC_CMD_REBOOT_EC
> (0xD2)
> https://chromium.git.corp.google.com/chromiumos/platform/ec/+/15edeaabe90c554d83faa4ff0c9143c66248e0e4/common/system.c#1495
> and is ultimately disallowed since system_is_locked() is true:
> https://chromium.git.corp.google.com/chromiumos/platform/ec/+/15edeaabe90c554d83faa4ff0c9143c66248e0e4/common/system.c#551
>
> The way I test it is to run "ectool --name=cros_fp reboot_ec" without
> the "RO" argument. This issues EC_CMD_REBOOT
> https://chromium.git.corp.google.com/chromiumos/platform/ec/+/15edeaabe90c554d83faa4ff0c9143c66248e0e4/util/ectool.c#1055
> which is 0xD1. (Sorry I didn't notice the RO argument in the first
> pass...)
>
> With "ectool --name=cros_fp reboot_ec", we are telling cros_fp to do
> an immediate reboot (to RW), however because of the issue outlined in
> the commit description, it would hang in RO without this patch.
>
> Thanks,
> Yicheng
>
>
>
> On Mon, Jan 20, 2020 at 3:16 AM Fabien Lahoudere <
> fabien.lahoudere@...labora.com> wrote:
> > Hi Yicheng,
> >
> > Thanks for your quick answer.
> >
> > I updated the firmware after my first email on friday.
> > Now the version is correct:
> >
> > # ectool version --name=cros_fp
> > RO version: nocturne_fp_v2.2.64-58cf5974e
> > RW version: nocturne_fp_v2.2.191-1d529566e
> > Firmware copy: RW
> > Build info: nocturne_fp_v2.2.191-1d529566e 2019-11-01
> > 20:30:58
> > @chromeos-ci-legacy-us-central1-b-x32-72-dltd
> > Tool version: v2.0.3031-9e0f24fad 2020-01-13 06:11:02
> > @chromeos-ci-
> > legacy-us-east1-d-x32-89-i09h
> >
> > The result does not change. This is the console output after I sent
> > the
> > reboot command.
> >
> > $ ectool name=cros_fp output
> > ...
> > [250664.176204 HC 0xa9]
> > [250664.176287 HC 0xa9 err 1]
> > [250664.177413 HC 0x67]
> > [250664.177489 HC 0x67 err 9]
> > [250664.178434 HC 0x02]
> > [250664.180308 HC Suppressed: 0x97=127 0x98=138 0x115=0]
> > [250664.477987 HC 0x01]
> > [250892.898421 HC 0x02]
> > [250892.900447 HC 0x07]
> > [250892.901286 HC 0x0b]
> > [250902.139053 HC 0x02]
> > [250902.141059 HC 0x07]
> > [250902.141847 HC 0x0b]
> > [250902.142988 HC 0xd2]
> > [250902.143072 Executing host reboot command 1]
> > [250902.143176 HC 0xd2 err 4]
> > [250908.838254 HC 0x02]
> > [250908.840474 HC 0x07]
> > [250908.841391 HC 0x0b]
> >
> > it seems we have an error when executing the 0zd2 command.
> >
> > Any idea what is error 4?
> >
> > Thanks
> >
> > Fabien
> >
> > Le jeudi 16 janvier 2020 à 05:04 -0800, Yicheng Li a écrit :
> > > Hi Fabien,
> > >
> > > First, you need the new firmware which has RW 2.2.191 instead of
> > > 2.2.110. It's available in release M80. The old firmware you were
> > > using does not have the RO/RW protocol incompatibility problem
> > > because RW 2.2.110 still only support versions 0 and 1 of
> > > EC_CMD_GET_NEXT_EVENT, same as RO 2.2.64. RW 2.2.191 has version
> > 2 of
> > > EC_CMD_GET_NEXT_ EVENT, hence the issue described in the commit
> > > message.
> > >
> > > With RW 2.2.191, if the kernal does not have this patch,
> > rebooting
> > > cros_fp will leave you in an infinite loop in RO, as described in
> > the
> > > commit message. This patch solves the problem and you should be
> > in RW
> > > after the reboot. You can see more details on the commands sent
> > to
> > > cros_fp during RO if you have cros_fp.log
> > >
> > > Let me know if you have other questions. Thanks!
> > >
> > > Best,
> > > Yicheng
> > >
> > >
> > > On Thu, Jan 16, 2020, 4:27 AM Fabien Lahoudere <
> > > fabien.lahoudere@...labora.com> wrote:
> > > > Hi,
> > > >
> > > > I tried to test that patch but I cannot switch to RO firmware.
> > > > I do the following steps:
> > > >
> > > > root@...ian:/sys/class/chromeos/cros_fp# cat version
> > > > RO version: nocturne_fp_v2.2.64-58cf5974e
> > > > RW version: nocturne_fp_v2.2.110-b936c0a3c
> > > > Firmware copy: RW
> > > > Build info: nocturne_fp_v2.2.110-b936c0a3c 2018-11-02
> > 14:16:46
> > > > @swarm-cros-461
> > > > Chip vendor: stm
> > > > Chip name: stm32h7x3
> > > > Chip revision:
> > > > Board version: EC error 1
> > > > root@...ian:/sys/class/chromeos/cros_fp# echo ro > reboot
> > > > root@...ian:/sys/class/chromeos/cros_fp# cat version
> > > > RO version: nocturne_fp_v2.2.64-58cf5974e
> > > > RW version: nocturne_fp_v2.2.110-b936c0a3c
> > > > Firmware copy: RW
> > > > Build info: nocturne_fp_v2.2.110-b936c0a3c 2018-11-02
> > 14:16:46
> > > > @swarm-cros-461
> > > > Chip vendor: stm
> > > > Chip name: stm32h7x3
> > > > Chip revision:
> > > > Board version: EC error 1
> > > > root@...ian:/sys/class/chromeos/cros_fp#
> > > >
> > > > We see here that cros_fp is still RW.
> > > >
> > > > I also tried with:
> > > >
> > > > debian@...ian:/src/ec$ sudo build/bds/util/ectool --
> > name=cros_fp
> > > > reboot_ec RO
> > > > debian@...ian:/src/ec$ sudo build/bds/util/ectool --
> > name=cros_fp
> > > > version
> > > > RO version: nocturne_fp_v2.2.64-58cf5974e
> > > > RW version: nocturne_fp_v2.2.110-b936c0a3c
> > > > Firmware copy: RW
> > > > Build info: nocturne_fp_v2.2.110-b936c0a3c 2018-11-02
> > 14:16:46
> > > > @swarm-cros-461
> > > > Tool version: v2.0.3074-a5052d4e7 2020-01-16 10:23:05
> > > > debian@...ian
> > > > debian@...ian:/src/ec$
> > > >
> > > > with the same result.
> > > >
> > > > Can you decribe us steps you follow to test that patch?
> > > >
> > > > Thanks
> > > >
> > > > Fabien
> > > >
> > > > Le lundi 18 novembre 2019 à 12:00 -0800, Yicheng Li a écrit :
> > > > > RO and RW of EC may have different EC protocol version. If EC
> > > > > transitions
> > > > > between RO and RW, but AP does not reboot (this is true for
> > > > > fingerprint
> > > > > microcontroller / cros_fp, but not true for main ec /
> > cros_ec),
> > > > the
> > > > > AP
> > > > > still uses the protocol version queried before transition,
> > which
> > > > can
> > > > > cause problems. In the case of fingerprint microcontroller,
> > this
> > > > > causes
> > > > > AP to send the wrong version of EC_CMD_GET_NEXT_EVENT to RO
> > in
> > > > the
> > > > > interrupt handler, which in turn prevents RO to clear the
> > > > interrupt
> > > > > line to AP, in an infinite loop.
> > > > >
> > > > > Once an EC_HOST_EVENT_INTERFACE_READY is received, we know
> > that
> > > > there
> > > > > might have been a transition between RO and RW, so re-query
> > the
> > > > > protocol.
> > > > >
> > > > > Signed-off-by: Yicheng Li <yichengli@...omium.org>
> > > > >
> > > > > Change-Id: Ib58032ff4a8e113bdbd07212e8aff42807afff38
> > > > > Series-to: LKML <linux-kernel@...r.kernel.org>
> > > > > Series-cc: Benson Leung <bleung@...omium.org>, Enric Balletbo
> > i
> > > > Serra
> > > > > <enric.balletbo@...labora.com>, Gwendal Grignou <
> > > > gwendal@...omium.org
> > > > > >
> > > > > ---
> > > > > drivers/platform/chrome/cros_ec.c | 24
> > > > > +++++++++++++++++++++
> > > > > include/linux/platform_data/cros_ec_proto.h | 1 +
> > > > > 2 files changed, 25 insertions(+)
> > > > >
> > > > > diff --git a/drivers/platform/chrome/cros_ec.c
> > > > > b/drivers/platform/chrome/cros_ec.c
> > > > > index 9b2d07422e17..0c910846d99d 100644
> > > > > --- a/drivers/platform/chrome/cros_ec.c
> > > > > +++ b/drivers/platform/chrome/cros_ec.c
> > > > > @@ -104,6 +104,23 @@ static int cros_ec_sleep_event(struct
> > > > > cros_ec_device *ec_dev, u8 sleep_event)
> > > > > return ret;
> > > > > }
> > > > >
> > > > > +static int cros_ec_ready_event(struct notifier_block *nb,
> > > > > + unsigned long queued_during_suspend, void *_notify)
> > > > > +{
> > > > > + struct cros_ec_device *ec_dev = container_of(nb, struct
> > > > > cros_ec_device,
> > > > > +
> > > > notifier_ready);
> > > > > + u32 host_event = cros_ec_get_host_event(ec_dev);
> > > > > +
> > > > > + if (host_event &
> > > > > EC_HOST_EVENT_MASK(EC_HOST_EVENT_INTERFACE_READY)) {
> > > > > + mutex_lock(&ec_dev->lock);
> > > > > + cros_ec_query_all(ec_dev);
> > > > > + mutex_unlock(&ec_dev->lock);
> > > > > + return NOTIFY_OK;
> > > > > + } else {
> > > > > + return NOTIFY_DONE;
> > > > > + }
> > > > > +}
> > > > > +
> > > > > /**
> > > > > * cros_ec_register() - Register a new ChromeOS EC, using
> > the
> > > > > provided info.
> > > > > * @ec_dev: Device to register.
> > > > > @@ -201,6 +218,13 @@ int cros_ec_register(struct
> > cros_ec_device
> > > > > *ec_dev)
> > > > > dev_dbg(ec_dev->dev, "Error %d clearing sleep
> > event
> > > > to
> > > > > ec",
> > > > > err);
> > > > >
> > > > > + /* Register the notifier for
> > EC_HOST_EVENT_INTERFACE_READY
> > > > > event. */
> > > > > + ec_dev->notifier_ready.notifier_call =
> > cros_ec_ready_event;
> > > > > + err = blocking_notifier_chain_register(&ec_dev-
> > > > >event_notifier,
> > > > > + &ec_dev-
> > > > > >notifier_ready);
> > > > > + if (err < 0)
> > > > > + dev_warn(ec_dev->dev, "Failed to register
> > > > notifier\n");
> > > > > +
> > > > > dev_info(dev, "Chrome EC device registered\n");
> > > > >
> > > > > return 0;
> > > > > diff --git a/include/linux/platform_data/cros_ec_proto.h
> > > > > b/include/linux/platform_data/cros_ec_proto.h
> > > > > index 0d4e4aaed37a..9840408c0b01 100644
> > > > > --- a/include/linux/platform_data/cros_ec_proto.h
> > > > > +++ b/include/linux/platform_data/cros_ec_proto.h
> > > > > @@ -161,6 +161,7 @@ struct cros_ec_device {
> > > > > int event_size;
> > > > > u32 host_event_wake_mask;
> > > > > u32 last_resume_result;
> > > > > + struct notifier_block notifier_ready;
> > > > >
> > > > > /* The platform devices used by the mfd driver */
> > > > > struct platform_device *ec;
> > > >
> >
Powered by blists - more mailing lists