lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAAOTY_8JRnhGKOB+faOaHR6p2nknHiMjAnbfo=390c5jNHtp=A@mail.gmail.com>
Date:   Sat, 20 Jun 2020 00:25:55 +0800
From:   Chun-Kuang Hu <chunkuang.hu@...nel.org>
To:     Neal Liu <neal.liu@...iatek.com>
Cc:     Rob Herring <robh+dt@...nel.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        devicetree@...r.kernel.org,
        wsd_upstream <wsd_upstream@...iatek.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        "moderated list:ARM/Mediatek SoC support" 
        <linux-mediatek@...ts.infradead.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v2 2/2] soc: mediatek: devapc: add devapc-mt6873 driver

Hi, Neal:

Neal Liu <neal.liu@...iatek.com> 於 2020年6月19日 週五 下午6:01寫道:
>
> MT6873 bus frabric provides TrustZone security support and data
> protection to prevent slaves from being accessed by unexpected
> masters.
> The security violations are logged and sent to the processor for
> further analysis or countermeasures.
>
> Any occurrence of security violation would raise an interrupt, and
> it will be handled by devapc-mt6873 driver. The violation
> information is printed in order to find the murderer.
>
> Signed-off-by: Neal Liu <neal.liu@...iatek.com>
> ---

[snip]

> +
> +/*
> + * mtk_devapc_pd_get - get devapc pd_types of register address.
> + *
> + * Returns the value of reg addr
> + */
> +static void __iomem *mtk_devapc_pd_get(struct mtk_devapc_context *devapc_ctx,
> +                                      int slave_type,
> +                                      enum DEVAPC_PD_REG_TYPE pd_reg_type,
> +                                      u32 index)
> +{
> +       struct mtk_devapc_vio_info *vio_info = devapc_ctx->soc->vio_info;
> +       u32 slave_type_num = devapc_ctx->soc->slave_type_num;
> +       const u32 *devapc_pds = devapc_ctx->soc->devapc_pds;

devapc_pds = mt6873_devapc_pds;


> +       void __iomem *reg;
> +
> +       if (!devapc_pds)

Never happen.

> +               return NULL;
> +
> +       if ((slave_type < slave_type_num &&
> +            index < vio_info->vio_mask_sta_num[slave_type]) &&
> +           pd_reg_type < PD_REG_TYPE_NUM) {

Always true.

> +               reg = devapc_ctx->devapc_pd_base[slave_type] +
> +                       devapc_pds[pd_reg_type];
> +
> +               if (pd_reg_type == VIO_MASK || pd_reg_type == VIO_STA)
> +                       reg += 0x4 * index;
> +
> +       } else {
> +               pr_err(PFX "Out Of Boundary, slave_type:0x%x/pd_reg_type:0x%x/index:0x%x\n",
> +                      slave_type, pd_reg_type, index);
> +               return NULL;
> +       }
> +
> +       return reg;
> +}
> +

[snip]

> +
> +/*
> + * start_devapc - initialize devapc status and start receiving interrupt
> + *               while devapc violation is triggered.
> + */
> +static void start_devapc(struct mtk_devapc_context *devapc_ctx)
> +{
> +       u32 slave_type_num = devapc_ctx->soc->slave_type_num;
> +       const struct mtk_device_info **device_info;
> +       const struct mtk_device_num *ndevices;
> +       void __iomem *pd_vio_shift_sta_reg;
> +       void __iomem *pd_apc_con_reg;
> +       int slave_type, i, vio_idx, index;
> +       u32 vio_shift_sta;
> +
> +       ndevices = devapc_ctx->soc->ndevices;

ndevices = mtk6873_devices_num;


> +
> +       device_info = devapc_ctx->soc->device_info;
> +
> +       for (slave_type = 0; slave_type < slave_type_num; slave_type++) {
> +               pd_apc_con_reg = mtk_devapc_pd_get(devapc_ctx, slave_type,
> +                                                  APC_CON, 0);
> +               pd_vio_shift_sta_reg = mtk_devapc_pd_get(devapc_ctx, slave_type,
> +                                                        VIO_SHIFT_STA, 0);
> +
> +               if (!pd_apc_con_reg || !pd_vio_shift_sta_reg || !device_info)
> +                       return;
> +
> +               /* Clear DEVAPC violation status */
> +               writel(BIT(31), pd_apc_con_reg);
> +
> +               /* Clear violation shift status */
> +               vio_shift_sta = readl(pd_vio_shift_sta_reg);
> +               if (vio_shift_sta)
> +                       writel(vio_shift_sta, pd_vio_shift_sta_reg);
> +
> +               /* Clear type 2 violation status */
> +               check_type2_vio_status(devapc_ctx, slave_type, &vio_idx, &i);
> +
> +               /* Clear violation status */
> +               for (i = 0; i < ndevices[slave_type].vio_slave_num; i++) {
> +                       vio_idx = device_info[slave_type][i].vio_index;
> +                       if ((check_vio_status(devapc_ctx, slave_type, vio_idx)
> +                                             == VIOLATION_TRIGGERED) &&
> +                            clear_vio_status(devapc_ctx, slave_type,
> +                                             vio_idx)) {
> +                               pr_warn(PFX "Clear vio status failed, slave_type:0x%x, vio_index:0x%x\n",
> +                                       slave_type, vio_idx);
> +
> +                               index = i;
> +                               mtk_devapc_dump_vio_dbg(devapc_ctx, slave_type,
> +                                                       &vio_idx, &index);
> +                               i = index - 1;
> +                       }
> +
> +                       mask_module_irq(devapc_ctx, slave_type, vio_idx, false);
> +               }
> +       }
> +}
> +
> +static DEFINE_SPINLOCK(devapc_lock);

Useless, so remove it.

> +
> +/*
> + * devapc_violation_irq - the devapc Interrupt Service Routine (ISR) will dump
> + *                       violation information including which master violates
> + *                       access slave.
> + */
> +static irqreturn_t devapc_violation_irq(int irq_number,
> +                                       struct mtk_devapc_context *devapc_ctx)
> +{
> +       u32 slave_type_num = devapc_ctx->soc->slave_type_num;
> +       const struct mtk_device_info **device_info;
> +       struct mtk_devapc_vio_info *vio_info;
> +       int slave_type, vio_idx, index;
> +       const char *vio_master;
> +       unsigned long flags;
> +       u8 perm;
> +
> +       spin_lock_irqsave(&devapc_lock, flags);
> +
> +       device_info = devapc_ctx->soc->device_info;
> +       vio_info = devapc_ctx->soc->vio_info;
> +       vio_idx = -1;
> +       index = -1;
> +
> +       /* There are multiple DEVAPC_PD */
> +       for (slave_type = 0; slave_type < slave_type_num; slave_type++) {
> +               if (!check_type2_vio_status(devapc_ctx, slave_type, &vio_idx,
> +                                           &index))
> +                       if (!mtk_devapc_dump_vio_dbg(devapc_ctx, slave_type,
> +                                                    &vio_idx, &index))
> +                               continue;
> +
> +               /* Ensure that violation info are written before
> +                * further operations
> +                */
> +               smp_mb();
> +
> +               mask_module_irq(devapc_ctx, slave_type, vio_idx, true);
> +
> +               clear_vio_status(devapc_ctx, slave_type, vio_idx);
> +
> +               perm = get_permission(devapc_ctx, slave_type, index,
> +                                     vio_info->domain_id);
> +
> +               vio_master = devapc_ctx->soc->master_get
> +                       (vio_info->master_id,
> +                        vio_info->vio_addr,
> +                        slave_type,
> +                        vio_info->shift_sta_bit,
> +                        vio_info->domain_id);

Call mt6873_bus_id_to_master() directly.

> +
> +               if (!vio_master)
> +                       vio_master = "UNKNOWN_MASTER";
> +
> +               pr_info(PFX "Violation - slave_type:0x%x, sys_index:0x%x, ctrl_index:0x%x, vio_index:0x%x\n",
> +                       slave_type,
> +                       device_info[slave_type][index].sys_index,
> +                       device_info[slave_type][index].ctrl_index,
> +                       device_info[slave_type][index].vio_index);
> +
> +               pr_info(PFX "Violation Master: %s\n", vio_master);
> +
> +               devapc_vio_reason(perm);
> +
> +               mask_module_irq(devapc_ctx, slave_type, vio_idx, false);
> +       }
> +
> +       spin_unlock_irqrestore(&devapc_lock, flags);
> +       return IRQ_HANDLED;
> +}
> +

[snip]

> +
> +/******************************************************************************
> + * VARIABLE DEFINATION
> + ******************************************************************************/
> +#define MOD_NO_IN_1_DEVAPC     16
> +#define VIOLATION_TRIGGERED    1
> +#define VIOLATION_MASKED       1
> +#define DEAD                   0xdeadbeaf
> +#define PFX                    "[DEVAPC]: "
> +#define SLAVE_TYPE_NUM_MAX     5

SLAVE_TYPE_NUM is 4, why SLAVE_TYPE_NUM_MAX is 5?

> +
> +#define devapc_log(p, s, fmt, args...) \
> +       do { \
> +               typeof(p) (_p) = (p); \
> +               ((_p) += scnprintf(_p, sizeof(s) - strlen(s), fmt, ##args)); \
> +       } while (0)

Useless, so remove it.

> +
> +#define UNUSED(x)              (void)(x)

Useless, so remove it.

> +
> +/******************************************************************************
> + * DATA STRUCTURE & FUNCTION DEFINATION
> + ******************************************************************************/
> +enum DEVAPC_PD_REG_TYPE {
> +       VIO_MASK = 0,
> +       VIO_STA,
> +       VIO_DBG0,
> +       VIO_DBG1,
> +       VIO_DBG2,
> +       APC_CON,
> +       VIO_SHIFT_STA,
> +       VIO_SHIFT_SEL,
> +       VIO_SHIFT_CON,
> +       PD_REG_TYPE_NUM,
> +};
> +
> +enum DEVAPC_UT_CMD {
> +       DEVAPC_UT_DAPC_VIO = 1,
> +       DEVAPC_UT_SRAM_VIO,
> +};

Useless, so remove it.

> +
> +enum DEVAPC_DOM_ID {
> +       DOMAIN_0 = 0,
> +       DOMAIN_1,
> +       DOMAIN_2,
> +       DOMAIN_3,
> +       DOMAIN_4,
> +       DOMAIN_5,
> +       DOMAIN_6,
> +       DOMAIN_7,
> +       DOMAIN_8,
> +       DOMAIN_9,
> +       DOMAIN_10,
> +       DOMAIN_11,
> +       DOMAIN_12,
> +       DOMAIN_13,
> +       DOMAIN_14,
> +       DOMAIN_15,
> +       DOMAIN_OTHERS,
> +};

Useless, so remove it.

> +
> +enum SRAMROM_VIO {
> +       ROM_VIOLATION = 0,
> +       SRAM_VIOLATION,
> +};
> +
> +enum DEVAPC_PERM_TYPE {
> +       NO_PROTECTION = 0,
> +       SEC_RW_ONLY,
> +       SEC_RW_NS_R,
> +       FORBIDDEN,
> +       PERM_TYPE_NUM,
> +};
> +
> +struct mtk_devapc_dbg_status {
> +       bool enable_ut;
> +       bool enable_dapc; /* dump APC */
> +};

Useless, so remove it.

Regards,
Chun-Kuang.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ