| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <53119509-3365-f648-8c9b-335fe99eb0af@linux.intel.com>
Date: Fri, 24 Feb 2023 13:54:33 +0100
From: Amadeusz Sławiński
<amadeuszx.slawinski@...ux.intel.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Russ Weight <russell.h.weight@...el.com>,
Luis Chamberlain <mcgrof@...nel.org>,
linux-kernel@...r.kernel.org,
Cezary Rojewski <cezary.rojewski@...el.com>,
"Rafael J . Wysocki" <rafael.j.wysocki@...el.com>
Subject: Re: [PATCH] firmware_loader: Add debug message with checksum for FW
file
On 2/24/2023 1:46 PM, Greg Kroah-Hartman wrote:
> On Fri, Feb 24, 2023 at 09:19:18PM +0100, Amadeusz Sławiński wrote:
>> Enable dynamic-debug logging of firmware filenames and SHA256 checksums
>> to clearly identify the firmware files that are loaded by the system.
>>
>> Example output:
>> [ 34.944619] firmware_class:_request_firmware: i915 0000:00:02.0: Loaded FW: i915/kbl_dmc_ver1_04.bin, sha256: 2cde41c3e5ad181423bcc3e98ff9c49f743c88f18646af4d0b3c3a9664b831a1
>> [ 48.155884] firmware_class:_request_firmware: snd_soc_avs 0000:00:1f.3: Loaded FW: intel/avs/cnl/dsp_basefw.bin, sha256: 43f6ac1b066e9bd0423d914960fbbdccb391af27d2b1da1085eee3ea8df0f357
>> [ 49.579540] firmware_class:_request_firmware: snd_soc_avs 0000:00:1f.3: Loaded FW: intel/avs/rt274-tplg.bin, sha256: 4b3580da96dc3d2c443ba20c6728d8b665fceb3ed57223c3a57582bbad8e2413
>> [ 49.798196] firmware_class:_request_firmware: snd_soc_avs 0000:00:1f.3: Loaded FW: intel/avs/hda-8086280c-tplg.bin, sha256: 5653172579b2be1b51fd69f5cf46e2bac8d63f2a1327924311c13b2f1fe6e601
>> [ 49.859627] firmware_class:_request_firmware: snd_soc_avs 0000:00:1f.3: Loaded FW: intel/avs/dmic-tplg.bin, sha256: 00fb7fbdb74683333400d7e46925dae60db448b88638efcca0b30215db9df63f
>>
>> Reviewed-by: Russ Weight <russell.h.weight@...el.com>
>> Reviewed-by: Cezary Rojewski <cezary.rojewski@...el.com>
>> Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@...ux.intel.com>
>> ---
>> drivers/base/firmware_loader/main.c | 45 ++++++++++++++++++++++++++++-
>> 1 file changed, 44 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
>> index 017c4cdb219e..a6e1fb10763d 100644
>> --- a/drivers/base/firmware_loader/main.c
>> +++ b/drivers/base/firmware_loader/main.c
>> @@ -791,6 +791,47 @@ static void fw_abort_batch_reqs(struct firmware *fw)
>> mutex_unlock(&fw_lock);
>> }
>>
>> +#if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
>> +#include <crypto/hash.h>
>> +#include <crypto/sha2.h>
>> +#define SHA256_STRING_SIZE (SHA256_DIGEST_SIZE * 2)
>> +static void fw_log_firmware_info(const struct firmware *fw, const char *name, struct device *device)
>> +{
>> + char outbuf[SHA256_STRING_SIZE + 1];
>> + u8 sha256buf[SHA256_DIGEST_SIZE];
>
> Nit, these are big, are you _SURE_ you can put them on the stack ok?
> Why not dynamically allocate them?
>
Well, those arrays are not that big? First one is 65 bytes and other one
32. Although now that I looked again at the header, there is
SHA256_BLOCK_SIZE define for string size, so I will change
SHA256_STRING_SIZE to that instead.
>> + struct shash_desc *shash;
>> + struct crypto_shash *alg;
>> +
>> + alg = crypto_alloc_shash("sha256", 0, 0);
>
> Do we need to select this in the .config as well?
>
Most likely.
>> + if (!alg)
>> + return;
>> +
>> + shash = kmalloc(sizeof(*shash) + crypto_shash_descsize(alg), GFP_KERNEL);
>
> kmalloc_array()?
>
Yes.
>> + if (!shash)
>> + goto out_alg;
>> +
>> + shash->tfm = alg;
>> +
>> + if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)
>> + goto out_shash;
>> +
>> + for (int i = 0; i < SHA256_DIGEST_SIZE; i++)
>> + sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);
>> + outbuf[SHA256_STRING_SIZE] = 0;
>> + dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);
>> +
>> +out_shash:
>> + kfree(shash);
>> +out_alg:
>> + crypto_free_shash(alg);
>
> Otherwise, just tiny comments, overall this looks nice, thanks for doing
> this.
>
> greg k-h
Powered by blists - more mailing lists