lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54cbade6-c552-4877-a8d7-d2be9930cefd@samsung.com>
Date:   Tue, 4 Feb 2020 08:30:32 +0100
From:   Marek Szyprowski <m.szyprowski@...sung.com>
To:     Yicheng Li <yichengli@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>
Cc:     bleung@...omium.org, enric.balletbo@...labora.com,
        groeck@...omium.org, lee.jones@...aro.org, gwendal@...omium.org,
        andriy.shevchenko@...ux.intel.com, Jonathan.Cameron@...wei.com,
        evgreen@...omium.org, rushikesh.s.kadam@...el.com,
        tglx@...utronix.de
Subject: Re: [PATCH v6] platform/chrome: cros_ec: Query EC protocol version
 if EC transitions between RO/RW

Hi

On 03.02.2020 23:53, Yicheng Li wrote:
> RO and RW of EC may have different EC protocol version. If EC transitions
> between RO and RW, but AP does not reboot (this is true for fingerprint
> microcontroller / cros_fp, but not true for main ec / cros_ec), the AP
> still uses the protocol version queried before transition, which can
> cause problems. In the case of fingerprint microcontroller, this causes
> AP to send the wrong version of EC_CMD_GET_NEXT_EVENT to RO in the
> interrupt handler, which in turn prevents RO to clear the interrupt
> line to AP, in an infinite loop.
>
> Once an EC_HOST_EVENT_INTERFACE_READY is received, we know that there
> might have been a transition between RO and RW, so re-query the protocol.
>
> Signed-off-by: Yicheng Li <yichengli@...omium.org>

Tested-by: Marek Szyprowski <m.szyprowski@...sung.com>

Works fine on Samsung Exynos-based Chromebooks: Snow, Peach-Pit and 
Peach-Pi.

> ---
> Hi Enric and Marek,
>
>> This patch landed recently in linux-next as commit
>> 241a69ae8ea8e2defec751fe55dac1287aa044b8. Sadly, it causes following
>> kernel oops on any key press on Samsung Exynos-based Chromebooks (Snow,
>> Peach-Pit and Peach-Pi):
>
>> Many thanks for report the issue, we will take a look ASAP and revert
>> this commit meanwhile.
>
>> Simply removing the BUG_ON() from cros_ec_get_host_event() function
>> fixes the issue, but I don't know the protocol details to judge if this
>> is the correct way of fixing it.
> The issue was those Samsung Chromebooks (Snow, Peach-Pit and Peach-Pi)
> do not support mkbp events, yet we applied the same thing to them, which
> we shouldn't. This v6 should fix it: I Just added a check
>
> 	if (ec_dev->mkbp_event_supported)
>
> in cros_ec_register().
>
>
>
> drivers/platform/chrome/cros_ec.c           | 29 +++++++++++++++++++++
>   include/linux/platform_data/cros_ec_proto.h |  3 +++
>   2 files changed, 32 insertions(+)
>
> diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c
> index 9b2d07422e17..f16804db805b 100644
> --- a/drivers/platform/chrome/cros_ec.c
> +++ b/drivers/platform/chrome/cros_ec.c
> @@ -104,6 +104,23 @@ static int cros_ec_sleep_event(struct cros_ec_device *ec_dev, u8 sleep_event)
>   	return ret;
>   }
>   
> +static int cros_ec_ready_event(struct notifier_block *nb,
> +	unsigned long queued_during_suspend, void *_notify)
> +{
> +	struct cros_ec_device *ec_dev = container_of(nb, struct cros_ec_device,
> +						     notifier_ready);
> +	u32 host_event = cros_ec_get_host_event(ec_dev);
> +
> +	if (host_event & EC_HOST_EVENT_MASK(EC_HOST_EVENT_INTERFACE_READY)) {
> +		mutex_lock(&ec_dev->lock);
> +		cros_ec_query_all(ec_dev);
> +		mutex_unlock(&ec_dev->lock);
> +		return NOTIFY_OK;
> +	}
> +
> +	return NOTIFY_DONE;
> +}
> +
>   /**
>    * cros_ec_register() - Register a new ChromeOS EC, using the provided info.
>    * @ec_dev: Device to register.
> @@ -201,6 +218,18 @@ int cros_ec_register(struct cros_ec_device *ec_dev)
>   		dev_dbg(ec_dev->dev, "Error %d clearing sleep event to ec",
>   			err);
>   
> +	if (ec_dev->mkbp_event_supported) {
> +		/*
> +		 * Register the notifier for EC_HOST_EVENT_INTERFACE_READY
> +		 * event.
> +		 */
> +		ec_dev->notifier_ready.notifier_call = cros_ec_ready_event;
> +		err = blocking_notifier_chain_register(
> +			&ec_dev->event_notifier, &ec_dev->notifier_ready);
> +		if (err)
> +			return err;
> +	}
> +
>   	dev_info(dev, "Chrome EC device registered\n");
>   
>   	return 0;
> diff --git a/include/linux/platform_data/cros_ec_proto.h b/include/linux/platform_data/cros_ec_proto.h
> index 0d4e4aaed37a..a1c545c464e7 100644
> --- a/include/linux/platform_data/cros_ec_proto.h
> +++ b/include/linux/platform_data/cros_ec_proto.h
> @@ -121,6 +121,8 @@ struct cros_ec_command {
>    * @event_data: Raw payload transferred with the MKBP event.
>    * @event_size: Size in bytes of the event data.
>    * @host_event_wake_mask: Mask of host events that cause wake from suspend.
> + * @notifier_ready: The notifier_block to let the kernel re-query EC
> + *      communication protocol when the EC sends EC_HOST_EVENT_INTERFACE_READY.
>    * @ec: The platform_device used by the mfd driver to interface with the
>    *      main EC.
>    * @pd: The platform_device used by the mfd driver to interface with the
> @@ -161,6 +163,7 @@ struct cros_ec_device {
>   	int event_size;
>   	u32 host_event_wake_mask;
>   	u32 last_resume_result;
> +	struct notifier_block notifier_ready;
>   
>   	/* The platform devices used by the mfd driver */
>   	struct platform_device *ec;

Best regards
-- 
Marek Szyprowski, PhD
Samsung R&D Institute Poland

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ