lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAK8P3a2b05w3uRjXhx7CgdLEHL78ZHRjgOYoG_SR0SyDxcLDMg@mail.gmail.com>
Date:   Mon, 30 May 2022 18:11:21 +0200
From:   Arnd Bergmann <arnd@...db.de>
To:     Sibi Sankar <quic_sibis@...cinc.com>
Cc:     bjorn.andersson@...aro.org, arnd@...db.de,
        linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org,
        sboyd@...nel.org, agross@...nel.org,
        linux-remoteproc@...r.kernel.org, mathieu.poirier@...aro.org,
        mka@...omium.org
Subject: Re: [PATCH v2] remoteproc: qcom_q6v5_mss: map/unmap metadata region
 before/after use

On Wed, May 11, 2022 at 7:57 AM Sibi Sankar <quic_sibis@...cinc.com> wrote:
>
> The application processor accessing the dynamically assigned metadata
> region after assigning it to the remote Q6 would lead to an XPU violation.
> Fix this by un-mapping the metadata region post firmware header copy. The
> metadata region is freed only after the modem Q6 is done with fw header
> authentication.
>
> Signed-off-by: Sibi Sankar <quic_sibis@...cinc.com>

Acked-by: Arnd Bergmann <arnd@...db.de>

Sorry for the late reply, this looks reasonable overall. Just two
small comments:

>
> -       memcpy(ptr, metadata, size);
> +       count = PAGE_ALIGN(size) >> PAGE_SHIFT;
> +       pages = kmalloc_array(count, sizeof(struct page *), GFP_KERNEL);
> +       if (!pages) {
> +               ret = -ENOMEM;
> +               goto free_dma_attrs;
> +       }

If you know a fixed upper bound for the array size, it might be easier to
put it on the stack.

> +
> +       for (i = 0; i < count; i++)
> +               pages[i] = nth_page(page, i);
> +
> +       vaddr = vmap(pages, count, flags, pgprot_dmacoherent(PAGE_KERNEL));

I was a bit unsure about this part, as I don't know how portable this is.
If the CPU bypasses the cache with pgprot_dmacoherent(), then the
other side should not use a cacheable access either, but that is a property
of the hardware that is normally hidden from the driver interface.

It's probably ok here, since the pages are not mapped anywhere else
and should have no active cache lines.

       Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ