[ Upstream commit 833d51d7c66d6708abbc02398892b96b950167b9 ]
PT_LOAD type denotes that the segment should be loaded into the final
firmware memory region. Hash segment is not one such, because it's only
needed for PAS init and shouldn't be in the final firmware memory region.
That's why mdt_phdr_valid() explicitly reject non PT_LOAD segment and
hash segment. This actually makes the hash segment type check in
qcom_mdt_read_metadata() unnecessary and redundant. For a hash segment,
it won't be loaded into firmware memory region anyway, due to the
QCOM_MDT_TYPE_HASH check in mdt_phdr_valid(), even if it has a PT_LOAD
type for some reason (misusing or abusing?).
Some firmware files on Sony phones are such examples, e.g WCNSS firmware
of Sony Xperia M4 Aqua phone. The type of hash segment is just PT_LOAD.
Drop the unnecessary hash segment type check in qcom_mdt_read_metadata()
to fix firmware loading failure on these phones, while hash segment is
still kept away from the final firmware memory region.
Fixes: 498b98e939 ("soc: qcom: mdt_loader: Support loading non-split images")
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
Reviewed-by: Marijn Suijten <marijn.suijten@somainline.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20210828070202.7033-1-shawn.guo@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 0648c55e3a21ccd816e99b6600d6199fbf39d23a ]
Given that no validation of how much data the firmware loader read in
for a given segment truncated segment files would best case result in a
hash verification failure, without any indication of what went wrong.
Improve this by validating that the firmware loader did return the
amount of data requested.
Fixes: 445c2410a4 ("soc: qcom: mdt_loader: Use request_firmware_into_buf()")
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Link: https://lore.kernel.org/r/20210107232526.716989-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 84168d1b54e76a1bcb5192991adde5176abe02e3 ]
The code validates that segments of p_memsz bytes of a segment will fit
in the provided memory region, but does not validate that p_filesz bytes
will, which means that an incorrectly crafted ELF header might write
beyond the provided memory region.
Fixes: 051fb70fd4 ("remoteproc: qcom: Driver for the self-authenticating Hexagon v5")
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Link: https://lore.kernel.org/r/20210107233119.717173-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Pull remoteproc updates from Bjorn Andersson:
"This adds support for the STM32 remoteproc, additional i.MX platforms
with Cortex M4 remoteprocs and Qualcomm's QCS404 Compute DSP.
Also initial support for vendor specific resource table entries and
support for unprocessed Qualcomm firmware files"
* tag 'rproc-v5.3' of git://github.com/andersson/remoteproc:
remoteproc: stm32: fix building without ARM SMCC
remoteproc: qcom: q6v5-mss: Fix build error without QCOM_MDT_LOADER
remoteproc: copy parent dma_pfn_offset for vdev
remoteproc: qcom: q6v5-mss: Support loading non-split images
soc: qcom: mdt_loader: Support loading non-split images
remoteproc: stm32: add an ST stm32_rproc driver
dt-bindings: remoteproc: add bindings for stm32 remote processor driver
dt-bindings: stm32: add bindings for ML-AHB interconnect
remoteproc: Use struct_size() helper
remoteproc: add vendor resources handling
remoteproc: imx: Fix typo in "failed"
remoteproc: imx: Broaden the Kconfig selection logic
remoteproc,rpmsg: add missing MAINTAINERS file entries
remoteproc: qcom: qdsp6-adsp: Add support for QCS404 CDSP
dt-bindings: remoteproc: Rename and amend Hexagon v56 binding
In some software releases the firmware images are not split up with each
loadable segment in it's own file. Check the size of the loaded firmware
to see if it still contains each segment to be loaded, before falling
back to the split-out segments.
Acked-by: Andy Gross <agross@kernel.org>
Reviewed-by: Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation this program is
distributed in the hope that it will be useful but without any
warranty without even the implied warranty of merchantability or
fitness for a particular purpose see the gnu general public license
for more details
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 655 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Richard Fontana <rfontana@redhat.com>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190527070034.575739538@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
qcom_mdt_load function loads the mdt type firmware and
initialises the secure memory as well. Make the initialisation only
when requested by the caller, so that the function can be used
by self-authenticating remoteproc as well.
Acked-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
In order to implement support for grabbing core dumps in remoteproc it's
necessary to know the relocated base of the image, as the offsets from
the virtual memory base might not be based on the physical address.
Return the adjusted physical base address to the caller.
Acked-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
By switching to the request_firmware_into_buf() we load the segment data
straight into the preallocated buffers, reducing the need for allocating
scratch buffers for these. In particular the modem firmware consists of
multiple segments in the range 5-15MB, making this worth while.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
In the transition from using rproc_da_to_va(), the type of the load
offset became unsigned. This causes the subsequent check to let negative
values less than p_memsz + mem_size through and we write outside of the
buffer.
Change the type back to a signed value to catch this.
Fixes: 7f0dd07a9b ("remoteproc: qcom: mdt_loader: Refactor MDT loader")
Fixes: e7fd252262 ("remoteproc: qcom: q6v5: Decouple driver from MDT loader")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Acked-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
With the remoteproc parts cleaned out of the MDT loader we can move it
to drivers/soc/qcom.
Acked-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
