[U-Boot] [U-Boot, v4, 1/1] avb: add support for named persistent values

Igor Opaniuk igor.opaniuk at linaro.org
Tue Feb 12 13:53:54 UTC 2019 

Hi Tom, Simon,

So I did a little investigation and found out that, the issue in that
hcreate_r() invocation in the tee sandbox driver fails because the
hashtable was allocated before.
Debugging showed that the sandbox tee driver is probed twice every
time (although remove() is never called, it's behaves like there are
two "tee" nodes in DT), and still haven't found the root cause (I
think Simon can help with the hint where to look).
I was assuming that those returned udevice pointers are kept in some
global state but seem that they are de-allocated at some point.
Have you ever faced the same behavior?

I've done all testing on sandbox_flattree setup (it's not reproducing
on a simple sandbox setup):
./test/py/test.py --bd sandbox_flattree --build -s --gdbserver localhost:1234

During the first probe:
Breakpoint 1, sandbox_tee_probe (dev=0x15944610) at ../drivers/tee/sandbox.c:372
372 if (!hcreate_r(pstorage_max, &pstorage_htab)) {

(gdb) info threads
 Id   Target Id                   Frame
* 1    Thread 13048.13048 "u-boot" sandbox_tee_probe (dev=0x15944610)
at ../drivers/tee/sandbox.c:372
(gdb) python print(gdb.selected_inferior().pid)
13048

(gdb) print pstorage_htab.table
$6 = (struct _ENTRY *) 0x0

(gdb) bt
#0  sandbox_tee_probe (dev=0x15944610) at ../drivers/tee/sandbox.c:372
#1  0x0000000000432a7f in device_probe (dev=0x15944610) at
../drivers/core/device.c:418
#2  0x000000000044fe29 in tee_find_device (start=start at entry=0x0,
match=match at entry=0x0, data=data at entry=0x0, vers=vers at entry=0x0) at
../drivers/tee/tee-uclass.c:164
#3  0x000000000042de59 in get_open_session
(ops_data=ops_data at entry=0x1594cf60) at ../common/avb_verify.c:615
#4  0x000000000042e0e0 in invoke_func (ops_data=0x1594cf60, func=0,
num_param=2, param=0x7fffffffd520) at ../common/avb_verify.c:636
#5  0x000000000042e53a in read_rollback_index (ops=0x1594cf60,
rollback_index_slot=1, out_rollback_index=0x7fffffffd598) at
../common/avb_verify.c:703
#6  0x00000000004188b3 in do_avb_read_rb (cmdtp=<optimized out>,
flag=<optimized out>, argc=<optimized out>, argv=<optimized out>) at
../cmd/avb.c:167
#7  0x000000000042cc43 in cmd_call (repeatable=0x7fffffffd5bc,
argv=0x1594ce40, argc=3, flag=<optimized out>, cmdtp=0x7782b0
<_u_boot_list_2_cmd_2_avb>) at ../common/command.c:565
#8  cmd_process (flag=<optimized out>, argc=3, argv=0x1594ce40,
repeatable=repeatable at entry=0x78f394 <flag_repeat>,
ticks=ticks at entry=0x0) at ../common/command.c:606
#9  0x000000000041bdcb in run_pipe_real (pi=0x1594ccf0) at
../common/cli_hush.c:1677
#10 run_list_real (pi=<optimized out>) at ../common/cli_hush.c:1875
#11 0x000000000041c1dd in run_list (pi=0x1594ccf0) at ../common/cli_hush.c:2024
#12 parse_stream_outer (inp=inp at entry=0x7fffffffd730,
flag=flag at entry=2) at ../common/cli_hush.c:3216
#13 0x000000000041c54d in parse_file_outer () at ../common/cli_hush.c:3299
#14 0x000000000042c2ce in cli_loop () at ../common/cli.c:217
#15 0x0000000000419f74 in main_loop () at ../common/main.c:63
#16 0x000000000041ccec in run_main_loop () at ../common/board_r.c:631
#17 0x000000000041cf41 in initcall_run_list (init_sequence=0x787740
<init_sequence_r>) at ../include/initcall.h:35
#18 board_init_r (new_gd=<optimized out>, dest_addr=dest_addr at entry=0)
at ../common/board_r.c:856
#19 0x00000000004025ee in main (argc=<optimized out>, argv=<optimized
out>) at ../arch/sandbox/cpu/start.c:356


Then probed is invoked from a different thread:
gdb) c
Continuing.
[New Thread 13048.13074]

Thread 1 "u-boot" hit Breakpoint 1, sandbox_tee_probe (dev=0x15edf050)
at ../drivers/tee/sandbox.c:372
372 if (!hcreate_r(pstorage_max, &pstorage_htab)) {
(gdb) print pstorage_htab.table
$7 = (struct _ENTRY *) 0x1594d010

(gdb) python print(gdb.selected_inferior().pid)
13048

(gdb) bt
#0  sandbox_tee_probe (dev=0x15edf050) at ../drivers/tee/sandbox.c:372
#1  0x0000000000432a7f in device_probe (dev=0x15edf050) at
../drivers/core/device.c:418
#2  0x000000000044fe29 in tee_find_device (start=start at entry=0x0,
match=match at entry=0x4c31c2 <match>, data=data at entry=0x0,
vers=vers at entry=0x7fffffffd42c) at ../drivers/tee/tee-uclass.c:164
#3  0x00000000004c3203 in test_tee (vars=0x7fffffffd430, uts=0x7c50a0
<global_dm_test_state>) at ../test/dm/tee.c:66
#4  dm_test_tee (uts=0x7c50a0 <global_dm_test_state>) at ../test/dm/tee.c:106
#5  0x00000000004af11f in dm_do_test (uts=0x7c50a0
<global_dm_test_state>, of_live=false, test=0x77b568
<_u_boot_list_2_dm_test_2_dm_test_tee>) at ../test/dm/test-main.c:103
#6  dm_test_main (test_name=0x1594d1a0 "tee") at ../test/dm/test-main.c:180
#7  do_ut_dm (cmdtp=<optimized out>, flag=<optimized out>,
argc=<optimized out>, argv=<optimized out>) at
../test/dm/test-main.c:206
#8  0x000000000042cc43 in cmd_call (repeatable=0x7fffffffd5bc,
argv=0x15abab30, argc=3, flag=<optimized out>, cmdtp=0x779f90
<_u_boot_list_2_cmd_2_ut>) at ../common/command.c:565
#9  cmd_process (flag=<optimized out>, argc=3, argv=0x15abab30,
repeatable=repeatable at entry=0x78f394 <flag_repeat>,
ticks=ticks at entry=0x0) at ../common/command.c:606
#10 0x000000000041bdcb in run_pipe_real (pi=0x15ab2380) at
../common/cli_hush.c:1677
#11 run_list_real (pi=<optimized out>) at ../common/cli_hush.c:1875
#12 0x000000000041c1dd in run_list (pi=0x15ab2380) at ../common/cli_hush.c:2024
#13 parse_stream_outer (inp=inp at entry=0x7fffffffd730,
flag=flag at entry=2) at ../common/cli_hush.c:3216
#14 0x000000000041c54d in parse_file_outer () at ../common/cli_hush.c:3299
#15 0x000000000042c2ce in cli_loop () at ../common/cli.c:217
#16 0x0000000000419f74 in main_loop () at ../common/main.c:63
#17 0x000000000041ccec in run_main_loop () at ../common/board_r.c:631
#18 0x000000000041cf41 in initcall_run_list (init_sequence=0x787740
<init_sequence_r>) at ../include/initcall.h:35
#19 board_init_r (new_gd=<optimized out>, dest_addr=dest_addr at entry=0)
at ../common/board_r.c:856
#20 0x00000000004025ee in main (argc=<optimized out>, argv=<optimized
out>) at ../arch/sandbox/cpu/start.c:356

(gdb) info threads
 Id   Target Id                   Frame
* 1    Thread 13048.13048 "u-boot" sandbox_tee_probe (dev=0x15edf050)
at ../drivers/tee/sandbox.c:372
 2    Thread 13048.13074 "u-boot" 0x00007ffff7667811 in __GI_ppoll
(fds=0x7c7430, nfds=3, timeout=<optimized out>, sigmask=0x0) at
../sysdeps/unix/sysv/linux/ppoll.c:50

On Mon, 11 Feb 2019 at 17:30, Tom Rini <trini at konsulko.com> wrote:
>
> On Mon, Feb 11, 2019 at 04:59:54PM +0200, Igor Opaniuk wrote:
> > Hi Tom,
> >
> > Thanks for pointing that out.
> > I've done a little investigation, and the interesting thing is that it
> > never fails when I exclude other tests, for example, running only
> > ut_dm subset:
> > ./test/py/test.py --bd sandbox_flattree --build -s -k ut_dm
> > or even this particular test:
> > ./test/py/test.py --bd sandbox_flattree --build -s -k ut_dm_tee
> >
> > Each time it fails in the same place on trying to allocate a hashtree
> > (using hash tree funcs from /lib/hashtable.c) with 20 elements when
> > probing tee device, and seems that
> > it just a consequence of that fact, that some functionality, which
> > tested before tee, is not doing a proper cleanup (when full testing is
> > done).
> >
> > Anyway, I can decrease the number of elements for the hashtree, but it
> > definitely won't fix the root cause.
>
> Can you please look into the root cause?  It sounds like you're a fair
> part of the way along on that now, thanks!
>
> >
> > Regards,
> > Igor
> >
> > On Sat, 9 Feb 2019 at 14:50, Tom Rini <trini at konsulko.com> wrote:
> > >
> > > On Sun, Jan 27, 2019 at 04:34:05PM +0200, Igor Opaniuk wrote:
> > >
> > > > AVB version 1.1 introduces support for named persistent values
> > > > that must be tamper evident and allows AVB to store arbitrary key-value
> > > > pairs [1].
> > > >
> > > > Introduce implementation of two additional AVB operations
> > > > read_persistent_value()/write_persistent_value() for retrieving/storing
> > > > named persistent values.
> > > >
> > > > Correspondent pull request in the OP-TEE OS project repo [2].
> > > >
> > > > [1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
> > > > [2]: https://github.com/OP-TEE/optee_os/pull/2699
> > > >
> > > > Signed-off-by: Igor Opaniuk <igor.opaniuk at linaro.org>
> > > > Reviewed-by: Simon Glass <sjg at chromium.org>
> > >
> > > The test fails on some sandbox targets:
> > > https://travis-ci.org/trini/u-boot/jobs/490809872
> > >
> > > --
> > > Tom
> >
> >
> >
> > --
> > Regards,
> > Igor Opaniuk
>
> --
> Tom



-- 
Regards,
Igor Opaniuk

More information about the U-Boot mailing list