lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8fb5dea0-9ce6-a17c-1253-64a43c86c82c@intel.com>
Date:   Tue, 17 May 2022 09:16:50 -0700
From:   Russ Weight <russell.h.weight@...el.com>
To:     Xu Yilun <yilun.xu@...el.com>
CC:     <mdf@...nel.org>, <hao.wu@...el.com>, <lee.jones@...aro.org>,
        <linux-fpga@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <trix@...hat.com>, <marpagan@...hat.com>, <lgoncalv@...hat.com>,
        <matthew.gerlach@...ux.intel.com>,
        <basheer.ahmed.muddebihal@...el.com>, <tianfei.zhang@...el.com>
Subject: Re: [PATCH v20 3/5] fpga: m10bmc-sec: expose max10 flash update count



On 5/16/22 21:13, Xu Yilun wrote:
> On Mon, May 16, 2022 at 04:49:39PM -0700, Russ Weight wrote:
>> Extend the MAX10 BMC Secure Update driver to provide a sysfs file to
>> expose the flash update count.
>>
>> Signed-off-by: Russ Weight <russell.h.weight@...el.com>
>> Reviewed-by: Tom Rix <trix@...hat.com>
>> ---
>> v20:
>>   - No change
>> v19:
>>   - Change "card bmc" naming back to "m10 bmc" naming to be consistent
>>     with the parent driver.
>> v18:
>>   - No change
>> v17:
>>   - Update the Date and KernelVersion for the ABI documentation to Jul 2022
>>     and 5.19 respectively.
>>   - Change "m10bmc" in symbol names to "cardbmc" to reflect the fact that the
>>     future devices will not necessarily use the MAX10.
>> v16:
>>   - No Change
>> v15:
>>   - Updated the Dates and KernelVersions in the ABI documentation
>> v14:
>>   - No change
>> v13:
>>   - Updated ABI documentation date and kernel version
>> v12:
>>   - Updated Date and KernelVersion fields in ABI documentation
>> v11:
>>   - No change
>> v10:
>>   - Changed the path expression in the sysfs documentation to
>>     replace the n3000 reference with something more generic to
>>     accomodate other devices that use the same driver.
>> v9:
>>   - Rebased to 5.12-rc2 next
>>   - Updated Date and KernelVersion in ABI documentation
>> v8:
>>   - Previously patch 3/6, otherwise no change
>> v7:
>>   - Updated Date and KernelVersion in ABI documentation
>> v6:
>>   - Changed flash_count_show() parameter list to achieve
>>     reverse-christmas tree format.
>>   - Added WARN_ON() call for (FLASH_COUNT_SIZE / stride) to ensure
>>     that the proper count is passed to regmap_bulk_read().
>> v5:
>>   - Renamed sysfs node user_flash_count to flash_count and updated the
>>     sysfs documentation accordingly.
>> v4:
>>   - Moved the sysfs file for displaying the flash count from the
>>     FPGA Security Manager class driver to here. The
>>     m10bmc_user_flash_count() function is removed and the
>>     functionality is moved into a user_flash_count_show()
>>     function.
>>   - Added ABI documentation for the new sysfs entry
>> v3:
>>   - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_
>>   - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update
>>     driver"
>>   - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The
>>     underlying functions are now called directly.
>> v2:
>>   - Renamed get_qspi_flash_count() to m10bmc_user_flash_count()
>>   - Minor code cleanup per review comments
>>   - Added m10bmc_ prefix to functions in m10bmc_iops structure
>> ---
>>  .../sysfs-driver-intel-m10-bmc-sec-update     |  8 +++++
>>  drivers/fpga/intel-m10-bmc-sec-update.c       | 36 +++++++++++++++++++
>>  2 files changed, 44 insertions(+)
>>
>> diff --git a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update
>> index 2bb271695e14..1132e39b2125 100644
>> --- a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update
>> +++ b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update
>> @@ -27,3 +27,11 @@ Description:	Read only. Returns the root entry hash for the BMC image
>>  		"hash not programmed".  This file is only visible if the
>>  		underlying device supports it.
>>  		Format: string.
>> +
>> +What:		/sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/flash_count
>> +Date:		Jul 2022
>> +KernelVersion:	5.19
>> +Contact:	Russ Weight <russell.h.weight@...el.com>
>> +Description:	Read only. Returns number of times the secure update
>> +		staging area has been flashed.
>> +		Format: "%u".
>> diff --git a/drivers/fpga/intel-m10-bmc-sec-update.c b/drivers/fpga/intel-m10-bmc-sec-update.c
>> index f9f39d2cfe5b..3f183202de3b 100644
>> --- a/drivers/fpga/intel-m10-bmc-sec-update.c
>> +++ b/drivers/fpga/intel-m10-bmc-sec-update.c
>> @@ -78,7 +78,43 @@ DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR);
>>  DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR);
>>  DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR);
>>  
>> +#define FLASH_COUNT_SIZE 4096	/* count stored as inverted bit vector */
>> +
>> +static ssize_t flash_count_show(struct device *dev,
>> +				struct device_attribute *attr, char *buf)
>> +{
>> +	struct m10bmc_sec *sec = dev_get_drvdata(dev);
>> +	unsigned int stride, num_bits;
>> +	u8 *flash_buf;
>> +	int cnt, ret;
>> +
>> +	stride = regmap_get_reg_stride(sec->m10bmc->regmap);
>> +	num_bits = FLASH_COUNT_SIZE * 8;
>> +
>> +	flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL);
>> +	if (!flash_buf)
>> +		return -ENOMEM;
>> +
>> +	WARN_ON(FLASH_COUNT_SIZE % stride);
> The same concern here. Stop users from getting the broken value.

Sure - I will change this.

I was using WARN_ON() because it indicates a problem in the device or
the driver itself. It is not really validating information from userspace.

As I understand it, WARN_ON() is used to log such events to the kernel
log. If this isn't an appropriate use of WARN_ON(), then when should I
consider using it?

Thanks,
- Russ
>
>> +	ret = regmap_bulk_read(sec->m10bmc->regmap, STAGING_FLASH_COUNT,
>> +			       flash_buf, FLASH_COUNT_SIZE / stride);
>> +	if (ret) {
>> +		dev_err(sec->dev,
>> +			"failed to read flash count: %x cnt %x: %d\n",
>> +			STAGING_FLASH_COUNT, FLASH_COUNT_SIZE / stride, ret);
>> +		goto exit_free;
>> +	}
>> +	cnt = num_bits - bitmap_weight((unsigned long *)flash_buf, num_bits);
>> +
>> +exit_free:
>> +	kfree(flash_buf);
>> +
>> +	return ret ? : sysfs_emit(buf, "%u\n", cnt);
>> +}
>> +static DEVICE_ATTR_RO(flash_count);
>> +
>>  static struct attribute *m10bmc_security_attrs[] = {
>> +	&dev_attr_flash_count.attr,
>>  	&dev_attr_bmc_root_entry_hash.attr,
>>  	&dev_attr_sr_root_entry_hash.attr,
>>  	&dev_attr_pr_root_entry_hash.attr,
>> -- 
>> 2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ