lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 28 May 2022 17:59:33 +0800
From:   Xu Yilun <yilun.xu@...el.com>
To:     tien.sung.ang@...el.com
Cc:     christophe.jaillet@...adoo.fr, mdf@...nel.org, hao.wu@...el.com,
        trix@...hat.com, linux-fpga@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] fpga: altera-cvp: Truncated bitstream error support

On Fri, May 20, 2022 at 09:30:40AM +0800, tien.sung.ang@...el.com wrote:
> From: Ang Tien Sung <tien.sung.ang@...el.com>
> 
> To support the error handling of a truncated bitstream sent.

A blank line here.

> The current AIB CvP firmware is not capable of handling a
> data stream smaller than 4096bytes. The firmware's limitation

So why don't you check the image size on write_init(), and just prevent
the DMA writing at the very beginning?

> causes a hung-up as it's DMA engine waits forever for the
> completion of the instructed 4096bytes.

A blank line here.

> To resolve this design limitation, both firmware and CvP
> driver made several changes. At the CvP driver, we just
> have to ensure that anything lesser than 4096bytes are
> padded with extra bytes. The CvP will then, initiate the
> tear-down by clearing the START_XFER and CVP_CONFIG bits.

The driver pads the data block to 4096 bytes, then why the CvP still
should fail the reprograming?

If the image size is larger than 1 Page but is not aligned to 1 Page,
will the reprogramming still fail?

> We should also check for CVP_ERROR during the CvP completion.
> A send_buf which is always 4096bytes is used to copy the
> data during every transaction.
> 
> Signed-off-by: Ang Tien Sung <tien.sung.ang@...el.com>
> ---
> changelog v2:
> * Alignment fix parameter 'conf' altera_cvp_send_block
> ---
>  drivers/fpga/altera-cvp.c | 24 +++++++++++++++++++-----
>  1 file changed, 19 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/fpga/altera-cvp.c b/drivers/fpga/altera-cvp.c
> index 4ffb9da537d8..5169f9bcd726 100644
> --- a/drivers/fpga/altera-cvp.c
> +++ b/drivers/fpga/altera-cvp.c
> @@ -81,6 +81,7 @@ struct altera_cvp_conf {
>  	u8			numclks;
>  	u32			sent_packets;
>  	u32			vsec_offset;
> +	u8			*send_buf;
>  	const struct cvp_priv	*priv;
>  };
>  
> @@ -453,7 +454,11 @@ static int altera_cvp_write(struct fpga_manager *mgr, const char *buf,
>  		}
>  
>  		len = min(conf->priv->block_size, remaining);
> -		altera_cvp_send_block(conf, data, len);
> +		/* Copy the requested host data into the transmit buffer */
> +

This blank line is not needed.

> +		memcpy(conf->send_buf, data, len);

Any padding value is OK?

> +		altera_cvp_send_block(conf, (const u32 *)conf->send_buf,
> +				      conf->priv->block_size);

If the len equals block_size, is the copy still needed?

>  		data += len / sizeof(u32);
>  		done += len;
>  		remaining -= len;
> @@ -492,10 +497,13 @@ static int altera_cvp_write_complete(struct fpga_manager *mgr,
>  	if (ret)
>  		return ret;
>  
> -	/* STEP 16 - check CVP_CONFIG_ERROR_LATCHED bit */
> -	altera_read_config_dword(conf, VSE_UNCOR_ERR_STATUS, &val);
> -	if (val & VSE_UNCOR_ERR_CVP_CFG_ERR) {
> -		dev_err(&mgr->dev, "detected CVP_CONFIG_ERROR_LATCHED!\n");
> +	/*
> +	 * STEP 16 - If bitstream error (truncated/miss-matched),
> +	 * we shall exit here.
> +	 */
> +	ret = altera_read_config_dword(conf, VSE_CVP_STATUS, &val);
> +	if (ret || (val & VSE_CVP_STATUS_CFG_ERR)) {
> +		dev_err(&mgr->dev, "CVP_CONFIG_ERROR!\n");

So this new error checking covers the previous "latched error" case?

>  		return -EPROTO;
>  	}
>  
> @@ -661,6 +669,12 @@ static int altera_cvp_probe(struct pci_dev *pdev,
>  
>  	pci_set_drvdata(pdev, mgr);
>  
> +	/* Allocate the 4096 block size transmit buffer */
> +	conf->send_buf = devm_kzalloc(&pdev->dev, conf->priv->block_size, GFP_KERNEL);

If block_size == ALTERA_CVP_V1_SIZE, the copy is still needed?

> +	if (!conf->send_buf) {
> +		ret = -ENOMEM;
> +		goto err_unmap;
> +	}

Maybe it is better move the buffer allocation to write_init()

Thanks,
Yilun

>  	return 0;
>  
>  err_unmap:
> -- 
> 2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ