| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Mar 2021 20:19:38 -0800
From: Florian Fainelli <f.fainelli@...il.com>
To: linux-mips@...r.kernel.org
Cc: rppt@...nel.org, fancer.lancer@...il.com, guro@...com,
akpm@...ux-foundation.org, paul@...pouillou.net,
Florian Fainelli <f.fainelli@...il.com>,
Serge Semin <Sergey.Semin@...kalelectronics.ru>,
Kamal Dasu <kdasu.kdev@...il.com>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Yanteng Si <siyanteng@...ngson.cn>,
Huacai Chen <chenhuacai@...nel.org>,
bcm-kernel-feedback-list@...adcom.com (open list:BROADCOM BMIPS MIPS
ARCHITECTURE), linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] MIPS: BMIPS: Reserve exception base to prevent corruption
BMIPS is one of the few platforms that do change the exception base.
After commit 2dcb39645441 ("memblock: do not start bottom-up allocations
with kernel_end") we started seeing BMIPS boards fail to boot with the
built-in FDT being corrupted.
Before the cited commit, early allocations would be in the [kernel_end,
RAM_END] range, but after commit they would be within [RAM_START +
PAGE_SIZE, RAM_END].
The custom exception base handler that is installed by
bmips_ebase_setup() done for BMIPS5000 CPUs ends-up trampling on the
memory region allocated by unflatten_and_copy_device_tree() thus
corrupting the FDT used by the kernel.
To fix this, we need to perform an early reservation of the custom
exception that is going to be installed and this needs to happen at
plat_mem_setup() time to ensure that unflatten_and_copy_device_tree()
finds a space that is suitable, away from reserved memory.
Huge thanks to Serget for analysing and proposing a solution to this
issue.
Fixes: Fixes: 2dcb39645441 ("memblock: do not start bottom-up allocations with kernel_end")
Debugged-by: Serge Semin <Sergey.Semin@...kalelectronics.ru>
Reported-by: Kamal Dasu <kdasu.kdev@...il.com>
Signed-off-by: Florian Fainelli <f.fainelli@...il.com>
---
Thomas,
This is intended as a stop-gap solution for 5.12-rc1 and to be picked up
by the stable team for 5.11. We should find a safer way to avoid these
problems for 5.13 maybe.
arch/mips/bmips/setup.c | 22 ++++++++++++++++++++++
arch/mips/include/asm/traps.h | 2 ++
2 files changed, 24 insertions(+)
diff --git a/arch/mips/bmips/setup.c b/arch/mips/bmips/setup.c
index 31bcfa4e08b9..0088bd45b892 100644
--- a/arch/mips/bmips/setup.c
+++ b/arch/mips/bmips/setup.c
@@ -149,6 +149,26 @@ void __init plat_time_init(void)
mips_hpt_frequency = freq;
}
+static void __init bmips_ebase_reserve(void)
+{
+ phys_addr_t base, size = VECTORSPACING * 64;
+
+ switch (current_cpu_type()) {
+ default:
+ case CPU_BMIPS4350:
+ return;
+ case CPU_BMIPS3300:
+ case CPU_BMIPS4380:
+ base = 0x0400;
+ break;
+ case CPU_BMIPS5000:
+ base = 0x1000;
+ break;
+ }
+
+ memblock_reserve(base, size);
+}
+
void __init plat_mem_setup(void)
{
void *dtb;
@@ -169,6 +189,8 @@ void __init plat_mem_setup(void)
__dt_setup_arch(dtb);
+ bmips_ebase_reserve();
+
for (q = bmips_quirk_list; q->quirk_fn; q++) {
if (of_flat_dt_is_compatible(of_get_flat_dt_root(),
q->compatible)) {
diff --git a/arch/mips/include/asm/traps.h b/arch/mips/include/asm/traps.h
index 6aa8f126a43d..0ba6bb7f9618 100644
--- a/arch/mips/include/asm/traps.h
+++ b/arch/mips/include/asm/traps.h
@@ -14,6 +14,8 @@
#define MIPS_BE_FIXUP 1 /* return to the fixup code */
#define MIPS_BE_FATAL 2 /* treat as an unrecoverable error */
+#define VECTORSPACING 0x100 /* for EI/VI mode */
+
extern void (*board_be_init)(void);
extern int (*board_be_handler)(struct pt_regs *regs, int is_fixup);
--
2.25.1
Powered by blists - more mailing lists