Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp3077239pxy; Mon, 3 May 2021 14:40:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzSGu6H2dGZdYF75KwtFtqsqZB8gC7hUC0eNuPWNRTTlkuvaVAomFtYCMWCHhtRPi7GP7YA X-Received: by 2002:a17:906:6789:: with SMTP id q9mr19058831ejp.295.1620078018769; Mon, 03 May 2021 14:40:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620078018; cv=none; d=google.com; s=arc-20160816; b=IFK04/g/S56plVCR/wkWqnqQXkNwQm7IgYeZ3L14dikbyl+5Til1vvRxdrn4I7MfMt GMvavEOYvOWXyqSeRjM6aht4XVdFp7tx+XOT9v55+EBvDKwRzXLHAjjtkbiaKpqzzxGq NaJL56YU5riJRTeg69vsOTBhCFS/6nH7TQf5CqaPI2P9P2IhJQZ9/HZj5l+RptI+Zcmv TsSPQe6p2/Ht5gGt59brZaE6HoqmVCMrQn3BWKrkQow+gvtKvCnPaTym80bYq15Qqnv6 X2F33HgXvnPm8TW/9RqBy6VEEh1O/6x5Fw/0WPz3+tg2y2UP4nk0G06pCmeO3fK07p7x 7I8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=/7lqgWMiewfFvecPjpbT23ckS2+qnZ+Wm9FHM7Bo1Q4=; b=hj3GTOsqNmZ1xsUg5mkBZr1328ZKR+t9ydd9v/7xJOQNLepK5KXFCr9CoxpEpv0IzK BiaK1qrZ8++FyWMmyQyR1YOERDBJOp/ESaSNUjdgZz7TmOPT/q3qpJR7U3h/TwqK4kxw F9/nMVOzBmEmCcntj/z20ymftYhFYiEVnfBPRQ6WMLjoW0eO15Fr4aGKYo7azV7ruYFS 3CxBQVkqQy+H6WJSKB+ZCQ3ETePOHcjTBk1/gmvzstrUOe6GH4NJ6IHH9DqkyALmzOnY epjZWBUGFTEpCF6Fpo2/suDwweYCVMiiLNL+Dk3K95Xc3Ga2OyzkHEeL6L1LLufXNr0Z c5bA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v25si1994375edl.262.2021.05.03.14.39.56; Mon, 03 May 2021 14:40:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229937AbhECVhH (ORCPT + 99 others); Mon, 3 May 2021 17:37:07 -0400 Received: from mga18.intel.com ([134.134.136.126]:6732 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229807AbhECVgy (ORCPT ); Mon, 3 May 2021 17:36:54 -0400 IronPort-SDR: kX7e2NSSQAi1UfkL1IuRu2CmkdpNoEOIeKUQ3tQpw4RTUcDpPfne7S8lxdhUzeTFnJQtnNHa01 7JXaprW5SxzA== X-IronPort-AV: E=McAfee;i="6200,9189,9973"; a="185312176" X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="185312176" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:36:00 -0700 IronPort-SDR: NuATPdwpOdjkQFA0APIBslQhmsbC0pf/YOsrhWvZ6QUbXkTZGl4/W8I/jB8vZElXJdv3rM2BRB WpwNbVwpK1nQ== X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="428548824" Received: from rhweight-mobl2.amr.corp.intel.com (HELO rhweight-mobl2.ra.intel.com) ([10.212.218.202]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:35:58 -0700 From: Russ Weight To: mdf@kernel.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com, hao.wu@intel.com, matthew.gerlach@intel.com, richard.gong@intel.com, Russ Weight Subject: [PATCH v12 6/7] fpga: sec-mgr: enable cancel of secure update Date: Mon, 3 May 2021 14:35:45 -0700 Message-Id: <20210503213546.316439-7-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210503213546.316439-1-russell.h.weight@intel.com> References: <20210503213546.316439-1-russell.h.weight@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Extend the FPGA Security Manager class driver to include an update/cancel sysfs file that can be written to request that an update be canceled. The write may return EBUSY if the update has progressed to the point that it cannot be canceled by software or ENODEV if there is no update in progress. Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v12: - Updated Date and KernelVersion fields in ABI documentation v11: - No change v10: - Rebased to 5.12-rc2 next - Updated Date and KernelVersion in ABI documentation v9: - Updated Date and KernelVersion in ABI documentation v8: - No change v7: - Changed Date in documentation file to December 2020 v6: - No change v5: - No change v4: - Changed from "Intel FPGA Security Manager" to FPGA Security Manager" and removed unnecessary references to "Intel". - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ v3: - No change v2: - Bumped documentation date and version - Minor code cleanup per review comments --- .../ABI/testing/sysfs-class-fpga-sec-mgr | 10 ++++ drivers/fpga/fpga-sec-mgr.c | 59 +++++++++++++++++-- include/linux/fpga/fpga-sec-mgr.h | 1 + 3 files changed, 66 insertions(+), 4 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr b/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr index c5d0b9d7c7e4..749f2d4c78d3 100644 --- a/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr +++ b/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr @@ -17,6 +17,16 @@ Description: Write only. Write the filename of an image and Root Entry Hashes, and to cancel Code Signing Keys (CSK). +What: /sys/class/fpga_sec_mgr/fpga_secX/update/cancel +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Write-only. Write a "1" to this file to request + that a current update be canceled. This request + will be rejected (EBUSY) if the programming phase + has already started or (ENODEV) if there is no + update in progress. + What: /sys/class/fpga_sec_mgr/fpga_secX/update/status Date: June 2021 KernelVersion: 5.14 diff --git a/drivers/fpga/fpga-sec-mgr.c b/drivers/fpga/fpga-sec-mgr.c index 2487042ace82..35bd419bd3b9 100644 --- a/drivers/fpga/fpga-sec-mgr.c +++ b/drivers/fpga/fpga-sec-mgr.c @@ -43,6 +43,23 @@ static void fpga_sec_dev_error(struct fpga_sec_mgr *smgr, smgr->sops->cancel(smgr); } +static int progress_transition(struct fpga_sec_mgr *smgr, + enum fpga_sec_prog new_progress) +{ + int ret = 0; + + mutex_lock(&smgr->lock); + if (smgr->request_cancel) { + set_error(smgr, FPGA_SEC_ERR_CANCELED); + smgr->sops->cancel(smgr); + ret = -ECANCELED; + } else { + update_progress(smgr, new_progress); + } + mutex_unlock(&smgr->lock); + return ret; +} + static void progress_complete(struct fpga_sec_mgr *smgr) { mutex_lock(&smgr->lock); @@ -74,15 +91,19 @@ static void fpga_sec_mgr_update(struct work_struct *work) goto release_fw_exit; } - update_progress(smgr, FPGA_SEC_PROG_PREPARING); + if (progress_transition(smgr, FPGA_SEC_PROG_PREPARING)) + goto modput_exit; + ret = smgr->sops->prepare(smgr); if (ret != FPGA_SEC_ERR_NONE) { fpga_sec_dev_error(smgr, ret); goto modput_exit; } - update_progress(smgr, FPGA_SEC_PROG_WRITING); - while (smgr->remaining_size) { + if (progress_transition(smgr, FPGA_SEC_PROG_WRITING)) + goto done; + + while (smgr->remaining_size && !smgr->request_cancel) { ret = smgr->sops->write_blk(smgr, offset); if (ret != FPGA_SEC_ERR_NONE) { fpga_sec_dev_error(smgr, ret); @@ -92,7 +113,9 @@ static void fpga_sec_mgr_update(struct work_struct *work) offset = fw->size - smgr->remaining_size; } - update_progress(smgr, FPGA_SEC_PROG_PROGRAMMING); + if (progress_transition(smgr, FPGA_SEC_PROG_PROGRAMMING)) + goto done; + ret = smgr->sops->poll_complete(smgr); if (ret != FPGA_SEC_ERR_NONE) fpga_sec_dev_error(smgr, ret); @@ -229,6 +252,7 @@ static ssize_t filename_store(struct device *dev, struct device_attribute *attr, } smgr->err_code = FPGA_SEC_ERR_NONE; + smgr->request_cancel = false; smgr->progress = FPGA_SEC_PROG_READING; reinit_completion(&smgr->update_done); schedule_work(&smgr->work); @@ -239,8 +263,32 @@ static ssize_t filename_store(struct device *dev, struct device_attribute *attr, } static DEVICE_ATTR_WO(filename); +static ssize_t cancel_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) +{ + struct fpga_sec_mgr *smgr = to_sec_mgr(dev); + bool cancel; + int ret = count; + + if (kstrtobool(buf, &cancel) || !cancel) + return -EINVAL; + + mutex_lock(&smgr->lock); + if (smgr->progress == FPGA_SEC_PROG_PROGRAMMING) + ret = -EBUSY; + else if (smgr->progress == FPGA_SEC_PROG_IDLE) + ret = -ENODEV; + else + smgr->request_cancel = true; + mutex_unlock(&smgr->lock); + + return ret; +} +static DEVICE_ATTR_WO(cancel); + static struct attribute *sec_mgr_update_attrs[] = { &dev_attr_filename.attr, + &dev_attr_cancel.attr, &dev_attr_status.attr, &dev_attr_error.attr, &dev_attr_remaining_size.attr, @@ -464,6 +512,9 @@ void fpga_sec_mgr_unregister(struct fpga_sec_mgr *smgr) goto unregister; } + if (smgr->progress != FPGA_SEC_PROG_PROGRAMMING) + smgr->request_cancel = true; + mutex_unlock(&smgr->lock); wait_for_completion(&smgr->update_done); diff --git a/include/linux/fpga/fpga-sec-mgr.h b/include/linux/fpga/fpga-sec-mgr.h index 6b7b8a3d6aac..0e1f50434024 100644 --- a/include/linux/fpga/fpga-sec-mgr.h +++ b/include/linux/fpga/fpga-sec-mgr.h @@ -72,6 +72,7 @@ struct fpga_sec_mgr { enum fpga_sec_prog progress; enum fpga_sec_prog err_state; /* progress state at time of failure */ enum fpga_sec_err err_code; /* security manager error code */ + bool request_cancel; bool driver_unload; void *priv; }; -- 2.25.1