| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMRc=Me=Eu6+SpdguKurWgQDrpuo4qTCwWO6GfzS=YuA9vUzOw@mail.gmail.com>
Date: Wed, 20 Nov 2024 15:07:24 +0100
From: Bartosz Golaszewski <brgl@...ev.pl>
To: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
Cc: Bjorn Andersson <andersson@...nel.org>, Konrad Dybcio <konradybcio@...nel.org>,
Mukesh Ojha <quic_mojha@...cinc.com>, Dmitry Baryshkov <dmitry.baryshkov@...aro.org>,
Stephan Gerhold <stephan.gerhold@...aro.org>,
Bartosz Golaszewski <bartosz.golaszewski@...aro.org>, Kuldeep Singh <quic_kuldsing@...cinc.com>,
Elliot Berman <quic_eberman@...cinc.com>, Andrew Halaney <ahalaney@...hat.com>,
Avaneesh Kumar Dwivedi <quic_akdwived@...cinc.com>, Andy Gross <andy.gross@...aro.org>,
linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/6] firmware: qcom: scm: Handle various probe ordering
for qcom_scm_assign_mem()
On Tue, Nov 19, 2024 at 7:37 PM Krzysztof Kozlowski
<krzysztof.kozlowski@...aro.org> wrote:
>
> The SCM driver can defer or fail probe, or just load a bit later so
> callers of qcom_scm_assign_mem() should defer if the device is not ready.
>
> This fixes theoretical NULL pointer exception, triggered via introducing
> probe deferral in SCM driver with call trace:
>
> qcom_tzmem_alloc+0x70/0x1ac (P)
> qcom_tzmem_alloc+0x64/0x1ac (L)
> qcom_scm_assign_mem+0x78/0x194
> qcom_rmtfs_mem_probe+0x2d4/0x38c
> platform_probe+0x68/0xc8
>
> Fixes: d82bd359972a ("firmware: scm: Add new SCM call API for switching memory ownership")
> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
>
> ---
>
> I am not sure about commit introducing it (Fixes tag) thus not Cc-ing
> stable.
> ---
> drivers/firmware/qcom/qcom_scm.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c
> index 5d91b8e22844608f35432f1ba9c08d477d4ff762..93212c8f20ad65ecc44804b00f4b93e3eaaf8d95 100644
> --- a/drivers/firmware/qcom/qcom_scm.c
> +++ b/drivers/firmware/qcom/qcom_scm.c
> @@ -1075,6 +1075,9 @@ int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz,
> int ret, i, b;
> u64 srcvm_bits = *srcvm;
>
> + if (!qcom_scm_is_available())
> + return -EPROBE_DEFER;
> +
Should we be returning -EPROBE_DEFER from functions that are not
necessarily limited to being used in probe()? For instance ath10k uses
it in a workqueue job. I think this is why this driver is probed in
subsys_initcall() rather than module_initcall().
Bart
> src_sz = hweight64(srcvm_bits) * sizeof(*src);
> mem_to_map_sz = sizeof(*mem_to_map);
> dest_sz = dest_cnt * sizeof(*destvm);
>
> --
> 2.43.0
>
>
Powered by blists - more mailing lists