lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220710160011.995800-1-jithu.joseph@intel.com>
Date:   Sun, 10 Jul 2022 09:00:11 -0700
From:   Jithu Joseph <jithu.joseph@...el.com>
To:     hdegoede@...hat.com, markgross@...nel.org
Cc:     ashok.raj@...el.com, tony.luck@...el.com,
        gregkh@...uxfoundation.org, ravi.v.shankar@...el.com,
        jithu.joseph@...el.com, linux-kernel@...r.kernel.org,
        platform-driver-x86@...r.kernel.org, patches@...ts.linux.dev
Subject: [PATCH v2] platform/x86/intel/ifs: Allow non-default names for IFS image

Existing implementation limits IFS images to be loaded only from
a default file-name /lib/firmware/intel/ifs/ff-mm-ss.scan.

But there are situations where there may be multiple scan files
that can be run on a particular system stored in /lib/firmware/intel/ifs

E.g.
1. Because test contents are larger than the memory reserved for IFS by BIOS
2. To provide increased test coverage
3. Custom test files to debug certain specific issues in the field

Renaming each of these to ff-mm-ss.scan and then loading might be
possible in some environments. But on systems where /lib is read-only
this is not a practical solution.

Modify the semantics of the driver file
/sys/devices/virtual/misc/intel_ifs_0/reload such that,
it interprets the input as the filename to be loaded.

Signed-off-by: Jithu Joseph <jithu.joseph@...el.com>
---
Changes in v2
- drop treating "1" specially, i.e treat everything as a file-name

 drivers/platform/x86/intel/ifs/ifs.h          | 11 ++++----
 drivers/platform/x86/intel/ifs/core.c         |  2 +-
 drivers/platform/x86/intel/ifs/load.c         | 25 +++++++++++++------
 drivers/platform/x86/intel/ifs/sysfs.c        | 13 +++-------
 .../ABI/testing/sysfs-platform-intel-ifs      |  3 +--
 5 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h
index 73c8e91cf144..577cee7db86a 100644
--- a/drivers/platform/x86/intel/ifs/ifs.h
+++ b/drivers/platform/x86/intel/ifs/ifs.h
@@ -34,12 +34,13 @@
  * socket in a two step process using writes to MSRs to first load the
  * SHA hashes for the test. Then the tests themselves. Status MSRs provide
  * feedback on the success/failure of these steps. When a new test file
- * is installed it can be loaded by writing to the driver reload file::
+ * is installed it can be loaded by writing the filename to the driver reload file::
  *
- *   # echo 1 > /sys/devices/virtual/misc/intel_ifs_0/reload
+ *   # echo mytest > /sys/devices/virtual/misc/intel_ifs_0/reload
  *
- * Similar to microcode, the current version of the scan tests is stored
- * in a fixed location: /lib/firmware/intel/ifs.0/family-model-stepping.scan
+ * The file will be loaded from /lib/firmware/intel/ifs/mytest
+ * The default file /lib/firmware/intel/ifs/family-model-stepping.scan
+ * will be loaded during module insertion.
  *
  * Running tests
  * -------------
@@ -225,7 +226,7 @@ static inline struct ifs_data *ifs_get_data(struct device *dev)
 	return &d->data;
 }
 
-void ifs_load_firmware(struct device *dev);
+int ifs_load_firmware(struct device *dev, const char *file_name);
 int do_core_test(int cpu, struct device *dev);
 const struct attribute_group **ifs_get_groups(void);
 
diff --git a/drivers/platform/x86/intel/ifs/core.c b/drivers/platform/x86/intel/ifs/core.c
index 27204e3d674d..9c319ada62d8 100644
--- a/drivers/platform/x86/intel/ifs/core.c
+++ b/drivers/platform/x86/intel/ifs/core.c
@@ -53,7 +53,7 @@ static int __init ifs_init(void)
 	if ((msrval & BIT(ifs_device.data.integrity_cap_bit)) &&
 	    !misc_register(&ifs_device.misc)) {
 		down(&ifs_sem);
-		ifs_load_firmware(ifs_device.misc.this_device);
+		ifs_load_firmware(ifs_device.misc.this_device, NULL);
 		up(&ifs_sem);
 		return 0;
 	}
diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
index d056617ddc85..89d76bd8b40a 100644
--- a/drivers/platform/x86/intel/ifs/load.c
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -232,17 +232,27 @@ static bool ifs_image_sanity_check(struct device *dev, const struct microcode_he
 
 /*
  * Load ifs image. Before loading ifs module, the ifs image must be located
- * in /lib/firmware/intel/ifs and named as {family/model/stepping}.{testname}.
+ * in the folder /lib/firmware/intel/ifs/
  */
-void ifs_load_firmware(struct device *dev)
+int ifs_load_firmware(struct device *dev, const char *file_name)
 {
 	struct ifs_data *ifsd = ifs_get_data(dev);
 	const struct firmware *fw;
-	char scan_path[32];
-	int ret;
-
-	snprintf(scan_path, sizeof(scan_path), "intel/ifs/%02x-%02x-%02x.scan",
-		 boot_cpu_data.x86, boot_cpu_data.x86_model, boot_cpu_data.x86_stepping);
+	char scan_path[64];
+	int ret = -EINVAL;
+	int file_name_len;
+
+	if (!file_name) {
+		snprintf(scan_path, sizeof(scan_path), "intel/ifs/%02x-%02x-%02x.scan",
+			 boot_cpu_data.x86, boot_cpu_data.x86_model, boot_cpu_data.x86_stepping);
+	} else {
+		if (strchr(file_name, '/'))
+			goto done;
+		file_name_len = strchrnul(file_name, '\n') - file_name;
+		if (snprintf(scan_path, sizeof(scan_path), "intel/ifs/%.*s",
+			     file_name_len, file_name) >= sizeof(scan_path))
+			goto done;
+	}
 
 	ret = request_firmware_direct(&fw, scan_path, dev);
 	if (ret) {
@@ -263,4 +273,5 @@ void ifs_load_firmware(struct device *dev)
 	release_firmware(fw);
 done:
 	ifsd->loaded = (ret == 0);
+	return ret;
 }
diff --git a/drivers/platform/x86/intel/ifs/sysfs.c b/drivers/platform/x86/intel/ifs/sysfs.c
index 37d8380d6fa8..b4716b7d36aa 100644
--- a/drivers/platform/x86/intel/ifs/sysfs.c
+++ b/drivers/platform/x86/intel/ifs/sysfs.c
@@ -94,23 +94,16 @@ static ssize_t reload_store(struct device *dev,
 			    struct device_attribute *attr,
 			    const char *buf, size_t count)
 {
-	struct ifs_data *ifsd = ifs_get_data(dev);
-	bool res;
-
-
-	if (kstrtobool(buf, &res))
-		return -EINVAL;
-	if (!res)
-		return count;
+	int ret;
 
 	if (down_interruptible(&ifs_sem))
 		return -EINTR;
 
-	ifs_load_firmware(dev);
+	ret = ifs_load_firmware(dev, buf);
 
 	up(&ifs_sem);
 
-	return ifsd->loaded ? count : -ENODEV;
+	return ret  ? ret : count;
 }
 
 static DEVICE_ATTR_WO(reload);
diff --git a/Documentation/ABI/testing/sysfs-platform-intel-ifs b/Documentation/ABI/testing/sysfs-platform-intel-ifs
index 486d6d2ff8a0..0b373f73a2b6 100644
--- a/Documentation/ABI/testing/sysfs-platform-intel-ifs
+++ b/Documentation/ABI/testing/sysfs-platform-intel-ifs
@@ -35,5 +35,4 @@ What:		/sys/devices/virtual/misc/intel_ifs_<N>/reload
 Date:		April 21 2022
 KernelVersion:	5.19
 Contact:	"Jithu Joseph" <jithu.joseph@...el.com>
-Description:	Write "1" (or "y" or "Y") to reload the IFS image from
-		/lib/firmware/intel/ifs/ff-mm-ss.scan.
+Description:	Write <file_name> to reload the IFS image from /lib/firmware/intel/<file_name>.

base-commit: 88084a3df1672e131ddc1b4e39eeacfd39864acf
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ