[PATCH v3 1/3] fdtdec: optionally add property no-map to created reserved memory node
Heinrich Schuchardt
xypron.glpk at gmx.de
Tue Aug 25 16:49:38 CEST 2020
On 25.08.20 13:42, Patrice Chotard wrote:
> From: Etienne Carriere <etienne.carriere at st.com>
>
> Add boolean input argument @no_map to helper function
> fdtdec_add_reserved_memory() to add "no-map" property for an added
> reserved memory node. This is needed for example when the reserved
> memory relates to secure memory that the dear Linux kernel shall
> not even map unless what non-secure world speculative accesses of the
This sentence needs rework. Do you mean "to avoid non-secure world
accesses of the CPU that might reveal the secure-world memory"?
Is there any evidence that mapping memory as reserved can lead to an
information leak and that not mapping solves the problem? Is there a CVE
for it?
> CPU can violate the memory firmware configuration.
Most Linux distributions boot via EFI.
In U-Boot's UEFI sub-system we pass reserved memory as
EFI_RESERVED_MEMORY_TYPE in the memory map to Linux. See function
efi_carve_out_dt_rsv(). We do not consider the no-map attribute in the
device-tree.
Does the Linux kernel care about this no-map attribute in the
device-tree if we are booting via UEFI?
>
> No function change. A later change will update to OPTEE library to
> add no-map property to OP-TEE reserved memory nodes.
>
> Signed-off-by: Etienne Carriere <etienne.carriere at st.com>
> Signed-off-by: Patrice Chotard <patrice.chotard at st.com>
> ---
>
> (no changes since v2)
>
> Changes in v2:
> - fix dm fdtdec test and arch/riscv/lib/fdt_fixup.c with
> fdtdec_add_reserved_memory() new parameter
>
> arch/riscv/lib/fdt_fixup.c | 2 +-
> include/fdtdec.h | 5 +++--
> lib/fdtdec.c | 10 ++++++++--
> lib/optee/optee.c | 2 +-
> test/dm/fdtdec.c | 6 +++---
> 5 files changed, 16 insertions(+), 9 deletions(-)
>
> diff --git a/arch/riscv/lib/fdt_fixup.c b/arch/riscv/lib/fdt_fixup.c
> index 5b2420243f..d02062fd5b 100644
> --- a/arch/riscv/lib/fdt_fixup.c
> +++ b/arch/riscv/lib/fdt_fixup.c
> @@ -75,7 +75,7 @@ int riscv_fdt_copy_resv_mem_node(const void *src, void *dst)
> pmp_mem.start = addr;
> pmp_mem.end = addr + size - 1;
> err = fdtdec_add_reserved_memory(dst, basename, &pmp_mem,
> - &phandle);
> + &phandle, false);
I guess in a future patch we would want to set nomap=true here too as
this is the memory reserved by the secure execution environment (e.g.
OpenSBI).
Best regards
Heinrich
> if (err < 0 && err != -FDT_ERR_EXISTS) {
> log_err("failed to add reserved memory: %d\n", err);
> return err;
> diff --git a/include/fdtdec.h b/include/fdtdec.h
> index bc79389260..f127c7d386 100644
> --- a/include/fdtdec.h
> +++ b/include/fdtdec.h
> @@ -1016,7 +1016,7 @@ static inline int fdtdec_set_phandle(void *blob, int node, uint32_t phandle)
> * };
> * uint32_t phandle;
> *
> - * fdtdec_add_reserved_memory(fdt, "framebuffer", &fb, &phandle);
> + * fdtdec_add_reserved_memory(fdt, "framebuffer", &fb, &phandle, false);
> *
> * This results in the following subnode being added to the top-level
> * /reserved-memory node:
> @@ -1043,11 +1043,12 @@ static inline int fdtdec_set_phandle(void *blob, int node, uint32_t phandle)
> * @param carveout information about the carveout region
> * @param phandlep return location for the phandle of the carveout region
> * can be NULL if no phandle should be added
> + * @param no_map add "no-map" property if true
> * @return 0 on success or a negative error code on failure
> */
> int fdtdec_add_reserved_memory(void *blob, const char *basename,
> const struct fdt_memory *carveout,
> - uint32_t *phandlep);
> + uint32_t *phandlep, bool no_map);
>
> /**
> * fdtdec_get_carveout() - reads a carveout from an FDT
> diff --git a/lib/fdtdec.c b/lib/fdtdec.c
> index 30a1c6a217..bf40d87cb3 100644
> --- a/lib/fdtdec.c
> +++ b/lib/fdtdec.c
> @@ -1303,7 +1303,7 @@ static int fdtdec_init_reserved_memory(void *blob)
>
> int fdtdec_add_reserved_memory(void *blob, const char *basename,
> const struct fdt_memory *carveout,
> - uint32_t *phandlep)
> + uint32_t *phandlep, bool no_map)
> {
> fdt32_t cells[4] = {}, *ptr = cells;
> uint32_t upper, lower, phandle;
> @@ -1403,6 +1403,12 @@ int fdtdec_add_reserved_memory(void *blob, const char *basename,
> if (err < 0)
> return err;
>
> + if (no_map) {
> + err = fdt_setprop(blob, node, "no-map", NULL, 0);
> + if (err < 0)
> + return err;
> + }
> +
> /* return the phandle for the new node for the caller to use */
> if (phandlep)
> *phandlep = phandle;
> @@ -1468,7 +1474,7 @@ int fdtdec_set_carveout(void *blob, const char *node, const char *prop_name,
> fdt32_t value;
> void *prop;
>
> - err = fdtdec_add_reserved_memory(blob, name, carveout, &phandle);
> + err = fdtdec_add_reserved_memory(blob, name, carveout, &phandle, false);
> if (err < 0) {
> debug("failed to add reserved memory: %d\n", err);
> return err;
> diff --git a/lib/optee/optee.c b/lib/optee/optee.c
> index 457d4cca8a..963c2ff430 100644
> --- a/lib/optee/optee.c
> +++ b/lib/optee/optee.c
> @@ -192,7 +192,7 @@ int optee_copy_fdt_nodes(const void *old_blob, void *new_blob)
> ret = fdtdec_add_reserved_memory(new_blob,
> nodename,
> &carveout,
> - NULL);
> + NULL, false);
> free(oldname);
>
> if (ret < 0)
> diff --git a/test/dm/fdtdec.c b/test/dm/fdtdec.c
> index 716993f706..4119003041 100644
> --- a/test/dm/fdtdec.c
> +++ b/test/dm/fdtdec.c
> @@ -80,7 +80,7 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts)
> resv.start = 0x1000;
> resv.end = 0x1fff;
> ut_assertok(fdtdec_add_reserved_memory(blob, "rsvd_region",
> - &resv, &phandle));
> + &resv, &phandle, false));
>
> /* Test /reserve-memory and its subnode should exist */
> parent = fdt_path_offset(blob, "/reserved-memory");
> @@ -101,7 +101,7 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts)
> resv.start = 0x2000;
> resv.end = 0x2fff;
> ut_assertok(fdtdec_add_reserved_memory(blob, "rsvd_region1",
> - &resv, &phandle1));
> + &resv, &phandle1, false));
> subnode = fdt_path_offset(blob, "/reserved-memory/rsvd_region1");
> ut_assert(subnode > 0);
>
> @@ -115,7 +115,7 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts)
> resv.start = 0x1000;
> resv.end = 0x1fff;
> ut_assertok(fdtdec_add_reserved_memory(blob, "rsvd_region2",
> - &resv, &phandle1));
> + &resv, &phandle1, false));
> subnode = fdt_path_offset(blob, "/reserved-memory/rsvd_region2");
> ut_assert(subnode < 0);
>
>
More information about the U-Boot
mailing list