From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: Sibi Sankar <quic_sibis@quicinc.com>
Cc: andersson@kernel.org, agross@kernel.org,
linux-arm-msm@vger.kernel.org, devicetree@vger.kernel.org,
linux-kernel@vger.kernel.org, krzysztof.kozlowski+dt@linaro.org,
robh+dt@kernel.org, konrad.dybcio@somainline.org,
amit.pundir@linaro.org, regressions@leemhuis.info,
sumit.semwal@linaro.org, will@kernel.org,
catalin.marinas@arm.com, robin.murphy@arm.com
Subject: Re: [PATCH V4 06/11] remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
Date: Wed, 18 Jan 2023 20:58:09 +0530 [thread overview]
Message-ID: <20230118152809.GC4690@thinkpad> (raw)
In-Reply-To: <20230117085840.32356-7-quic_sibis@quicinc.com>
On Tue, Jan 17, 2023 at 02:28:35PM +0530, Sibi Sankar wrote:
> Any access to the dynamically allocated metadata region by the application
> processor after assigning it to the remote Q6 will result in a XPU
> violation. Fix this by replacing the dynamically allocated memory region
> with a no-map carveout and unmap the modem metadata memory region before
> passing control to the remote Q6.
>
> Reported-and-tested-by: Amit Pundir <amit.pundir@linaro.org>
> Fixes: 6c5a9dc2481b ("remoteproc: qcom: Make secure world call for mem ownership switch")
> Signed-off-by: Sibi Sankar <quic_sibis@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Thanks,
Mani
> ---
>
> v4:
> * Use size/alloc-ranges instead of a specific address [Bjorn]
> * Include size checks
>
> v3:
> * Drop revert no_kernel_mapping since it's already on the list [Mani]
> * kfree metadata from the branch for parity
>
> drivers/remoteproc/qcom_q6v5_mss.c | 59 +++++++++++++++++++++++++++---
> 1 file changed, 53 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/remoteproc/qcom_q6v5_mss.c b/drivers/remoteproc/qcom_q6v5_mss.c
> index e2f765f87ec9..292e22f58df3 100644
> --- a/drivers/remoteproc/qcom_q6v5_mss.c
> +++ b/drivers/remoteproc/qcom_q6v5_mss.c
> @@ -17,6 +17,7 @@
> #include <linux/module.h>
> #include <linux/of_address.h>
> #include <linux/of_device.h>
> +#include <linux/of_reserved_mem.h>
> #include <linux/platform_device.h>
> #include <linux/pm_domain.h>
> #include <linux/pm_runtime.h>
> @@ -215,6 +216,9 @@ struct q6v5 {
> size_t mba_size;
> size_t dp_size;
>
> + phys_addr_t mdata_phys;
> + size_t mdata_size;
> +
> phys_addr_t mpss_phys;
> phys_addr_t mpss_reloc;
> size_t mpss_size;
> @@ -973,15 +977,35 @@ static int q6v5_mpss_init_image(struct q6v5 *qproc, const struct firmware *fw,
> if (IS_ERR(metadata))
> return PTR_ERR(metadata);
>
> - ptr = dma_alloc_attrs(qproc->dev, size, &phys, GFP_KERNEL, dma_attrs);
> - if (!ptr) {
> - kfree(metadata);
> - dev_err(qproc->dev, "failed to allocate mdt buffer\n");
> - return -ENOMEM;
> + if (qproc->mdata_phys) {
> + if (size > qproc->mdata_size) {
> + ret = -EINVAL;
> + dev_err(qproc->dev, "metadata size outside memory range\n");
> + goto free_metadata;
> + }
> +
> + phys = qproc->mdata_phys;
> + ptr = memremap(qproc->mdata_phys, size, MEMREMAP_WC);
> + if (!ptr) {
> + ret = -EBUSY;
> + dev_err(qproc->dev, "unable to map memory region: %pa+%zx\n",
> + &qproc->mdata_phys, size);
> + goto free_metadata;
> + }
> + } else {
> + ptr = dma_alloc_attrs(qproc->dev, size, &phys, GFP_KERNEL, dma_attrs);
> + if (!ptr) {
> + ret = -ENOMEM;
> + dev_err(qproc->dev, "failed to allocate mdt buffer\n");
> + goto free_metadata;
> + }
> }
>
> memcpy(ptr, metadata, size);
>
> + if (qproc->mdata_phys)
> + memunmap(ptr);
> +
> /* Hypervisor mapping to access metadata by modem */
> mdata_perm = BIT(QCOM_SCM_VMID_HLOS);
> ret = q6v5_xfer_mem_ownership(qproc, &mdata_perm, false, true,
> @@ -1010,7 +1034,9 @@ static int q6v5_mpss_init_image(struct q6v5 *qproc, const struct firmware *fw,
> "mdt buffer not reclaimed system may become unstable\n");
>
> free_dma_attrs:
> - dma_free_attrs(qproc->dev, size, ptr, phys, dma_attrs);
> + if (!qproc->mdata_phys)
> + dma_free_attrs(qproc->dev, size, ptr, phys, dma_attrs);
> +free_metadata:
> kfree(metadata);
>
> return ret < 0 ? ret : 0;
> @@ -1847,6 +1873,7 @@ static int q6v5_init_reset(struct q6v5 *qproc)
> static int q6v5_alloc_memory_region(struct q6v5 *qproc)
> {
> struct device_node *child;
> + struct reserved_mem *rmem;
> struct device_node *node;
> struct resource r;
> int ret;
> @@ -1893,6 +1920,26 @@ static int q6v5_alloc_memory_region(struct q6v5 *qproc)
> qproc->mpss_phys = qproc->mpss_reloc = r.start;
> qproc->mpss_size = resource_size(&r);
>
> + if (!child) {
> + node = of_parse_phandle(qproc->dev->of_node, "memory-region", 2);
> + } else {
> + child = of_get_child_by_name(qproc->dev->of_node, "metadata");
> + node = of_parse_phandle(child, "memory-region", 0);
> + of_node_put(child);
> + }
> +
> + if (!node)
> + return 0;
> +
> + rmem = of_reserved_mem_lookup(node);
> + if (!rmem) {
> + dev_err(qproc->dev, "unable to resolve metadata region\n");
> + return -EINVAL;
> + }
> +
> + qproc->mdata_phys = rmem->base;
> + qproc->mdata_size = rmem->size;
> +
> return 0;
> }
>
> --
> 2.17.1
>
--
மணிவண்ணன் சதாசிவம்
next prev parent reply other threads:[~2023-01-18 15:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-17 8:58 [PATCH V4 00/11] Fix XPU violation during modem metadata authentication Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 01/11] dt-bindings: remoteproc: qcom,q6v5: Move MSM8996 to schema Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 02/11] dt-bindings: remoteproc: qcom,msm8996-mss-pil: Update memory region Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 03/11] dt-bindings: remoteproc: qcom,sc7180-mss-pil: Update memory-region Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 04/11] dt-bindings: remoteproc: qcom,sc7280-mss-pil: " Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 05/11] Revert "remoteproc: qcom_q6v5_mss: map/unmap metadata region before/after use" Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 06/11] remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers Sibi Sankar
2023-01-18 15:28 ` Manivannan Sadhasivam [this message]
2023-01-17 8:58 ` [PATCH V4 07/11] arm64: dts: qcom: msm8996: Add a carveout for modem metadata Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 08/11] arm64: dts: qcom: msm8998: " Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 09/11] arm64: dts: qcom: sdm845: " Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 10/11] arm64: dts: qcom: sc7180: " Sibi Sankar
2023-01-17 8:58 ` [PATCH V4 11/11] arm64: dts: qcom: sc7280: " Sibi Sankar
2023-01-19 3:44 ` (subset) [PATCH V4 00/11] Fix XPU violation during modem metadata authentication Bjorn Andersson
2023-03-27 16:18 ` Will Deacon
2023-04-03 16:08 ` Manivannan Sadhasivam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230118152809.GC4690@thinkpad \
--to=manivannan.sadhasivam@linaro.org \
--cc=agross@kernel.org \
--cc=amit.pundir@linaro.org \
--cc=andersson@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=devicetree@vger.kernel.org \
--cc=konrad.dybcio@somainline.org \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=quic_sibis@quicinc.com \
--cc=regressions@leemhuis.info \
--cc=robh+dt@kernel.org \
--cc=robin.murphy@arm.com \
--cc=sumit.semwal@linaro.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.