From: Alexey Sheplyakov <asheplyakov@basealt.ru>
To: devel-kernel@lists.altlinux.org
Cc: "Роман Ставцев" <rst@basealt.ru>, "Игорь Чудов" <nir@basealt.ru>,
"Евгений Синельников" <sin@basealt.ru>,
"Дмитрий Терёхин" <jqt4@basealt.ru>
Subject: [d-kernel] [PATCH 08/32] arm64-stub: fixed secondary cores boot on Baikal-M SoC
Date: Wed, 14 Dec 2022 17:18:55 +0400
Message-ID: <20221214131919.681481-8-asheplyakov@basealt.ru> (raw)
In-Reply-To: <20221214131919.681481-1-asheplyakov@basealt.ru>
Old versions of Baikal-M firmware (ARM-TF) deny execution attempts
outside of the (physical) address ranges
[0x80000000, 0x8FFFFFFF] and [0xA0000000, 0xBFFFFFFF]
Thus PSCI calls to boot secondary cores fail unless the kernel image
resides in one of these address ranges. However UEFI PE/COFF loader
puts the kernel image into the forbidden range. Since the alignment
is good enough EFI stub does not try to relocate the kernel.
As a result secondary CPUs fail to boot.
Relocation to a random address is not going to work either.
Therefore automatically disable kaslr on "known bad" systems (for
now only Baikal-M) and forcibly relocate the kernel to a low(er)
address.
This patch is necessary only for old firmware (pre SDK-M 5.1) and
prevents kalsr from working on Baikal-M systems.
Signed-off-by: Alexey Sheplyakov <asheplyakov@basealt.ru>
X-DONTUPSTREAM
X-legacy
X-feature-Baikal-M
---
drivers/firmware/efi/libstub/arm64-stub.c | 62 ++++++++++++++++++++++-
1 file changed, 61 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
index f9de5217ea65..665a59a287dc 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -11,6 +11,7 @@
#include <asm/efi.h>
#include <asm/memory.h>
#include <asm/sections.h>
+#include <linux/libfdt.h>
#include <asm/sysreg.h>
#include "efistub.h"
@@ -57,6 +58,32 @@ efi_status_t check_platform_features(void)
return EFI_SUCCESS;
}
+static const char* machines_need_low_alloc[] = {
+ "baikal,baikal-m",
+ "baikal,bm1000",
+};
+
+static bool need_low_alloc(void) {
+ size_t i;
+ const void *fdt;
+ const char *match;
+
+ fdt = get_efi_config_table(DEVICE_TREE_GUID);
+ if (!fdt) {
+ efi_info("failed to retrive FDT from EFI\n");
+ return false;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(machines_need_low_alloc); i++) {
+ match = machines_need_low_alloc[i];
+ if (fdt_node_check_compatible(fdt, 0, match) == 0) {
+ efi_info("machine %s: forcing kernel relocation to low address\n", match);
+ return true;
+ }
+ }
+ return false;
+}
+
/*
* Distro versions of GRUB may ignore the BSS allocation entirely (i.e., fail
* to provide space, and fail to zero it). Check for this condition by double
@@ -93,6 +120,18 @@ static bool check_image_region(u64 base, u64 size)
return ret;
}
+static inline efi_status_t efi_low_alloc(unsigned long size, unsigned long align,
+ unsigned long *addr)
+{
+ /*
+ * Don't allocate at 0x0. It will confuse code that
+ * checks pointers against NULL. Skip the first 8
+ * bytes so we start at a nice even number.
+ */
+ return efi_low_alloc_above(size, align, addr, 0x8);
+}
+
+
efi_status_t handle_kernel_image(unsigned long *image_addr,
unsigned long *image_size,
unsigned long *reserve_addr,
@@ -114,12 +153,21 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
*/
u64 min_kimg_align = efi_nokaslr ? MIN_KIMG_ALIGN : EFI_KIMG_ALIGN;
+ bool force_low_reloc = need_low_alloc();
+ if (force_low_reloc) {
+ if (!efi_nokaslr) {
+ efi_info("booting on a broken firmware, KASLR will be disabled\n");
+ efi_nokaslr = true;
+ }
+ }
+
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
efi_guid_t li_fixed_proto = LINUX_EFI_LOADED_IMAGE_FIXED_GUID;
void *p;
if (efi_nokaslr) {
- efi_info("KASLR disabled on kernel command line\n");
+ if (!force_low_reloc)
+ efi_info("KASLR disabled on kernel command line\n");
} else if (efi_bs_call(handle_protocol, image_handle,
&li_fixed_proto, &p) == EFI_SUCCESS) {
efi_info("Image placement fixed by loader\n");
@@ -161,6 +209,15 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
status = EFI_OUT_OF_RESOURCES;
}
+ if (force_low_reloc) {
+ status = efi_low_alloc(*reserve_size,
+ min_kimg_align,
+ reserve_addr);
+ if (status != EFI_SUCCESS) {
+ efi_err("Failed to relocate kernel, expect secondary CPUs boot failure\n");
+ }
+ }
+
if (status != EFI_SUCCESS) {
if (!check_image_region((u64)_text, kernel_memsize)) {
efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n");
@@ -185,6 +242,9 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
}
*image_addr = *reserve_addr;
+ if (efi_nokaslr) {
+ efi_info("relocating kernel to 0x%lx\n", *image_addr);
+ }
memcpy((void *)*image_addr, _text, kernel_size);
return EFI_SUCCESS;
--
2.33.5
next prev parent reply other threads:[~2022-12-14 13:18 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-14 13:18 [d-kernel] [PATCH 01/32] clk: added Baikal-M clock management unit driver Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 02/32] cpufreq-dt: don't load on Baikal-M SoC Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 03/32] serial: 8250_dw: verify clock rate in dw8250_set_termios Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 04/32] usb: dwc3: of-simple: added compatible string for Baikal-M SoC Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 05/32] dw-pcie: refuse to load on Baikal-M with recent firmware Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 06/32] arm64: Enable armv8 based Baikal-M SoC support Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 07/32] efi-rtc: avoid calling efi.get_time on Baikal-M SoC Alexey Sheplyakov
2022-12-14 13:18 ` Alexey Sheplyakov [this message]
2022-12-14 13:18 ` [d-kernel] [PATCH 09/32] pm: disable all sleep states on Baikal-M based boards Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 10/32] net: fwnode_get_phy_id: consider all compatible strings Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 11/32] net: stmmac: inital support of Baikal-T1/M SoCs GMAC Alexey Sheplyakov
2022-12-14 13:18 ` [d-kernel] [PATCH 12/32] dt-bindings: dwmac: Add bindings for Baikal-T1/M SoCs Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 13/32] net: dwmac-baikal: added compatible strings Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 14/32] Added TF307/TF306 board management controller driver Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 15/32] hwmon: bt1-pvt: access registers via pvt_{readl, writel} helpers Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 16/32] hwmon: bt1-pvt: define pvt_readl/pvt_writel for Baikal-M SoC Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 17/32] hwmon: bt1-pvt: adjusted probing " Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 18/32] hwmon: bt1-pvt: added compatible baikal, pvt Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 19/32] drm: new bridge driver - stdp4028 Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 20/32] drm: added Baikal-M SoC video display unit driver Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 21/32] drm/bridge: dw-hdmi: support ahb audio hw revision 0x2a Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 22/32] dt-bindings: dw-hdmi: added ahb-audio-regshift Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 23/32] drm/bridge: dw-hdmi: force ahb audio register offset for Baikal-M Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 24/32] drm/panfrost: forcibly set dma-coherent on Baikal-M Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 25/32] drm/panfrost: disable devfreq " Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 26/32] ALSA: hda: Baikal-M support Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 27/32] PCI: pcie-baikal: driver for Baikal-M with new firmware Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 28/32] (BROKEN) dwc-i2s: support Baikal-M SoC Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 29/32] input: added TF307 serio PS/2 emulator driver Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 30/32] input: new driver - serdev-serio Alexey Sheplyakov
2022-12-14 13:19 ` [d-kernel] [PATCH 31/32] phy: realtek: leds configuration for RTL8211f Alexey Sheplyakov
2022-12-14 15:06 ` [d-kernel] [PATCH 01/32] clk: added Baikal-M clock management unit driver Vitaly Chikunov
2022-12-16 9:54 ` Alexey Sheplyakov
2022-12-16 12:34 ` Vitaly Chikunov
2022-12-16 12:40 ` Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221214131919.681481-8-asheplyakov@basealt.ru \
--to=asheplyakov@basealt.ru \
--cc=devel-kernel@lists.altlinux.org \
--cc=jqt4@basealt.ru \
--cc=nir@basealt.ru \
--cc=rst@basealt.ru \
--cc=sin@basealt.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux kernel packages development
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel-kernel/0 devel-kernel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel-kernel devel-kernel/ http://lore.altlinux.org/devel-kernel \
devel-kernel@altlinux.org devel-kernel@altlinux.ru devel-kernel@altlinux.com
public-inbox-index devel-kernel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git