| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 May 2020 16:59:44 -0700
From: Bjorn Andersson <bjorn.andersson@...aro.org>
To: Rishabh Bhatnagar <rishabhb@...eaurora.org>
Cc: linux-remoteproc@...r.kernel.org, linux-kernel@...r.kernel.org,
mathieu.poirier@...aro.org, tsoni@...eaurora.org,
psodagud@...eaurora.org, sidgup@...eaurora.org
Subject: Re: [PATCH v3 2/3] remoteproc: Add inline coredump functionality
On Thu 14 May 13:07 PDT 2020, Rishabh Bhatnagar wrote:
> The current coredump implementation uses vmalloc area to copy
> all the segments. But this might put strain on low memory targets
> as the firmware size sometimes is in tens of MBs. The situation
> becomes worse if there are multiple remote processors undergoing
> recovery at the same time. This patch adds inline coredump
> functionality that avoids extra memory usage. This requires
> recovery to be halted until data is read by userspace and free
> function is called.
>
Overall I think this looks really good now, but I spotted an issue with
INLINE dumps not using segment->dump().
Also there's 3 checkpatch --strict warnings, please fix those.
> Signed-off-by: Rishabh Bhatnagar <rishabhb@...eaurora.org>
> ---
> drivers/remoteproc/remoteproc_coredump.c | 129 +++++++++++++++++++++++++++++--
> include/linux/remoteproc.h | 15 ++++
> 2 files changed, 139 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/remoteproc/remoteproc_coredump.c b/drivers/remoteproc/remoteproc_coredump.c
[..]
> +static ssize_t rproc_coredump_read(char *buffer, loff_t offset, size_t count,
> + void *data, size_t header_sz)
> +{
> + void *device_mem;
> + size_t seg_data;
> + size_t copy_sz, bytes_left = count;
> + unsigned long addr;
> + struct rproc_coredump_state *dump_state = data;
> + struct rproc *rproc = dump_state->rproc;
> + void *elfcore = dump_state->header;
> +
> + /* Copy the vmalloc'ed header first. */
> + if (offset < header_sz) {
> + copy_sz = memory_read_from_buffer(buffer, count, &offset,
> + elfcore, header_sz);
> + if (copy_sz < 0)
> + return -EINVAL;
> +
> + return copy_sz;
> + }
> +
> + /* Find out the segment memory chunk to be copied based on offset.
> + * Keep copying data until count bytes are read.
> + */
/*
* Multiline comments start on the second line throughout
* remoteproc, please follow this.
*/
> + while (bytes_left) {
> + addr = rproc_coredump_find_segment(offset - header_sz,
> + &rproc->dump_segments,
> + &seg_data);
> + /* EOF check */
> + if (seg_data == 0) {
> + dev_info(&rproc->dev, "Ramdump done, %lld bytes read",
> + offset);
> + break;
> + }
> +
> + copy_sz = min_t(size_t, bytes_left, seg_data);
> +
> + device_mem = rproc_da_to_va(rproc, addr, copy_sz);
> + if (!device_mem) {
> + dev_err(&rproc->dev, "Coredump: %lx with size %zd out of remoteproc carveout\n",
> + addr, copy_sz);
> + return -ENOMEM;
I think it would be best to maintain the same behavior between INLINE
and DEFAULT here.
> + }
> + memcpy(buffer, device_mem, copy_sz);
This won't work for modem on e.g. SDM845, because we need to do some
special tricks to make the memory readable, that's why we invoke
segment->dump() in the DEFAULT scenario. Doing a memcpy here instead
will result in a security violation.
Perhaps this snippet can be extracted to a separate helper function,
which would allow you to avoid the next_seg goto label below.
> +
> + offset += copy_sz;
> + buffer += copy_sz;
> + bytes_left -= copy_sz;
> + }
> +
> + return count - bytes_left;
> +}
[..]
> diff --git a/include/linux/remoteproc.h b/include/linux/remoteproc.h
> index 0468be4..ab2b9b7 100644
> --- a/include/linux/remoteproc.h
> +++ b/include/linux/remoteproc.h
> @@ -435,6 +435,19 @@ enum rproc_crash_type {
> };
>
> /**
> + * enum rproc_dump_mechanism - Coredump options for core
> + * @COREDUMP_DEFAULT: Copy dump to separate buffer and carry on with recovery
> + * @COREDUMP_INLINE: Read segments directly from device memory. Stall
> + recovery until all segments are read
> + * @COREDUMP_DISABLED: Don't perform any dump
> + */
> +enum rproc_dump_mechanism {
> + COREDUMP_DEFAULT,
> + COREDUMP_INLINE,
> + COREDUMP_DISABLED,
Please prefix these with RPROC_, as "coredump" has a meaning outside
remoteproc as well.
Regards,
Bjorn
Powered by blists - more mailing lists