* [PATCH v1] arm64: setup: Check for overlapping dtb and Image load addresses
@ 2018-01-24 9:23 Lingutla Chandrasekhar
2018-01-29 15:48 ` Will Deacon
0 siblings, 1 reply; 4+ messages in thread
From: Lingutla Chandrasekhar @ 2018-01-24 9:23 UTC (permalink / raw)
To: linux-arm-kernel
Sometime kernel image and dtb load offsets can overlap due to
dynamically increased Image or dtb size if both load addresses
are near to each other, which leads to bootup failures.
So validate dtb load address and kernel image, if they overlap
do not proceed to boot.
Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
---
Changes since v0:
- Print overlap bytes.
- Simplify ovelap checks.
diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
index 30ad2f085d1f..fd9be0ad4a78 100644
--- a/arch/arm64/kernel/setup.c
+++ b/arch/arm64/kernel/setup.c
@@ -181,14 +181,21 @@ static void __init smp_build_mpidr_hash(void)
static void __init setup_machine_fdt(phys_addr_t dt_phys)
{
void *dt_virt = fixmap_remap_fdt(dt_phys);
+ u64 end_phys = __pa_symbol(_end);
+ u64 start_phys = __pa_symbol(_text);
const char *name;
- if (!dt_virt || !early_init_dt_scan(dt_virt)) {
- pr_crit("\n"
- "Error: invalid device tree blob at physical address %pa (virtual address 0x%p)\n"
+ if (!dt_virt || (end_phys > dt_phys &&
+ (dt_phys + fdt_totalsize(dt_virt)) > start_phys) ||
+ !early_init_dt_scan(dt_virt)) {
+ pr_crit("Error: invalid device tree blob at physical address %pa (virtual address 0x%p)\n"
"The dtb must be 8-byte aligned and must not exceed 2 MB in size\n"
+ "The dtb load address overllaped %lld bytes with kernel image\n"
"\nPlease check your bootloader.",
- &dt_phys, dt_virt);
+ &dt_phys, dt_virt,
+ (dt_phys < start_phys) ?
+ (dt_phys + fdt_totalsize(dt_virt) - start_phys) :
+ (end_phys - dt_phys));
while (true)
cpu_relax();
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project.
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v1] arm64: setup: Check for overlapping dtb and Image load addresses
2018-01-24 9:23 [PATCH v1] arm64: setup: Check for overlapping dtb and Image load addresses Lingutla Chandrasekhar
@ 2018-01-29 15:48 ` Will Deacon
2018-02-05 8:06 ` Chandra Sekhar Lingutla
0 siblings, 1 reply; 4+ messages in thread
From: Will Deacon @ 2018-01-29 15:48 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Jan 24, 2018 at 02:53:45PM +0530, Lingutla Chandrasekhar wrote:
> Sometime kernel image and dtb load offsets can overlap due to
> dynamically increased Image or dtb size if both load addresses
> are near to each other, which leads to bootup failures.
>
> So validate dtb load address and kernel image, if they overlap
> do not proceed to boot.
>
> Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
> ---
>
> Changes since v0:
> - Print overlap bytes.
> - Simplify ovelap checks.
This all feels a bit fragile to me, since we're relying on some portion of
the Image and .dtb working in order to run this code successfully. I'd
rather not pretend to detect this exact scenario, particularly as I can't
see it being useful for anybody other than firmware developers (who are in a
better position to check whether or not this is happening).
More generally, is there not some .dtb checksum failure that detects
corruption there? Perhaps we could do something like that for the Image
too?
Will
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v1] arm64: setup: Check for overlapping dtb and Image load addresses
2018-01-29 15:48 ` Will Deacon
@ 2018-02-05 8:06 ` Chandra Sekhar Lingutla
2018-02-05 11:13 ` Mark Rutland
0 siblings, 1 reply; 4+ messages in thread
From: Chandra Sekhar Lingutla @ 2018-02-05 8:06 UTC (permalink / raw)
To: linux-arm-kernel
Hi Will,
On 1/29/2018 9:18 PM, Will Deacon wrote:
> On Wed, Jan 24, 2018 at 02:53:45PM +0530, Lingutla Chandrasekhar wrote:
>> Sometime kernel image and dtb load offsets can overlap due to
>> dynamically increased Image or dtb size if both load addresses
>> are near to each other, which leads to bootup failures.
>>
>> So validate dtb load address and kernel image, if they overlap
>> do not proceed to boot.
>>
>> Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
>> ---
>>
>> Changes since v0:
>> - Print overlap bytes.
>> - Simplify ovelap checks.
> This all feels a bit fragile to me, since we're relying on some portion of
> the Image and .dtb working in order to run this code successfully. I'd
> rather not pretend to detect this exact scenario, particularly as I can't
> see it being useful for anybody other than firmware developers (who are in a
> better position to check whether or not this is happening).
Yes, it is useful for boot loaders, adding one more condition to current checks
for bootloader failures, so that boot loader developers can easily identify the
real issue(Image size increased dynamically).
> More generally, is there not some .dtb checksum failure that detects
> corruption there? Perhaps we could do something like that for the Image
> too?
In boot loader, first we load Image and then dtb to corresponding DDR offset right,
so not sure checksum would help here.
> Will
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v1] arm64: setup: Check for overlapping dtb and Image load addresses
2018-02-05 8:06 ` Chandra Sekhar Lingutla
@ 2018-02-05 11:13 ` Mark Rutland
0 siblings, 0 replies; 4+ messages in thread
From: Mark Rutland @ 2018-02-05 11:13 UTC (permalink / raw)
To: linux-arm-kernel
Hi,
On Mon, Feb 05, 2018 at 01:36:12PM +0530, Chandra Sekhar Lingutla wrote:
> On 1/29/2018 9:18 PM, Will Deacon wrote:
> > On Wed, Jan 24, 2018 at 02:53:45PM +0530, Lingutla Chandrasekhar wrote:
> >> Sometime kernel image and dtb load offsets can overlap due to
> >> dynamically increased Image or dtb size if both load addresses
> >> are near to each other, which leads to bootup failures.
> >>
> >> So validate dtb load address and kernel image, if they overlap
> >> do not proceed to boot.
> >>
> >> Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org>
> >> ---
> >>
> >> Changes since v0:
> >> - Print overlap bytes.
> >> - Simplify ovelap checks.
> > This all feels a bit fragile to me, since we're relying on some portion of
> > the Image and .dtb working in order to run this code successfully. I'd
> > rather not pretend to detect this exact scenario, particularly as I can't
> > see it being useful for anybody other than firmware developers (who are in a
> > better position to check whether or not this is happening).
>
> Yes, it is useful for boot loaders, adding one more condition to current checks
> for bootloader failures, so that boot loader developers can easily identify the
> real issue(Image size increased dynamically).
It would be better if your bootloader checked the image_size header in
the kernel Image (see Documentation/arm64/booting.txt). Then it can
either bail out, or decide where to place the DTB dynamically.
> > More generally, is there not some .dtb checksum failure that detects
> > corruption there? Perhaps we could do something like that for the Image
> > too?
>
> In boot loader, first we load Image and then dtb to corresponding DDR offset right,
> so not sure checksum would help here.
If that's the case, it's possible that the DTB gets placed over the code
performing this check in the kernel.
It is not possibleto detect this overlap in the bootloader? Both the
kernel Image and DTB have size fields.
Thanks,
Mark.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-02-05 11:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-24 9:23 [PATCH v1] arm64: setup: Check for overlapping dtb and Image load addresses Lingutla Chandrasekhar
2018-01-29 15:48 ` Will Deacon
2018-02-05 8:06 ` Chandra Sekhar Lingutla
2018-02-05 11:13 ` Mark Rutland
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).