From patchwork Mon Sep 23 22:30:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Maxiwell S. Garcia" X-Patchwork-Id: 1166225 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cfDm46Zcz9s00 for ; Tue, 24 Sep 2019 08:31:20 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46cfDm2xx3zDqQ9 for ; Tue, 24 Sep 2019 08:31:20 +1000 (AEST) X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maxiwell@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46cfD60yt9zDqH4 for ; Tue, 24 Sep 2019 08:30:45 +1000 (AEST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x8NMQrsA042559 for ; Mon, 23 Sep 2019 18:30:43 -0400 Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 2v75vb1n60-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 18:30:43 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x8NMUBue005506 for ; Mon, 23 Sep 2019 22:30:42 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma02wdc.us.ibm.com with ESMTP id 2v5bg6q88m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 22:30:42 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x8NMUejg53019134 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Sep 2019 22:30:40 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AF1C5C6057; Mon, 23 Sep 2019 22:30:40 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 31F18C6055; Mon, 23 Sep 2019 22:30:39 +0000 (GMT) Received: from maxibm.ibmuc.com (unknown [9.85.133.177]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 23 Sep 2019 22:30:38 +0000 (GMT) From: "Maxiwell S. Garcia" To: petitboot@lists.ozlabs.org Subject: [PATCH v2 4/4] discover: Check if the kernel image has Ultravisor support Date: Mon, 23 Sep 2019 19:30:24 -0300 Message-Id: <20190923223024.995-5-maxiwell@linux.ibm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190923223024.995-1-maxiwell@linux.ibm.com> References: <20190923223024.995-1-maxiwell@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-23_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909230189 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" The PPC kernel image has an ELF Note 'namespace' called 'PowerPC' to store capabilities and information which can be used by a bootloader or userland. The capabilities can be accessed using the 'type' PPC_ELFNOTE_CAPABILITIES which returns a bitmap as 'descriptor' field. Bit 0 in this bitmap indicates that the powerpc kernel binary knows how to run in an ultravisor-enabled system. So, using this bit, the petitboot can decide to abort the boot if the kernel is incompatible, avoiding the crash later. This validation only occours on PowerPC ultravisor-system and if the config 'preboot check' in UI screen is enabled. Signed-off-by: Maxiwell S. Garcia --- discover/boot.c | 21 ++++++++++++++++++ discover/platform-powerpc.c | 43 +++++++++++++++++++++++++++++++++++++ discover/platform.c | 11 ++++++++++ discover/platform.h | 5 +++++ 4 files changed, 80 insertions(+) diff --git a/discover/boot.c b/discover/boot.c index 91fc46d..9963498 100644 --- a/discover/boot.c +++ b/discover/boot.c @@ -401,6 +401,24 @@ static void cleanup_cancellations(struct boot_task *task, talloc_free(task); } +static bool preboot_check(struct boot_task *task) +{ + const char *local_image = (task->local_image_override) ? + task->local_image_override : task->local_image; + + char *preboot_check_err_msg = NULL; + bool preboot_check_ret = platform_preboot_check(local_image, + &preboot_check_err_msg); + + if (preboot_check_err_msg) { + update_status(task->status_fn, task->status_arg, + STATUS_ERROR, "%s", preboot_check_err_msg); + talloc_free(preboot_check_err_msg); + } + + return preboot_check_ret; +} + static void boot_process(struct load_url_result *result, void *data) { struct boot_task *task = data; @@ -424,6 +442,9 @@ static void boot_process(struct load_url_result *result, void *data) run_boot_hooks(task); + if (!preboot_check(task)) + return; + update_status(task->status_fn, task->status_arg, STATUS_INFO, _("Performing kexec load")); diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c index e4422d9..7efa531 100644 --- a/discover/platform-powerpc.c +++ b/discover/platform-powerpc.c @@ -21,6 +21,7 @@ #include "platform.h" #include "ipmi.h" #include "dt.h" +#include "elf.h" static const char *partition = "common"; static const char *sysparams_dir = "/sys/firmware/opal/sysparams/"; @@ -930,6 +931,47 @@ static void pre_boot(struct platform *p, const struct config *config) platform->set_os_boot_sensor(platform); } +static bool preboot_check(struct platform *p, + const struct config *config, + const char *image, + char **err_msg) +{ + struct platform_powerpc *platform = p->platform_data; + unsigned int *ppc_cap_bitmap = NULL; + bool ultravisor_enabled; + struct stat statbuf; + bool ret = true; + + /* check if ultravisor-system is enabled */ + ultravisor_enabled = stat("/proc/device-tree/ibm,ultravisor", + &statbuf) == 0; + + /* if ultravisor-system is disabled, continue the boot process */ + if (!ultravisor_enabled) + return true; + + ppc_cap_bitmap = elf_getnote_desc(elf_open_image(image), + POWERPC_ELFNOTE_NAMESPACE, + PPC_ELFNOTE_CAPABILITIES); + + if ((ppc_cap_bitmap) && (*ppc_cap_bitmap & PPCCAP_ULTRAVISOR_BIT)) { + pb_debug("kernel capabilities: ultravisor mode found.\n"); + } else { + ret = false; + pb_log_fn("kernel capabilities failed:" + " IBM Ultravisor mode is required.\n"); + *err_msg = talloc_strdup(platform, "IBM Ultravisor capability" + " not found"); + } + free(ppc_cap_bitmap); + + /* if preboot_check is disabled, continue the boot process */ + if (!config->preboot_check_enabled) + return true; + + return ret; +} + static int get_sysinfo(struct platform *p, struct system_info *sysinfo) { struct platform_powerpc *platform = p->platform_data; @@ -1035,6 +1077,7 @@ static struct platform platform_powerpc = { .get_sysinfo = get_sysinfo, .restrict_clients = restrict_clients, .set_password = set_password, + .preboot_check = preboot_check, }; register_platform(platform_powerpc); diff --git a/discover/platform.c b/discover/platform.c index ea45594..9d52f2a 100644 --- a/discover/platform.c +++ b/discover/platform.c @@ -207,6 +207,17 @@ void platform_pre_boot(void) platform->pre_boot(platform, config); } +bool platform_preboot_check(const char *image, char **err_msg) +{ + const struct config *config = config_get(); + + if (platform && config && platform->preboot_check) + return platform->preboot_check(platform, config, + image, err_msg); + + return true; +} + int platform_get_sysinfo(struct system_info *info) { if (platform && platform->get_sysinfo) diff --git a/discover/platform.h b/discover/platform.h index 5a5c990..fe3d390 100644 --- a/discover/platform.h +++ b/discover/platform.h @@ -14,6 +14,10 @@ struct platform { int (*get_sysinfo)(struct platform *, struct system_info *); bool (*restrict_clients)(struct platform *); int (*set_password)(struct platform *, const char *hash); + bool (*preboot_check)(struct platform *, + const struct config *, + const char *image, + char **err_msg); uint16_t dhcp_arch_id; void *platform_data; }; @@ -25,6 +29,7 @@ int platform_get_sysinfo(struct system_info *info); bool platform_restrict_clients(void); int platform_set_password(const char *hash); void platform_pre_boot(void); +bool platform_preboot_check(const char *image, char **err_msg); /* configuration interface */ const struct config *config_get(void);