lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <acfbb60b-21ab-c164-ccb4-82bc6aab26b5@linux.intel.com>
Date:   Mon, 27 Feb 2023 17:01:41 +0100
From:   Amadeusz Sławiński 
        <amadeuszx.slawinski@...ux.intel.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Russ Weight <russell.h.weight@...el.com>,
        Luis Chamberlain <mcgrof@...nel.org>,
        linux-kernel@...r.kernel.org,
        Cezary Rojewski <cezary.rojewski@...el.com>,
        "Rafael J . Wysocki" <rafael.j.wysocki@...el.com>
Subject: Re: [PATCH] firmware_loader: Add debug message with checksum for FW
 file

On 2/24/2023 1:54 PM, Amadeusz Sławiński wrote:
> On 2/24/2023 1:46 PM, Greg Kroah-Hartman wrote:
>> On Fri, Feb 24, 2023 at 09:19:18PM +0100, Amadeusz Sławiński wrote:
>>> Enable dynamic-debug logging of firmware filenames and SHA256 checksums
>>> to clearly identify the firmware files that are loaded by the system.
>>>
>>> Example output:
>>> [   34.944619] firmware_class:_request_firmware: i915 0000:00:02.0: 
>>> Loaded FW: i915/kbl_dmc_ver1_04.bin, sha256: 
>>> 2cde41c3e5ad181423bcc3e98ff9c49f743c88f18646af4d0b3c3a9664b831a1
>>> [   48.155884] firmware_class:_request_firmware: snd_soc_avs 
>>> 0000:00:1f.3: Loaded FW: intel/avs/cnl/dsp_basefw.bin, sha256: 
>>> 43f6ac1b066e9bd0423d914960fbbdccb391af27d2b1da1085eee3ea8df0f357
>>> [   49.579540] firmware_class:_request_firmware: snd_soc_avs 
>>> 0000:00:1f.3: Loaded FW: intel/avs/rt274-tplg.bin, sha256: 
>>> 4b3580da96dc3d2c443ba20c6728d8b665fceb3ed57223c3a57582bbad8e2413
>>> [   49.798196] firmware_class:_request_firmware: snd_soc_avs 
>>> 0000:00:1f.3: Loaded FW: intel/avs/hda-8086280c-tplg.bin, sha256: 
>>> 5653172579b2be1b51fd69f5cf46e2bac8d63f2a1327924311c13b2f1fe6e601
>>> [   49.859627] firmware_class:_request_firmware: snd_soc_avs 
>>> 0000:00:1f.3: Loaded FW: intel/avs/dmic-tplg.bin, sha256: 
>>> 00fb7fbdb74683333400d7e46925dae60db448b88638efcca0b30215db9df63f
>>>
>>> Reviewed-by: Russ Weight <russell.h.weight@...el.com>
>>> Reviewed-by: Cezary Rojewski <cezary.rojewski@...el.com>
>>> Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@...ux.intel.com>
>>> ---
>>>   drivers/base/firmware_loader/main.c | 45 ++++++++++++++++++++++++++++-
>>>   1 file changed, 44 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/base/firmware_loader/main.c 
>>> b/drivers/base/firmware_loader/main.c
>>> index 017c4cdb219e..a6e1fb10763d 100644
>>> --- a/drivers/base/firmware_loader/main.c
>>> +++ b/drivers/base/firmware_loader/main.c
>>> @@ -791,6 +791,47 @@ static void fw_abort_batch_reqs(struct firmware 
>>> *fw)
>>>       mutex_unlock(&fw_lock);
>>>   }
>>> +#if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
>>> +#include <crypto/hash.h>
>>> +#include <crypto/sha2.h>
>>> +#define SHA256_STRING_SIZE (SHA256_DIGEST_SIZE * 2)
>>> +static void fw_log_firmware_info(const struct firmware *fw, const 
>>> char *name, struct device *device)
>>> +{
>>> +    char outbuf[SHA256_STRING_SIZE + 1];
>>> +    u8 sha256buf[SHA256_DIGEST_SIZE];
>>
>> Nit, these are big, are you _SURE_ you can put them on the stack ok?
>> Why not dynamically allocate them?
>>
> 
> Well, those arrays are not that big? First one is 65 bytes and other one 
> 32. Although now that I looked again at the header, there is 
> SHA256_BLOCK_SIZE define for string size, so I will change 
> SHA256_STRING_SIZE to that instead.
> 
>>> +    struct shash_desc *shash;
>>> +    struct crypto_shash *alg;
>>> +
>>> +    alg = crypto_alloc_shash("sha256", 0, 0);
>>
>> Do we need to select this in the .config as well?
>>
> 
> Most likely.
> 

So I'm having a bit of problem here, as something like:
diff --git a/drivers/base/firmware_loader/Kconfig 
b/drivers/base/firmware_loader/Kconfig
index 5166b323a0f8..95cf2d8af5c4 100644
--- a/drivers/base/firmware_loader/Kconfig
+++ b/drivers/base/firmware_loader/Kconfig
@@ -3,6 +3,8 @@ menu "Firmware loader"

  config FW_LOADER
         tristate "Firmware loading facility" if EXPERT
+       select CRYPTO_SHA256 if DYNAMIC_DEBUG
+       select CRYPTO if DYNAMIC_DEBUG
         default y
         help
           This enables the firmware loading facility in the kernel. The 
kernel
being the most simple potential fix doesn't seem to work due to circular 
dependencies. Seems like quite a few cryptography accelerators require 
FW_LOADER and it causes problems.

I tried few more things, but none of them seem to work. Any advice on 
what I can do here?

>>> +    if (!alg)
>>> +        return;
>>> +
>>> +    shash = kmalloc(sizeof(*shash) + crypto_shash_descsize(alg), 
>>> GFP_KERNEL);
>>
>> kmalloc_array()?
>>
> 
> Yes.
> 

And taking one more look, it isn't array allocation but struct followed 
by VLA used to store additional data, so it will stay as is.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ