| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<AS8PR04MB85932B4E47EFC519B0EF6D9A95632@AS8PR04MB8593.eurprd04.prod.outlook.com>
Date: Thu, 19 Sep 2024 06:43:45 +0000
From: Pankaj Gupta <pankaj.gupta@....com>
To: Sascha Hauer <s.hauer@...gutronix.de>
CC: Jonathan Corbet <corbet@....net>, Rob Herring <robh@...nel.org>, Krzysztof
Kozlowski <krzk+dt@...nel.org>, Conor Dooley <conor+dt@...nel.org>, Shawn Guo
<shawnguo@...nel.org>, Pengutronix Kernel Team <kernel@...gutronix.de>, Fabio
Estevam <festevam@...il.com>, Rob Herring <robh+dt@...nel.org>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
"imx@...ts.linux.dev" <imx@...ts.linux.dev>,
"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>
Subject: RE: [EXT] Re: [PATCH v7 4/5] firmware: imx: add driver for NXP
EdgeLock Enclave
> diff --git a/drivers/firmware/imx/ele_base_msg.c
> b/drivers/firmware/imx/ele_base_msg.c
> new file mode 100644
> index 000000000000..e3e570a25e85
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.c
> @@ -0,0 +1,286 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/types.h>
> +
> +#include <linux/completion.h>
> +#include <linux/dma-mapping.h>
> +#include <linux/genalloc.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +int ele_get_info(struct device *dev, struct ele_dev_info *s_info)
I repeat once again:
The context pointer argument should be struct se_if_priv *.
Do not expect foreign code to pass in a struct device * here from which you
blindly expect that it's the right one.
> +int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64
> +*serial_num)
> Also here and all the other functions in this file.
Accepted.
> + *
> + * Header file for the EdgeLock Enclave Base API(s).
> + */
> +
> +#ifndef ELE_BASE_MSG_H
> +#define ELE_BASE_MSG_H
> +
> +#include <linux/device.h>
> +#include <linux/types.h>
> +
> +#define WORD_SZ i4
> Unused.
Accepted will remove in V8.
> +#define ELE_NONE_VAL 0x0
> +
> +#define ELE_GET_INFO_REQ 0xDA
> +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> +
> +#define DEFAULT_IMX_SOC_VER 0xA000
> Unused
Accepted will remove in V8.
> +#define SOC_VER_MASK 0xFFFF0000
> Unused
Accepted will remove in V8.
> +int ele_msg_send(struct se_if_priv *priv,
> + void *tx_msg,
> + int tx_msg_sz)
> +{
> + struct se_msg_hdr *header;
> + int err;
> +
> + header = tx_msg;
> +
> + /*
> + * Check that the size passed as argument matches the size
> + * carried in the message.
> + */
> + if (header->size << 2 != tx_msg_sz) {
> + err = -EINVAL;
> + dev_err(priv->dev,
> + "User buf hdr: 0x%x, sz mismatced with input-sz (%d
!= %d).",
> + *(u32 *)header,
> + header->size << 2, tx_msg_sz);
> + goto exit;
> + }
> + guard(mutex)(&priv->se_if_lock);
> Drop this mutex. All it does is to protect mbox_send_message() which
already has its own locking.
Accepted.
Since the TX buffers are dynamically allocated. There is no chance of
TX-Buffer getting over-written.
Will remove this in v8.
> +
> + err = mbox_send_message(priv->tx_chan, tx_msg);
> + if (err < 0) {
> + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> + return err;
> + }
> + err = tx_msg_sz;
> +
> +exit:
> + return err;
> +}
> +
> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg) {
> + struct se_clbk_handle *se_clbk_hdl;
> + struct device *dev = mbox_cl->dev;
> + struct se_msg_hdr *header;
> + struct se_if_priv *priv;
> + u32 rx_msg_sz;
> +
> + priv = dev_get_drvdata(dev);
> +
> + /* The function can be called with NULL msg */
> You already identified this as a possible case...
Intention of this comment was to give the reason for checking "msg" for
NULL, before using it.
> + if (!msg) {
> + dev_err(dev, "Message is invalid\n");
> ...so why print an error message here?
This will help, know that there is incoming message with no length.
> + return;
> + }
> +
> + header = msg;
> + rx_msg_sz = header->size << 2;
> +
> + /* Incoming command: wake up the receiver if any. */
> + if (header->tag == priv->cmd_tag) {
> + se_clbk_hdl = &priv->cmd_receiver_clbk_hdl;
> + dev_dbg(dev,
> + "Selecting cmd receiver for mesg header:0x%x.",
> + *(u32 *) header);
> +
> + /* Pre-allocated buffer of MAX_NVM_MSG_LEN
> + * as the NVM command are initiated by FW.
> + * Size is revealed as part of this call function.
> + */
> + if (rx_msg_sz > MAX_NVM_MSG_LEN) {
> + dev_err(dev,
> + "CMD-RCVER NVM: hdr(0x%x) with different
sz(%d != %d).\n",
> + *(u32 *) header,
> + rx_msg_sz, se_clbk_hdl->rx_msg_sz);
> +
> + se_clbk_hdl->rx_msg_sz = MAX_NVM_MSG_LEN;
> + }
> + se_clbk_hdl->rx_msg_sz = rx_msg_sz;
> +
> + } else if (header->tag == priv->rsp_tag) {
> + se_clbk_hdl = &priv->waiting_rsp_clbk_hdl;
> + dev_dbg(dev,
> + "Selecting resp waiter for mesg header:0x%x.",
> + *(u32 *) header);
> +
> + if (rx_msg_sz != se_clbk_hdl->rx_msg_sz
> + && !exception_for_size(priv, header)) {
> + dev_err(dev,
> + "Rsp to CMD: hdr(0x%x) with different sz(%d
!= %d).\n",
> + *(u32 *) header,
> + rx_msg_sz, se_clbk_hdl->rx_msg_sz);
> +
> + se_clbk_hdl->rx_msg_sz = min(rx_msg_sz,
se_clbk_hdl->rx_msg_sz);
> + }
> + } else {
> + dev_err(dev, "Failed to select a device for message:
%.8x\n",
> + *((u32 *) header));
> + return;
> + }
> +
> + memcpy(se_clbk_hdl->rx_msg, msg, se_clbk_hdl->rx_msg_sz);
> +
> + /* Allow user to read */
> + atomic_inc(&se_clbk_hdl->pending_hdr);
> +
> + wake_up_interruptible(&se_clbk_hdl->wq);
> You are rebuilding a completion here, why not use a completion then?
Accepted.
> +#include <linux/mod_devicetable.h>
> +#include <linux/module.h>
> +#include <linux/of_platform.h>
> +#include <linux/of_reserved_mem.h>
> +#include <linux/platform_device.h>
> +#include <linux/slab.h>
> +#include <linux/string.h>
> +#include <linux/sys_soc.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +#include "se_ctrl.h"
> +
> +#define RESERVED_DMA_POOL BIT(0)
> Unused
Accepted will remove in V8.
> +static void se_load_firmware(const struct firmware *fw, void
> +*context) {
> + struct se_if_priv *priv = context;
> + const struct se_if_node_info *info = priv->info;
> + phys_addr_t se_fw_phyaddr;
> + u8 *se_fw_buf;
> + int ret;
> +
> + if (!fw) {
> + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> + dev_dbg(priv->dev,
> + "External FW not found, using ROM FW.\n");
> + else {
> + /*add a bit delay to wait for firmware priv released
*/
> + msleep(20);
> +
> + /* Load firmware one more time if timeout */
> + request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_UEVENT,
priv->se_img_file_to_load,
> + priv->dev, GFP_KERNEL, priv,
> + se_load_firmware);
> + priv->fw_fail++;
> + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> + priv->fw_fail);
> + }
> +
> + return;
> + }
> Are you continuously trying to load the firmware here in the hope that the
rootfs is mounted before your retry counter exceeds?
Yes.
> Don't do this.
Shall the retry counter to be removed, to make it predictable?
Or am I missing something.
Thanks.
>Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 |
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pengutr
onix.de%2F&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C332a105e5ed24741d3b808dcd
0c9a781%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638614811726643343%7CUn
known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
VCI6Mn0%3D%7C0%7C%7C%7C&sdata=AzbLQ4wpSte4lA2myKQBDYRzSxhc72EcbVq42CcRo0M%3D
&reserved=0 |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Download attachment "smime.p7s" of type "application/pkcs7-signature" (11094 bytes)
Powered by blists - more mailing lists