| Message ID | 1464271273-23223-5-git-send-email-wens@csie.org |
|---|---|
| State | Superseded |
| Delegated to: | Hans de Goede |
| Headers | show |
On 26/05/16 15:01, Chen-Yu Tsai wrote: > The PSCI implementation expects at most 2 pages worth of space reserved > at the end of the secure section for its stacks. If PSCI is relocated to > secure SRAM, then everything is fine. If no secure SRAM is available, > and PSCI remains in main memory, the reserved memory space doesn't cover > the space used by the stack. > > If one accesses PSCI after Linux has fully booted, the memory that should > have been reserved for the PSCI stacks may have been used by the kernel > or userspace, and would be corrupted. Observed after effects include the > system hanging or telinit core dumping when trying to reboot. It seems > the init process gets hit the most on my test bed. > > This fix allocates the space used by the PSCI stacks in the secure > section by skipping pages in the linker script, but only when there is > no secure SRAM, to avoid bloating the binary. > > This fix is only a stop gap. It would be better to rework the stack > allocation mechanism, maybe with proper usage of CONFIG_ macros and an > explicit symbol. > > Signed-off-by: Chen-Yu Tsai <wens@csie.org> > > squash! ARM: allocate extra space for PSCI stack in secure section during link phase > --- > arch/arm/cpu/u-boot.lds | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/arm/cpu/u-boot.lds b/arch/arm/cpu/u-boot.lds > index cfab8b041234..0770f8c878d1 100644 > --- a/arch/arm/cpu/u-boot.lds > +++ b/arch/arm/cpu/u-boot.lds > @@ -50,6 +50,7 @@ SECTIONS > > #ifndef CONFIG_ARMV7_SECURE_BASE > #define CONFIG_ARMV7_SECURE_BASE > +#define __ARMV7_ALLOCATE_SECURE_STACK ALLOCATE_SECURE_STACK is a bit of a misnomer, because nothing is secure at all there (it is in RAM). Something like PSCI_RAM_STACK would be more accurate. > #endif > > .__secure_start : { > @@ -67,6 +68,12 @@ SECTIONS > SIZEOF(.__secure_start) + > SIZEOF(.secure_text); > > +#ifdef __ARMV7_ALLOCATE_SECURE_STACK > + /* Align to page boundary and skip 2 pages */ > + . = (. & ~ 0xfff) + 0x2000; > +#undef __ARMV7_ALLOCATE_SECURE_STACK > +#endif > + > __secure_end_lma = .; > .__secure_end : AT(__secure_end_lma) { > *(.__secure_end) > Thanks, M.
diff --git a/arch/arm/cpu/u-boot.lds b/arch/arm/cpu/u-boot.lds index cfab8b041234..0770f8c878d1 100644 --- a/arch/arm/cpu/u-boot.lds +++ b/arch/arm/cpu/u-boot.lds @@ -50,6 +50,7 @@ SECTIONS #ifndef CONFIG_ARMV7_SECURE_BASE #define CONFIG_ARMV7_SECURE_BASE +#define __ARMV7_ALLOCATE_SECURE_STACK #endif .__secure_start : { @@ -67,6 +68,12 @@ SECTIONS SIZEOF(.__secure_start) + SIZEOF(.secure_text); +#ifdef __ARMV7_ALLOCATE_SECURE_STACK + /* Align to page boundary and skip 2 pages */ + . = (. & ~ 0xfff) + 0x2000; +#undef __ARMV7_ALLOCATE_SECURE_STACK +#endif + __secure_end_lma = .; .__secure_end : AT(__secure_end_lma) { *(.__secure_end)
The PSCI implementation expects at most 2 pages worth of space reserved at the end of the secure section for its stacks. If PSCI is relocated to secure SRAM, then everything is fine. If no secure SRAM is available, and PSCI remains in main memory, the reserved memory space doesn't cover the space used by the stack. If one accesses PSCI after Linux has fully booted, the memory that should have been reserved for the PSCI stacks may have been used by the kernel or userspace, and would be corrupted. Observed after effects include the system hanging or telinit core dumping when trying to reboot. It seems the init process gets hit the most on my test bed. This fix allocates the space used by the PSCI stacks in the secure section by skipping pages in the linker script, but only when there is no secure SRAM, to avoid bloating the binary. This fix is only a stop gap. It would be better to rework the stack allocation mechanism, maybe with proper usage of CONFIG_ macros and an explicit symbol. Signed-off-by: Chen-Yu Tsai <wens@csie.org> squash! ARM: allocate extra space for PSCI stack in secure section during link phase --- arch/arm/cpu/u-boot.lds | 7 +++++++ 1 file changed, 7 insertions(+)