From: asheplyakov@yandex.ru
To: devel@lists.altlinux.org
Cc: Vitaly Chikunov <vt@altlinux.org>, Igor Chudov <nir@basealt.ru>,
Alexey Sheplyakov <asheplyakov@altlinux.org>,
Evgeny Sinelnikov <sin@basealt.ru>
Subject: [devel] [PATCH 22/35] arm64-stub: fixed secondary cores boot on Baikal-M SoC
Date: Fri, 20 May 2022 20:28:36 +0400
Message-ID: <20220520162849.1554351-23-asheplyakov@yandex.ru> (raw)
In-Reply-To: <20220520162849.1554351-1-asheplyakov@yandex.ru>
From: Alexey Sheplyakov <asheplyakov@altlinux.org>
Old versions of Baikal-M firmware (ARM-TF) deny execution attempts
outside of the (physical) address ranges
[0x80000000, 0x8FFFFFFF] and [0xA0000000, 0xBFFFFFFF]
Thus PSCI calls to boot secondary cores fail unless the kernel image
resides in one of these address ranges. However UEFI PE/COFF loader
puts the kernel image into the forbidden range. Since the alignment
is good enough EFI stub does not try to relocate the kernel.
As a result secondary CPUs fail to boot.
Relocation to a random address is not going to work either.
Therefore automatically disable kaslr on "known bad" systems (for
now only Baikal-M) and forcibly relocate the kernel to a low(er)
address.
This patch is necessary only for old firmware (pre SDK-M 5.1) and
prevents kalsr from working on Baikal-M systems.
X-DONTUPSTREAM
X-legacy
X-feature-Baikal-M
---
drivers/firmware/efi/libstub/arm64-stub.c | 62 ++++++++++++++++++++++-
1 file changed, 61 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
index 9cc556013d08..5486a223a59f 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -11,6 +11,7 @@
#include <asm/efi.h>
#include <asm/memory.h>
#include <asm/sections.h>
+#include <linux/libfdt.h>
#include <asm/sysreg.h>
#include "efistub.h"
@@ -34,6 +35,31 @@ efi_status_t check_platform_features(void)
return EFI_SUCCESS;
}
+static const char* machines_need_low_alloc[] = {
+ "baikal,baikal-m",
+};
+
+static bool need_low_alloc(void) {
+ size_t i;
+ const void *fdt;
+ const char *match;
+
+ fdt = get_efi_config_table(DEVICE_TREE_GUID);
+ if (!fdt) {
+ efi_info("failed to retrive FDT from EFI\n");
+ return false;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(machines_need_low_alloc); i++) {
+ match = machines_need_low_alloc[i];
+ if (fdt_node_check_compatible(fdt, 0, match) == 0) {
+ efi_info("machine %s: forcing kernel relocation to low address\n", match);
+ return true;
+ }
+ }
+ return false;
+}
+
/*
* Distro versions of GRUB may ignore the BSS allocation entirely (i.e., fail
* to provide space, and fail to zero it). Check for this condition by double
@@ -79,6 +105,19 @@ static bool check_image_region(u64 base, u64 size)
return ret;
}
+static inline efi_status_t efi_low_alloc(unsigned long size, unsigned long align,
+ unsigned long *addr)
+{
+ /*
+ * Don't allocate at 0x0. It will confuse code that
+ * checks pointers against NULL. Skip the first 8
+ * bytes so we start at a nice even number.
+ */
+ return efi_low_alloc_above(size, align, addr, 0x8);
+}
+
+
+
efi_status_t handle_kernel_image(unsigned long *image_addr,
unsigned long *image_size,
unsigned long *reserve_addr,
@@ -99,6 +138,14 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
*/
u64 min_kimg_align = efi_nokaslr ? MIN_KIMG_ALIGN : EFI_KIMG_ALIGN;
+ bool force_low_reloc = need_low_alloc();
+ if (force_low_reloc) {
+ if (!efi_nokaslr) {
+ efi_info("booting on a broken firmware, KASLR will be disabled\n");
+ efi_nokaslr = true;
+ }
+ }
+
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
if (!efi_nokaslr) {
status = efi_get_random_bytes(sizeof(phys_seed),
@@ -112,7 +159,8 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
efi_nokaslr = true;
}
} else {
- efi_info("KASLR disabled on kernel command line\n");
+ if (!force_low_reloc)
+ efi_info("KASLR disabled on kernel command line\n");
}
}
@@ -140,6 +188,15 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
status = EFI_OUT_OF_RESOURCES;
}
+ if (force_low_reloc) {
+ status = efi_low_alloc(*reserve_size,
+ min_kimg_align,
+ reserve_addr);
+ if (status != EFI_SUCCESS) {
+ efi_err("Failed to relocate kernel, expect secondary CPUs boot failure\n");
+ }
+ }
+
if (status != EFI_SUCCESS) {
if (!check_image_region((u64)_text, kernel_memsize)) {
efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n");
@@ -164,6 +221,9 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
}
*image_addr = *reserve_addr;
+ if (efi_nokaslr) {
+ efi_info("relocating kernel to 0x%lx\n", *image_addr);
+ }
memcpy((void *)*image_addr, _text, kernel_size);
return EFI_SUCCESS;
--
2.32.0
next prev parent reply other threads:[~2022-05-20 16:28 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-20 16:28 [devel] kernel-image-un-def: Baikal-M asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 01/35] net: stmmac: inital support of Baikal-T1/M SoCs GMAC asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 02/35] dt-bindings: dwmac: Add bindings for Baikal-T1/M SoCs asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 03/35] net: stmmac: custom mdio reset for some Baikal-M boards asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 04/35] net: dwmac-baikal: added compatible strings asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 05/35] hwmon: bt1-pvt: access registers via pvt_{readl, writel} helpers asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 06/35] hwmon: bt1-pvt: define pvt_readl/pvt_writel for Baikal-M SoC asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 07/35] hwmon: bt1-pvt: adjusted probing " asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 08/35] hwmon: bt1-pvt: added compatible baikal,pvt asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 09/35] clk: added Baikal-M clock management unit driver asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 10/35] cpufreq-dt: don't load on Baikal-M SoC asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 11/35] usb: dwc3: of-simple: added compatible string for " asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 12/35] arm64: Enable armv8 based Baikal-M SoC support asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 13/35] drm: new bridge driver - stdp4028 asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 14/35] drm: added Baikal-M SoC video display unit driver asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 15/35] dw-hdmi-ahb-audio: support Baikal-M SoC asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 16/35] Added TF307/TF306 board management controller driver asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 17/35] ALSA: hda: Baikal-M support asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 18/35] [rejected] serial: 8250_dw: verify clock rate in dw8250_set_termios asheplyakov
2022-05-20 16:53 ` Andy Shevchenko
2022-05-20 16:28 ` [devel] [PATCH 19/35] drm/panfrost: forcibly set dma-coherent on Baikal-M asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 20/35] drm/panfrost: disable devfreq " asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 21/35] pm: disable all sleep states on Baikal-M based boards asheplyakov
2022-05-20 16:28 ` asheplyakov [this message]
2022-05-20 16:28 ` [devel] [PATCH 23/35] efi-rtc: avoid calling efi.get_time on Baikal-M SoC asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 24/35] net: fwnode_get_phy_id: consider all compatible strings asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 25/35] (BROKEN) dwc-i2s: support Baikal-M SoC asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 26/35] input: added TF307 serio PS/2 emulator driver asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 27/35] arm64: added Baikal-M SoC and TF307 board device tree asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 28/35] arm64: device tree: baikal: mark GPU as dma-coherent asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 29/35] arm64: device tree: Baikal-M: fixed PHY binding description asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 30/35] arm64: device tree: Baikal-M: fixed gpio alias asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 31/35] arm64: device tree: Baikal-M: fixed GPU opp_table asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 32/35] arm64: device tree: Baikal-M: fixed CPUs opp_table asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 33/35] arm64: defconfig for Baikal-M support testing asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 34/35] config-aarch64: enable more Baikal-M related drivers asheplyakov
2022-05-20 16:28 ` [devel] [PATCH 35/35] 1:5.17.9-alt2 asheplyakov
2022-05-21 4:04 ` P X
2022-05-21 16:50 ` Alexey Sheplyakov
2022-05-21 16:55 ` [devel] devel-kernel@ Антон Мидюков
2022-05-22 5:51 ` [devel] [PATCH 35/35] 1:5.17.9-alt2 Dmitry V. Levin
2022-05-23 8:51 ` Alexey Sheplyakov
2022-05-23 9:58 ` Dmitry V. Levin
2022-05-23 11:21 ` Alexey Gladkov
2022-05-23 9:47 ` [devel] Baikal-M patches for et101, aqbm1000, tf307 Evgeny Sinelnikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220520162849.1554351-23-asheplyakov@yandex.ru \
--to=asheplyakov@yandex.ru \
--cc=asheplyakov@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=nir@basealt.ru \
--cc=sin@basealt.ru \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git