lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 27 Dec 2022 17:48:20 +0530
From:   Amit Pundir <amit.pundir@...aro.org>
To:     Sibi Sankar <quic_sibis@...cinc.com>
Cc:     andersson@...nel.org, krzysztof.kozlowski+dt@...aro.org,
        robh+dt@...nel.org, manivannan.sadhasivam@...aro.org,
        agross@...nel.org, linux-arm-msm@...r.kernel.org,
        devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
        konrad.dybcio@...ainline.org, regressions@...mhuis.info,
        sumit.semwal@...aro.org, will@...nel.org, catalin.marinas@....com,
        robin.murphy@....com
Subject: Re: [PATCH 0/4] Fix XPU violation during modem metadata authentication

On Tue, 13 Dec 2022 at 19:37, Sibi Sankar <quic_sibis@...cinc.com> wrote:
>
> The memory region allocated using dma_alloc_attr with no kernel mapping
> attribute set would still be a part of the linear kernel map. Any access
> to this region by the application processor after assigning it to the
> remote Q6 will result in a XPU violation. Fix this by replacing the
> dynamically allocated memory region with a no-map carveout and unmap the
> modem metadata memory region before passing control to the remote Q6.
> The addition of the carveout and memunmap is required only on SoCs that
> mandate memory protection before transferring control to Q6, hence the
> driver falls back to dynamic memory allocation in the absence of the
> modem metadata carveout.
>
> Relevant discussions on the mailing list:
> https://lore.kernel.org/lkml/20221114110329.68413-1-manivannan.sadhasivam@linaro.org/
>
> Depends on:
> https://patchwork.kernel.org/project/linux-arm-msm/cover/20221124184333.133911-1-krzysztof.kozlowski@linaro.org/
>
> Reported-by: Amit Pundir <amit.pundir@...aro.org>

Smoke tested this series on db845c (SDM845) running v6.2-rc1, with the
upstream workaround (b7d9aae40484 Revert "arm64: dma: Drop cache
invalidation from arch_dma_prep_coherent()") reverted and I can no
longer reproduce the above crash in my limited (10+) test runs so far.
So for the entire series:

Tested-by: Amit Pundir <amit.pundir@...aro.org>

Regards,
Amit Pundir

> https://people.linaro.org/~amit.pundir/linaro-sid-developer-dragonboard-845c-569/6.1-rc4_defconfig
> Reproduced with ^^ defconfig SDM845 SoCs
>
> Sibi Sankar (4):
>   arm64: dts: qcom: Introduce a carveout for modem metadata
>   dt-bindings: remoteproc: qcom: sc7180: Update memory-region
>     requirements
>   dt-bindings: remoteproc: qcom: q6v5: Update memory region requirements
>   remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem
>     headers
>
>  .../bindings/remoteproc/qcom,q6v5.txt         | 29 ++++++-
>  .../remoteproc/qcom,sc7180-mss-pil.yaml       |  3 +-
>  .../remoteproc/qcom,sc7280-mss-pil.yaml       |  3 +-
>  .../boot/dts/qcom/msm8996-xiaomi-common.dtsi  |  6 ++
>  arch/arm64/boot/dts/qcom/msm8996.dtsi         |  9 ++
>  arch/arm64/boot/dts/qcom/msm8998.dtsi         |  9 ++
>  arch/arm64/boot/dts/qcom/sc7180-idp.dts       |  7 +-
>  arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi  |  7 +-
>  .../dts/qcom/sc7280-herobrine-lte-sku.dtsi    |  7 +-
>  arch/arm64/boot/dts/qcom/sdm845.dtsi          |  9 ++
>  drivers/remoteproc/qcom_q6v5_mss.c            | 85 +++++++++++++------
>  11 files changed, 142 insertions(+), 32 deletions(-)
>
> --
> 2.17.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ