Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3906e107 authored by Sameer Thalappil's avatar Sameer Thalappil Committed by Yuanyuan Liu
Browse files

icnss: Restrict MSA0 permission to HLOS only during SSR 



During SSR icnss remaps MSA0 permission to HLOS to collect the
MSA0 dump.  When it remaps the permission, it also adds permission
for Modem/Q6 and Adrastea hardware. That is to ensure that during WDOG
bite, Adrastea can continue to access MSA0 since Adrastea HW is not
stopped during Modem WDOG bite. But this permission to both HLOS and
Modem/WLAN opens up a security hole, and is not allowed on new target.
So restrict the MSA0 permission to HLOS only during ramdump, and also
do not remap MSA0 permission during WDOG bite as WLAN HW may continue
to access the MSA0.

CRs-Fixed: 2116821
Change-Id: I2cfde104069c338175715d4d7f274f646e7fbf91
Signed-off-by: default avatarSameer Thalappil <sameert@codeaurora.org>
parent 207f71fa

drivers/soc/qcom/icnss.c

+3 −18
Original line number Diff line number Diff line
@@ -81,7 +81,6 @@ void *icnss_ipc_log_long_context; 
#define ICNSS_EVENT_SYNC_UNINTERRUPTIBLE	(ICNSS_EVENT_UNINTERRUPTIBLE | \

						 ICNSS_EVENT_SYNC)





struct icnss_msa_perm_list_t msa_perm_secure_list[ICNSS_MSA_PERM_MAX] = {

	[ICNSS_MSA_PERM_HLOS_ALL] = {

		.vmids = {VMID_HLOS},
@@ -96,13 +95,6 @@ struct icnss_msa_perm_list_t msa_perm_secure_list[ICNSS_MSA_PERM_MAX] = { 
		.nelems = 2,

	},



	[ICNSS_MSA_PERM_DUMP_COLLECT] = {

		.vmids = {VMID_MSS_MSA, VMID_WLAN, VMID_HLOS},

		.perms = {PERM_READ | PERM_WRITE,

			PERM_READ | PERM_WRITE,

			PERM_READ},

		.nelems = 3,

	},

};



struct icnss_msa_perm_list_t msa_perm_list[ICNSS_MSA_PERM_MAX] = {
@@ -120,14 +112,6 @@ struct icnss_msa_perm_list_t msa_perm_list[ICNSS_MSA_PERM_MAX] = { 
		.nelems = 3,

	},



	[ICNSS_MSA_PERM_DUMP_COLLECT] = {

		.vmids = {VMID_MSS_MSA, VMID_WLAN, VMID_WLAN_CE, VMID_HLOS},

		.perms = {PERM_READ | PERM_WRITE,

			PERM_READ | PERM_WRITE,

			PERM_READ | PERM_WRITE,

			PERM_READ},

		.nelems = 4,

	},

};



static struct icnss_vreg_info icnss_vreg_info[] = {
@@ -1075,9 +1059,10 @@ static int icnss_modem_notifier_nb(struct notifier_block *nb, 


	icnss_pr_vdbg("Modem-Notify: event %lu\n", code);



	if (code == SUBSYS_AFTER_SHUTDOWN) {

	if (code == SUBSYS_AFTER_SHUTDOWN &&

			notif->crashed != CRASH_STATUS_WDOG_BITE) {

		ret = icnss_assign_msa_perm_all(priv,

						ICNSS_MSA_PERM_DUMP_COLLECT);

						ICNSS_MSA_PERM_HLOS_ALL);

		if (!ret) {

			icnss_pr_info("Collecting msa0 segment dump\n");

			icnss_msa0_ramdump(priv);

drivers/soc/qcom/icnss_private.h

+1 −2
Original line number Diff line number Diff line 
/* Copyright (c) 2017, The Linux Foundation. All rights reserved.

/* Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -261,7 +261,6 @@ struct wlfw_fw_version_info { 
enum icnss_msa_perm {

	ICNSS_MSA_PERM_HLOS_ALL = 0,

	ICNSS_MSA_PERM_WLAN_HW_RW = 1,

	ICNSS_MSA_PERM_DUMP_COLLECT = 2,

	ICNSS_MSA_PERM_MAX,

};