[U-Boot] [PATCH] ARM: Disable "DISCARD" for secure section if CONFIG_ARMV7_SECURE_BASE isn't defined
Peng Fan
van.freenix at gmail.com
Tue Jan 5 02:07:35 CET 2016
Hi Tom,
On Mon, Jan 04, 2016 at 10:50:16AM -0500, Tom Rini wrote:
>On Fri, Dec 11, 2015 at 03:30:24PM +0000, Dongsheng Wang wrote:
>> Hi Tom,
>>
>> > On Fri, Dec 11, 2015 at 10:15:03AM +0000, Dongsheng Wang wrote:
>> > > Hi Tom,
>> > >
>> > > Thanks for your review.
>> > >
>> > > > On Thu, Dec 10, 2015 at 10:49:01AM +0800, Dongsheng Wang wrote:
>> > > >
>> > > > > From: Wang Dongsheng <dongsheng.wang at nxp.com>
>> > > > >
>> > > > > Fix PSCI hang up without CONFIG_ARMV7_SECURE_BASE define.
>> > > > > "DISCARD" will remove ._secure.text relocate, but PSCI framework
>> > > > > has already used some absolute address those need to relocate.
>> > > > >
>> > > > > Use readelf -t -r u-boot show us:
>> > > > > .__secure_start addr: 601408e4
>> > > > > .__secure_end addr: 60141460
>> > > > >
>> > > > > 60141140 00000017 R_ARM_RELATIVE
>> > > > > 46 _secure_monitor:
>> > > > > 47 #ifdef CONFIG_ARMV7_PSCI
>> > > > > 48 ldr r5, =_psci_vectors
>> > > > >
>> > > > > 60141194 00000017 R_ARM_RELATIVE
>> > > > > 6014119c 00000017 R_ARM_RELATIVE
>> > > > > 601411a4 00000017 R_ARM_RELATIVE
>> > > > > 601411ac 00000017 R_ARM_RELATIVE
>> > > > > 64 _psci_table:
>> > > > > 66 .word psci_cpu_suspend
>> > > > > ...
>> > > > > 72 .word psci_migrate
>> > > > >
>> > > > > 60141344 00000017 R_ARM_RELATIVE
>> > > > > 6014145c 00000017 R_ARM_RELATIVE
>> > > > > 202 ldr r5, =psci_text_end
>> > > > >
>> > > > > Solutions:
>> > > > > 1. Change absolute address to RelAdr.
>> > > > > Based on LDR (immediate, ARM), we only have 4K offset to jump.
>> > > > > Now PSCI code size is close to 4K size that is LDR limit jump
>> > > > > size, so even if the LDR is based on the current instruction
>> > > > > address, there is also have a risk for RelAdr. If we use two jump
>> > > > > steps I think we can fix this issue, but looks too hack, so give up this way.
>> > > > >
>> > > > > 2. Enable "DISCARD" only for CONFIG_ARMV7_SECURE_BASE has defined.
>> > > > > If CONFIG_ARMV7_SECURE_BASE is defined in platform, all of
>> > > > > secure will in the BASE address that is absolute. psci_update_dt
>> > > > > will relocate the PSCI code into link stage
>> > > > > address(CONFIG_ARMV7_SECURE_BASE address), so using this method.
>> > > > >
>> > > > > Signed-off-by: Wang Dongsheng <dongsheng.wang at nxp.com>
>> > > > > Reviewed-by: Peng Fan <Peng.Fan at nxp.com>
>> > > > > Cc: Albert Aribaud <albert.u.boot at aribaud.net>
>> > > > > Cc: Tom Warren <twarren at nvidia.com>
>> > > > > Cc: York Sun <yorksun at freescale.com>
>> > > > > Cc: Hans De Goede <hdegoede at redhat.com>
>> > > > > Cc: Ian Campbell <ijc at hellion.org.uk>
>> > > > > Cc: Tom Rini <trini at konsulko.com>
>> > > > > Cc: Jan Kiszka <jan.kiszka at siemens.com>
>> > > > > Cc: Stefano Babic <sbabic at denx.de>
>> > > > >
>> > > > > diff --git a/arch/arm/cpu/u-boot.lds b/arch/arm/cpu/u-boot.lds
>> > > > > index
>> > > > > d48a905..413d459 100644
>> > > > > --- a/arch/arm/cpu/u-boot.lds
>> > > > > +++ b/arch/arm/cpu/u-boot.lds
>> > > > > @@ -14,6 +14,7 @@ OUTPUT_ARCH(arm)
>> > > > > ENTRY(_start)
>> > > > > SECTIONS
>> > > > > {
>> > > > > +#if defined(CONFIG_ARMV7_SECURE_BASE) &&
>> > > > defined(CONFIG_ARMV7_NONSEC)
>> > > > > /*
>> > > > > * Discard the relocation entries for secure text.
>> > > > > * The secure code is bundled with u-boot image, so there will
>> > > > > @@
>> > > > > -31,6 +32,7 @@ SECTIONS
>> > > > > * avoid hole in the final image.
>> > > > > */
>> > >
>> > > Update this comment, not my patch's comment, right?
>> >
>> > Correct.
>> >
>> Not sure we hope a detailed comment or concise comment.
>> Could you review my comment?
>>
>> If my understanding is wrong, please correct me, thanks:
>> /*
>> * Based on the /DISCARD/ introduce by ARMv7 patch. And ARMv8 not
>> * for sure has the same issue. Based on conservative this is only for
>> * ARMv7, another point the /DISCARD/ may isn't necessary in platform.
>> * Please see below investigation:
>> *
>> * If undefine CONFIG_ARMV7_SECURE_BASE secure zone will be
>> * included in u-boot space, and some absolute address were used
>> * in secure code. Accompanied by u-boot relocation secure code
>> * also need to relocate the absolute address.
>> *
>> * If CONFIG_ARMV7_SECURE_BASE is true, secure code will not
>> * bundle with u-boot, and codes offset are fixed. Secure zone
>> * only needs to be copied from loading address to
>> * CONFIG_ARMV7_SECURE_BASE, which is the linking and running
>> * address for secure code.
>> *
>> * About below may depend on toolchain:
>> * 1. If keep the relocation entries in .rel.dyn section,
>> * "relocation offset + linking address" may locates into an
>> * address that is reserved by SoC, then will trigger data abort.
>> * The reason that move .rel._secure at the beginning, is to
>> * avoid hole in the final image.
>> *
>> * 2. .rel.dyn will not include secure code, becuase
>> * CONFIG_ARMV7_SECURE_BASE give us an real absolute address, all
>> * of codes offset has fixed on build and link stage, and the same
>> * to runtime address.
>> * e.g:
>> * NXP Layerscape platform, gcc version:
>> * crosstool-NG linaro-1.13.1-4.8-2013.12 - Linaro GCC 2013.11
>> * The secure code will not include in .rel.dyn. So /DISCARD/ is redundant.
>> *
>> * Considering the compatibility, so keep DISCARD for
>> * CONFIG_ARMV7_SECURE_BASE.
>> */
>
>Not exactly. We shouldn't need to mention other patches here (but you
>can reference git commit hashes (git rev-parse --short HASH) for
>additional clarity. Peng, can you please also comment on the new code
>comment here as this is from your patch initially? Thanks and sorry for
>the delay!
This patch d47cb0b61aa9e268f140455b2bc4421ae9e0b4bc has a assumption that
CONFIG_ARMV7_SECURE_BASE is defined and secure code does not need to be
relocated. But this is not always true. To those which not define
CONFIG_ARMV7_SECURE_BASE, see psci_update_dt, the space will be marked as
reserved. So DISCARD is only needed when CONFIG_ARMV7_SECURE_BASE and
CONFIG_ARMV7_NONSEC is defined.
Regards,
Peng.
>
>--
>Tom
>_______________________________________________
>U-Boot mailing list
>U-Boot at lists.denx.de
>http://lists.denx.de/mailman/listinfo/u-boot
More information about the U-Boot
mailing list