lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Nov 2022 14:07:13 -0700
From:   "Joseph, Jithu" <jithu.joseph@...el.com>
To:     Sohil Mehta <sohil.mehta@...el.com>, <hdegoede@...hat.com>,
        <markgross@...nel.org>
CC:     <tglx@...utronix.de>, <mingo@...hat.com>, <bp@...en8.de>,
        <dave.hansen@...ux.intel.com>, <x86@...nel.org>, <hpa@...or.com>,
        <gregkh@...uxfoundation.org>, <ashok.raj@...el.com>,
        <tony.luck@...el.com>, <linux-kernel@...r.kernel.org>,
        <platform-driver-x86@...r.kernel.org>, <patches@...ts.linux.dev>,
        <ravi.v.shankar@...el.com>, <thiago.macieira@...el.com>,
        <athenas.jimenez.gonzalez@...el.com>
Subject: Re: [PATCH 09/14] platform/x86/intel/ifs: Use generic microcode
 headers and functions



On 11/1/2022 11:37 AM, Sohil Mehta wrote:
> On 10/21/2022 1:34 PM, Jithu Joseph wrote:
>> Newer IFS test image headers will use  microcode_header_intel->hdrver = 2,
>> so as to distinguish it from microcode images and older IFS test images.
>>
> 
> IIUC, older IFS test images would no longer be supported. Have they been released publicly?

This is true. The modified driver would need compatible images. It has not been widely release (note that the driver is under CONFIG_BROKEN today)

> 
> What would happen if someone tries to load one? I am guessing one of the error checks would catch it. It might be useful to describe this error signature in the commit message.

This will be caught by the sanity_check()

	if (microcode_intel_sanity_check((void *)data, true, IFS_HEADER_VER)) {
		dev_err(dev, "sanity check failed\n");
		return -EINVAL;
	}

Further the version mismatch dev_err from microcode_intel_sanity_check() would also be visible

> 
>>   -    if ((data_size + MC_HEADER_SIZE > total_size) || (total_size % sizeof(u32))) {
>> -        dev_err(dev, "bad ifs data file size.\n");
>> +    if (data->hdrver != IFS_HEADER_VER) {
>> +        dev_err(dev, "Header version %d not supported\n", data->hdrver);
>>           return -EINVAL;
>>       }
>>   -    if (mc_header->ldrver != 1 || mc_header->hdrver != 1) {
>> -        dev_err(dev, "invalid/unknown ifs update format.\n");
>> +    if (microcode_intel_sanity_check((void *)data, true, IFS_HEADER_VER)) {
> 
> I referred to this in a another patch. The data->hdrver is already verified above, why is there a need to pass it as a parameter as well.

Yes,  I noted the rationale in my response

> 
>> +        dev_err(dev, "sanity check failed\n");
>>           return -EINVAL;
>>       }
>>   -    mc = (u32 *)mc_header;
>> -    sum = 0;
>> -    for (int i = 0; i < total_size / sizeof(u32); i++)
>> -        sum += mc[i];
>> +    intel_cpu_collect_info(&uci);
>>   -    if (sum) {
>> -        dev_err(dev, "bad ifs data checksum, aborting.\n");
>> +    if (!microcode_intel_find_matching_signature((void *)data,
>> +                             uci.cpu_sig.sig,
>> +                             uci.cpu_sig.pf)) {
>> +        dev_err(dev, "cpu signature, pf not matching\n");
> 
> What does pf stand for? It would be good to avoid abbreviations for error logging.
> 

intel_cpu_collect_info() comments call it as "processor flags from MSR 0x17" ... I will 
expand "pf" to "processor flags" in the above message

> 
>>   /*
>>    * Load ifs image. Before loading ifs module, the ifs image must be located
>>    * in /lib/firmware/intel/ifs and named as {family/model/stepping}.{testname}.
>> @@ -252,12 +189,11 @@ int ifs_load_firmware(struct device *dev)
>>           goto done;
>>       }
>>   -    if (!ifs_image_sanity_check(dev, (struct microcode_header_intel *)fw->data)) {
>> -        dev_err(dev, "ifs header sanity check failed\n");
>> +    ret = ifs_image_sanity_check(dev, (struct microcode_header_intel *)fw->data);
>> +    if (ret)
>>           goto release;
>> -    }
>>   -    ifs_header_ptr = (struct ifs_header *)fw->data;
>> +    ifs_header_ptr = (struct microcode_header_intel *)fw->data;
> 
> The use of a global ifs_header_ptr seems problematic. The semaphore operation before calling ifs_load_firmware() makes it seem concurrency is expected. Can ifs_load_firmware() really be called concurrently?

Multiple simultaneous loads or simultaneous loads and run_tests should not be allowed from IFS device standpoint

Synchronization in the form of "down_interruptible(&ifs_sem)" is in place at the sysfs entry points (run_test_store() and current_batch_store()). If that was not present there is nothing preventing multiple loads (current_batch_store()) or runtests from being called concurrently.


> 
> If that is not true can we use a mutex for synchronization?

Since we are using the semaphore initalized to 1 (using DEFINE_SEMAPHORE), I believe it can be replaced by mutex APIs (mutex_lock_interruptible() in place of aforementioned down_interruptible()) . However I feel this change can be taken up separately as current series doesn't introduce any synchronization mechanisms and the existing locking in place seems sufficient for the synchronization needs of the device and its operations.


Jithu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ