Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2104974iof; Tue, 7 Jun 2022 19:55:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwQGJD8Z9kyF0lSUNxqArDOWivRWw6jNW0Tspj2E21cBL6L8cDu/PbWV4F27C0WlBmOeEEd X-Received: by 2002:a63:2b02:0:b0:3fb:fe88:8a8f with SMTP id r2-20020a632b02000000b003fbfe888a8fmr27810848pgr.247.1654656911329; Tue, 07 Jun 2022 19:55:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654656911; cv=none; d=google.com; s=arc-20160816; b=ZcHHZiQMURdhKErw72bjKXRpMaHXmE+PIXddTDEMVnmikfK8eHj646egsUYWaqmBVP nvYabxVUjmTkwJUANt7WdwfWY5jSBQIpQPU7Ej3JfJjun9m76dhRG0ASfTVhYWg5Tm42 42jKbd8gX5n3vaUEz9t0vkFmCpoWCRWkp0NqSzkLHE1hg1Mq9w/t70wWFnIOT1WckFVc nQgNoM5aHyVeNrPOazctJD8slzNmL+cuXa9CcTFTt/yMnnJdT9piwe5xUMoGynTuJSS2 94AYd0GNlhX4wp863W6ahTEMHqzMnPTYmBhMAl78O5UePc7eOll2afPpWJSoO8TL+TSe Kzow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pVzSqUwTJ7IhQ/y/a7JVyXNzDvr3IfZyGmGLxs0fk5o=; b=XcyvC4+NrahL6oGT1MUxpuNB8fSugo3GIWlgEM04lMAgCRnFS9Yzky9+Ilg0e/bgDW kAwH6eDvnyi/YTPmQA7P6UIoZ4m2lXe12F6b8Y1UUbDkKvWbYmNSQ0L5kUPQiL615oaH j10z/DzVnrNaL2anfx0diRmTJKQC0xMApfqPBu+FYJFcXXaovUIoXIl2JJw6URJq4sD0 cu8ME6bI4R+AFT8qA+YCXmdxNcDGs08tsjRkPKjNaUHfRSGpkbuMhCCW9Z+5JAmxrCxM //4GimIhEoQSXXn8xBo3FQdbM25BpjD/ENgyTP0xa0RaOTKNj8OWLWgDJZmlbuHvcfll OOiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zW85+kwk; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id i64-20020a638743000000b003fe0d7ec881si3777210pge.287.2022.06.07.19.55.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 19:55:11 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zW85+kwk; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id EAA2E2B12C0; Tue, 7 Jun 2022 18:32:02 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381998AbiFGWS4 (ORCPT + 99 others); Tue, 7 Jun 2022 18:18:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379837AbiFGVMm (ORCPT ); Tue, 7 Jun 2022 17:12:42 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ADFF815352E; Tue, 7 Jun 2022 11:54:11 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E7330616A9; Tue, 7 Jun 2022 18:54:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EE8DFC385A2; Tue, 7 Jun 2022 18:54:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654628050; bh=goT196KiQfwpElqIN5celghRGMAp8wKph89erWgkuJs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zW85+kwkfkATKmxAoLVFUNVHznd8lVt7LLxa0nDj99QMur4zyezO41jO+cQQ0lp83 sZ3FYEZtlUB7B/RqSe9Rb7ECoqLUFm7b3bYfbaPgpIPXmeTn6fkZfGpEWYRjdFmoZj c97LCeaArHoNKCUKY3OlR69mbH8XqlZlSwiDmz/E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ross Burton , Andre Przywara , Rob Herring , Sasha Levin Subject: [PATCH 5.18 187/879] of/fdt: Ignore disabled memory nodes Date: Tue, 7 Jun 2022 18:55:05 +0200 Message-Id: <20220607165008.270554431@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220607165002.659942637@linuxfoundation.org> References: <20220607165002.659942637@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andre Przywara [ Upstream commit df5cd369876114f91f9ae60658fea80acfb15890 ] When we boot a machine using a devicetree, the generic DT code goes through all nodes with a 'device_type = "memory"' property, and collects all memory banks mentioned there. However it does not check for the status property, so any nodes which are explicitly "disabled" will still be added as a memblock. This ends up badly for QEMU, when booting with secure firmware on arm/arm64 machines, because QEMU adds a node describing secure-only memory: =================== secram@e000000 { secure-status = "okay"; status = "disabled"; reg = <0x00 0xe000000 0x00 0x1000000>; device_type = "memory"; }; =================== The kernel will eventually use that memory block (which is located below the main DRAM bank), but accesses to that will be answered with an SError: =================== [ 0.000000] Internal error: synchronous external abort: 96000050 [#1] PREEMPT SMP [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0-rc6-00014-g10c8acb8b679 #524 [ 0.000000] Hardware name: linux,dummy-virt (DT) [ 0.000000] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.000000] pc : new_slab+0x190/0x340 [ 0.000000] lr : new_slab+0x184/0x340 [ 0.000000] sp : ffff80000a4b3d10 .... ================== The actual crash location and call stack will be somewhat random, and depend on the specific allocation of that physical memory range. As the DT spec[1] explicitly mentions standard properties, add a simple check to skip over disabled memory nodes, so that we only use memory that is meant for non-secure code to use. That fixes booting a QEMU arm64 VM with EL3 enabled ("secure=on"), when not using UEFI. In this case the QEMU generated DT will be handed on to the kernel, which will see the secram node. This issue is reproducible when using TF-A together with U-Boot as firmware, then booting with the "booti" command. When using U-Boot as an UEFI provider, the code there [2] explicitly filters for disabled nodes when generating the UEFI memory map, so we are safe. EDK/2 only reads the first bank of the first DT memory node [3] to learn about memory, so we got lucky there. [1] https://github.com/devicetree-org/devicetree-specification/blob/main/source/chapter3-devicenodes.rst#memory-node (after the table) [2] https://source.denx.de/u-boot/u-boot/-/blob/master/lib/fdtdec.c#L1061-1063 [3] https://github.com/tianocore/edk2/blob/master/ArmVirtPkg/PrePi/FdtParser.c Reported-by: Ross Burton Signed-off-by: Andre Przywara Signed-off-by: Rob Herring Link: https://lore.kernel.org/r/20220517101410.3493781-1-andre.przywara@arm.com Signed-off-by: Sasha Levin --- drivers/of/fdt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c index ec315b060cd5..0f30496ce80b 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -1105,6 +1105,9 @@ int __init early_init_dt_scan_memory(void) if (type == NULL || strcmp(type, "memory") != 0) continue; + if (!of_fdt_device_is_available(fdt, node)) + continue; + reg = of_get_flat_dt_prop(node, "linux,usable-memory", &l); if (reg == NULL) reg = of_get_flat_dt_prop(node, "reg", &l); -- 2.35.1