From: "Cédric Le Goater" <clg@redhat.com>
To: qemu-devel@nongnu.org, berrange@redhat.com
Cc: kris.conklin@seagate.com, jonathan.henze@seagate.com,
evan.burgess@seagate.com, peter.maydell@linaro.org,
Alejandro Zeise <alejandro.zeise@seagate.com>,
Steven Lee <steven_lee@aspeedtech.com>,
Troy Lee <leetroy@gmail.com>,
Jamin Lin <jamin_lin@aspeedtech.com>,
Andrew Jeffery <andrew@codeconstruct.com.au>,
Joel Stanley <joel@jms.id.au>
Subject: Re: [PATCH v6] hw/misc/aspeed_hace: Fix SG Accumulative hashing
Date: Sat, 12 Oct 2024 08:20:25 +0200 [thread overview]
Message-ID: <eff3385f-6d43-42e7-8b36-7225e2fee7df@redhat.com> (raw)
In-Reply-To: <20241011053825.361544-1-clg@redhat.com>
+ Aspeed reviewers. Sorry about that.
C.
On 10/11/24 07:38, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
>
> Make the Aspeed HACE module use the new qcrypto accumulative hashing functions
> when in scatter-gather accumulative mode. A hash context will maintain a
> "running-hash" as each scatter-gather chunk is received.
>
> Previously each scatter-gather "chunk" was cached
> so the hash could be computed once the final chunk was received.
> However, the cache was a shallow copy, so once the guest overwrote the
> memory provided to HACE the final hash would not be correct.
>
> Possibly related to: https://gitlab.com/qemu-project/qemu/-/issues/1121
> Buglink: https://github.com/openbmc/qemu/issues/36
>
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Checkpatch fixes
> - Reworked qcrypto_hash*() error reports in do_hash_operation() ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>
> Changes in v6:
> - Reworked qcrypto_hash*() error reports in do_hash_operation()
>
> include/hw/misc/aspeed_hace.h | 4 ++
> hw/misc/aspeed_hace.c | 104 +++++++++++++++++++---------------
> 2 files changed, 63 insertions(+), 45 deletions(-)
>
> diff --git a/include/hw/misc/aspeed_hace.h b/include/hw/misc/aspeed_hace.h
> index ecb1b67de816..4af99191955a 100644
> --- a/include/hw/misc/aspeed_hace.h
> +++ b/include/hw/misc/aspeed_hace.h
> @@ -1,6 +1,7 @@
> /*
> * ASPEED Hash and Crypto Engine
> *
> + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
> * Copyright (C) 2021 IBM Corp.
> *
> * SPDX-License-Identifier: GPL-2.0-or-later
> @@ -10,6 +11,7 @@
> #define ASPEED_HACE_H
>
> #include "hw/sysbus.h"
> +#include "crypto/hash.h"
>
> #define TYPE_ASPEED_HACE "aspeed.hace"
> #define TYPE_ASPEED_AST2400_HACE TYPE_ASPEED_HACE "-ast2400"
> @@ -35,6 +37,8 @@ struct AspeedHACEState {
>
> MemoryRegion *dram_mr;
> AddressSpace dram_as;
> +
> + QCryptoHash *hash_ctx;
> };
>
>
> diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c
> index b6f43f65b29a..bc1d66ad8064 100644
> --- a/hw/misc/aspeed_hace.c
> +++ b/hw/misc/aspeed_hace.c
> @@ -1,6 +1,7 @@
> /*
> * ASPEED Hash and Crypto Engine
> *
> + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
> * Copyright (C) 2021 IBM Corp.
> *
> * Joel Stanley <joel@jms.id.au>
> @@ -151,49 +152,28 @@ static int reconstruct_iov(AspeedHACEState *s, struct iovec *iov, int id,
> return iov_count;
> }
>
> -/**
> - * Generate iov for accumulative mode.
> - *
> - * @param s aspeed hace state object
> - * @param iov iov of the current request
> - * @param id index of the current iov
> - * @param req_len length of the current request
> - *
> - * @return count of iov
> - */
> -static int gen_acc_mode_iov(AspeedHACEState *s, struct iovec *iov, int id,
> - hwaddr *req_len)
> -{
> - uint32_t pad_offset;
> - uint32_t total_msg_len;
> - s->total_req_len += *req_len;
> -
> - if (has_padding(s, &iov[id], *req_len, &total_msg_len, &pad_offset)) {
> - if (s->iov_count) {
> - return reconstruct_iov(s, iov, id, &pad_offset);
> - }
> -
> - *req_len -= s->total_req_len - total_msg_len;
> - s->total_req_len = 0;
> - iov[id].iov_len = *req_len;
> - } else {
> - s->iov_cache[s->iov_count].iov_base = iov->iov_base;
> - s->iov_cache[s->iov_count].iov_len = *req_len;
> - ++s->iov_count;
> - }
> -
> - return id + 1;
> -}
> -
> static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
> bool acc_mode)
> {
> struct iovec iov[ASPEED_HACE_MAX_SG];
> + uint32_t total_msg_len;
> + uint32_t pad_offset;
> g_autofree uint8_t *digest_buf = NULL;
> size_t digest_len = 0;
> - int niov = 0;
> + bool sg_acc_mode_final_request = false;
> int i;
> void *haddr;
> + Error *local_err = NULL;
> +
> + if (acc_mode && s->hash_ctx == NULL) {
> + s->hash_ctx = qcrypto_hash_new(algo, &local_err);
> + if (s->hash_ctx == NULL) {
> + qemu_log_mask(LOG_GUEST_ERROR, "qcrypto hash failed : %s",
> + error_get_pretty(local_err));
> + error_free(local_err);
> + return;
> + }
> + }
>
> if (sg_mode) {
> uint32_t len = 0;
> @@ -226,8 +206,16 @@ static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
> }
> iov[i].iov_base = haddr;
> if (acc_mode) {
> - niov = gen_acc_mode_iov(s, iov, i, &plen);
> -
> + s->total_req_len += plen;
> +
> + if (has_padding(s, &iov[i], plen, &total_msg_len,
> + &pad_offset)) {
> + /* Padding being present indicates the final request */
> + sg_acc_mode_final_request = true;
> + iov[i].iov_len = pad_offset;
> + } else {
> + iov[i].iov_len = plen;
> + }
> } else {
> iov[i].iov_len = plen;
> }
> @@ -252,21 +240,42 @@ static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
> * required to check whether cache is empty. If no, we should
> * combine cached iov and the current iov.
> */
> - uint32_t total_msg_len;
> - uint32_t pad_offset;
> s->total_req_len += len;
> if (has_padding(s, iov, len, &total_msg_len, &pad_offset)) {
> - niov = reconstruct_iov(s, iov, 0, &pad_offset);
> + i = reconstruct_iov(s, iov, 0, &pad_offset);
> }
> }
> }
>
> - if (niov) {
> - i = niov;
> - }
> + if (acc_mode) {
> + if (qcrypto_hash_updatev(s->hash_ctx, iov, i, &local_err) < 0) {
> + qemu_log_mask(LOG_GUEST_ERROR, "qcrypto hash update failed : %s",
> + error_get_pretty(local_err));
> + error_free(local_err);
> + return;
> + }
> +
> + if (sg_acc_mode_final_request) {
> + if (qcrypto_hash_finalize_bytes(s->hash_ctx, &digest_buf,
> + &digest_len, &local_err)) {
> + qemu_log_mask(LOG_GUEST_ERROR,
> + "qcrypto hash finalize failed : %s",
> + error_get_pretty(local_err));
> + error_free(local_err);
> + local_err = NULL;
> + }
>
> - if (qcrypto_hash_bytesv(algo, iov, i, &digest_buf, &digest_len, NULL) < 0) {
> - qemu_log_mask(LOG_GUEST_ERROR, "%s: qcrypto failed\n", __func__);
> + qcrypto_hash_free(s->hash_ctx);
> +
> + s->hash_ctx = NULL;
> + s->iov_count = 0;
> + s->total_req_len = 0;
> + }
> + } else if (qcrypto_hash_bytesv(algo, iov, i, &digest_buf,
> + &digest_len, &local_err) < 0) {
> + qemu_log_mask(LOG_GUEST_ERROR, "qcrypto hash bytesv failed : %s",
> + error_get_pretty(local_err));
> + error_free(local_err);
> return;
> }
>
> @@ -397,6 +406,11 @@ static void aspeed_hace_reset(DeviceState *dev)
> {
> struct AspeedHACEState *s = ASPEED_HACE(dev);
>
> + if (s->hash_ctx != NULL) {
> + qcrypto_hash_free(s->hash_ctx);
> + s->hash_ctx = NULL;
> + }
> +
> memset(s->regs, 0, sizeof(s->regs));
> s->iov_count = 0;
> s->total_req_len = 0;
next prev parent reply other threads:[~2024-10-12 6:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-11 5:38 [PATCH v6] hw/misc/aspeed_hace: Fix SG Accumulative hashing Cédric Le Goater
2024-10-12 6:20 ` Cédric Le Goater [this message]
2024-10-15 0:52 ` Andrew Jeffery
2024-10-15 8:49 ` Cédric Le Goater
2024-10-15 14:53 ` Jamin Lin
2024-10-22 11:54 ` Joel Stanley
2024-10-22 16:04 ` Cédric Le Goater
2024-10-23 6:52 ` Joel Stanley
2024-10-23 7:01 ` Cédric Le Goater
2024-10-23 9:20 ` Jamin Lin
2024-10-24 4:32 ` Joel Stanley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eff3385f-6d43-42e7-8b36-7225e2fee7df@redhat.com \
--to=clg@redhat.com \
--cc=alejandro.zeise@seagate.com \
--cc=andrew@codeconstruct.com.au \
--cc=berrange@redhat.com \
--cc=evan.burgess@seagate.com \
--cc=jamin_lin@aspeedtech.com \
--cc=joel@jms.id.au \
--cc=jonathan.henze@seagate.com \
--cc=kris.conklin@seagate.com \
--cc=leetroy@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=steven_lee@aspeedtech.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).