| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Feb 2020 08:30:32 +0100
From: Marek Szyprowski <m.szyprowski@...sung.com>
To: Yicheng Li <yichengli@...omium.org>,
LKML <linux-kernel@...r.kernel.org>
Cc: bleung@...omium.org, enric.balletbo@...labora.com,
groeck@...omium.org, lee.jones@...aro.org, gwendal@...omium.org,
andriy.shevchenko@...ux.intel.com, Jonathan.Cameron@...wei.com,
evgreen@...omium.org, rushikesh.s.kadam@...el.com,
tglx@...utronix.de
Subject: Re: [PATCH v6] platform/chrome: cros_ec: Query EC protocol version
if EC transitions between RO/RW
Hi
On 03.02.2020 23:53, Yicheng Li wrote:
> RO and RW of EC may have different EC protocol version. If EC transitions
> between RO and RW, but AP does not reboot (this is true for fingerprint
> microcontroller / cros_fp, but not true for main ec / cros_ec), the AP
> still uses the protocol version queried before transition, which can
> cause problems. In the case of fingerprint microcontroller, this causes
> AP to send the wrong version of EC_CMD_GET_NEXT_EVENT to RO in the
> interrupt handler, which in turn prevents RO to clear the interrupt
> line to AP, in an infinite loop.
>
> Once an EC_HOST_EVENT_INTERFACE_READY is received, we know that there
> might have been a transition between RO and RW, so re-query the protocol.
>
> Signed-off-by: Yicheng Li <yichengli@...omium.org>
Tested-by: Marek Szyprowski <m.szyprowski@...sung.com>
Works fine on Samsung Exynos-based Chromebooks: Snow, Peach-Pit and
Peach-Pi.
> ---
> Hi Enric and Marek,
>
>> This patch landed recently in linux-next as commit
>> 241a69ae8ea8e2defec751fe55dac1287aa044b8. Sadly, it causes following
>> kernel oops on any key press on Samsung Exynos-based Chromebooks (Snow,
>> Peach-Pit and Peach-Pi):
>
>> Many thanks for report the issue, we will take a look ASAP and revert
>> this commit meanwhile.
>
>> Simply removing the BUG_ON() from cros_ec_get_host_event() function
>> fixes the issue, but I don't know the protocol details to judge if this
>> is the correct way of fixing it.
> The issue was those Samsung Chromebooks (Snow, Peach-Pit and Peach-Pi)
> do not support mkbp events, yet we applied the same thing to them, which
> we shouldn't. This v6 should fix it: I Just added a check
>
> if (ec_dev->mkbp_event_supported)
>
> in cros_ec_register().
>
>
>
> drivers/platform/chrome/cros_ec.c | 29 +++++++++++++++++++++
> include/linux/platform_data/cros_ec_proto.h | 3 +++
> 2 files changed, 32 insertions(+)
>
> diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c
> index 9b2d07422e17..f16804db805b 100644
> --- a/drivers/platform/chrome/cros_ec.c
> +++ b/drivers/platform/chrome/cros_ec.c
> @@ -104,6 +104,23 @@ static int cros_ec_sleep_event(struct cros_ec_device *ec_dev, u8 sleep_event)
> return ret;
> }
>
> +static int cros_ec_ready_event(struct notifier_block *nb,
> + unsigned long queued_during_suspend, void *_notify)
> +{
> + struct cros_ec_device *ec_dev = container_of(nb, struct cros_ec_device,
> + notifier_ready);
> + u32 host_event = cros_ec_get_host_event(ec_dev);
> +
> + if (host_event & EC_HOST_EVENT_MASK(EC_HOST_EVENT_INTERFACE_READY)) {
> + mutex_lock(&ec_dev->lock);
> + cros_ec_query_all(ec_dev);
> + mutex_unlock(&ec_dev->lock);
> + return NOTIFY_OK;
> + }
> +
> + return NOTIFY_DONE;
> +}
> +
> /**
> * cros_ec_register() - Register a new ChromeOS EC, using the provided info.
> * @ec_dev: Device to register.
> @@ -201,6 +218,18 @@ int cros_ec_register(struct cros_ec_device *ec_dev)
> dev_dbg(ec_dev->dev, "Error %d clearing sleep event to ec",
> err);
>
> + if (ec_dev->mkbp_event_supported) {
> + /*
> + * Register the notifier for EC_HOST_EVENT_INTERFACE_READY
> + * event.
> + */
> + ec_dev->notifier_ready.notifier_call = cros_ec_ready_event;
> + err = blocking_notifier_chain_register(
> + &ec_dev->event_notifier, &ec_dev->notifier_ready);
> + if (err)
> + return err;
> + }
> +
> dev_info(dev, "Chrome EC device registered\n");
>
> return 0;
> diff --git a/include/linux/platform_data/cros_ec_proto.h b/include/linux/platform_data/cros_ec_proto.h
> index 0d4e4aaed37a..a1c545c464e7 100644
> --- a/include/linux/platform_data/cros_ec_proto.h
> +++ b/include/linux/platform_data/cros_ec_proto.h
> @@ -121,6 +121,8 @@ struct cros_ec_command {
> * @event_data: Raw payload transferred with the MKBP event.
> * @event_size: Size in bytes of the event data.
> * @host_event_wake_mask: Mask of host events that cause wake from suspend.
> + * @notifier_ready: The notifier_block to let the kernel re-query EC
> + * communication protocol when the EC sends EC_HOST_EVENT_INTERFACE_READY.
> * @ec: The platform_device used by the mfd driver to interface with the
> * main EC.
> * @pd: The platform_device used by the mfd driver to interface with the
> @@ -161,6 +163,7 @@ struct cros_ec_device {
> int event_size;
> u32 host_event_wake_mask;
> u32 last_resume_result;
> + struct notifier_block notifier_ready;
>
> /* The platform devices used by the mfd driver */
> struct platform_device *ec;
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
Powered by blists - more mailing lists