From: Tom Rix <trix@redhat.com>
To: Russ Weight <russell.h.weight@intel.com>,
mdf@kernel.org, lee.jones@linaro.org, linux-fpga@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: lgoncalv@redhat.com, yilun.xu@intel.com, hao.wu@intel.com,
matthew.gerlach@intel.com
Subject: Re: [PATCH v1 10/12] fpga: enable sec-mgr update cancel
Date: Sun, 6 Sep 2020 10:00:20 -0700 [thread overview]
Message-ID: <bfcdc249-1cc7-e755-1030-cf1fed2416fa@redhat.com> (raw)
In-Reply-To: <20200904235305.6254-11-russell.h.weight@intel.com>
On 9/4/20 4:53 PM, Russ Weight wrote:
> Extend the Intel Security Manager class driver to include
> an update/cancel sysfs file that can be written to request
> that an update be canceled. The write may return EBUSY if
> the update has progressed to the point that it cannot be
> canceled by software or ENODEV if there is no update in
> progress.
>
> Signed-off-by: Russ Weight <russell.h.weight@intel.com>
> ---
> .../ABI/testing/sysfs-class-ifpga-sec-mgr | 10 ++++
> drivers/fpga/ifpga-sec-mgr.c | 59 +++++++++++++++++--
> include/linux/fpga/ifpga-sec-mgr.h | 1 +
> 3 files changed, 66 insertions(+), 4 deletions(-)
>
> diff --git a/Documentation/ABI/testing/sysfs-class-ifpga-sec-mgr b/Documentation/ABI/testing/sysfs-class-ifpga-sec-mgr
> index cf1967f1b3e3..762a7dee9453 100644
> --- a/Documentation/ABI/testing/sysfs-class-ifpga-sec-mgr
> +++ b/Documentation/ABI/testing/sysfs-class-ifpga-sec-mgr
> @@ -87,6 +87,16 @@ Description: Write only. Write the filename of an Intel image
> and Root Entry Hashes, and to cancel Code Signing
> Keys (CSK).
>
> +What: /sys/class/ifpga_sec_mgr/ifpga_secX/update/cancel
> +Date: Sep 2020
> +KernelVersion: 5.10
> +Contact: Russ Weight <russell.h.weight@intel.com>
> +Description: Write-only. Write a "1" to this file to request
> + that a current update be canceled. This request
> + will be rejected (EBUSY) if the programming phase
> + has already started or (ENODEV) if there is no
> + update in progress.
> +
> What: /sys/class/ifpga_sec_mgr/ifpga_secX/update/status
> Date: Sep 2020
> KernelVersion: 5.10
> diff --git a/drivers/fpga/ifpga-sec-mgr.c b/drivers/fpga/ifpga-sec-mgr.c
> index 4ca5d13e5656..afd97c135ebe 100644
> --- a/drivers/fpga/ifpga-sec-mgr.c
> +++ b/drivers/fpga/ifpga-sec-mgr.c
> @@ -159,6 +159,23 @@ static void ifpga_sec_dev_error(struct ifpga_sec_mgr *imgr,
> imgr->iops->cancel(imgr);
> }
>
> +static int progress_transition(struct ifpga_sec_mgr *imgr,
> + enum ifpga_sec_prog new_progress)
> +{
> + int ret = 0;
> +
> + mutex_lock(&imgr->lock);
> + if (imgr->request_cancel) {
> + set_error(imgr, IFPGA_SEC_ERR_CANCELED);
> + imgr->iops->cancel(imgr);
check cancel() for double error ?
should request_cancel be cleared ?
> + ret = -ECANCELED;
> + } else {
> + update_progress(imgr, new_progress);
> + }
> + mutex_unlock(&imgr->lock);
> + return ret;
> +}
> +
> static void progress_complete(struct ifpga_sec_mgr *imgr)
> {
> mutex_lock(&imgr->lock);
> @@ -190,16 +207,20 @@ static void ifpga_sec_mgr_update(struct work_struct *work)
> goto release_fw_exit;
> }
>
> - update_progress(imgr, IFPGA_SEC_PROG_PREPARING);
> + if (progress_transition(imgr, IFPGA_SEC_PROG_PREPARING))
> + goto modput_exit;
> +
> ret = imgr->iops->prepare(imgr);
> if (ret) {
> ifpga_sec_dev_error(imgr, ret);
> goto modput_exit;
> }
>
> - update_progress(imgr, IFPGA_SEC_PROG_WRITING);
> + if (progress_transition(imgr, IFPGA_SEC_PROG_WRITING))
> + goto done;
> +
> size = imgr->remaining_size;
> - while (size) {
> + while (size && !imgr->request_cancel) {
> blk_size = min_t(u32, size, WRITE_BLOCK_SIZE);
> size -= blk_size;
> ret = imgr->iops->write_blk(imgr, offset, blk_size);
> @@ -212,7 +233,9 @@ static void ifpga_sec_mgr_update(struct work_struct *work)
> offset += blk_size;
> }
>
> - update_progress(imgr, IFPGA_SEC_PROG_PROGRAMMING);
> + if (progress_transition(imgr, IFPGA_SEC_PROG_PROGRAMMING))
> + goto done;
> +
> ret = imgr->iops->poll_complete(imgr);
> if (ret) {
> ifpga_sec_dev_error(imgr, ret);
> @@ -359,6 +382,7 @@ static ssize_t filename_store(struct device *dev, struct device_attribute *attr,
> imgr->filename[strlen(imgr->filename) - 1] = '\0';
>
> imgr->err_code = IFPGA_SEC_ERR_NONE;
> + imgr->request_cancel = false;
> imgr->progress = IFPGA_SEC_PROG_READ_FILE;
> reinit_completion(&imgr->update_done);
> schedule_work(&imgr->work);
> @@ -369,8 +393,32 @@ static ssize_t filename_store(struct device *dev, struct device_attribute *attr,
> }
> static DEVICE_ATTR_WO(filename);
>
> +static ssize_t cancel_store(struct device *dev, struct device_attribute *attr,
> + const char *buf, size_t count)
> +{
> + struct ifpga_sec_mgr *imgr = to_sec_mgr(dev);
> + bool cancel;
> + int ret = 0;
int ret = count;
> +
> + if (kstrtobool(buf, &cancel) || !cancel)
This does not match your description in the testing section.
kstrtobool has many other valid inputs.
maybe check if count is 1 and buf[0] == '1'
> + return -EINVAL;
> +
> + mutex_lock(&imgr->lock);
> + if (imgr->progress == IFPGA_SEC_PROG_PROGRAMMING)
> + ret = -EBUSY;
> + else if (imgr->progress == IFPGA_SEC_PROG_IDLE)
> + ret = -ENODEV;
> + else
> + imgr->request_cancel = true;
> + mutex_unlock(&imgr->lock);
> +
> + return ret ? : count;
return ret;
Tom
> +}
> +static DEVICE_ATTR_WO(cancel);
> +
> static struct attribute *sec_mgr_update_attrs[] = {
> &dev_attr_filename.attr,
> + &dev_attr_cancel.attr,
> &dev_attr_status.attr,
> &dev_attr_error.attr,
> &dev_attr_remaining_size.attr,
> @@ -536,6 +584,9 @@ void ifpga_sec_mgr_unregister(struct ifpga_sec_mgr *imgr)
> goto unregister;
> }
>
> + if (imgr->progress != IFPGA_SEC_PROG_PROGRAMMING)
> + imgr->request_cancel = true;
> +
> mutex_unlock(&imgr->lock);
> wait_for_completion(&imgr->update_done);
>
> diff --git a/include/linux/fpga/ifpga-sec-mgr.h b/include/linux/fpga/ifpga-sec-mgr.h
> index f04bf9e30c67..f51ed663a723 100644
> --- a/include/linux/fpga/ifpga-sec-mgr.h
> +++ b/include/linux/fpga/ifpga-sec-mgr.h
> @@ -183,6 +183,7 @@ struct ifpga_sec_mgr {
> enum ifpga_sec_prog progress;
> enum ifpga_sec_prog err_state; /* progress state at time of failure */
> enum ifpga_sec_err err_code; /* security manager error code */
> + bool request_cancel;
> bool driver_unload;
> void *priv;
> };
next prev parent reply other threads:[~2020-09-06 17:00 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 23:52 [PATCH v1 00/12] Intel FPGA Security Manager Class Driver Russ Weight
2020-09-04 23:52 ` [PATCH v1 01/12] fpga: fpga security manager class driver Russ Weight
2020-09-04 23:57 ` Randy Dunlap
2020-09-05 0:23 ` Moritz Fischer
2020-09-05 0:44 ` Russ Weight
2020-09-05 13:39 ` Wu, Hao
2020-09-05 19:09 ` Tom Rix
[not found] ` <ebf251a0-5f13-d1a1-6915-e3c940bb19fe@intel.com>
2020-09-10 21:51 ` Tom Rix
2020-09-10 23:05 ` Russ Weight
2020-09-16 20:16 ` Moritz Fischer
2020-09-30 20:54 ` Russ Weight
2020-10-01 0:31 ` Moritz Fischer
2020-10-01 1:07 ` Russ Weight
2020-10-01 19:07 ` Moritz Fischer
2020-09-04 23:52 ` [PATCH v1 02/12] fpga: create intel max10 bmc security engine Russ Weight
2020-09-05 0:01 ` Randy Dunlap
2020-09-05 0:05 ` Russ Weight
2020-09-05 20:22 ` Tom Rix
2020-09-14 19:07 ` Russ Weight
2020-09-14 20:48 ` Tom Rix
2020-09-14 21:40 ` Russ Weight
2020-09-16 20:33 ` Moritz Fischer
2020-09-30 23:14 ` Russ Weight
2020-09-04 23:52 ` [PATCH v1 03/12] fpga: expose max10 flash update counts in sysfs Russ Weight
2020-09-05 20:39 ` Tom Rix
2020-09-16 18:37 ` Russ Weight
2020-09-04 23:52 ` [PATCH v1 04/12] fpga: expose max10 canceled keys " Russ Weight
2020-09-05 20:52 ` Tom Rix
2020-09-04 23:52 ` [PATCH v1 05/12] fpga: enable secure updates Russ Weight
2020-09-05 22:04 ` Tom Rix
[not found] ` <1d90bfb6-417c-55df-9290-991c391158a9@intel.com>
2020-09-20 15:24 ` Tom Rix
2020-09-04 23:52 ` [PATCH v1 06/12] fpga: add max10 secure update functions Russ Weight
2020-09-06 16:10 ` Tom Rix
2020-09-22 1:15 ` Russ Weight
2020-09-08 8:05 ` Lee Jones
2020-09-04 23:53 ` [PATCH v1 07/12] fpga: expose sec-mgr update status Russ Weight
2020-09-06 16:16 ` Tom Rix
2020-09-22 22:31 ` Russ Weight
2020-09-04 23:53 ` [PATCH v1 08/12] fpga: expose sec-mgr update errors Russ Weight
2020-09-06 16:27 ` Tom Rix
2020-09-22 23:42 ` Russ Weight
2020-09-23 12:52 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 09/12] fpga: expose sec-mgr update size Russ Weight
2020-09-06 16:39 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 10/12] fpga: enable sec-mgr update cancel Russ Weight
2020-09-06 17:00 ` Tom Rix [this message]
[not found] ` <678f8d39-a244-42d0-4c56-91eb859b43f0@intel.com>
2020-09-23 13:02 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 11/12] fpga: expose hardware error info in sysfs Russ Weight
2020-09-06 17:06 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 12/12] fpga: add max10 get_hw_errinfo callback func Russ Weight
2020-09-06 17:14 ` Tom Rix
2020-09-24 21:48 ` Russ Weight
2020-09-05 14:13 ` [PATCH v1 00/12] Intel FPGA Security Manager Class Driver Wu, Hao
2020-10-01 20:42 ` Russ Weight
2020-09-05 16:10 ` Tom Rix
2020-09-05 17:16 ` Tom Rix
2020-10-01 0:19 ` Russ Weight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bfcdc249-1cc7-e755-1030-cf1fed2416fa@redhat.com \
--to=trix@redhat.com \
--cc=hao.wu@intel.com \
--cc=lee.jones@linaro.org \
--cc=lgoncalv@redhat.com \
--cc=linux-fpga@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthew.gerlach@intel.com \
--cc=mdf@kernel.org \
--cc=russell.h.weight@intel.com \
--cc=yilun.xu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.