| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Apr 2020 11:37:03 -0600
From: Mathieu Poirier <mathieu.poirier@...aro.org>
To: Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
Cc: Suzuki K Poulose <suzuki.poulose@....com>, mike.leach@...aro.org,
Stephen Boyd <swboyd@...omium.org>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-arm-msm@...r.kernel.org
Subject: Re: [PATCHv2] coresight: tmc: Fix TMC mode read in
tmc_read_prepare_etb()
On Thu, Apr 16, 2020 at 09:44:59PM +0530, Sai Prakash Ranjan wrote:
> On some QCOM platforms like SC7180, SDM845 and SM8150,
> reading TMC mode register without proper coresight power
> management can lead to async exceptions like the one in
> the call trace below in tmc_read_prepare_etb(). This can
> happen if the user tries to read the TMC etf data via
> device node without setting up source and the sink first.
> Fix this by having a check for coresight sysfs mode
> before reading TMC mode management register.
>
> Kernel panic - not syncing: Asynchronous SError Interrupt
> CPU: 7 PID: 2605 Comm: hexdump Tainted: G S 5.4.30 #122
> Call trace:
> dump_backtrace+0x0/0x188
> show_stack+0x20/0x2c
> dump_stack+0xdc/0x144
> panic+0x168/0x36c
> panic+0x0/0x36c
> arm64_serror_panic+0x78/0x84
> do_serror+0x130/0x138
> el1_error+0x84/0xf8
> tmc_read_prepare_etb+0x88/0xb8
> tmc_open+0x40/0xd8
> misc_open+0x120/0x158
> chrdev_open+0xb8/0x1a4
> do_dentry_open+0x268/0x3a0
> vfs_open+0x34/0x40
> path_openat+0x39c/0xdf4
> do_filp_open+0x90/0x10c
> do_sys_open+0x150/0x3e8
> __arm64_compat_sys_openat+0x28/0x34
> el0_svc_common+0xa8/0x160
> el0_svc_compat_handler+0x2c/0x38
> el0_svc_compat+0x8/0x10
>
> Fixes: 4525412a5046 ("coresight: tmc: making prepare/unprepare functions generic")
> Reported-by: Stephen Boyd <swboyd@...omium.org>
> Suggested-by: Mathieu Poirier <mathieu.poirier@...aro.org>
> Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
Applied - thanks,
Mathieu
> ---
> v2:
> * Move the TMC mode read under CS_MODE_SYSFS as per Mathieu
> ---
> drivers/hwtracing/coresight/coresight-tmc-etf.c | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/hwtracing/coresight/coresight-tmc-etf.c b/drivers/hwtracing/coresight/coresight-tmc-etf.c
> index d0cc3985b72a..36cce2bfb744 100644
> --- a/drivers/hwtracing/coresight/coresight-tmc-etf.c
> +++ b/drivers/hwtracing/coresight/coresight-tmc-etf.c
> @@ -596,13 +596,6 @@ int tmc_read_prepare_etb(struct tmc_drvdata *drvdata)
> goto out;
> }
>
> - /* There is no point in reading a TMC in HW FIFO mode */
> - mode = readl_relaxed(drvdata->base + TMC_MODE);
> - if (mode != TMC_MODE_CIRCULAR_BUFFER) {
> - ret = -EINVAL;
> - goto out;
> - }
> -
> /* Don't interfere if operated from Perf */
> if (drvdata->mode == CS_MODE_PERF) {
> ret = -EINVAL;
> @@ -616,8 +609,15 @@ int tmc_read_prepare_etb(struct tmc_drvdata *drvdata)
> }
>
> /* Disable the TMC if need be */
> - if (drvdata->mode == CS_MODE_SYSFS)
> + if (drvdata->mode == CS_MODE_SYSFS) {
> + /* There is no point in reading a TMC in HW FIFO mode */
> + mode = readl_relaxed(drvdata->base + TMC_MODE);
> + if (mode != TMC_MODE_CIRCULAR_BUFFER) {
> + ret = -EINVAL;
> + goto out;
> + }
> __tmc_etb_disable_hw(drvdata);
> + }
>
> drvdata->reading = true;
> out:
> --
> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
> of Code Aurora Forum, hosted by The Linux Foundation
Powered by blists - more mailing lists