lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6a283aef-388d-c300-8304-503bc88a4dcf@siemens.com>
Date:   Mon, 22 Mar 2021 21:15:05 +0100
From:   Jan Kiszka <jan.kiszka@...mens.com>
To:     Nicolas Boichat <drinkcat@...omium.org>,
        Rob Herring <robh+dt@...nel.org>,
        Andre Przywara <andre.przywara@....com>,
        Phil Elwell <phil@...pberrypi.org>
Cc:     Frank Rowand <frowand.list@...il.com>, devicetree@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Ian Campbell <ian.campbell@...rix.com>,
        Grant Likely <grant.likely@...aro.org>,
        Stephen Boyd <swboyd@...omium.org>
Subject: Re: [PATCH] of/fdt: Make sure no-map does not remove already reserved
 regions

On 22.03.21 19:05, Jan Kiszka wrote:
> On 22.03.21 08:58, Jan Kiszka wrote:
>> On 03.07.19 07:08, Nicolas Boichat wrote:
>>> If the device tree is incorrectly configured, and attempts to
>>> define a "no-map" reserved memory that overlaps with the kernel
>>> data/code, the kernel would crash quickly after boot, with no
>>> obvious clue about the nature of the issue.
>>>
>>> For example, this would happen if we have the kernel mapped at
>>> these addresses (from /proc/iomem):
>>> 40000000-41ffffff : System RAM
>>>   40080000-40dfffff : Kernel code
>>>   40e00000-411fffff : reserved
>>>   41200000-413e0fff : Kernel data
>>>
>>> And we declare a no-map shared-dma-pool region at a fixed address
>>> within that range:
>>> mem_reserved: mem_region {
>>> 	compatible = "shared-dma-pool";
>>> 	reg = <0 0x40000000 0 0x01A00000>;
>>> 	no-map;
>>> };
>>>
>>> To fix this, when removing memory regions at early boot (which is
>>> what "no-map" regions do), we need to make sure that the memory
>>> is not already reserved. If we do, __reserved_mem_reserve_reg
>>> will throw an error:
>>> [    0.000000] OF: fdt: Reserved memory: failed to reserve memory
>>>    for node 'mem_region': base 0x0000000040000000, size 26 MiB
>>> and the code that will try to use the region should also fail,
>>> later on.
>>>
>>> We do not do anything for non-"no-map" regions, as memblock
>>> explicitly allows reserved regions to overlap, and the commit
>>> that this fixes removed the check for that precise reason.
>>>
>>> Fixes: 094cb98179f19b7 ("of/fdt: memblock_reserve /memreserve/ regions in the case of partial overlap")
>>> Signed-off-by: Nicolas Boichat <drinkcat@...omium.org>
>>> ---
>>>  drivers/of/fdt.c | 10 +++++++++-
>>>  1 file changed, 9 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
>>> index cd17dc62a71980a..a1ded43fc332d0c 100644
>>> --- a/drivers/of/fdt.c
>>> +++ b/drivers/of/fdt.c
>>> @@ -1138,8 +1138,16 @@ int __init __weak early_init_dt_mark_hotplug_memory_arch(u64 base, u64 size)
>>>  int __init __weak early_init_dt_reserve_memory_arch(phys_addr_t base,
>>>  					phys_addr_t size, bool nomap)
>>>  {
>>> -	if (nomap)
>>> +	if (nomap) {
>>> +		/*
>>> +		 * If the memory is already reserved (by another region), we
>>> +		 * should not allow it to be removed altogether.
>>> +		 */
>>> +		if (memblock_is_region_reserved(base, size))
>>> +			return -EBUSY;
>>> +
>>>  		return memblock_remove(base, size);
>>> +	}
>>>  	return memblock_reserve(base, size);
>>>  }
>>>  
>>>
>>
>> Likely the wrong patch to blame but hopefully the right audience:
>>
>> I'm trying to migrate my RPi4 setup to mainline, and this commit breaks 
>> booting with TF-A (current master) in the loop. Error:
>>
>> [    0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd083]                                                                                                                                                                        
>> [    0.000000] Linux version 5.10.24+ (jan@...f2u6c) (aarch64-linux-gnu-gcc (GNU Toolchain for the A-profile Architecture 9.2-2019.12 (arm-9.10)) 9.2.1 20191025, GNU ld (GNU Toolchain for the A-profile Architecture 9.2-2019.12 (arm-9.10)1
>> [    0.000000] Machine model: Raspberry Pi 4 Model B Rev 1.1                                                                                                                                                                                  
>> [    0.000000] efi: UEFI not found.                                                                                                                                                                                                           
>> [    0.000000] OF: fdt: Reserved memory: failed to reserve memory for node 'atf@0': base 0x0000000000000000, size 0 MiB                                                                                                                       
>>
>> And then we hang later on when Linux does start to use that memory and 
>> seems to trigger an exception.
>>
>> Is there a bug in the upstream RPi4 DT?
>>
> 
> FWIW, this is triggering the conflict:
> 
> (arch/arm/boot/dts/bcm283x.dtsi)
> 
> /* firmware-provided startup stubs live here, where the secondary CPUs are
>  * spinning.
>  */
> /memreserve/ 0x00000000 0x00001000;
> 
> I strongly suspect this is only needed in case of TF-A-free boot. With 
> TF-A we have standard PCSI (my motivation to use TF-A in the first 
> place) - and then this is in conflict with the firmware's reservation.
> 
> Do we need separate DTs for this use case? Or should TF-A account for 
> this?
> 

Nah, TF-A issue:

https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9316

With that applied, upstream kernel & DT work fine.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ