misc: fastrpc: check before loading process to the DSP

Reject session if DSP domain is secure, device node is non-secure and signed
PD is requested. Secure device node can access DSP without any restriction.

Unsigned PD offload is only allowed for the DSP domain that can support
unsigned offloading.

Signed-off-by: Jeya R <jeyr@codeaurora.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220214161002.6831-7-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Jeya R 2022-02-14 16:09:56 +00:00 committed by Greg Kroah-Hartman
parent 3abe3ab3cd
commit 7f1f481263
2 changed files with 50 additions and 0 deletions

View File

@ -244,6 +244,7 @@ struct fastrpc_channel_ctx {
struct fastrpc_device *secure_fdevice; struct fastrpc_device *secure_fdevice;
struct fastrpc_device *fdevice; struct fastrpc_device *fdevice;
bool secure; bool secure;
bool unsigned_support;
}; };
struct fastrpc_device { struct fastrpc_device {
@ -264,6 +265,7 @@ struct fastrpc_user {
int tgid; int tgid;
int pd; int pd;
bool is_secure_dev;
/* Lock for lists */ /* Lock for lists */
spinlock_t lock; spinlock_t lock;
/* lock for allocations */ /* lock for allocations */
@ -1052,6 +1054,24 @@ bail:
return err; return err;
} }
static bool is_session_rejected(struct fastrpc_user *fl, bool unsigned_pd_request)
{
/* Check if the device node is non-secure and channel is secure*/
if (!fl->is_secure_dev && fl->cctx->secure) {
/*
* Allow untrusted applications to offload only to Unsigned PD when
* channel is configured as secure and block untrusted apps on channel
* that does not support unsigned PD offload
*/
if (!fl->cctx->unsigned_support || !unsigned_pd_request) {
dev_err(&fl->cctx->rpdev->dev, "Error: Untrusted application trying to offload to signed PD");
return true;
}
}
return false;
}
static int fastrpc_init_create_process(struct fastrpc_user *fl, static int fastrpc_init_create_process(struct fastrpc_user *fl,
char __user *argp) char __user *argp)
{ {
@ -1071,6 +1091,7 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
u32 siglen; u32 siglen;
} inbuf; } inbuf;
u32 sc; u32 sc;
bool unsigned_module = false;
args = kcalloc(FASTRPC_CREATE_PROCESS_NARGS, sizeof(*args), GFP_KERNEL); args = kcalloc(FASTRPC_CREATE_PROCESS_NARGS, sizeof(*args), GFP_KERNEL);
if (!args) if (!args)
@ -1081,6 +1102,14 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl,
goto err; goto err;
} }
if (init.attrs & FASTRPC_MODE_UNSIGNED_MODULE)
unsigned_module = true;
if (is_session_rejected(fl, unsigned_module)) {
err = -ECONNREFUSED;
goto err;
}
if (init.filelen > INIT_FILELEN_MAX) { if (init.filelen > INIT_FILELEN_MAX) {
err = -EINVAL; err = -EINVAL;
goto err; goto err;
@ -1280,6 +1309,7 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp)
INIT_LIST_HEAD(&fl->user); INIT_LIST_HEAD(&fl->user);
fl->tgid = current->tgid; fl->tgid = current->tgid;
fl->cctx = cctx; fl->cctx = cctx;
fl->is_secure_dev = fdevice->secure;
fl->sctx = fastrpc_session_alloc(cctx); fl->sctx = fastrpc_session_alloc(cctx);
if (!fl->sctx) { if (!fl->sctx) {
@ -1958,11 +1988,14 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev)
case ADSP_DOMAIN_ID: case ADSP_DOMAIN_ID:
case MDSP_DOMAIN_ID: case MDSP_DOMAIN_ID:
case SDSP_DOMAIN_ID: case SDSP_DOMAIN_ID:
/* Unsigned PD offloading is only supported on CDSP*/
data->unsigned_support = false;
err = fastrpc_device_register(rdev, data, secure_dsp, domains[domain_id]); err = fastrpc_device_register(rdev, data, secure_dsp, domains[domain_id]);
if (err) if (err)
goto fdev_error; goto fdev_error;
break; break;
case CDSP_DOMAIN_ID: case CDSP_DOMAIN_ID:
data->unsigned_support = true;
/* Create both device nodes so that we can allow both Signed and Unsigned PD */ /* Create both device nodes so that we can allow both Signed and Unsigned PD */
err = fastrpc_device_register(rdev, data, true, domains[domain_id]); err = fastrpc_device_register(rdev, data, true, domains[domain_id]);
if (err) if (err)

View File

@ -46,6 +46,23 @@ enum fastrpc_map_flags {
FASTRPC_MAP_MAX, FASTRPC_MAP_MAX,
}; };
enum fastrpc_proc_attr {
/* Macro for Debug attr */
FASTRPC_MODE_DEBUG = (1 << 0),
/* Macro for Ptrace */
FASTRPC_MODE_PTRACE = (1 << 1),
/* Macro for CRC Check */
FASTRPC_MODE_CRC = (1 << 2),
/* Macro for Unsigned PD */
FASTRPC_MODE_UNSIGNED_MODULE = (1 << 3),
/* Macro for Adaptive QoS */
FASTRPC_MODE_ADAPTIVE_QOS = (1 << 4),
/* Macro for System Process */
FASTRPC_MODE_SYSTEM_PROCESS = (1 << 5),
/* Macro for Prvileged Process */
FASTRPC_MODE_PRIVILEGED = (1 << 6),
};
struct fastrpc_invoke_args { struct fastrpc_invoke_args {
__u64 ptr; __u64 ptr;
__u64 length; __u64 length;