From: Avri Altman <Avri.Altman@wdc.com>
To: Mikko Rapeli <mikko.rapeli@linaro.org>,
Jens Wiklander <jens.wiklander@linaro.org>,
Tomas Klas <tomas.klas@cuesystem.com>
Cc: Ulf Hansson <ulf.hansson@linaro.org>,
"linux-mmc@vger.kernel.org" <linux-mmc@vger.kernel.org>,
Adrian Hunter <adrian.hunter@intel.com>,
Daniil Lunev <dlunev@google.com>,
Asutosh Das <quic_asutoshd@quicinc.com>
Subject: RE: [PATCH v4] mmc: core: Use mrq.sbc in close-ended ffu
Date: Wed, 13 Mar 2024 12:50:54 +0000 [thread overview]
Message-ID: <DM6PR04MB65752BDA26BA746F9A6B5063FC2A2@DM6PR04MB6575.namprd04.prod.outlook.com> (raw)
In-Reply-To: <ZfGSJBuBdzkoooYs@nuoska>
+ Tomas
>
> Hi,
>
> With help from Jens we turned tee-opplicant in userspace to single threaded
> with:
>
> --- a/tee-supplicant/src/tee_supplicant.c
> +++ b/tee-supplicant/src/tee_supplicant.c
> @@ -588,6 +588,8 @@ static bool spawn_thread(struct thread_arg *arg)
> int e = 0;
> pthread_t tid;
>
> + return true;
> +
> memset(&tid, 0, sizeof(tid));
>
> DMSG("Spawning a new thread");
>
>
> but RPMB access still fails, so issue is not in userspace concurrency.
> I added debug prints to this commit and the failures seem to come from this
> first check idata->flags & MMC_BLK_IOC_DROP, second hunk in this patch:
>
> @@ -475,10 +479,18 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card
> *card, struct mmc_blk_data *md,
> unsigned int busy_timeout_ms;
> int err;
> unsigned int target_part;
> + struct mmc_blk_ioc_data *idata = idatas[i];
> + struct mmc_blk_ioc_data *prev_idata = NULL;
>
> if (!card || !md || !idata)
> return -EINVAL;
>
> + if (idata->flags & MMC_BLK_IOC_DROP)
> + return 0;
> +
> + if (idata->flags & MMC_BLK_IOC_SBC)
> + prev_idata = idatas[i - 1];
> +
> /*
> * The RPMB accesses comes in from the character device, so we
> * need to target these explicitly. Else we just target the
>
>
> Debug prints:
>
> @@ -485,11 +485,19 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card
> *card, struct mmc_blk_data *md,
> if (!card || !md || !idata)
> return -EINVAL;
>
> - if (idata->flags & MMC_BLK_IOC_DROP)
> + pr_err("%s: DEBUG0:\n", __func__ );
> +
> + if (idata->flags & MMC_BLK_IOC_DROP) {
> + pr_err("%s: DEBUG1: idata->flags & MMC_BLK_IOC_DROP: flags =
> 0x%x, returning 0\n",
> + __func__,
> + idata->flags );
> return 0;
> + }
>
> - if (idata->flags & MMC_BLK_IOC_SBC)
> + if (idata->flags & MMC_BLK_IOC_SBC && i > 0) {
> + pr_err("%s: DEBUG2: idata->flags & MMC_BLK_IOC_SBC && i > 0,
> flags = 0x%x\n",
> + __func__,
> + idata->flags);
> prev_idata = idatas[i - 1];
> + }
>
> /*
> * The RPMB accesses comes in from the character device, so we
>
> And the logs show that "idata->flags & MMC_BLK_IOC_DROP" is always true
> for the RPMB ioctls.
>
> https://ledge.validation.linaro.org/scheduler/job/83101
>
> [ 33.505035] __mmc_blk_ioctl_cmd: DEBUG0:
> [ 33.505426] __mmc_blk_ioctl_cmd: DEBUG1: idata->flags &
> MMC_BLK_IOC_DROP: flags = 0x5f797469, returning 0
The flags contains garbage - needs to be initialized to zero.
Tomas already noticed that and is about to send a fix.
Thanks,
Avri
> [ 33.506283] __mmc_blk_ioctl_cmd: DEBUG0:
> [ 33.506639] __mmc_blk_ioctl_cmd: DEBUG2: idata->flags &
> MMC_BLK_IOC_SBC && i > 0, flags = 0x702e796e
> [ 33.507447] __mmc_blk_ioctl_cmd: DEBUG2.1: RPMB
> [ 33.511746] __mmc_blk_ioctl_cmd: DEBUG3: copying to prev_idata
> [ 43.564084] mmc0: Card stuck being busy! __mmc_poll_for_busy
>
> https://ledge.validation.linaro.org/scheduler/job/83102
>
> [ 143.124673] __mmc_blk_ioctl_cmd: DEBUG2: idata->flags &
> MMC_BLK_IOC_SBC && i > 0, flags = 0x485fb78a [ 143.133854]
> __mmc_blk_ioctl_cmd: DEBUG2.1: RPMB [ 143.138886]
> __mmc_blk_ioctl_cmd: DEBUG3: copying to prev_idata ...
> [ 153.166684] mmc0: Card stuck being busy! __mmc_poll_for_busy
>
> This commit added uint flags to mmc_blk_ioc_data struct but it is only
> initialized for MMC_DRV_OP_IOCTL code path and for
> MMC_DRV_OP_IOCTL_RPMB it is uninialized and happens to be matching "&
> MMC_BLK_IOC_DROP" in all cases at runtime thus breaking RPMB ioctls.
>
> Fix will be to initialize mmc_blk_ioc_data->flags in all cases. Would this be fine
> as a catch all initialization for mmc_blk_ioc_data?
>
> --- a/drivers/mmc/core/block.c
> +++ b/drivers/mmc/core/block.c
> @@ -413,7 +413,7 @@ static struct mmc_blk_ioc_data
> *mmc_blk_ioctl_copy_from_user(
> struct mmc_blk_ioc_data *idata;
> int err;
>
> - idata = kmalloc(sizeof(*idata), GFP_KERNEL);
> + idata = kzalloc(sizeof(*idata), GFP_KERNEL);
> if (!idata) {
> err = -ENOMEM;
> goto out;
>
> I think this is a sensible and future proof way to go.
>
> Then, the second flags check for MMC_BLK_IOC_SBC is accessing array using
> index i - 1, but is not checking if i == 0 which results in data[-1] access.
> I think this should be fixed with something like:
>
> - if (idata->flags & MMC_BLK_IOC_SBC)
> + if (idata->flags & MMC_BLK_IOC_SBC && i > 0) {
>
> Would you be fine with this?
>
> With both of these changes in place (and debug logging) test runs on rockpi4b
> and synquacer
> arm64 boards are now ok and firmware TPM devices with RPMB storage works
> again and optee fTPM TA does not panic, though there is at least on TPM
> eventlog read test failing later on (a different kernel or firmware bug, perhaps).
>
> https://ledge.validation.linaro.org/scheduler/job/83094
>
> + tee-supplicant -d --rpmb-cid 7001004d33323530385212b201dea300 sleep 10
> + modprobe tpm_ftpm_tee
> ...
> + tpm2_createprimary -Q --hierarchy=o --key-context=prim.ctx
> ...
> + tpm2_loadexternal --key-algorithm=rsa --hierarchy=o
> + --public=signing_key_public.pem --key-context=signing_key.ctx
> + --name=signing_key.name tpm2_startauthsession --session=session.ctx
> + tpm2_policyauthorize --session=session.ctx --policy=authorized.policy
> + --name=signing_key.name tpm2_flushcontext session.ctx cat
> + /tmp/rand_key tpm2_create --hash-algorithm=sha256
> + --public=auth_pcr_seal_key.pub --private=auth_pcr_seal_key.priv
> + --sealing-input=- --parent-context=prim.ctx --policy=authorized.policy
> ...
> + tpm2_load -Q --parent-context=prim.ctx --public=auth_pcr_seal_key.pub
> + --private=auth_pcr_seal_key.priv --name=seal.name
> + --key-context=seal.ctx tpm2_evictcontrol -Q -C o -c 0x8100000a
> ...
> + cryptsetup -q --type luks2 --cipher aes-xts-plain --hash sha256
> + --use-random --uuid=6091b3a4-ce08-3020-93a6-f755a22ef03b luksFormat
> /dev/sda2 --key-file /tmp/rand_key --label otaroot echo 'Creating encrypted
> filesystem ...'
> Creating encrypted filesystem ...
> + cryptsetup luksOpen --key-file /tmp/rand_key /dev/sda2 rootfs
> ...
>
> https://ledge.validation.linaro.org/scheduler/job/83096
>
> + modprobe tpm_ftpm_tee
> ...
> + rngd
> ...
> + tpm2_dictionarylockout -c
> + tpm2-abrmd --allow-root
> ...
> + tpm2_seal_password /tmp/rand_key
> + local passfilename=/tmp/rand_key
> ...
> + tpm2_createprimary -Q --hierarchy=o --key-context=prim.ctx
> ...
> + tpm2_loadexternal --key-algorithm=rsa --hierarchy=o
> + --public=signing_key_public.pem --key-context=signing_key.ctx
> + --name=signing_key.name tpm2_startauthsession --session=session.ctx
> + tpm2_policyauthorize --session=session.ctx --policy=authorized.policy
> + --name=signing_key.name tpm2_flushcontext session.ctx
> ...
> + tpm2_create --hash-algorithm=sha256 --public=auth_pcr_seal_key.pub
> + --private=auth_pcr_seal_key.priv --sealing-input=-
> + --parent-context=prim.ctx --policy=authorized.policy
> ...
> + tpm2_load -Q --parent-context=prim.ctx --public=auth_pcr_seal_key.pub
> + --private=auth_pcr_seal_key.priv --name=seal.name
> + --key-context=seal.ctx tpm2_evictcontrol -Q -C o -c 0x8100000a
> + tpm2_evictcontrol --hierarchy=o --object-context=seal.ctx 0x8100000a
> ...
> + cryptsetup -q --type luks2 --cipher aes-xts-plain --hash sha256
> + --use-random --uuid=6091b3a4-ce08-3020-93a6-f755a22ef03b luksFormat
> + /dev/mmcblk1p7 --key-file /tmp/rand_key --label otaroot
> ...
> Creating encrypted filesystem ...
> + cryptsetup luksOpen --key-file /tmp/rand_key /dev/mmcblk1p7 rootfs
> ...
> + mount /dev/mapper/rootfs /rootfs -o rw,noatime,iversion
> [ 171.018740] EXT4-fs (dm-0): mounted filesystem 89ae0ee0-b27c-4a66-ac0c-
> 098c7ccd7a3c r/w with ordered data mode. Quota mode: disabled.
> ...
>
> Cheers,
>
> -Mikko
prev parent reply other threads:[~2024-03-13 12:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 9:25 [PATCH v4] mmc: core: Use mrq.sbc in close-ended ffu Avri Altman
2023-11-29 13:31 ` Adrian Hunter
2023-11-30 10:36 ` Ulf Hansson
2024-03-11 13:59 ` Mikko Rapeli
2024-03-11 14:55 ` Avri Altman
2024-03-11 15:08 ` Mikko Rapeli
2024-03-11 15:19 ` Jens Wiklander
2024-03-11 15:41 ` Mikko Rapeli
2024-03-11 19:25 ` Avri Altman
2024-03-12 8:01 ` Jens Wiklander
2024-03-13 11:46 ` Mikko Rapeli
2024-03-13 12:44 ` Mikko Rapeli
2024-03-13 12:50 ` Avri Altman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM6PR04MB65752BDA26BA746F9A6B5063FC2A2@DM6PR04MB6575.namprd04.prod.outlook.com \
--to=avri.altman@wdc.com \
--cc=adrian.hunter@intel.com \
--cc=dlunev@google.com \
--cc=jens.wiklander@linaro.org \
--cc=linux-mmc@vger.kernel.org \
--cc=mikko.rapeli@linaro.org \
--cc=quic_asutoshd@quicinc.com \
--cc=tomas.klas@cuesystem.com \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.