Skip to content

Commit

Permalink
Fix secure PNOR provider deadlock
Browse files Browse the repository at this point in the history 
- Direct extended/targeting image unprotected payload access to PNOR range

Change-Id: Id81b3bcc8c3ef4317e68e111847d6c9d3ede7ac4
CQ: SW392719
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42156
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@dcrowell77
Nick Bofferding authored and dcrowell77 committed Jun 22, 2017
1 parent 68ff2b9 commit ccb7468
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 3 deletions.
1 change: 1 addition & 0 deletions src/usr/secureboot/base/test/securerommgrtest.H
View file
Expand Up @@ -360,6 +360,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
// Calculate pnor vaddr and read original page so we can run test case
// in both secure and unsecure mode.
uint64_t l_pnorVaddr = VFS::VfsRp::getInstance().iv_pnor_vaddr
- VFS::VfsRp::getInstance().iv_unprotectedOffset
+ l_vaddr;
memcpy(l_originPage, reinterpret_cast<uint8_t*>(l_pnorVaddr), PAGESIZE);

Expand Down
11 changes: 11 additions & 0 deletions src/usr/targeting/attrrp.C
View file
Expand Up @@ -442,6 +442,17 @@ namespace TARGETING
iv_sections[i].pnorAddress =
l_pnorSectionInfo.vaddr + l_section->sectionOffset;

#ifdef CONFIG_SECUREBOOT
// RW targeting section is part of the unprotected payload
// so use the normal PNOR virtual address space
if( l_pnorSectionInfo.secure
&& iv_sections[i].type == SECTION_TYPE_PNOR_RW)
{
iv_sections[i].pnorAddress -=
(VMM_VADDR_SPNOR_DELTA + VMM_VADDR_SPNOR_DELTA);
}
#endif

if(iv_isMpipl)
{
//For MPIPL we are reading from real memory,
Expand Down
9 changes: 7 additions & 2 deletions src/usr/vfs/vfsrp.C
View file
Expand Up @@ -182,6 +182,10 @@ errlHndl_t VfsRp::_init()
iv_hashPageTableSize);
// skip the hash page table
iv_pnor_vaddr += iv_hashPageTableSize;

// Compute offset to the unprotected payload virtual address range.
// This offset should be subtracted from the secure address
iv_unprotectedOffset = VMM_VADDR_SPNOR_DELTA+VMM_VADDR_SPNOR_DELTA;
}
#endif

Expand Down Expand Up @@ -365,7 +369,8 @@ void VfsRp::msgHandler()
}
}
#endif
memcpy((void *)paddr, (void *)(iv_pnor_vaddr+vaddr),
memcpy((void *)paddr, (void *)(iv_pnor_vaddr
-iv_unprotectedOffset+vaddr),
PAGE_SIZE);
mm_icache_invalidate((void*)paddr,PAGE_SIZE/8);
msg->data[1] = 0;
Expand Down Expand Up @@ -762,7 +767,7 @@ errlHndl_t VfsRp::verify_page(uint64_t i_vaddr, uint64_t i_baseOffset,
uint64_t i_hashPageTableOffset) const
{
errlHndl_t l_errl = nullptr;
uint64_t l_pnorVaddr = iv_pnor_vaddr + i_vaddr;
uint64_t l_pnorVaddr = iv_pnor_vaddr-iv_unprotectedOffset+i_vaddr;

// Get current hash page table entry
TRACDCOMP(g_trac_vfs, "VfsRp::verify_page Current Page vaddr = 0x%llX, index = %d, bin file offset = 0x%llX",
Expand Down
5 changes: 4 additions & 1 deletion src/usr/vfs/vfsrp.H
View file
Expand Up @@ -95,7 +95,8 @@ namespace VFS
*/
VfsRp() : iv_msgQ(NULL), iv_msg(NULL), iv_pnor_vaddr(0),
iv_hashPageTableOffset(0),iv_hashPageTableSize(0),
iv_protectedPayloadSize(0),iv_hbExtSecure(0)
iv_protectedPayloadSize(0),iv_hbExtSecure(0),
iv_unprotectedOffset(0)
{
mutex_init(&iv_mutex);
}
Expand Down Expand Up @@ -258,6 +259,8 @@ namespace VFS
uint64_t iv_protectedPayloadSize; //!< size of entire protected payload of ext img
//!< Includes Hash page table and VFS module table
bool iv_hbExtSecure; //!< cache result if hostboot extended image is secure
uint64_t iv_unprotectedOffset; //!< Offset to unprotected payload
//!< (subtract from secure offset)

typedef std::vector<VfsSystemModule *> ModuleList_t;

Expand Down

0 comments on commit ccb7468

Please sign in to comment.