Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4171455ybx; Mon, 4 Nov 2019 08:56:45 -0800 (PST) X-Google-Smtp-Source: APXvYqwPQFKMSgTVLwDMb7LzshXOIVAFScZN0vL72d5UCs2VAFXt5RUKnfhT+e+s9XKxDjX5xVCN X-Received: by 2002:a17:906:770c:: with SMTP id q12mr24813915ejm.75.1572886604897; Mon, 04 Nov 2019 08:56:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572886604; cv=none; d=google.com; s=arc-20160816; b=Ri2qFjM3j6lhi+CQHwBlDuvsXEGHajaYWypwz6D076Xp4a7aEqcO4IIbpSjtQa4OFg 3JcBIUsPZ2OsnTlYHMPAiiZIa/G+aT1jhFY0zKinBUWOlXvZwliK5TAHss6Y9VSAeNh9 aFvJqzUfDQM+A/xYtJWrLyj5KglKsKFLqht1v+GyjruGH57QTFhkO2K4okw4CEIaLlTF LymYu+brkVW8UCVdfO0aGmPXfH4UKYf3Q8n+MkqSoo02KwJXQV8TEXCKnhp1cu6rDWd6 eV5nui00/BwgLPmbHb682JCsk7mOuxhlDTPMonBUL5F6XY6es7qPGq9EFm7nM3zZ+pAv 2Uqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature; bh=qbydSBqseaw/lQj0nQ/gQN6CVr9wzBelvAaWVLCPwUc=; b=qHCVjux7NniqNgXQcdc2gr8yZAw6MiKZHBBTy2+NeVlfIUcdX4bvsA0buVBR6TYWHH v7GXKgFeaIrFiS8PneWQOfgAFBRah1Zou9xq2ZR/+JVkl40HF4KOGiTaF4Pi3EF7wKex oGhJP7QIrZHyT4eKXdEIZmh8en4cglXMiINYJR9jOMx11qSy1vsgQoXGB8O7QzcuIMxd +DVQyDRc4rMfLzZ8UwJxLEAC81FVymEgzvDTl86d6tREYZAkVRvCPqYWvk2wM+KuMAQM 4xWOXrszR+Cw84TSloaPq2epqubKFFR7tlOF0ltZBFmbmsZBuXE/LAaZ1Ha2TkhGYl3o f2/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@ffwll.ch header.s=google header.b=aXylMG+y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o17si2657412ejr.153.2019.11.04.08.56.21; Mon, 04 Nov 2019 08:56:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@ffwll.ch header.s=google header.b=aXylMG+y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729413AbfKDQzE (ORCPT + 99 others); Mon, 4 Nov 2019 11:55:04 -0500 Received: from mail-wm1-f45.google.com ([209.85.128.45]:32925 "EHLO mail-wm1-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729397AbfKDQzC (ORCPT ); Mon, 4 Nov 2019 11:55:02 -0500 Received: by mail-wm1-f45.google.com with SMTP id 6so14502489wmf.0 for ; Mon, 04 Nov 2019 08:55:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=sender:date:from:to:cc:subject:message-id:mail-followup-to :references:mime-version:content-disposition:in-reply-to:user-agent; bh=qbydSBqseaw/lQj0nQ/gQN6CVr9wzBelvAaWVLCPwUc=; b=aXylMG+y/bVQLTKpkPecMubi5xk8neo1TPugA58jbdUqDzUO5t+mCleDMf6m0aiXcc bd1rkbzogwK7Ja/TtVsHcU1F9zp1DzrDSw3c7t4IWSNcfO5XJJH8higwdCL15KW8ubpZ iDdcFEO7G4ECVLB2pdN8FjG2wQwn/hv1P+0Eg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to:user-agent; bh=qbydSBqseaw/lQj0nQ/gQN6CVr9wzBelvAaWVLCPwUc=; b=iRsgiTe6BI8iotgCBwFPr0TD7LxW9hbPQqORm1nQuK5ScMMp4W5toXZDK0VzqMUD6x VMXK2w2L3/G9DYNlYmAnJPoWI2QvzVDLwmX2sA2TD3kBgJnWtg4vsiLK9Fgqa7FLn9Qg dBobWXl+AunpdgVWVfBh5SANfWW9Dvqz5KcPPVzB47Lea2n5lsIrycVWxpI2jyH+sLmd h4da1OWvyj+HGOq2ZjcdbPmP8FWloOnM5/c1/uXmwEGp9X+XbimIOoLX7uxiZcP3LyPN 8IWdOwsAc07A+O31dUUhhQnRpVaZRtLCqssKqPGSXehFD+oa1g2bsWeOzhB6FxreJf3W RxkQ== X-Gm-Message-State: APjAAAVfvK/M6dfPog+zLNQGy8pqRpMBt5Cepb8whb1Md8PlvBUmIKx6 JqFtlpTDmgHlRQeZ7PyQ5p1cUA== X-Received: by 2002:a1c:f011:: with SMTP id a17mr86381wmb.18.1572886500036; Mon, 04 Nov 2019 08:55:00 -0800 (PST) Received: from phenom.ffwll.local (212-51-149-96.fiber7.init7.net. [212.51.149.96]) by smtp.gmail.com with ESMTPSA id r19sm20025253wrr.47.2019.11.04.08.54.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2019 08:54:59 -0800 (PST) Date: Mon, 4 Nov 2019 17:54:57 +0100 From: Daniel Vetter To: Harry Wentland Cc: Daniel Vetter , "Lakha, Bhawanpreet" , Colin Ian King , "Wentland, Harry" , "Li, Sun peng (Leo)" , "Deucher, Alexander" , "Koenig, Christian" , "Zhou, David(ChunMing)" , David Airlie , amd-gfx mailing list , "dri-devel@lists.freedesktop.org" , "linux-kernel@vger.kernel.org" Subject: Re: drm/amd/display: Add HDCP module - static analysis bug report Message-ID: <20191104165457.GH10326@phenom.ffwll.local> Mail-Followup-To: Harry Wentland , "Lakha, Bhawanpreet" , Colin Ian King , "Wentland, Harry" , "Li, Sun peng (Leo)" , "Deucher, Alexander" , "Koenig, Christian" , "Zhou, David(ChunMing)" , David Airlie , amd-gfx mailing list , "dri-devel@lists.freedesktop.org" , "linux-kernel@vger.kernel.org" References: <951eb7dc-bebe-5049-4998-f199e18b0bf3@canonical.com> <20191009163235.GT16989@phenom.ffwll.local> <53bf910b-5f9c-946b-17ee-602c24c0fa96@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53bf910b-5f9c-946b-17ee-602c24c0fa96@amd.com> X-Operating-System: Linux phenom 5.2.0-3-amd64 User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 04, 2019 at 03:23:09PM +0000, Harry Wentland wrote: > On 2019-11-04 5:53 a.m., Daniel Vetter wrote: > > On Wed, Oct 9, 2019 at 10:58 PM Daniel Vetter wrote: > >> On Wed, Oct 9, 2019 at 10:46 PM Lakha, Bhawanpreet > >> wrote: > >>> > >>> I misunderstood and was talking about the ksv validation specifically > >>> (usage of drm_hdcp_check_ksvs_revoked()). > >> > >> Hm for that specifically I think you want to do both, i.e. both > >> consult your psp, but also check for revoked ksvs with the core > >> helper. At least on some platforms only the core helper might have the > >> updated revoke list. > >> > > I think it's an either/or. Either we use an HDCP implementation that's > fully running in x86 kernel space (still not sure how that's compliant) > or we fully rely on our PSP FW to do what it's designed to do. I don't > think it makes sense to mix and match here. Then you need to somehow tie the revoke list that's in the psp to the revoke list update logic we have. That's what we've done for hdcp2 (which is similarly to yours implemented in hw). The point is that on linux we now have a standard way to get these revoke lists updated/handled. I guess it wasn't clear how exactly I think you're supposed to combine them? -Daniel > > >>> For the defines I will create patches to use drm_hdcp where it is usable. > >> > >> Thanks a lot. Ime once we have shared definitions it's much easier to > >> also share some helpers, where it makes sense. > >> > >> Aside I think the hdcp code could also use a bit of demidlayering. At > >> least I'm not understanding why you add a 2nd abstraction layer for > >> i2c/dpcd, dm_helper already has that. That seems like one abstraction > >> layer too much. > > > > I haven't seen anything fly by or in the latest pull request ... you > > folks still working on this or more put on the "maybe, probably never" > > pile? > > > > Following up with Bhawan. > > Harry > > > -Daniel > > > > > >> -Daniel > >> > >>> > >>> > >>> Bhawan > >>> > >>> On 2019-10-09 2:43 p.m., Daniel Vetter wrote: > >>>> On Wed, Oct 9, 2019 at 8:23 PM Lakha, Bhawanpreet > >>>> wrote: > >>>>> Hi, > >>>>> > >>>>> The reason we don't use drm_hdcp is because our policy is to do hdcp > >>>>> verification using PSP/HW (onboard secure processor). > >>>> i915 also uses hw to auth, we still use the parts from drm_hdcp ... > >>>> Did you actually look at what's in there? It's essentially just shared > >>>> defines and data structures from the standard, plus a few minimal > >>>> helpers to en/decode some bits. Just from a quick read the entire > >>>> patch very much looks like midlayer everywhere design that we > >>>> discussed back when DC landed ... > >>>> -Daniel > >>>> > >>>>> Bhawan > >>>>> > >>>>> On 2019-10-09 12:32 p.m., Daniel Vetter wrote: > >>>>>> On Thu, Oct 03, 2019 at 11:08:03PM +0100, Colin Ian King wrote: > >>>>>>> Hi, > >>>>>>> > >>>>>>> Static analysis with Coverity has detected a potential issue with > >>>>>>> function validate_bksv in > >>>>>>> drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c with recent > >>>>>>> commit: > >>>>>>> > >>>>>>> commit ed9d8e2bcb003ec94658cafe9b1bb3960e2139ec > >>>>>>> Author: Bhawanpreet Lakha > >>>>>>> Date: Tue Aug 6 17:52:01 2019 -0400 > >>>>>>> > >>>>>>> drm/amd/display: Add HDCP module > >>>>>> I think the real question here is ... why is this not using drm_hdcp? > >>>>>> -Daniel > >>>>>> > >>>>>>> The analysis is as follows: > >>>>>>> > >>>>>>> 28 static inline enum mod_hdcp_status validate_bksv(struct mod_hdcp *hdcp) > >>>>>>> 29 { > >>>>>>> > >>>>>>> CID 89852 (#1 of 1): Out-of-bounds read (OVERRUN) > >>>>>>> > >>>>>>> 1. overrun-local: > >>>>>>> Overrunning array of 5 bytes at byte offset 7 by dereferencing pointer > >>>>>>> (uint64_t *)hdcp->auth.msg.hdcp1.bksv. > >>>>>>> > >>>>>>> 30 uint64_t n = *(uint64_t *)hdcp->auth.msg.hdcp1.bksv; > >>>>>>> 31 uint8_t count = 0; > >>>>>>> 32 > >>>>>>> 33 while (n) { > >>>>>>> 34 count++; > >>>>>>> 35 n &= (n - 1); > >>>>>>> 36 } > >>>>>>> > >>>>>>> hdcp->auth.msg.hdcp1.bksv is an array of 5 uint8_t as defined in > >>>>>>> drivers/gpu/drm/amd/display/modules/hdcp/hdcp.h as follows: > >>>>>>> > >>>>>>> struct mod_hdcp_message_hdcp1 { > >>>>>>> uint8_t an[8]; > >>>>>>> uint8_t aksv[5]; > >>>>>>> uint8_t ainfo; > >>>>>>> uint8_t bksv[5]; > >>>>>>> uint16_t r0p; > >>>>>>> uint8_t bcaps; > >>>>>>> uint16_t bstatus; > >>>>>>> uint8_t ksvlist[635]; > >>>>>>> uint16_t ksvlist_size; > >>>>>>> uint8_t vp[20]; > >>>>>>> > >>>>>>> uint16_t binfo_dp; > >>>>>>> }; > >>>>>>> > >>>>>>> variable n is going to contain the contains of r0p and bcaps. I'm not > >>>>>>> sure if that is intentional. If not, then the count is going to be > >>>>>>> incorrect if these are non-zero. > >>>>>>> > >>>>>>> Colin > >>>>> _______________________________________________ > >>>>> dri-devel mailing list > >>>>> dri-devel@lists.freedesktop.org > >>>>> https://lists.freedesktop.org/mailman/listinfo/dri-devel > >>>> > >>>> > >> > >> > >> > >> -- > >> Daniel Vetter > >> Software Engineer, Intel Corporation > >> +41 (0) 79 365 57 48 - http://blog.ffwll.ch > > > > > > > > -- > > Daniel Vetter > > Software Engineer, Intel Corporation > > +41 (0) 79 365 57 48 - http://blog.ffwll.ch > > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch