2019-06-03 13:03:14

by Christophe Leroy

[permalink] [raw]
Subject: [PATCH] powerpc/32s: fix booting with CONFIG_PPC_EARLY_DEBUG_BOOTX

When booting through OF, setup_disp_bat() does nothing because
disp_BAT are not set. By change, it used to work because BOOTX
buffer is mapped 1:1 at address 0x81000000 by the bootloader, and
btext_setup_display() sets virt addr same as phys addr.

But since commit 215b823707ce ("powerpc/32s: set up an early static
hash table for KASAN."), a temporary page table overrides the
bootloader mapping.

This 0x81000000 is also problematic with the newly implemented
Kernel Userspace Access Protection (KUAP) because it is within user
address space.

This patch fixes those issues by properly setting disp_BAT through
a call to btext_prepare_BAT(), allowing setup_disp_bat() to
properly setup BAT3 for early bootx screen buffer access.

Reported-by: Mathieu Malaterre <[email protected]>
Fixes: 215b823707ce ("powerpc/32s: set up an early static hash table for KASAN.")
Signed-off-by: Christophe Leroy <[email protected]>
---
arch/powerpc/include/asm/btext.h | 4 ++++
arch/powerpc/kernel/prom_init.c | 1 +
arch/powerpc/kernel/prom_init_check.sh | 2 +-
3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/include/asm/btext.h b/arch/powerpc/include/asm/btext.h
index 3ffad030393c..461b0f193864 100644
--- a/arch/powerpc/include/asm/btext.h
+++ b/arch/powerpc/include/asm/btext.h
@@ -13,7 +13,11 @@ extern void btext_update_display(unsigned long phys, int width, int height,
int depth, int pitch);
extern void btext_setup_display(int width, int height, int depth, int pitch,
unsigned long address);
+#ifdef CONFIG_PPC32
extern void btext_prepare_BAT(void);
+#else
+static inline void btext_prepare_BAT(void) { }
+#endif
extern void btext_map(void);
extern void btext_unmap(void);

diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
index 3555cad7bdde..ed446b7ea164 100644
--- a/arch/powerpc/kernel/prom_init.c
+++ b/arch/powerpc/kernel/prom_init.c
@@ -2336,6 +2336,7 @@ static void __init prom_check_displays(void)
prom_printf("W=%d H=%d LB=%d addr=0x%x\n",
width, height, pitch, addr);
btext_setup_display(width, height, 8, pitch, addr);
+ btext_prepare_BAT();
}
#endif /* CONFIG_PPC_EARLY_DEBUG_BOOTX */
}
diff --git a/arch/powerpc/kernel/prom_init_check.sh b/arch/powerpc/kernel/prom_init_check.sh
index 518d416971c1..160bef0d553d 100644
--- a/arch/powerpc/kernel/prom_init_check.sh
+++ b/arch/powerpc/kernel/prom_init_check.sh
@@ -24,7 +24,7 @@ fi
WHITELIST="add_reloc_offset __bss_start __bss_stop copy_and_flush
_end enter_prom $MEM_FUNCS reloc_offset __secondary_hold
__secondary_hold_acknowledge __secondary_hold_spinloop __start
-logo_linux_clut224
+logo_linux_clut224 btext_prepare_BAT
reloc_got2 kernstart_addr memstart_addr linux_banner _stext
__prom_init_toc_start __prom_init_toc_end btext_setup_display TOC."

--
2.13.3


2019-06-05 11:34:19

by Mathieu Malaterre

[permalink] [raw]
Subject: Re: [PATCH] powerpc/32s: fix booting with CONFIG_PPC_EARLY_DEBUG_BOOTX

On Mon, Jun 3, 2019 at 3:00 PM Christophe Leroy <[email protected]> wrote:
>
> When booting through OF, setup_disp_bat() does nothing because
> disp_BAT are not set. By change, it used to work because BOOTX
> buffer is mapped 1:1 at address 0x81000000 by the bootloader, and
> btext_setup_display() sets virt addr same as phys addr.
>
> But since commit 215b823707ce ("powerpc/32s: set up an early static
> hash table for KASAN."), a temporary page table overrides the
> bootloader mapping.
>
> This 0x81000000 is also problematic with the newly implemented
> Kernel Userspace Access Protection (KUAP) because it is within user
> address space.
>
> This patch fixes those issues by properly setting disp_BAT through
> a call to btext_prepare_BAT(), allowing setup_disp_bat() to
> properly setup BAT3 for early bootx screen buffer access.
>
> Reported-by: Mathieu Malaterre <[email protected]>
> Fixes: 215b823707ce ("powerpc/32s: set up an early static hash table for KASAN.")
> Signed-off-by: Christophe Leroy <[email protected]>

The patch below does fix the symptoms I reported. Tested with CONFIG_KASAN=n :

Tested-by: Mathieu Malaterre <[email protected]>

Thanks !

> ---
> arch/powerpc/include/asm/btext.h | 4 ++++
> arch/powerpc/kernel/prom_init.c | 1 +
> arch/powerpc/kernel/prom_init_check.sh | 2 +-
> 3 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/btext.h b/arch/powerpc/include/asm/btext.h
> index 3ffad030393c..461b0f193864 100644
> --- a/arch/powerpc/include/asm/btext.h
> +++ b/arch/powerpc/include/asm/btext.h
> @@ -13,7 +13,11 @@ extern void btext_update_display(unsigned long phys, int width, int height,
> int depth, int pitch);
> extern void btext_setup_display(int width, int height, int depth, int pitch,
> unsigned long address);
> +#ifdef CONFIG_PPC32
> extern void btext_prepare_BAT(void);
> +#else
> +static inline void btext_prepare_BAT(void) { }
> +#endif
> extern void btext_map(void);
> extern void btext_unmap(void);
>
> diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
> index 3555cad7bdde..ed446b7ea164 100644
> --- a/arch/powerpc/kernel/prom_init.c
> +++ b/arch/powerpc/kernel/prom_init.c
> @@ -2336,6 +2336,7 @@ static void __init prom_check_displays(void)
> prom_printf("W=%d H=%d LB=%d addr=0x%x\n",
> width, height, pitch, addr);
> btext_setup_display(width, height, 8, pitch, addr);
> + btext_prepare_BAT();
> }
> #endif /* CONFIG_PPC_EARLY_DEBUG_BOOTX */
> }
> diff --git a/arch/powerpc/kernel/prom_init_check.sh b/arch/powerpc/kernel/prom_init_check.sh
> index 518d416971c1..160bef0d553d 100644
> --- a/arch/powerpc/kernel/prom_init_check.sh
> +++ b/arch/powerpc/kernel/prom_init_check.sh
> @@ -24,7 +24,7 @@ fi
> WHITELIST="add_reloc_offset __bss_start __bss_stop copy_and_flush
> _end enter_prom $MEM_FUNCS reloc_offset __secondary_hold
> __secondary_hold_acknowledge __secondary_hold_spinloop __start
> -logo_linux_clut224
> +logo_linux_clut224 btext_prepare_BAT
> reloc_got2 kernstart_addr memstart_addr linux_banner _stext
> __prom_init_toc_start __prom_init_toc_end btext_setup_display TOC."
>
> --
> 2.13.3
>

2019-06-07 06:19:11

by Mathieu Malaterre

[permalink] [raw]
Subject: Re: [PATCH] powerpc/32s: fix booting with CONFIG_PPC_EARLY_DEBUG_BOOTX

On Wed, Jun 5, 2019 at 1:32 PM Mathieu Malaterre <[email protected]> wrote:
>
> On Mon, Jun 3, 2019 at 3:00 PM Christophe Leroy <[email protected]> wrote:
> >
> > When booting through OF, setup_disp_bat() does nothing because
> > disp_BAT are not set. By change, it used to work because BOOTX
> > buffer is mapped 1:1 at address 0x81000000 by the bootloader, and
> > btext_setup_display() sets virt addr same as phys addr.
> >
> > But since commit 215b823707ce ("powerpc/32s: set up an early static
> > hash table for KASAN."), a temporary page table overrides the
> > bootloader mapping.
> >
> > This 0x81000000 is also problematic with the newly implemented
> > Kernel Userspace Access Protection (KUAP) because it is within user
> > address space.
> >
> > This patch fixes those issues by properly setting disp_BAT through
> > a call to btext_prepare_BAT(), allowing setup_disp_bat() to
> > properly setup BAT3 for early bootx screen buffer access.
> >
> > Reported-by: Mathieu Malaterre <[email protected]>
> > Fixes: 215b823707ce ("powerpc/32s: set up an early static hash table for KASAN.")
> > Signed-off-by: Christophe Leroy <[email protected]>
>
> The patch below does fix the symptoms I reported. Tested with CONFIG_KASAN=n :
>
> Tested-by: Mathieu Malaterre <[email protected]>

Link: https://bugzilla.kernel.org/show_bug.cgi?id=203699

>
> Thanks !
>
> > ---
> > arch/powerpc/include/asm/btext.h | 4 ++++
> > arch/powerpc/kernel/prom_init.c | 1 +
> > arch/powerpc/kernel/prom_init_check.sh | 2 +-
> > 3 files changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/powerpc/include/asm/btext.h b/arch/powerpc/include/asm/btext.h
> > index 3ffad030393c..461b0f193864 100644
> > --- a/arch/powerpc/include/asm/btext.h
> > +++ b/arch/powerpc/include/asm/btext.h
> > @@ -13,7 +13,11 @@ extern void btext_update_display(unsigned long phys, int width, int height,
> > int depth, int pitch);
> > extern void btext_setup_display(int width, int height, int depth, int pitch,
> > unsigned long address);
> > +#ifdef CONFIG_PPC32
> > extern void btext_prepare_BAT(void);
> > +#else
> > +static inline void btext_prepare_BAT(void) { }
> > +#endif
> > extern void btext_map(void);
> > extern void btext_unmap(void);
> >
> > diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
> > index 3555cad7bdde..ed446b7ea164 100644
> > --- a/arch/powerpc/kernel/prom_init.c
> > +++ b/arch/powerpc/kernel/prom_init.c
> > @@ -2336,6 +2336,7 @@ static void __init prom_check_displays(void)
> > prom_printf("W=%d H=%d LB=%d addr=0x%x\n",
> > width, height, pitch, addr);
> > btext_setup_display(width, height, 8, pitch, addr);
> > + btext_prepare_BAT();
> > }
> > #endif /* CONFIG_PPC_EARLY_DEBUG_BOOTX */
> > }
> > diff --git a/arch/powerpc/kernel/prom_init_check.sh b/arch/powerpc/kernel/prom_init_check.sh
> > index 518d416971c1..160bef0d553d 100644
> > --- a/arch/powerpc/kernel/prom_init_check.sh
> > +++ b/arch/powerpc/kernel/prom_init_check.sh
> > @@ -24,7 +24,7 @@ fi
> > WHITELIST="add_reloc_offset __bss_start __bss_stop copy_and_flush
> > _end enter_prom $MEM_FUNCS reloc_offset __secondary_hold
> > __secondary_hold_acknowledge __secondary_hold_spinloop __start
> > -logo_linux_clut224
> > +logo_linux_clut224 btext_prepare_BAT
> > reloc_got2 kernstart_addr memstart_addr linux_banner _stext
> > __prom_init_toc_start __prom_init_toc_end btext_setup_display TOC."
> >
> > --
> > 2.13.3
> >

2019-06-12 08:00:28

by Michael Ellerman

[permalink] [raw]
Subject: Re: [PATCH] powerpc/32s: fix booting with CONFIG_PPC_EARLY_DEBUG_BOOTX

On Mon, 2019-06-03 at 13:00:51 UTC, Christophe Leroy wrote:
> When booting through OF, setup_disp_bat() does nothing because
> disp_BAT are not set. By change, it used to work because BOOTX
> buffer is mapped 1:1 at address 0x81000000 by the bootloader, and
> btext_setup_display() sets virt addr same as phys addr.
>
> But since commit 215b823707ce ("powerpc/32s: set up an early static
> hash table for KASAN."), a temporary page table overrides the
> bootloader mapping.
>
> This 0x81000000 is also problematic with the newly implemented
> Kernel Userspace Access Protection (KUAP) because it is within user
> address space.
>
> This patch fixes those issues by properly setting disp_BAT through
> a call to btext_prepare_BAT(), allowing setup_disp_bat() to
> properly setup BAT3 for early bootx screen buffer access.
>
> Reported-by: Mathieu Malaterre <[email protected]>
> Fixes: 215b823707ce ("powerpc/32s: set up an early static hash table for KASAN.")
> Signed-off-by: Christophe Leroy <[email protected]>
> Tested-by: Mathieu Malaterre <[email protected]>

Applied to powerpc fixes, thanks.

https://git.kernel.org/powerpc/c/c21f5a9ed85ca3e914ca11f421677ae9

cheers