From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: Sibi Sankar <quic_sibis@quicinc.com>
Cc: andersson@kernel.org, krzysztof.kozlowski+dt@linaro.org,
robh+dt@kernel.org, robin.murphy@arm.com, agross@kernel.org,
linux-arm-msm@vger.kernel.org, devicetree@vger.kernel.org,
linux-kernel@vger.kernel.org, konrad.dybcio@somainline.org,
amit.pundir@linaro.org, regressions@leemhuis.info,
sumit.semwal@linaro.org, will@kernel.org,
catalin.marinas@arm.com
Subject: Re: [PATCH V2 06/11] remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
Date: Mon, 9 Jan 2023 14:02:31 +0530 [thread overview]
Message-ID: <20230109083231.GB4966@thinkpad> (raw)
In-Reply-To: <20230109034843.23759-7-quic_sibis@quicinc.com>
On Mon, Jan 09, 2023 at 09:18:38AM +0530, Sibi Sankar wrote:
> Any access to the dynamically allocated metadata region by the application
> processor after assigning it to the remote Q6 will result in a XPU
> violation. Fix this by replacing the dynamically allocated memory region
> with a no-map carveout and unmap the modem metadata memory region before
> passing control to the remote Q6.
>
> Reported-and-tested-by: Amit Pundir <amit.pundir@linaro.org>
> Fixes: 6c5a9dc2481b ("remoteproc: qcom: Make secure world call for mem ownership switch")
> Signed-off-by: Sibi Sankar <quic_sibis@quicinc.com>
> ---
>
> v2:
> * Revert no_kernel_mapping [Mani/Robin]
>
> drivers/remoteproc/qcom_q6v5_mss.c | 48 ++++++++++++++++++++++++++----
> 1 file changed, 42 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/remoteproc/qcom_q6v5_mss.c b/drivers/remoteproc/qcom_q6v5_mss.c
> index e2f765f87ec9..b7a158751cef 100644
> --- a/drivers/remoteproc/qcom_q6v5_mss.c
> +++ b/drivers/remoteproc/qcom_q6v5_mss.c
> @@ -215,6 +215,7 @@ struct q6v5 {
> size_t mba_size;
> size_t dp_size;
>
> + phys_addr_t mdata_phys;
> phys_addr_t mpss_phys;
> phys_addr_t mpss_reloc;
> size_t mpss_size;
> @@ -973,15 +974,29 @@ static int q6v5_mpss_init_image(struct q6v5 *qproc, const struct firmware *fw,
> if (IS_ERR(metadata))
> return PTR_ERR(metadata);
>
> - ptr = dma_alloc_attrs(qproc->dev, size, &phys, GFP_KERNEL, dma_attrs);
> - if (!ptr) {
> - kfree(metadata);
> - dev_err(qproc->dev, "failed to allocate mdt buffer\n");
> - return -ENOMEM;
> + if (qproc->mdata_phys) {
> + phys = qproc->mdata_phys;
> + ptr = memremap(qproc->mdata_phys, size, MEMREMAP_WC);
> + if (!ptr) {
> + dev_err(qproc->dev, "unable to map memory region: %pa+%zx\n",
> + &qproc->mdata_phys, size);
> + ret = -EBUSY;
> + goto free_dma_attrs;
There is no memory to free at this point.
Thanks,
Mani
> + }
> + } else {
> + ptr = dma_alloc_attrs(qproc->dev, size, &phys, GFP_KERNEL, dma_attrs);
> + if (!ptr) {
> + kfree(metadata);
> + dev_err(qproc->dev, "failed to allocate mdt buffer\n");
> + return -ENOMEM;
> + }
> }
>
> memcpy(ptr, metadata, size);
>
> + if (qproc->mdata_phys)
> + memunmap(ptr);
> +
> /* Hypervisor mapping to access metadata by modem */
> mdata_perm = BIT(QCOM_SCM_VMID_HLOS);
> ret = q6v5_xfer_mem_ownership(qproc, &mdata_perm, false, true,
> @@ -1010,7 +1025,8 @@ static int q6v5_mpss_init_image(struct q6v5 *qproc, const struct firmware *fw,
> "mdt buffer not reclaimed system may become unstable\n");
>
> free_dma_attrs:
> - dma_free_attrs(qproc->dev, size, ptr, phys, dma_attrs);
> + if (!qproc->mdata_phys)
> + dma_free_attrs(qproc->dev, size, ptr, phys, dma_attrs);
> kfree(metadata);
>
> return ret < 0 ? ret : 0;
> @@ -1893,6 +1909,26 @@ static int q6v5_alloc_memory_region(struct q6v5 *qproc)
> qproc->mpss_phys = qproc->mpss_reloc = r.start;
> qproc->mpss_size = resource_size(&r);
>
> + if (!child) {
> + node = of_parse_phandle(qproc->dev->of_node, "memory-region", 2);
> + } else {
> + child = of_get_child_by_name(qproc->dev->of_node, "metadata");
> + node = of_parse_phandle(child, "memory-region", 0);
> + of_node_put(child);
> + }
> +
> + if (!node)
> + return 0;
> +
> + ret = of_address_to_resource(node, 0, &r);
> + of_node_put(node);
> + if (ret) {
> + dev_err(qproc->dev, "unable to resolve metadata region\n");
> + return ret;
> + }
> +
> + qproc->mdata_phys = r.start;
> +
> return 0;
> }
>
> --
> 2.17.1
>
--
மணிவண்ணன் சதாசிவம்
next prev parent reply other threads:[~2023-01-09 8:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-09 3:48 [PATCH V2 00/11] Fix XPU violation during modem metadata authentication Sibi Sankar
2023-01-09 3:48 ` [PATCH V2 01/11] dt-bindings: remoteproc: qcom,q6v5: Move MSM8996 to schema Sibi Sankar
2023-01-10 9:33 ` Krzysztof Kozlowski
2023-01-09 3:48 ` [PATCH V2 02/11] dt-bindings: remoteproc: qcom,msm8996-mss-pil: Update memory region Sibi Sankar
2023-01-10 9:35 ` Krzysztof Kozlowski
2023-01-09 3:48 ` [PATCH V2 03/11] dt-bindings: remoteproc: qcom,sc7180-mss-pil: Update memory-region Sibi Sankar
2023-01-09 14:30 ` Rob Herring
2023-01-10 9:36 ` Krzysztof Kozlowski
2023-01-09 3:48 ` [PATCH V2 04/11] dt-bindings: remoteproc: qcom,sc7280-mss-pil: " Sibi Sankar
2023-01-10 9:36 ` Krzysztof Kozlowski
2023-01-09 3:48 ` [PATCH V2 05/11] remoteproc: qcom_q6v5_mss: revert "map/unmap metadata region before/after use" Sibi Sankar
2023-01-09 8:18 ` Manivannan Sadhasivam
2023-01-09 10:00 ` Sibi Sankar
2023-01-11 11:24 ` Manivannan Sadhasivam
2023-01-09 3:48 ` [PATCH V2 06/11] remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers Sibi Sankar
2023-01-09 8:32 ` Manivannan Sadhasivam [this message]
2023-01-09 10:05 ` Sibi Sankar
2023-01-11 11:23 ` Manivannan Sadhasivam
2023-01-09 3:48 ` [PATCH V2 07/11] arm64: dts: qcom: msm8996: Add a carveout for modem metadata Sibi Sankar
2023-01-09 3:48 ` [PATCH V2 08/11] arm64: dts: qcom: msm8998: " Sibi Sankar
2023-01-09 3:48 ` [PATCH V2 09/11] arm64: dts: qcom: sdm845: " Sibi Sankar
2023-01-09 3:48 ` [PATCH V2 10/11] arm64: dts: qcom: sc7180: " Sibi Sankar
2023-01-09 3:48 ` [PATCH V2 11/11] arm64: dts: qcom: sc7280: " Sibi Sankar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230109083231.GB4966@thinkpad \
--to=manivannan.sadhasivam@linaro.org \
--cc=agross@kernel.org \
--cc=amit.pundir@linaro.org \
--cc=andersson@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=devicetree@vger.kernel.org \
--cc=konrad.dybcio@somainline.org \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=quic_sibis@quicinc.com \
--cc=regressions@leemhuis.info \
--cc=robh+dt@kernel.org \
--cc=robin.murphy@arm.com \
--cc=sumit.semwal@linaro.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.