lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID:
 <AM9PR04MB8604E13D3A283F2E9AD7445895FD2@AM9PR04MB8604.eurprd04.prod.outlook.com>
Date: Sat, 1 Jun 2024 04:38:05 +0000
From: Pankaj Gupta <pankaj.gupta@....com>
To: Sascha Hauer <s.hauer@...gutronix.de>
CC: Jonathan Corbet <corbet@....net>, Rob Herring <robh+dt@...nel.org>,
	Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>, Conor Dooley
	<conor+dt@...nel.org>, Shawn Guo <shawnguo@...nel.org>, Pengutronix Kernel
 Team <kernel@...gutronix.de>, Fabio Estevam <festevam@...il.com>, Rob Herring
	<robh@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>,
	"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
	"imx@...ts.linux.dev" <imx@...ts.linux.dev>,
	"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>
Subject: RE: [EXT] Re: [PATCH v2 5/5] firmware: imx: adds miscdev



> -----Original Message-----
> From: Sascha Hauer <s.hauer@...gutronix.de>
> Sent: Friday, May 24, 2024 6:14 PM
> To: Pankaj Gupta <pankaj.gupta@....com>
> Cc: Jonathan Corbet <corbet@....net>; Rob Herring <robh+dt@...nel.org>;
> Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>; Conor Dooley
> <conor+dt@...nel.org>; Shawn Guo <shawnguo@...nel.org>; Pengutronix
> Kernel Team <kernel@...gutronix.de>; Fabio Estevam
> <festevam@...il.com>; Rob Herring <robh@...nel.org>; Krzysztof Kozlowski
> <krzk+dt@...nel.org>; linux-doc@...r.kernel.org; linux-
> kernel@...r.kernel.org; devicetree@...r.kernel.org; imx@...ts.linux.dev;
> linux-arm-kernel@...ts.infradead.org
> Subject: Re: [EXT] Re: [PATCH v2 5/5] firmware: imx: adds miscdev
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> On Fri, May 24, 2024 at 12:03:35PM +0000, Pankaj Gupta wrote:
> >
> >
> > > -----Original Message-----
> > > From: Sascha Hauer <s.hauer@...gutronix.de>
> > > Sent: Friday, May 24, 2024 1:53 PM
> > > To: Pankaj Gupta <pankaj.gupta@....com>
> > > Cc: Jonathan Corbet <corbet@....net>; Rob Herring
> > > <robh+dt@...nel.org>; Krzysztof Kozlowski
> > > <krzysztof.kozlowski+dt@...aro.org>; Conor Dooley
> > > <conor+dt@...nel.org>; Shawn Guo <shawnguo@...nel.org>;
> Pengutronix
> > > Kernel Team <kernel@...gutronix.de>; Fabio Estevam
> > > <festevam@...il.com>; Rob Herring <robh@...nel.org>; Krzysztof
> > > Kozlowski <krzk+dt@...nel.org>; linux-doc@...r.kernel.org; linux-
> > > kernel@...r.kernel.org; devicetree@...r.kernel.org;
> > > imx@...ts.linux.dev; linux-arm-kernel@...ts.infradead.org
> > > Subject: [EXT] Re: [PATCH v2 5/5] firmware: imx: adds miscdev
> > >
> > > Caution: This is an external email. Please take care when clicking
> > > links or opening attachments. When in doubt, report the message
> > > using the 'Report this email' button
> > >
> > >
> > > On Thu, May 23, 2024 at 04:19:36PM +0530, Pankaj Gupta wrote:
> > > > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > > > +                          void *tx_msg, int tx_msg_sz) {
> > > > +     struct se_if_priv *priv = dev_ctx->priv;
> > > > +     struct se_msg_hdr *header;
> > > > +     int err;
> > > > +
> > > > +     header = (struct se_msg_hdr *) tx_msg;
> > > > +
> > > > +     /*
> > > > +      * Check that the size passed as argument matches the size
> > > > +      * carried in the message.
> > > > +      */
> > > > +     err = header->size << 2;
> > > > +
> > > > +     if (err != tx_msg_sz) {
> > > > +             err = -EINVAL;
> > > > +             dev_err(priv->dev,
> > > > +                     "%s: User buffer too small\n",
> > > > +                             dev_ctx->miscdev.name);
> > > > +             goto exit;
> > > > +     }
> > > > +     /* Check the message is valid according to tags */
> > > > +     if (header->tag == priv->cmd_tag) {
> > > > +             mutex_lock(&priv->se_if_cmd_lock);
> > >
> > > Grabbing a mutex in a character devices write fop and releasing it
> > > in the read fop is really calling for undesired race conditions.
> >
> > Condition is:
> > - Only one command is allowed to be in flight, at a time per interface.
> >    -- Second command is not allowed, when one command is in flight.
> > - Duration of the flight is till the time the response is not received from the
> FW.
> >
> > Command lock is grabbed and then released in process context only.
> >
> > >
> > > If sending a command and receiving the response shall be an atomic
> > > operation then you should really consider turning this into an ioctl
> > > and just not implement read/write on the character device. With this
> > > you'll be able to get rid of several oddities in this drivers locking.
> > >
> >
> > It is not an atomic operation. It can be pre-empted.
>
> I didn't mean atomic in the sense of being non preemptable.
>
> > But it cannot be pre-empted to send another command on the same
> interface.
> >
> > As only one command is allowed to be executed at one point in time,
> through an interface.
>
> I meant atomic in the sense that only one command may be in flight: Send a
> message and do not allow to send another message until the answer to the
> first one is received.
>
> Using an ioctl you can just use imx_ele_msg_send_rcv() which takes a mutex
> during the whole send/receive process and have no need for such a strange
> locking construct.
>
> > > > +     /*
> > > > +      * We may need to copy the output data to user before
> > > > +      * delivering the completion message.
> > > > +      */
> > > > +     while (!list_empty(&dev_ctx->pending_out)) {
> > > > +             b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> > > > +                                               struct se_buf_desc,
> > > > +                                               link);
> > > > +             if (!b_desc)
> > > > +                     continue;
> > >
> > > b_desc will never be NULL because otherwise you wouldn't be in the
> > > loop anymore. The usual way to iterate over a list is to use
> > > list_for_each_entry() or
> > > list_for_each_entry_safe() in case you delete entries in the loop body.
> > >
> >
> > Will remove the NULL check.
> >         if (!b_desc)
> >                continue;
>
> Please don't. Use list_for_each_entry_safe() which is the normal way to
> iterate over a list.

This change will add few more cpu cycles.
Will add this in v3.

>
> > > > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> > > > +                             u64 arg) {
> > > > +     struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > > > +     struct imx_se_node_info *if_node_info;
> > > > +     struct se_ioctl_get_if_info info;
> > > > +     int err = 0;
> > > > +
> > > > +     if_node_info = (struct imx_se_node_info *)priv->info;
> > >
> > > priv->info is of type const void *. You are casting away the the 'const'
> > > here. Either it is const, then it should stay const, or not, in
> > > which case it shouldn't be declared const. Also why isn't priv->info
> > > of type struct imx_se_node_info * in the first place?
> >
> > This struct definition is local to the file se_ctrl.c.
> > Declaration of imx_se_node_info, is fixed by adding const in the whole file.
>
> Add a
>
> struct imx_se_node_info;
>
> to se_ctrl.h and you're done.

The scope of this structure will remain to se_ctrl.c only.
If you suggest, will replace the info structure with secure-enclave interface index(u8 if_idx).

>
> >
> > > > +             err = -EFAULT;
> > > > +             goto exit;
> > > > +     } else {
> > > > +             /* No specific requirement for this buffer. */
> > > > +             shared_mem = &dev_ctx->non_secure_mem;
> > > > +     }
> > > > +
> > > > +     /* Check there is enough space in the shared memory. */
> > > > +     if (shared_mem->size < shared_mem->pos
> > > > +                     || io.length >= shared_mem->size - shared_mem->pos) {

Will update this check to replace io.length with round_up(io.length).
Will correct in v3.

> > > > +             dev_err(dev_ctx->priv->dev,
> > > > +                     "%s: Not enough space in shared memory\n",
> > > > +                             dev_ctx->miscdev.name);
> > > > +             err = -ENOMEM;
> > > > +             goto exit;
> > > > +     }
> > > > +
> > > > +     /* Allocate space in shared memory. 8 bytes aligned. */
> > > > +     pos = shared_mem->pos;
> > > > +     shared_mem->pos += round_up(io.length, 8u);
> > >
> > > You are checking if there's enough space in the shared memory
> > > without taking this round_up into account.
> >
> > Yes. It is initializing the local variable 'pos', with last store value of
> shared_mem->pos.
>
> Your check is:
>
>         if (shared_mem->size < shared_mem->pos || io.length >= shared_mem-
> >size - shared_mem->pos)
>
> Afterwards you do a:
>
>         shared_mem->pos += round_up(io.length, 8u);
>
> This invalidates the check. You have to honor the potential padding in your
> check as well.
>
See the comment above.

> Sascha
>
> --
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       |
> http://www.pe/
> ngutronix.de%2F&data=05%7C02%7Cpankaj.gupta%40nxp.com%7Cbd91341
> 92f06423be17c08dc7bef290e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C
> 0%7C0%7C638521514310084478%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%
> 7C%7C%7C&sdata=iVTkihKZ0F9ATk%2FTXpXMqmj8tJq8ufKijglcPWegjA4%3D&
> reserved=0  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ