New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 755048 link

Starred by 1 user
Status: Archived
Owner:
cheyuw@google.com
Last visit > 30 days ago
Closed: Aug 2017
Cc:
vpalatin@chromium.org
drinkcat@chromium.org
rongchang@chromium.org
adurbin@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Elm stack overflow when the console processes the hash command

Project Member Reported by cheyuw@google.com, Aug 14 2017 
Stack overflow happens in the Elm console task when calculating SHA256 for the hash command. 

What steps will reproduce the problem?
(1) Connect to Elm EC console
(2) In the console, do "hostcmd 0x002a 0 020040000000000002000000"

The host command "0x002a 0 020040000000000002000000" means starting to calculate a hash with 64 bytes nonce. The 64 bytes nonce will let "SHA256_update" be called in "vboot_hash_start" and cause stack overflow.

Here is the call trace:
Task: CONSOLE, Max size: 680 (616 + 64), Allocated size: 640
Call Trace:
        console_task (72)
        command_host_command (72)
        host_command_process (40)
        host_command_vboot_hash (24)
        vboot_hash_start (24)
        SHA256_update (32)
        SHA256_transform (352)

What is the expected result?
Make the stack size of the console task large enough.

Comment 1 by cheyuw@google.com, Aug 14 2017

Summary: Elm stack overflow when the console processes the hash command (was: Elm stack overflow when the console processes the hash command.)

Comment 2 by cheyuw@google.com, Aug 14 2017

Description: Show this description

Comment 3 by cheyuw@google.com, Aug 14 2017

Cc: drinkcat@chromium.org

Comment 4 by drinkcat@chromium.org, Aug 14 2017

Cc: rongchang@chromium.org vpalatin@chromium.org
This only happens with running the command over the console, right? And not when hashing is being run as a host command?

We still want this fixed, but the severity is not very high if this can only be triggered from the console.

Comment 5 by cheyuw@google.com, Aug 14 2017 

It seems that the HOSTCMD task is fine.

Task: HOSTCMD, Max size: 584 (520 + 64), Allocated size: 640
Call Trace:
        host_command_task (48)
        host_command_process (40)
        host_command_vboot_hash (24)
        vboot_hash_start (24)
        SHA256_update (32)
        SHA256_transform (352)

Comment 6 by vpalatin@google.com, Aug 14 2017 

then I would just remove the "#define CONFIG_CMD_HOSTCMD" in board/elm/board.h,
not sure why it was still there, doesn't seem terribly useful.

Comment 7 by cheyuw@google.com, Aug 16 2017

Status: Started (was: Untriaged)
Project Member

Comment 8 by bugdroid1@chromium.org, Aug 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/ec/+/a1abf686c3174c6b18d20e8fc250cc4d5a045d97

commit a1abf686c3174c6b18d20e8fc250cc4d5a045d97
Author: Che-yu Wu <cheyuw@google.com>
Date: Wed Aug 16 11:03:23 2017

board/elm/board.h: Remove CONFIG_CMD_HOSTCMD

The command "hostcmd" in console isn't very useful and will cause
stack overflow in console task when processing some hash commands.

BUG= chromium:755048 
BRANCH=none
TEST=make BOARD=elm -j
     make BOARD=elm tests
     There should be no hostcmd command in the console of elm.

Change-Id: Ifa721a1731bc1ebfb39e12430b6631338bdccd9f
Signed-off-by: Che-yu Wu <cheyuw@google.com>
Reviewed-on: https://chromium-review.googlesource.com/616600
Reviewed-by: Rong Chang <rongchang@chromium.org>

[modify] https://crrev.com/a1abf686c3174c6b18d20e8fc250cc4d5a045d97/board/elm/board.h

Comment 9 by cheyuw@google.com, Aug 17 2017

Status: Fixed (was: Started)

Comment 10 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment