[Linaro-uefi,v5] xen/arm64: check XSM Magic from the second unknown module.

Message ID 1459874796-27052-1-git-send-email-fu.wei@linaro.org
State New
Headers show

Commit Message

Fu Wei Fu April 5, 2016, 4:46 p.m.
From: Fu Wei <fu.wei@linaro.org>

This patch adds a has_xsm_magic helper function for detecting XSM
from the second unknown module.

If Xen can't get the kind of module from compatible, we guess the kind of
these unknowns respectively:
    (1) The first unknown must be kernel.
    (2) Detect the XSM Magic from the 2nd unknown:
        a. If it's XSM, set the kind as XSM, and that also means we
	won't load ramdisk;
	b. if it's not XSM, set the kind as ramdisk.
	So if user want to load ramdisk, it must be the 2nd unknown.
We also detect the XSM Magic for the following unknowns, then set its kind
according to the return value of has_xsm_magic.

By this way, arm64 behavior can be compatible to x86 and can simplify
multi-arch bootloader such as GRUB.

Signed-off-by: Fu Wei <fu.wei@linaro.org>
---
Changelog:
v5: Wrap "#include <asm/setup.h>" up by #ifdef CONFIG_HAS_DEVICE_TREE
    Improve has_xsm_magic code.

v4: http://lists.xen.org/archives/html/xen-devel/2016-04/msg00553.html
    Fix some code style and comments problems.
    Only check the Magic number.
    Re-order the code in process_multiboot_node to get the base address
    first, then the XSM Magic checking function only need to check if the
    Magic number is valid.
    Factor the XSM Magic checking code into an helper and re-use it
    in xsm_dt_policy_init.

v3: http://lists.xen.org/archives/html/xen-devel/2016-03/msg03564.html
    Using memcmp instead of strncmp.
    Using "return 0;" instead of panic();
    Improve some comments.

v2: http://lists.xen.org/archives/html/xen-devel/2016-03/msg03543.html
    Using XEN_MAGIC macro instead of 0xf97cff8c :
    uint32_t selinux_magic = 0xf97cff8c; --> uint32_t xen_magic = XEN_MAGIC;
    Comment out the code(return 0 directly), if CONFIG_FLASK is not set.

v1: http://lists.xen.org/archives/html/xen-devel/2016-03/msg02430.html
    The first upstream patch to xen-devel mailing lists.

 xen/arch/arm/bootfdt.c | 37 +++++++++++++++++++++++++------------
 xen/include/xsm/xsm.h  |  8 +++++++-
 xen/xsm/xsm_core.c     | 27 +++++++++++++++++++++++++++
 xen/xsm/xsm_policy.c   |  8 ++------
 4 files changed, 61 insertions(+), 19 deletions(-)

Comments

Julien Grall April 8, 2016, 2:51 p.m. | #1
Hi Fu Wei,

On 05/04/16 17:46, fu.wei@linaro.org wrote:
> From: Fu Wei <fu.wei@linaro.org>
>
> This patch adds a has_xsm_magic helper function for detecting XSM
> from the second unknown module.
>
> If Xen can't get the kind of module from compatible, we guess the kind of
> these unknowns respectively:
>      (1) The first unknown must be kernel.
>      (2) Detect the XSM Magic from the 2nd unknown:
>          a. If it's XSM, set the kind as XSM, and that also means we
> 	won't load ramdisk;
> 	b. if it's not XSM, set the kind as ramdisk.
> 	So if user want to load ramdisk, it must be the 2nd unknown.

The documentation in docs/misc/arm/device-tree/booting.txt needs to be 
update.

Otherwise, the rest of the patch looks good to me.

Regards,
Julien Grall April 8, 2016, 3:19 p.m. | #2
Hi Wei,

On 08/04/16 15:58, Wei Liu wrote:
> On Fri, Apr 08, 2016 at 03:51:22PM +0100, Julien Grall wrote:
>> Hi Fu Wei,
>>
>> On 05/04/16 17:46, fu.wei@linaro.org wrote:
>>> From: Fu Wei <fu.wei@linaro.org>
>>>
>>> This patch adds a has_xsm_magic helper function for detecting XSM
>> >from the second unknown module.
>>>
>>> If Xen can't get the kind of module from compatible, we guess the kind of
>>> these unknowns respectively:
>>>      (1) The first unknown must be kernel.
>>>      (2) Detect the XSM Magic from the 2nd unknown:
>>>          a. If it's XSM, set the kind as XSM, and that also means we
>>> 	won't load ramdisk;
>>> 	b. if it's not XSM, set the kind as ramdisk.
>>> 	So if user want to load ramdisk, it must be the 2nd unknown.
>>
>> The documentation in docs/misc/arm/device-tree/booting.txt needs to be
>> update.
>>
>> Otherwise, the rest of the patch looks good to me.
>>
>> Regards,
>>
>
> Is this targeting 4.7? Today is the last day for committing stuff. The
> doc can come in later.

Yes, it's targeting 4.7. Fu Wei, can you send a follow-up for the doc?

>
> Julien and Daniel's acks are needed here.

Acked-by: Julien Grall <julien.grall@arm.com>

Regards,
Fu Wei Fu April 13, 2016, 9:43 a.m. | #3
Hi Julien,

On 8 April 2016 at 22:51, Julien Grall <julien.grall@arm.com> wrote:
> Hi Fu Wei,
>
> On 05/04/16 17:46, fu.wei@linaro.org wrote:
>>
>> From: Fu Wei <fu.wei@linaro.org>
>>
>> This patch adds a has_xsm_magic helper function for detecting XSM
>> from the second unknown module.
>>
>> If Xen can't get the kind of module from compatible, we guess the kind of
>> these unknowns respectively:
>>      (1) The first unknown must be kernel.
>>      (2) Detect the XSM Magic from the 2nd unknown:
>>          a. If it's XSM, set the kind as XSM, and that also means we
>>         won't load ramdisk;
>>         b. if it's not XSM, set the kind as ramdisk.
>>         So if user want to load ramdisk, it must be the 2nd unknown.
>
>
> The documentation in docs/misc/arm/device-tree/booting.txt needs to be
> update.

Yes, I may forgot this part, but I will make a new doc patch.
Thanks for reminding me

>
> Otherwise, the rest of the patch looks good to me.

Great thanks for your help

>
> Regards,
>
> --
> Julien Grall
Fu Wei Fu April 13, 2016, 9:45 a.m. | #4
Hi Julien,

On 8 April 2016 at 23:19, Julien Grall <julien.grall@arm.com> wrote:
> Hi Wei,
>
> On 08/04/16 15:58, Wei Liu wrote:
>>
>> On Fri, Apr 08, 2016 at 03:51:22PM +0100, Julien Grall wrote:
>>>
>>> Hi Fu Wei,
>>>
>>> On 05/04/16 17:46, fu.wei@linaro.org wrote:
>>>>
>>>> From: Fu Wei <fu.wei@linaro.org>
>>>>
>>>> This patch adds a has_xsm_magic helper function for detecting XSM
>>>
>>> >from the second unknown module.
>>>>
>>>>
>>>> If Xen can't get the kind of module from compatible, we guess the kind
>>>> of
>>>> these unknowns respectively:
>>>>      (1) The first unknown must be kernel.
>>>>      (2) Detect the XSM Magic from the 2nd unknown:
>>>>          a. If it's XSM, set the kind as XSM, and that also means we
>>>>         won't load ramdisk;
>>>>         b. if it's not XSM, set the kind as ramdisk.
>>>>         So if user want to load ramdisk, it must be the 2nd unknown.
>>>
>>>
>>> The documentation in docs/misc/arm/device-tree/booting.txt needs to be
>>> update.
>>>
>>> Otherwise, the rest of the patch looks good to me.
>>>
>>> Regards,
>>>
>>
>> Is this targeting 4.7? Today is the last day for committing stuff. The
>> doc can come in later.
>
>
> Yes, it's targeting 4.7. Fu Wei, can you send a follow-up for the doc?
>

yes, of course, I will do ASAP.


>>
>> Julien and Daniel's acks are needed here.
>
>
> Acked-by: Julien Grall <julien.grall@arm.com>
>
> Regards,
>
> --
> Julien Grall
Fu Wei Fu April 19, 2016, 12:32 p.m. | #5
Hi Wei Liu

On 15 April 2016 at 17:47, Wei Liu <wei.liu2@citrix.com> wrote:
> On Wed, Apr 13, 2016 at 05:45:27PM +0800, Fu Wei wrote:
>> Hi Julien,
>>
>> On 8 April 2016 at 23:19, Julien Grall <julien.grall@arm.com> wrote:
>> > Hi Wei,
>> >
>> > On 08/04/16 15:58, Wei Liu wrote:
>> >>
>> >> On Fri, Apr 08, 2016 at 03:51:22PM +0100, Julien Grall wrote:
>> >>>
>> >>> Hi Fu Wei,
>> >>>
>> >>> On 05/04/16 17:46, fu.wei@linaro.org wrote:
>> >>>>
>> >>>> From: Fu Wei <fu.wei@linaro.org>
>> >>>>
>> >>>> This patch adds a has_xsm_magic helper function for detecting XSM
>> >>>
>> >>> >from the second unknown module.
>> >>>>
>> >>>>
>> >>>> If Xen can't get the kind of module from compatible, we guess the kind
>> >>>> of
>> >>>> these unknowns respectively:
>> >>>>      (1) The first unknown must be kernel.
>> >>>>      (2) Detect the XSM Magic from the 2nd unknown:
>> >>>>          a. If it's XSM, set the kind as XSM, and that also means we
>> >>>>         won't load ramdisk;
>> >>>>         b. if it's not XSM, set the kind as ramdisk.
>> >>>>         So if user want to load ramdisk, it must be the 2nd unknown.
>> >>>
>> >>>
>> >>> The documentation in docs/misc/arm/device-tree/booting.txt needs to be
>> >>> update.
>> >>>
>> >>> Otherwise, the rest of the patch looks good to me.
>> >>>
>> >>> Regards,
>> >>>
>> >>
>> >> Is this targeting 4.7? Today is the last day for committing stuff. The
>> >> doc can come in later.
>> >
>> >
>> > Yes, it's targeting 4.7. Fu Wei, can you send a follow-up for the doc?
>> >
>>
>> yes, of course, I will do ASAP.
>>
>
> Yes please. Note that the anticipated release date would be the
> beginning of June, so you have five weeks to do that.

I have posted the doc patch:
http://lists.xen.org/archives/html/xen-devel/2016-04/msg02070.html

could some one review it ??

>
> Wei.

Patch

diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c
index 8a14015..d130633 100644
--- a/xen/arch/arm/bootfdt.c
+++ b/xen/arch/arm/bootfdt.c
@@ -14,6 +14,7 @@ 
 #include <xen/init.h>
 #include <xen/device_tree.h>
 #include <xen/libfdt/libfdt.h>
+#include <xsm/xsm.h>
 #include <asm/setup.h>
 
 static bool_t __init device_tree_node_matches(const void *fdt, int node,
@@ -175,6 +176,17 @@  static void __init process_multiboot_node(const void *fdt, int node,
     const char *cmdline;
     int len;
 
+    prop = fdt_get_property(fdt, node, "reg", &len);
+    if ( !prop )
+        panic("node %s missing `reg' property\n", name);
+
+    if ( len < dt_cells_to_size(address_cells + size_cells) )
+        panic("fdt: node `%s': `reg` property length is too short\n",
+                    name);
+
+    cell = (const __be32 *)prop->data;
+    device_tree_get_reg(&cell, address_cells, size_cells, &start, &size);
+
     if ( fdt_node_check_compatible(fdt, node, "xen,linux-zimage") == 0 ||
          fdt_node_check_compatible(fdt, node, "multiboot,kernel") == 0 )
         kind = BOOTMOD_KERNEL;
@@ -186,7 +198,17 @@  static void __init process_multiboot_node(const void *fdt, int node,
     else
         kind = BOOTMOD_UNKNOWN;
 
-    /* Guess that first two unknown are kernel and ramdisk respectively. */
+    /**
+     * Guess the kind of these first two unknowns respectively:
+     * (1) The first unknown must be kernel.
+     * (2) Detect the XSM Magic from the 2nd unknown:
+     *     a. If it's XSM, set the kind as XSM, and that also means we
+     *     won't load ramdisk;
+     *     b. if it's not XSM, set the kind as ramdisk.
+     *     So if user want to load ramdisk, it must be the 2nd unknown.
+     * We also detect the XSM Magic for the following unknowns,
+     * then set its kind according to the return value of has_xsm_magic.
+     */
     if ( kind == BOOTMOD_UNKNOWN )
     {
         switch ( kind_guess++ )
@@ -195,19 +217,10 @@  static void __init process_multiboot_node(const void *fdt, int node,
         case 1: kind = BOOTMOD_RAMDISK; break;
         default: break;
         }
+	if ( kind_guess > 1 && has_xsm_magic(start) )
+            kind = BOOTMOD_XSM;
     }
 
-    prop = fdt_get_property(fdt, node, "reg", &len);
-    if ( !prop )
-        panic("node %s missing `reg' property\n", name);
-
-    if ( len < dt_cells_to_size(address_cells + size_cells) )
-        panic("fdt: node `%s': `reg` property length is too short\n",
-                    name);
-
-    cell = (const __be32 *)prop->data;
-    device_tree_get_reg(&cell, address_cells, size_cells, &start, &size);
-
     prop = fdt_get_property(fdt, node, "bootargs", &len);
     if ( prop )
     {
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 3afed70..803c7ea 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -745,6 +745,7 @@  extern int xsm_multiboot_policy_init(unsigned long *module_map,
 #ifdef CONFIG_HAS_DEVICE_TREE
 extern int xsm_dt_init(void);
 extern int xsm_dt_policy_init(void);
+extern bool has_xsm_magic(paddr_t);
 #endif
 
 extern int register_xsm(struct xsm_operations *ops);
@@ -771,7 +772,12 @@  static inline int xsm_dt_init(void)
 {
     return 0;
 }
-#endif
+
+static inline bool has_xsm_magic(paddr_t start)
+{
+    return false;
+}
+#endif /* CONFIG_HAS_DEVICE_TREE */
 
 #endif /* CONFIG_XSM */
 
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 5e432de..634ec98 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -19,6 +19,10 @@ 
 
 #ifdef CONFIG_XSM
 
+#ifdef CONFIG_HAS_DEVICE_TREE
+#include <asm/setup.h>
+#endif
+
 #define XSM_FRAMEWORK_VERSION    "1.0.0"
 
 struct xsm_operations *xsm_ops;
@@ -109,6 +113,29 @@  int __init xsm_dt_init(void)
 
     return ret;
 }
+
+/**
+ * has_xsm_magic - Check XSM Magic of the module header by phy address
+ * A XSM module has a special header
+ * ------------------------------------------------
+ * uint magic | uint target_len | uchar target[8] |
+ * 0xf97cff8c |        8        |    "XenFlask"   |
+ * ------------------------------------------------
+ * 0xf97cff8c is policy magic number (XSM_MAGIC).
+ * Here we only check the "magic" of the module.
+ */
+bool __init has_xsm_magic(paddr_t start)
+{
+    xsm_magic_t magic;
+
+    if ( XSM_MAGIC )
+    {
+        copy_from_paddr(&magic, start, sizeof(magic) );
+        return ( magic == XSM_MAGIC );
+    }
+
+    return false;
+}
 #endif
 
 int register_xsm(struct xsm_operations *ops)
diff --git a/xen/xsm/xsm_policy.c b/xen/xsm/xsm_policy.c
index b60d822..bde8015 100644
--- a/xen/xsm/xsm_policy.c
+++ b/xen/xsm/xsm_policy.c
@@ -79,7 +79,6 @@  int __init xsm_dt_policy_init(void)
 {
     struct bootmodule *mod = boot_module_find_by_kind(BOOTMOD_XSM);
     paddr_t paddr, len;
-    xsm_magic_t magic;
 
     if ( !mod || !mod->size )
         return 0;
@@ -87,12 +86,9 @@  int __init xsm_dt_policy_init(void)
     paddr = mod->start;
     len = mod->size;
 
-    copy_from_paddr(&magic, paddr, sizeof(magic));
-
-    if ( magic != XSM_MAGIC )
+    if ( !has_xsm_magic(paddr) )
     {
-        printk(XENLOG_ERR "xsm: Invalid magic for XSM blob got 0x%x "
-               "expected 0x%x\n", magic, XSM_MAGIC);
+        printk(XENLOG_ERR "xsm: Invalid magic for XSM blob\n");
         return -EINVAL;
     }