* [PATCH] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks
@ 2022-06-16 17:03 Cristian Marussi
2022-06-16 18:02 ` Robin Murphy
2022-06-21 19:27 ` Sudeep Holla
0 siblings, 2 replies; 4+ messages in thread
From: Cristian Marussi @ 2022-06-16 17:03 UTC (permalink / raw)
To: linux-kernel, linux-arm-kernel
Cc: sudeep.holla, robin.murphy, nicola.mazzucato, vincent.guittot,
f.fainelli, Cristian Marussi
A reply to CLOCK_DESCRIBE_RATES issued against a non rate-discrete clock
should be composed of a triplet of rates descriptors (min/max/step)
returned all in one reply message.
This is not always the case when dealing with some SCMI server deployed in
the wild: relax such constraint while maintaining memory safety by checking
carefully the returned payload size.
While at that cleanup a stale debug printout.
Fixes: 7bc7caafe6b1 ("firmware: arm_scmi: Use common iterators in the clock protocol")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
---
drivers/firmware/arm_scmi/clock.c | 26 +++++++++++++++++++++++++-
drivers/firmware/arm_scmi/driver.c | 1 +
drivers/firmware/arm_scmi/protocols.h | 3 +++
3 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/arm_scmi/clock.c b/drivers/firmware/arm_scmi/clock.c
index c7a83f6e38e5..3ed7ae0d6781 100644
--- a/drivers/firmware/arm_scmi/clock.c
+++ b/drivers/firmware/arm_scmi/clock.c
@@ -194,6 +194,7 @@ static int rate_cmp_func(const void *_r1, const void *_r2)
}
struct scmi_clk_ipriv {
+ struct device *dev;
u32 clk_id;
struct scmi_clock_info *clk;
};
@@ -223,6 +224,29 @@ iter_clk_describe_update_state(struct scmi_iterator_state *st,
st->num_returned = NUM_RETURNED(flags);
p->clk->rate_discrete = RATE_DISCRETE(flags);
+ /* Warn about out of spec replies ... */
+ if (!p->clk->rate_discrete &&
+ (st->num_returned != 3 || st->num_remaining != 0)) {
+ dev_warn(p->dev,
+ "Out-of-spec CLOCK_DESCRIBE_RATES reply for %s - returned:%d remaining:%d rx_len:%zd\n",
+ p->clk->name, st->num_returned, st->num_remaining,
+ st->rx_len);
+
+ /*
+ * A known quirk: a triplet is returned but num_returned != 3
+ * Check for a safe payload size and fix.
+ */
+ if (st->num_returned != 3 && st->num_remaining == 0 &&
+ st->rx_len == sizeof(*r) + sizeof(__le32) * 2 * 3) {
+ st->num_returned = 3;
+ st->num_remaining = 0;
+ } else {
+ dev_err(p->dev,
+ "Cannot fix out-of-spec reply !\n");
+ return -EPROTO;
+ }
+ }
+
return 0;
}
@@ -255,7 +279,6 @@ iter_clk_describe_process_response(const struct scmi_protocol_handle *ph,
*rate = RATE_TO_U64(r->rate[st->loop_idx]);
p->clk->list.num_rates++;
- //XXX dev_dbg(ph->dev, "Rate %llu Hz\n", *rate);
}
return ret;
@@ -275,6 +298,7 @@ scmi_clock_describe_rates_get(const struct scmi_protocol_handle *ph, u32 clk_id,
struct scmi_clk_ipriv cpriv = {
.clk_id = clk_id,
.clk = clk,
+ .dev = ph->dev,
};
iter = ph->hops->iter_response_init(ph, &ops, SCMI_MAX_NUM_RATES,
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index c1922bd650ae..8b7ac6663d57 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -1223,6 +1223,7 @@ static int scmi_iterator_run(void *iter)
if (ret)
break;
+ st->rx_len = i->t->rx.len;
ret = iops->update_state(st, i->resp, i->priv);
if (ret)
break;
diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h
index c679f3fb8718..51c31379f9b3 100644
--- a/drivers/firmware/arm_scmi/protocols.h
+++ b/drivers/firmware/arm_scmi/protocols.h
@@ -179,6 +179,8 @@ struct scmi_protocol_handle {
* @max_resources: Maximum acceptable number of items, configured by the caller
* depending on the underlying resources that it is querying.
* @loop_idx: The iterator loop index in the current multi-part reply.
+ * @rx_len: Size in bytes of the currenly processed message; it can be used by
+ * the user of the iterator to verify a reply size.
* @priv: Optional pointer to some additional state-related private data setup
* by the caller during the iterations.
*/
@@ -188,6 +190,7 @@ struct scmi_iterator_state {
unsigned int num_remaining;
unsigned int max_resources;
unsigned int loop_idx;
+ size_t rx_len;
void *priv;
};
--
2.32.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks
2022-06-16 17:03 [PATCH] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks Cristian Marussi
@ 2022-06-16 18:02 ` Robin Murphy
2022-06-17 11:12 ` Cristian Marussi
2022-06-21 19:27 ` Sudeep Holla
1 sibling, 1 reply; 4+ messages in thread
From: Robin Murphy @ 2022-06-16 18:02 UTC (permalink / raw)
To: Cristian Marussi, linux-kernel, linux-arm-kernel
Cc: sudeep.holla, nicola.mazzucato, vincent.guittot, f.fainelli
On 2022-06-16 18:03, Cristian Marussi wrote:
> A reply to CLOCK_DESCRIBE_RATES issued against a non rate-discrete clock
> should be composed of a triplet of rates descriptors (min/max/step)
> returned all in one reply message.
>
> This is not always the case when dealing with some SCMI server deployed in
> the wild: relax such constraint while maintaining memory safety by checking
> carefully the returned payload size.
>
> While at that cleanup a stale debug printout.
I know we're testing on the same platform so it's of limited value, but
for the record this does indeed make my display work again, so FWIW:
Tested-by: Robin Murphy <robin.murphy@arm.com>
Thanks for the quick turnaround!
Robin.
> Fixes: 7bc7caafe6b1 ("firmware: arm_scmi: Use common iterators in the clock protocol")
> Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
> ---
> drivers/firmware/arm_scmi/clock.c | 26 +++++++++++++++++++++++++-
> drivers/firmware/arm_scmi/driver.c | 1 +
> drivers/firmware/arm_scmi/protocols.h | 3 +++
> 3 files changed, 29 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/firmware/arm_scmi/clock.c b/drivers/firmware/arm_scmi/clock.c
> index c7a83f6e38e5..3ed7ae0d6781 100644
> --- a/drivers/firmware/arm_scmi/clock.c
> +++ b/drivers/firmware/arm_scmi/clock.c
> @@ -194,6 +194,7 @@ static int rate_cmp_func(const void *_r1, const void *_r2)
> }
>
> struct scmi_clk_ipriv {
> + struct device *dev;
> u32 clk_id;
> struct scmi_clock_info *clk;
> };
> @@ -223,6 +224,29 @@ iter_clk_describe_update_state(struct scmi_iterator_state *st,
> st->num_returned = NUM_RETURNED(flags);
> p->clk->rate_discrete = RATE_DISCRETE(flags);
>
> + /* Warn about out of spec replies ... */
> + if (!p->clk->rate_discrete &&
> + (st->num_returned != 3 || st->num_remaining != 0)) {
> + dev_warn(p->dev,
> + "Out-of-spec CLOCK_DESCRIBE_RATES reply for %s - returned:%d remaining:%d rx_len:%zd\n",
> + p->clk->name, st->num_returned, st->num_remaining,
> + st->rx_len);
> +
> + /*
> + * A known quirk: a triplet is returned but num_returned != 3
> + * Check for a safe payload size and fix.
> + */
> + if (st->num_returned != 3 && st->num_remaining == 0 &&
> + st->rx_len == sizeof(*r) + sizeof(__le32) * 2 * 3) {
> + st->num_returned = 3;
> + st->num_remaining = 0;
> + } else {
> + dev_err(p->dev,
> + "Cannot fix out-of-spec reply !\n");
> + return -EPROTO;
> + }
> + }
> +
> return 0;
> }
>
> @@ -255,7 +279,6 @@ iter_clk_describe_process_response(const struct scmi_protocol_handle *ph,
>
> *rate = RATE_TO_U64(r->rate[st->loop_idx]);
> p->clk->list.num_rates++;
> - //XXX dev_dbg(ph->dev, "Rate %llu Hz\n", *rate);
> }
>
> return ret;
> @@ -275,6 +298,7 @@ scmi_clock_describe_rates_get(const struct scmi_protocol_handle *ph, u32 clk_id,
> struct scmi_clk_ipriv cpriv = {
> .clk_id = clk_id,
> .clk = clk,
> + .dev = ph->dev,
> };
>
> iter = ph->hops->iter_response_init(ph, &ops, SCMI_MAX_NUM_RATES,
> diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
> index c1922bd650ae..8b7ac6663d57 100644
> --- a/drivers/firmware/arm_scmi/driver.c
> +++ b/drivers/firmware/arm_scmi/driver.c
> @@ -1223,6 +1223,7 @@ static int scmi_iterator_run(void *iter)
> if (ret)
> break;
>
> + st->rx_len = i->t->rx.len;
> ret = iops->update_state(st, i->resp, i->priv);
> if (ret)
> break;
> diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h
> index c679f3fb8718..51c31379f9b3 100644
> --- a/drivers/firmware/arm_scmi/protocols.h
> +++ b/drivers/firmware/arm_scmi/protocols.h
> @@ -179,6 +179,8 @@ struct scmi_protocol_handle {
> * @max_resources: Maximum acceptable number of items, configured by the caller
> * depending on the underlying resources that it is querying.
> * @loop_idx: The iterator loop index in the current multi-part reply.
> + * @rx_len: Size in bytes of the currenly processed message; it can be used by
> + * the user of the iterator to verify a reply size.
> * @priv: Optional pointer to some additional state-related private data setup
> * by the caller during the iterations.
> */
> @@ -188,6 +190,7 @@ struct scmi_iterator_state {
> unsigned int num_remaining;
> unsigned int max_resources;
> unsigned int loop_idx;
> + size_t rx_len;
> void *priv;
> };
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks
2022-06-16 18:02 ` Robin Murphy
@ 2022-06-17 11:12 ` Cristian Marussi
0 siblings, 0 replies; 4+ messages in thread
From: Cristian Marussi @ 2022-06-17 11:12 UTC (permalink / raw)
To: Robin Murphy
Cc: linux-kernel, linux-arm-kernel, sudeep.holla, nicola.mazzucato,
vincent.guittot, f.fainelli
On Thu, Jun 16, 2022 at 07:02:49PM +0100, Robin Murphy wrote:
> On 2022-06-16 18:03, Cristian Marussi wrote:
> > A reply to CLOCK_DESCRIBE_RATES issued against a non rate-discrete clock
> > should be composed of a triplet of rates descriptors (min/max/step)
> > returned all in one reply message.
> >
> > This is not always the case when dealing with some SCMI server deployed in
> > the wild: relax such constraint while maintaining memory safety by checking
> > carefully the returned payload size.
> >
> > While at that cleanup a stale debug printout.
>
> I know we're testing on the same platform so it's of limited value, but for
> the record this does indeed make my display work again, so FWIW:
>
> Tested-by: Robin Murphy <robin.murphy@arm.com>
>
> Thanks for the quick turnaround!
> Robin.
>
Thanks Robin.
Testing is never enough :P
Thanks,
Cristian
> > Fixes: 7bc7caafe6b1 ("firmware: arm_scmi: Use common iterators in the clock protocol")
> > Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
> > ---
> > drivers/firmware/arm_scmi/clock.c | 26 +++++++++++++++++++++++++-
> > drivers/firmware/arm_scmi/driver.c | 1 +
> > drivers/firmware/arm_scmi/protocols.h | 3 +++
> > 3 files changed, 29 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/firmware/arm_scmi/clock.c b/drivers/firmware/arm_scmi/clock.c
> > index c7a83f6e38e5..3ed7ae0d6781 100644
> > --- a/drivers/firmware/arm_scmi/clock.c
> > +++ b/drivers/firmware/arm_scmi/clock.c
> > @@ -194,6 +194,7 @@ static int rate_cmp_func(const void *_r1, const void *_r2)
> > }
> > struct scmi_clk_ipriv {
> > + struct device *dev;
> > u32 clk_id;
> > struct scmi_clock_info *clk;
> > };
> > @@ -223,6 +224,29 @@ iter_clk_describe_update_state(struct scmi_iterator_state *st,
> > st->num_returned = NUM_RETURNED(flags);
> > p->clk->rate_discrete = RATE_DISCRETE(flags);
> > + /* Warn about out of spec replies ... */
> > + if (!p->clk->rate_discrete &&
> > + (st->num_returned != 3 || st->num_remaining != 0)) {
> > + dev_warn(p->dev,
> > + "Out-of-spec CLOCK_DESCRIBE_RATES reply for %s - returned:%d remaining:%d rx_len:%zd\n",
> > + p->clk->name, st->num_returned, st->num_remaining,
> > + st->rx_len);
> > +
> > + /*
> > + * A known quirk: a triplet is returned but num_returned != 3
> > + * Check for a safe payload size and fix.
> > + */
> > + if (st->num_returned != 3 && st->num_remaining == 0 &&
> > + st->rx_len == sizeof(*r) + sizeof(__le32) * 2 * 3) {
> > + st->num_returned = 3;
> > + st->num_remaining = 0;
> > + } else {
> > + dev_err(p->dev,
> > + "Cannot fix out-of-spec reply !\n");
> > + return -EPROTO;
> > + }
> > + }
> > +
> > return 0;
> > }
> > @@ -255,7 +279,6 @@ iter_clk_describe_process_response(const struct scmi_protocol_handle *ph,
> > *rate = RATE_TO_U64(r->rate[st->loop_idx]);
> > p->clk->list.num_rates++;
> > - //XXX dev_dbg(ph->dev, "Rate %llu Hz\n", *rate);
> > }
> > return ret;
> > @@ -275,6 +298,7 @@ scmi_clock_describe_rates_get(const struct scmi_protocol_handle *ph, u32 clk_id,
> > struct scmi_clk_ipriv cpriv = {
> > .clk_id = clk_id,
> > .clk = clk,
> > + .dev = ph->dev,
> > };
> > iter = ph->hops->iter_response_init(ph, &ops, SCMI_MAX_NUM_RATES,
> > diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
> > index c1922bd650ae..8b7ac6663d57 100644
> > --- a/drivers/firmware/arm_scmi/driver.c
> > +++ b/drivers/firmware/arm_scmi/driver.c
> > @@ -1223,6 +1223,7 @@ static int scmi_iterator_run(void *iter)
> > if (ret)
> > break;
> > + st->rx_len = i->t->rx.len;
> > ret = iops->update_state(st, i->resp, i->priv);
> > if (ret)
> > break;
> > diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h
> > index c679f3fb8718..51c31379f9b3 100644
> > --- a/drivers/firmware/arm_scmi/protocols.h
> > +++ b/drivers/firmware/arm_scmi/protocols.h
> > @@ -179,6 +179,8 @@ struct scmi_protocol_handle {
> > * @max_resources: Maximum acceptable number of items, configured by the caller
> > * depending on the underlying resources that it is querying.
> > * @loop_idx: The iterator loop index in the current multi-part reply.
> > + * @rx_len: Size in bytes of the currenly processed message; it can be used by
> > + * the user of the iterator to verify a reply size.
> > * @priv: Optional pointer to some additional state-related private data setup
> > * by the caller during the iterations.
> > */
> > @@ -188,6 +190,7 @@ struct scmi_iterator_state {
> > unsigned int num_remaining;
> > unsigned int max_resources;
> > unsigned int loop_idx;
> > + size_t rx_len;
> > void *priv;
> > };
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks
2022-06-16 17:03 [PATCH] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks Cristian Marussi
2022-06-16 18:02 ` Robin Murphy
@ 2022-06-21 19:27 ` Sudeep Holla
1 sibling, 0 replies; 4+ messages in thread
From: Sudeep Holla @ 2022-06-21 19:27 UTC (permalink / raw)
To: linux-arm-kernel, linux-kernel, Cristian Marussi
Cc: Sudeep Holla, vincent.guittot, nicola.mazzucato, robin.murphy,
f.fainelli
On Thu, 16 Jun 2022 18:03:47 +0100, Cristian Marussi wrote:
> A reply to CLOCK_DESCRIBE_RATES issued against a non rate-discrete clock
> should be composed of a triplet of rates descriptors (min/max/step)
> returned all in one reply message.
>
> This is not always the case when dealing with some SCMI server deployed in
> the wild: relax such constraint while maintaining memory safety by checking
> carefully the returned payload size.
>
> [...]
Applied to sudeep.holla/linux (for-next/scmi), thanks!
[1/1] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks
https://git.kernel.org/sudeep.holla/c/754f04cac3
--
Regards,
Sudeep
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-21 19:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-16 17:03 [PATCH] firmware: arm_scmi: Relax CLOCK_DESCRIBE_RATES out-of-spec checks Cristian Marussi
2022-06-16 18:02 ` Robin Murphy
2022-06-17 11:12 ` Cristian Marussi
2022-06-21 19:27 ` Sudeep Holla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).