lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <474a9c53-5623-0d7d-d996-aab22af9b627@linaro.org>
Date:   Wed, 29 Sep 2021 15:06:51 +0100
From:   Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To:     Jeya R <jeyr@...eaurora.org>, linux-arm-msm@...r.kernel.org
Cc:     gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
        fastrpc.upstream@....qualcomm.com
Subject: Re: [PATCH 4/4] misc: fastrpc: reject non-secure node for secure
 domain



On 24/09/2021 13:19, Jeya R wrote:
> Reject session if domain is secure and device non-secure. Also check if
> opened device node is proper.
> 
> Signed-off-by: Jeya R <jeyr@...eaurora.org>
> ---
>   drivers/misc/fastrpc.c | 24 ++++++++++++++++++++++++
>   1 file changed, 24 insertions(+)
> 
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index 631713d..adf2700 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -235,6 +235,7 @@ struct fastrpc_user {
>   	spinlock_t lock;
>   	/* lock for allocations */
>   	struct mutex mutex;
> +	int dev_minor;
>   };
>   
>   static void fastrpc_free_map(struct kref *ref)
> @@ -1013,6 +1014,17 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl,  u32 kernel,
>   	return err;
>   }
>   
> +static int is_session_rejected(struct fastrpc_user *fl)
> +{
> +	/* Check if the device node is non-secure and channel is secure*/
> +	if ((fl->dev_minor == fl->cctx->miscdev.minor) && fl->cctx->secure) {
> +		dev_err(&fl->cctx->rpdev->dev, "Cannot use non-secure device"
> +				"node on secure channel\n");

Am bit confused here,

so we create 2 device nodes /dev/fastrpc-adsp, /dev/fastrpc-adsp-secure
and mark any domain other than cdsp as secure
then here we check if access is via /dev/fastrpc-adsp then reject it.

But question is why did we even create /dev/fastrpc-adsp in first place?

Can you explain how is this secure and non secure nodes supposed to work?

> +		return -EACCES;
> +	}
> +	return 0;
> +}
> +
>   static int fastrpc_init_create_process(struct fastrpc_user *fl,
>   					char __user *argp)
>   {
> @@ -1033,6 +1045,10 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
>   	} inbuf;
>   	u32 sc;
>   
> +	err = is_session_rejected(fl);
> +	if (err)
> +		return err;
> +
>   	args = kcalloc(FASTRPC_CREATE_PROCESS_NARGS, sizeof(*args), GFP_KERNEL);
>   	if (!args)
>   		return -ENOMEM;
> @@ -1221,6 +1237,7 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp)
>   	struct fastrpc_user *fl = NULL;
>   	struct miscdevice *currdev = NULL;
>   	unsigned long flags;
> +	int dev_minor = MINOR(inode->i_rdev);
>   
>   	if (!filp)
>   		return -EFAULT;
> @@ -1234,6 +1251,12 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp)
>   	else
>   		cctx = miscdev_to_cctx(filp->private_data);
>   

> +	if (!((dev_minor == cctx->miscdev.minor) ||
> +	     (dev_minor == cctx->securedev.minor))) {
> +		dev_err(&cctx->rpdev->dev, "Device node is not proper\n");
> +		return -EFAULT;
> +	}

This is bit of over checking, how can we enter without accessing proper 
device node?

> +
>   	fl = kzalloc(sizeof(*fl), GFP_KERNEL);
>   	if (!fl)
>   		return -ENOMEM;
> @@ -1250,6 +1273,7 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp)
>   	INIT_LIST_HEAD(&fl->user);
>   	fl->tgid = current->tgid;
>   	fl->cctx = cctx;
> +	fl->dev_minor = dev_minor;
>   
>   	fl->sctx = fastrpc_session_alloc(cctx);
>   	if (!fl->sctx) {
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ