From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
To: robh+dt@kernel.org, gregkh@linuxfoundation.org
Cc: devicetree@vger.kernel.org, ekangupt@qti.qualcomm.com,
bkumar@qti.qualcomm.com, linux-kernel@vger.kernel.org,
srini@kernel.org, bjorn.andersson@linaro.org,
linux-arm-msm@vger.kernel.org, Jeya R <jeyr@codeaurora.org>,
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Subject: [PATCH v3 06/12] misc: fastrpc: check before loading process to the DSP
Date: Wed, 26 Jan 2022 13:52:58 +0000 [thread overview]
Message-ID: <20220126135304.16340-7-srinivas.kandagatla@linaro.org> (raw)
In-Reply-To: <20220126135304.16340-1-srinivas.kandagatla@linaro.org>
From: Jeya R <jeyr@codeaurora.org>
Reject session if DSP domain is secure, device node is non-secure and signed
PD is requested. Secure device node can access DSP without any restriction.
Unsigned PD offload is only allowed for the DSP domain that can support
unsigned offloading.
Signed-off-by: Jeya R <jeyr@codeaurora.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
---
drivers/misc/fastrpc.c | 33 +++++++++++++++++++++++++++++++++
include/uapi/misc/fastrpc.h | 17 +++++++++++++++++
2 files changed, 50 insertions(+)
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index 9eadbcf451ef..8e780e2d5d9d 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -243,6 +243,7 @@ struct fastrpc_channel_ctx {
struct fastrpc_device *secure_fdevice;
struct fastrpc_device *fdevice;
bool secure;
+ bool unsigned_support;
};
struct fastrpc_device {
@@ -263,6 +264,7 @@ struct fastrpc_user {
int tgid;
int pd;
+ bool is_secure_dev;
/* Lock for lists */
spinlock_t lock;
/* lock for allocations */
@@ -1051,6 +1053,24 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel,
return err;
}
+static bool is_session_rejected(struct fastrpc_user *fl, bool unsigned_pd_request)
+{
+ /* Check if the device node is non-secure and channel is secure*/
+ if (!fl->is_secure_dev && fl->cctx->secure) {
+ /*
+ * Allow untrusted applications to offload only to Unsigned PD when
+ * channel is configured as secure and block untrusted apps on channel
+ * that does not support unsigned PD offload
+ */
+ if (!fl->cctx->unsigned_support || !unsigned_pd_request) {
+ dev_err(&fl->cctx->rpdev->dev, "Error: Untrusted application trying to offload to signed PD");
+ return true;
+ }
+ }
+
+ return false;
+}
+
static int fastrpc_init_create_process(struct fastrpc_user *fl,
char __user *argp)
{
@@ -1070,6 +1090,7 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
u32 siglen;
} inbuf;
u32 sc;
+ bool unsigned_module = false;
args = kcalloc(FASTRPC_CREATE_PROCESS_NARGS, sizeof(*args), GFP_KERNEL);
if (!args)
@@ -1080,6 +1101,14 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
goto err;
}
+ if (init.attrs & FASTRPC_MODE_UNSIGNED_MODULE)
+ unsigned_module = true;
+
+ if (is_session_rejected(fl, unsigned_module)) {
+ err = -ECONNREFUSED;
+ goto err;
+ }
+
if (init.filelen > INIT_FILELEN_MAX) {
err = -EINVAL;
goto err;
@@ -1279,6 +1308,7 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp)
INIT_LIST_HEAD(&fl->user);
fl->tgid = current->tgid;
fl->cctx = cctx;
+ fl->is_secure_dev = fdevice->secure;
fl->sctx = fastrpc_session_alloc(cctx);
if (!fl->sctx) {
@@ -1947,11 +1977,14 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev)
case ADSP_DOMAIN_ID:
case MDSP_DOMAIN_ID:
case SDSP_DOMAIN_ID:
+ /* Unsigned PD offloading is only supported on CDSP*/
+ data->unsigned_support = false;
err = fastrpc_device_register(rdev, data, secure_dsp, domains[domain_id]);
if (err)
goto fdev_error;
break;
case CDSP_DOMAIN_ID:
+ data->unsigned_support = true;
/* Create both device nodes so that we can allow both Signed and Unsigned PD */
err = fastrpc_device_register(rdev, data, true, domains[domain_id]);
if (err)
diff --git a/include/uapi/misc/fastrpc.h b/include/uapi/misc/fastrpc.h
index 7cc9d342078a..f39edac20305 100644
--- a/include/uapi/misc/fastrpc.h
+++ b/include/uapi/misc/fastrpc.h
@@ -46,6 +46,23 @@ enum fastrpc_map_flags {
FASTRPC_MAP_MAX,
};
+enum fastrpc_proc_attr {
+ /* Macro for Debug attr */
+ FASTRPC_MODE_DEBUG = (1 << 0),
+ /* Macro for Ptrace */
+ FASTRPC_MODE_PTRACE = (1 << 1),
+ /* Macro for CRC Check */
+ FASTRPC_MODE_CRC = (1 << 2),
+ /* Macro for Unsigned PD */
+ FASTRPC_MODE_UNSIGNED_MODULE = (1 << 3),
+ /* Macro for Adaptive QoS */
+ FASTRPC_MODE_ADAPTIVE_QOS = (1 << 4),
+ /* Macro for System Process */
+ FASTRPC_MODE_SYSTEM_PROCESS = (1 << 5),
+ /* Macro for Prvileged Process */
+ FASTRPC_MODE_PRIVILEGED = (1 << 6),
+};
+
struct fastrpc_invoke_args {
__u64 ptr;
__u64 length;
--
2.21.0
next prev parent reply other threads:[~2022-01-26 13:54 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-26 13:52 [PATCH v3 00/12] misc: fastrpc: Add missing DSP FastRPC features Srinivas Kandagatla
2022-01-26 13:52 ` [PATCH v3 01/12] misc: fastrpc: separate fastrpc device from channel context Srinivas Kandagatla
2022-01-26 13:52 ` [PATCH v3 02/12] misc: fastrpc: add support for FASTRPC_IOCTL_MEM_MAP/UNMAP Srinivas Kandagatla
2022-01-26 18:00 ` kernel test robot
2022-01-26 18:00 ` kernel test robot
2022-01-27 4:48 ` kernel test robot
2022-01-27 4:48 ` kernel test robot
2022-01-26 13:52 ` [PATCH v3 03/12] misc: fastrpc: Add support to get DSP capabilities Srinivas Kandagatla
2022-01-26 21:04 ` kernel test robot
2022-01-26 21:04 ` kernel test robot
2022-01-26 13:52 ` [PATCH v3 04/12] dt-bindings: misc: add property to support non-secure DSP Srinivas Kandagatla
2022-02-07 20:44 ` Rob Herring
2022-01-26 13:52 ` [PATCH v3 05/12] misc: fastrpc: add secure domain support Srinivas Kandagatla
2022-01-26 13:52 ` Srinivas Kandagatla [this message]
2022-01-26 13:52 ` [PATCH v3 07/12] dt-bindings: misc: add fastrpc domain vmid property Srinivas Kandagatla
2022-02-07 20:45 ` Rob Herring
2022-01-26 13:53 ` [PATCH v3 08/12] misc: fastrpc: Add support to secure memory map Srinivas Kandagatla
2022-01-26 13:53 ` [PATCH v3 09/12] misc: fastrpc: Add helper function to get list and page Srinivas Kandagatla
2022-01-26 13:53 ` [PATCH v3 10/12] misc: fastrpc: Add fdlist implementation Srinivas Kandagatla
2022-01-26 13:53 ` [PATCH v3 11/12] misc: fastrpc: Add dma handle implementation Srinivas Kandagatla
2022-01-26 20:13 ` kernel test robot
2022-01-26 20:13 ` kernel test robot
2022-01-26 20:14 ` kernel test robot
2022-01-26 20:14 ` kernel test robot
2022-01-26 13:53 ` [PATCH v3 12/12] arm64: dts: qcom: add non-secure domain property to fastrpc nodes Srinivas Kandagatla
2022-04-08 13:37 ` [PATCH v3 00/12] misc: fastrpc: Add missing DSP FastRPC features patchwork-bot+linux-arm-msm
2022-01-27 10:15 [PATCH v3 01/12] misc: fastrpc: separate fastrpc device from channel context kernel test robot
2022-01-27 11:33 ` Dan Carpenter
2022-01-27 11:33 ` Dan Carpenter
2022-01-27 13:09 [PATCH v3 11/12] misc: fastrpc: Add dma handle implementation kernel test robot
2022-01-28 7:09 ` Dan Carpenter
2022-01-28 7:09 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220126135304.16340-7-srinivas.kandagatla@linaro.org \
--to=srinivas.kandagatla@linaro.org \
--cc=bjorn.andersson@linaro.org \
--cc=bkumar@qti.qualcomm.com \
--cc=devicetree@vger.kernel.org \
--cc=ekangupt@qti.qualcomm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jeyr@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robh+dt@kernel.org \
--cc=srini@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.