* [PATCH] powerpc/prom_init: Undo relocation before entering secure mode
@ 2019-09-11 16:34 Thiago Jung Bauermann
2019-09-11 23:53 ` Thiago Jung Bauermann
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Thiago Jung Bauermann @ 2019-09-11 16:34 UTC (permalink / raw)
To: linuxppc-dev
Cc: linux-kernel, Michael Ellerman, Mike Anderson, Paul Mackerras,
Ram Pai, Thiago Jung Bauermann
The ultravisor will do an integrity check of the kernel image but we
relocated it so the check will fail. Restore the original image by
relocating it back to the kernel virtual base address.
This works because during build vmlinux is linked with an expected virtual
runtime address of KERNELBASE.
Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init")
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
---
arch/powerpc/include/asm/elf.h | 3 +++
arch/powerpc/kernel/prom_init.c | 11 +++++++++++
arch/powerpc/kernel/prom_init_check.sh | 3 ++-
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
index 409c9bfb43d9..57c229a86f08 100644
--- a/arch/powerpc/include/asm/elf.h
+++ b/arch/powerpc/include/asm/elf.h
@@ -175,4 +175,7 @@ do { \
ARCH_DLINFO_CACHE_GEOMETRY; \
} while (0)
+/* Relocate the kernel image to @final_address */
+void relocate(unsigned long final_address);
+
#endif /* _ASM_POWERPC_ELF_H */
diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
index 74f70f90eff0..44b1d404250e 100644
--- a/arch/powerpc/kernel/prom_init.c
+++ b/arch/powerpc/kernel/prom_init.c
@@ -3249,7 +3249,18 @@ static void setup_secure_guest(unsigned long kbase, unsigned long fdt)
/* Switch to secure mode. */
prom_printf("Switching to secure mode.\n");
+ /*
+ * The ultravisor will do an integrity check of the kernel image but we
+ * relocated it so the check will fail. Restore the original image by
+ * relocating it back to the kernel virtual base address.
+ */
+ relocate(KERNELBASE);
+
ret = enter_secure_mode(kbase, fdt);
+
+ /* Relocate the kernel again. */
+ relocate(kbase);
+
if (ret != U_SUCCESS) {
prom_printf("Returned %d from switching to secure mode.\n", ret);
prom_rtas_os_term("Switch to secure mode failed.\n");
diff --git a/arch/powerpc/kernel/prom_init_check.sh b/arch/powerpc/kernel/prom_init_check.sh
index 160bef0d553d..16535ccc0fa0 100644
--- a/arch/powerpc/kernel/prom_init_check.sh
+++ b/arch/powerpc/kernel/prom_init_check.sh
@@ -26,7 +26,8 @@ _end enter_prom $MEM_FUNCS reloc_offset __secondary_hold
__secondary_hold_acknowledge __secondary_hold_spinloop __start
logo_linux_clut224 btext_prepare_BAT
reloc_got2 kernstart_addr memstart_addr linux_banner _stext
-__prom_init_toc_start __prom_init_toc_end btext_setup_display TOC."
+__prom_init_toc_start __prom_init_toc_end btext_setup_display TOC.
+relocate"
NM="$1"
OBJ="$2"
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] powerpc/prom_init: Undo relocation before entering secure mode
2019-09-11 16:34 [PATCH] powerpc/prom_init: Undo relocation before entering secure mode Thiago Jung Bauermann
@ 2019-09-11 23:53 ` Thiago Jung Bauermann
2019-09-27 20:38 ` Thiago Jung Bauermann
2019-10-18 15:05 ` Ram Pai
` (2 subsequent siblings)
3 siblings, 1 reply; 6+ messages in thread
From: Thiago Jung Bauermann @ 2019-09-11 23:53 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Mike Anderson, Ram Pai, linux-kernel, Paul Mackerras
Thiago Jung Bauermann <bauerman@linux.ibm.com> writes:
> The ultravisor will do an integrity check of the kernel image but we
> relocated it so the check will fail. Restore the original image by
> relocating it back to the kernel virtual base address.
>
> This works because during build vmlinux is linked with an expected virtual
> runtime address of KERNELBASE.
>
> Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init")
> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
I meant to put a Suggested-by: Paul Mackerras <paulus@samba.org>
Sorry. Will add it if there's a v2.
--
Thiago Jung Bauermann
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] powerpc/prom_init: Undo relocation before entering secure mode
2019-09-11 23:53 ` Thiago Jung Bauermann
@ 2019-09-27 20:38 ` Thiago Jung Bauermann
0 siblings, 0 replies; 6+ messages in thread
From: Thiago Jung Bauermann @ 2019-09-27 20:38 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Paul Mackerras, Mike Anderson, Ram Pai, linux-kernel
Thiago Jung Bauermann <bauerman@linux.ibm.com> writes:
> Thiago Jung Bauermann <bauerman@linux.ibm.com> writes:
>
>> The ultravisor will do an integrity check of the kernel image but we
>> relocated it so the check will fail. Restore the original image by
>> relocating it back to the kernel virtual base address.
>>
>> This works because during build vmlinux is linked with an expected virtual
>> runtime address of KERNELBASE.
>>
>> Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init")
>> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
>
> I meant to put a Suggested-by: Paul Mackerras <paulus@samba.org>
>
> Sorry. Will add it if there's a v2.
Ping?
--
Thiago Jung Bauermann
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] powerpc/prom_init: Undo relocation before entering secure mode
2019-09-11 16:34 [PATCH] powerpc/prom_init: Undo relocation before entering secure mode Thiago Jung Bauermann
2019-09-11 23:53 ` Thiago Jung Bauermann
@ 2019-10-18 15:05 ` Ram Pai
2019-10-25 11:03 ` Michael Ellerman
2019-10-30 12:16 ` Michael Ellerman
3 siblings, 0 replies; 6+ messages in thread
From: Ram Pai @ 2019-10-18 15:05 UTC (permalink / raw)
To: Thiago Jung Bauermann
Cc: linuxppc-dev, Mike Anderson, linux-kernel, Paul Mackerras, mpe
On Wed, Sep 11, 2019 at 01:34:33PM -0300, Thiago Jung Bauermann wrote:
> The ultravisor will do an integrity check of the kernel image but we
> relocated it so the check will fail. Restore the original image by
> relocating it back to the kernel virtual base address.
>
> This works because during build vmlinux is linked with an expected virtual
> runtime address of KERNELBASE.
>
> Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init")
> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Tested-by: Ram Pai <linuxram@us.ibm.com>
> ---
> arch/powerpc/include/asm/elf.h | 3 +++
> arch/powerpc/kernel/prom_init.c | 11 +++++++++++
> arch/powerpc/kernel/prom_init_check.sh | 3 ++-
> 3 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
> index 409c9bfb43d9..57c229a86f08 100644
> --- a/arch/powerpc/include/asm/elf.h
> +++ b/arch/powerpc/include/asm/elf.h
> @@ -175,4 +175,7 @@ do { \
> ARCH_DLINFO_CACHE_GEOMETRY; \
> } while (0)
>
> +/* Relocate the kernel image to @final_address */
> +void relocate(unsigned long final_address);
> +
> #endif /* _ASM_POWERPC_ELF_H */
> diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
> index 74f70f90eff0..44b1d404250e 100644
> --- a/arch/powerpc/kernel/prom_init.c
> +++ b/arch/powerpc/kernel/prom_init.c
> @@ -3249,7 +3249,18 @@ static void setup_secure_guest(unsigned long kbase, unsigned long fdt)
> /* Switch to secure mode. */
> prom_printf("Switching to secure mode.\n");
>
> + /*
> + * The ultravisor will do an integrity check of the kernel image but we
> + * relocated it so the check will fail. Restore the original image by
> + * relocating it back to the kernel virtual base address.
> + */
> + relocate(KERNELBASE);
> +
> ret = enter_secure_mode(kbase, fdt);
> +
> + /* Relocate the kernel again. */
> + relocate(kbase);
> +
> if (ret != U_SUCCESS) {
> prom_printf("Returned %d from switching to secure mode.\n", ret);
> prom_rtas_os_term("Switch to secure mode failed.\n");
> diff --git a/arch/powerpc/kernel/prom_init_check.sh b/arch/powerpc/kernel/prom_init_check.sh
> index 160bef0d553d..16535ccc0fa0 100644
> --- a/arch/powerpc/kernel/prom_init_check.sh
> +++ b/arch/powerpc/kernel/prom_init_check.sh
> @@ -26,7 +26,8 @@ _end enter_prom $MEM_FUNCS reloc_offset __secondary_hold
> __secondary_hold_acknowledge __secondary_hold_spinloop __start
> logo_linux_clut224 btext_prepare_BAT
> reloc_got2 kernstart_addr memstart_addr linux_banner _stext
> -__prom_init_toc_start __prom_init_toc_end btext_setup_display TOC."
> +__prom_init_toc_start __prom_init_toc_end btext_setup_display TOC.
> +relocate"
>
> NM="$1"
> OBJ="$2"
--
Ram Pai
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] powerpc/prom_init: Undo relocation before entering secure mode
2019-09-11 16:34 [PATCH] powerpc/prom_init: Undo relocation before entering secure mode Thiago Jung Bauermann
2019-09-11 23:53 ` Thiago Jung Bauermann
2019-10-18 15:05 ` Ram Pai
@ 2019-10-25 11:03 ` Michael Ellerman
2019-10-30 12:16 ` Michael Ellerman
3 siblings, 0 replies; 6+ messages in thread
From: Michael Ellerman @ 2019-10-25 11:03 UTC (permalink / raw)
To: Thiago Jung Bauermann, linuxppc-dev
Cc: linux-kernel, Mike Anderson, Paul Mackerras, Ram Pai,
Thiago Jung Bauermann
Thiago Jung Bauermann <bauerman@linux.ibm.com> writes:
> The ultravisor will do an integrity check of the kernel image but we
> relocated it so the check will fail. Restore the original image by
> relocating it back to the kernel virtual base address.
>
> This works because during build vmlinux is linked with an expected virtual
> runtime address of KERNELBASE.
>
> Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init")
> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
> ---
> arch/powerpc/include/asm/elf.h | 3 +++
> arch/powerpc/kernel/prom_init.c | 11 +++++++++++
> arch/powerpc/kernel/prom_init_check.sh | 3 ++-
> 3 files changed, 16 insertions(+), 1 deletion(-)
This breaks the build when CONFIG_RELOCATABLE=n:
prom_init.c:(.init.text+0x3160): undefined reference to `relocate'
See http://kisskb.ellerman.id.au/kisskb/buildresult/14004234/
cheers
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] powerpc/prom_init: Undo relocation before entering secure mode
2019-09-11 16:34 [PATCH] powerpc/prom_init: Undo relocation before entering secure mode Thiago Jung Bauermann
` (2 preceding siblings ...)
2019-10-25 11:03 ` Michael Ellerman
@ 2019-10-30 12:16 ` Michael Ellerman
3 siblings, 0 replies; 6+ messages in thread
From: Michael Ellerman @ 2019-10-30 12:16 UTC (permalink / raw)
To: Thiago Jung Bauermann, linuxppc-dev
Cc: Mike Anderson, Ram Pai, linux-kernel, Paul Mackerras,
Thiago Jung Bauermann
On Wed, 2019-09-11 at 16:34:33 UTC, Thiago Jung Bauermann wrote:
> The ultravisor will do an integrity check of the kernel image but we
> relocated it so the check will fail. Restore the original image by
> relocating it back to the kernel virtual base address.
>
> This works because during build vmlinux is linked with an expected virtual
> runtime address of KERNELBASE.
>
> Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init")
> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/05d9a952832cb206a32e3705eff6edebdb2207e7
cheers
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-10-30 12:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-11 16:34 [PATCH] powerpc/prom_init: Undo relocation before entering secure mode Thiago Jung Bauermann
2019-09-11 23:53 ` Thiago Jung Bauermann
2019-09-27 20:38 ` Thiago Jung Bauermann
2019-10-18 15:05 ` Ram Pai
2019-10-25 11:03 ` Michael Ellerman
2019-10-30 12:16 ` Michael Ellerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).