Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp128655lqh; Thu, 30 May 2024 16:58:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXpv6dVegChqkhqZq7bpHKh9h4wTJPVMyLks7UoPSDdqN5E/nyIQDW8nUC9gs2mFm5kOaAc/dxejYjOxzipPeMGGOzJkU/tst9j4ksbUg== X-Google-Smtp-Source: AGHT+IFmqZykagFO0wEi5q0neJGQTUCsWAp9Jne5xnqH1sw4DcdLZOjRC9JzclTwjnT77EjA0z3b X-Received: by 2002:ac2:5b8c:0:b0:52b:8325:6edf with SMTP id 2adb3069b0e04-52b8958ae9fmr85598e87.33.1717113480649; Thu, 30 May 2024 16:58:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717113480; cv=pass; d=google.com; s=arc-20160816; b=Fa+XQE+eluuz1YP7GPjkEO+qxie6zLkceXLJ58tCNUJZy0TMXejBmuewomYGmmoy4n fExd5U35F5A8nIqoag/c/ZYpocuritQru7RhPr/6FUsV0kV1ZEER/iDRjJO30cBNJoCB VViuLH6vcLfkMSC2+41eW5zq0NNz3j1MXuQ36HsoQnCKYwIjYsvCX3+Ax577Jprh9a2M niwYq7zWAoga8RV0DjGfu5T4P2GemkNpFG0GLbCkgrtXefu3qUZ5fSMHNEDvQdI1xH4+ 2kJCKC+mKDE9XGaKPrt/KJ2kxTLKOnasNEXlPkc8Q1cEoL1OH9A0Xi/37BPTKd2+zsUH FqxQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=CDYD3/uNTRnX5/IFcQXFtl691HQJ47CBz0Y4ueBRd1g=; fh=glWEf6CyQCSpPkMkH3Xrfm+P1EoikPRXtup2zCOjQsk=; b=tjlxGVGCXLVM0IgsK/ipX8mYtOqHHJQW0lvwv61eSe1UF1okczPjXWogJNPqtUsY58 nm0905/wggW9/zdR1kIr3aDpiF4uTWK2Po4cbWSQDENohE7ArjQJydVRsDP6eDE2tYU9 LU7YpbnW3ZtdLlvM7pVqiscuEK6ng3N3Ik+IabdMdgkhZEtOfJgFzG6hku/nLgl3u3pq kDJnldUXtyWOKV3VnwOOjYQXC14T9ZqRK/Yi6zTPi5YPPl2np2w3O97nGo/sX+WQsE5Z EvbKsFIrclRGhGNPzQITWLagbgQA6SZlhE5TOX10gKZI5UFvEjdu3UsaMMPo3/fuR5/N 56LA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=lB5As4BK; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-196050-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-196050-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a67ea38e3desi27751466b.295.2024.05.30.16.58.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 16:58:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-196050-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=lB5As4BK; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-196050-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-196050-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id BF1EC1F2762F for ; Thu, 30 May 2024 23:50:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E9FDD184139; Thu, 30 May 2024 23:49:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="lB5As4BK" Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A0CB183994 for ; Thu, 30 May 2024 23:49:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717112993; cv=none; b=c9njOn1N+OP3IspuaNGfq+a2NwyYKRMBQiXvrK01xk8ZcW9Cz7ornEL4Y5I3JPT8ppNXqOsxoKMXDbvC+xUZpwsemCS40JZHQRT+eq1sY40ULoEWbPnpF7P1gQ1Q/ujth1TCxafIGqfI04Uefwge3w9uG0FlvwcjiFUuih2yj6s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717112993; c=relaxed/simple; bh=48LTV/9w5C1x+XYvcbYPDjQasFjHDygEgky4Dzmak60=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=VGDOFQvjnnU15FOrnAXB0yvY/PLQgiiizWarNODEXcAj98x8ANaIVcGtwnec5xQsyi1AsMzxcIdijxlG2toZdr5CqUkyCTWqll4I/yAgPqPdst8P+TvjPAErUNuPncIUCDvFTHf269zKRsiE+nLcPB2IGVZGW11LKqIX8BhqgH8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=lB5As4BK; arc=none smtp.client-ip=209.85.167.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-52ab1d7243fso2200775e87.1 for ; Thu, 30 May 2024 16:49:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1717112989; x=1717717789; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=CDYD3/uNTRnX5/IFcQXFtl691HQJ47CBz0Y4ueBRd1g=; b=lB5As4BKLKKhYgw2Al5Nz+AGtiyAq7WHwrOKyafpF1hhBxSl5zZX87IaFP0eEltmZ+ R4QwV7asPvAxdnSmRE08n1Dqx0DjV3XQtoxZQZ6iu2PuAOgVoVm/gjBGFsL6diptHPZ0 DoXDhpGYovOoi7ELii3tjgU8lRO4HzhZtrlyRPCtJwnr5JcSTQ4ux/pt8gyyjx5IegFv XRr53IiHq1go4MwIdIfa25SgFADc8oJ1HjM4m3nwuivRdFZjD4C1u/Ajzi/YUKuuRZwJ wbI766Rh/QIS2esJAVD5+mUlSXijicC4MVO4DnoaIwaVoQTN6PBnoO4O6ZDm7U5WmIaz nviw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717112989; x=1717717789; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=CDYD3/uNTRnX5/IFcQXFtl691HQJ47CBz0Y4ueBRd1g=; b=sQ653aOxNDuJTGyKwlU2VVm0ZUPnjzWoNCQPY28BnpmhLfh1wfLiKlIeYmg/e4h4TS I2dBcahf6ER5XqX5BzP1Nq/Oyx87zaH+zBsVL/llEXQNIFFcPqlOagjNJ2wfay2pojZs /a00kPvU3WLRTM/tDV5JwjvXoqXWH+LIdm8arPF7W8CcrAZSrTgfzU5aCyPYlUdngHxa 0ZnNewQjlGk+55lqN5Mum0jzav3iHbRT7TXEB9GUT1+Hq7ciAMGdPixNjaLAoyqIAsa3 +TtKp0tJi0C3koEDRDKYD0UOOBnFcE7WVz7/v76v3PMM3SR/ptJAMDpbbLSc3RFbZ2rd 3FTA== X-Forwarded-Encrypted: i=1; AJvYcCUEAzu2eTPW5X5KIM9cVSavgxA6Q303mw0sJYDmaD6A+xtQ74K8mv0KZPNsY6g09rTyCsc582JCefBH4XbVVvfPyCpbjdyD8xulrgXI X-Gm-Message-State: AOJu0YyEOmAOqM66hCl/gyDk+pU8Mp73yoIgBgkYwogq5r3RJy7t+dbW i6ya79EvQTRqRTrbhv/E6Z8uNdRPaX/scldlaVjBlm1yZhzgAE/7ZzWfNwzsEX4= X-Received: by 2002:ac2:5b1e:0:b0:52b:8926:9052 with SMTP id 2adb3069b0e04-52b8955b3e8mr94961e87.5.1717112989210; Thu, 30 May 2024 16:49:49 -0700 (PDT) Received: from eriador.lumag.spb.ru (dzdbxzyyyyyyyyyyyykxt-3.rev.dnainternet.fi. [2001:14ba:a0c3:3a00::227]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52b84d75df5sm127078e87.178.2024.05.30.16.49.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 16:49:48 -0700 (PDT) Date: Fri, 31 May 2024 02:49:47 +0300 From: Dmitry Baryshkov To: Ekansh Gupta Cc: srinivas.kandagatla@linaro.org, linux-arm-msm@vger.kernel.org, gregkh@linuxfoundation.org, quic_bkumar@quicinc.com, linux-kernel@vger.kernel.org, quic_chennak@quicinc.com, stable Subject: Re: [PATCH v3 8/9] misc: fastrpc: Restrict untrusted app to spawn signed PD Message-ID: References: <20240530102032.27179-1-quic_ekangupt@quicinc.com> <20240530102032.27179-9-quic_ekangupt@quicinc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240530102032.27179-9-quic_ekangupt@quicinc.com> On Thu, May 30, 2024 at 03:50:26PM +0530, Ekansh Gupta wrote: > Some untrusted applications will not have access to open fastrpc > device nodes and a privileged process can open the device node on > behalf of the application. Add a check to restrict such untrusted > applications from offloading to signed PD. > > Fixes: 7f1f481263c3 ("misc: fastrpc: check before loading process to the DSP") > Cc: stable > Signed-off-by: Ekansh Gupta > --- > drivers/misc/fastrpc.c | 23 ++++++++++++++++++----- > 1 file changed, 18 insertions(+), 5 deletions(-) > > diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c > index 73fa0e536cf9..32615ccde7ac 100644 > --- a/drivers/misc/fastrpc.c > +++ b/drivers/misc/fastrpc.c > @@ -328,6 +328,7 @@ struct fastrpc_user { > int pd; > bool is_secure_dev; > bool is_unsigned_pd; > + bool untrusted_process; > char *servloc_name; > /* Lock for lists */ > spinlock_t lock; > @@ -1249,13 +1250,17 @@ static bool is_session_rejected(struct fastrpc_user *fl, bool unsigned_pd_reques > * channel is configured as secure and block untrusted apps on channel > * that does not support unsigned PD offload > */ > - if (!fl->cctx->unsigned_support || !unsigned_pd_request) { > - dev_err(&fl->cctx->rpdev->dev, "Error: Untrusted application trying to offload to signed PD\n"); > - return true; > - } > + if (!fl->cctx->unsigned_support || !unsigned_pd_request) > + goto reject_session; > } > + /* Check if untrusted process is trying to offload to signed PD */ > + if (fl->untrusted_process && !unsigned_pd_request) > + goto reject_session; > > return false; > +reject_session: > + dev_dbg(&fl->cctx->rpdev->dev, "Error: Untrusted application trying to offload to signed PD\n"); > + return true; > } > > static void fastrpc_mmap_remove_pdr(struct fastrpc_static_pd *spd) > @@ -1504,12 +1509,20 @@ static int fastrpc_init_create_process(struct fastrpc_user *fl, > goto err; > } > > + /* > + * Third-party apps don't have permission to open the fastrpc device, so Permissions depend on the end-user setup. Is it going to break if the user sets 0666 mode for fastrpc nodes? > + * it is opened on their behalf by a priveleged process. This is detected > + * by comparing current PID with the one stored during device open. > + */ > + if (current->tgid != fl->tgid) > + fl->untrusted_process = true; If the comment talks about PIDs, when why are you comparing GIDs here? > + > if (init.attrs & FASTRPC_MODE_UNSIGNED_MODULE) > fl->is_unsigned_pd = true; > > > if (is_session_rejected(fl, fl->is_unsigned_pd)) { > - err = -ECONNREFUSED; > + err = -EACCES; > goto err; > } > > -- > 2.43.0 > -- With best wishes Dmitry