diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2015-03-02 18:04:05 -0600 |
|---|---|---|
| committer | A. Patrick Williams III <iawillia@us.ibm.com> | 2015-04-09 21:59:24 -0500 |
| commit | 343014b3095462dbec20efe456cbb945d4844b4e (patch) | |
| tree | e7a4f1b0b522e63ba0c0baea82a6add01b09772c /src/kernel | |
| parent | 77f3ab96fd87a9bbecb19aba9f3b48cfb09983bd (diff) | |
| download | blackbird-hostboot-343014b3095462dbec20efe456cbb945d4844b4e.tar.gz blackbird-hostboot-343014b3095462dbec20efe456cbb945d4844b4e.zip | |
Prevent out-of-order data access to FSP mailbox memory area
- Added system call to map FSP mailbox memory with guard permission
- Call new mapping in DMA area init
- Propagate guard permission down to MMIO map
- Apply guard permission in page fault handler
- Updated debug tools to support extra bit in MMIO struct
Change-Id: I8335ac7d3ef57e46d4c8b6c2b2a42b8a0bf7c4b0
Backport: release-fips830
Backport: release-fips820
CQ: SW295345
Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/16307
Tested-by: Jenkins Server
Reviewed-by: Brian H. Horton <brianh@linux.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
Diffstat (limited to 'src/kernel')
| -rw-r--r-- | src/kernel/devicesegment.C | 14 | ||||
| -rw-r--r-- | src/kernel/ptmgr.C | 8 | ||||
| -rw-r--r-- | src/kernel/segmentmgr.C | 14 | ||||
| -rw-r--r-- | src/kernel/syscall.C | 4 | ||||
| -rw-r--r-- | src/kernel/vmmmgr.C | 14 |
5 files changed, 39 insertions, 15 deletions
diff --git a/src/kernel/devicesegment.C b/src/kernel/devicesegment.C index 1989bcbd6..6ee5b7412 100644 --- a/src/kernel/devicesegment.C +++ b/src/kernel/devicesegment.C @@ -5,7 +5,9 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* COPYRIGHT International Business Machines Corp. 2011,2014 */ +/* Contributors Listed Below - COPYRIGHT 2011,2015 */ +/* [+] International Business Machines Corp. */ +/* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ /* you may not use this file except in compliance with the License. */ @@ -73,7 +75,8 @@ bool DeviceSegment::handlePageFault(task_t* i_task, uint64_t i_addr, PageTableManager::addEntry((i_addr / PAGESIZE) * PAGESIZE, (iv_mmioMap[idx].addr + device_offset) / PAGESIZE, (iv_mmioMap[idx].no_ci ? - (BYPASS_HRMOR | WRITABLE) : + (BYPASS_HRMOR | WRITABLE | + ( iv_mmioMap[idx].guarded ? GUARDED : 0) ) : SegmentManager::CI_ACCESS) ); return true; @@ -85,9 +88,12 @@ bool DeviceSegment::handlePageFault(task_t* i_task, uint64_t i_addr, * @param ra[in] - Void pointer to real address to be mapped in * @param i_devDataSize[in] - Size of device segment block * @param i_nonCI[in] - Device should be mapped cacheable instead of CI + * @param i_guarded[in] - Whether to prevent out-of-order acces to + * instructions or data in the segment. Ignored if CI. * @return void* - Pointer to beginning virtual address, NULL otherwise */ -void *DeviceSegment::devMap(void *ra, uint64_t i_devDataSize, bool i_nonCI) +void *DeviceSegment::devMap(void *ra, uint64_t i_devDataSize, bool i_nonCI, + bool i_guarded) { void *segBlock = NULL; if (i_devDataSize <= THIRTYTWO_GB) @@ -97,6 +103,7 @@ void *DeviceSegment::devMap(void *ra, uint64_t i_devDataSize, bool i_nonCI) if ((0 == iv_mmioMap[i].addr) && (0 == iv_mmioMap[i].size)) { iv_mmioMap[i].no_ci = i_nonCI; + iv_mmioMap[i].guarded = i_guarded; iv_mmioMap[i].size = i_devDataSize; iv_mmioMap[i].addr = reinterpret_cast<uint64_t>(ra); @@ -137,6 +144,7 @@ int DeviceSegment::devUnmap(void *ea) false); iv_mmioMap[idx].addr = 0; iv_mmioMap[idx].size = 0; + iv_mmioMap[idx].guarded = 0; rc = 0; } diff --git a/src/kernel/ptmgr.C b/src/kernel/ptmgr.C index 98d32035e..959e0c7dd 100644 --- a/src/kernel/ptmgr.C +++ b/src/kernel/ptmgr.C @@ -903,6 +903,12 @@ void PageTableManager::setAccessBits( PageTableEntry* o_pte, // All others are set to 0b0010 o_pte->WIMG = 0b0010; // Memory Coherency Required + // Turn on the guarded access permission if requested + if(i_accessType & GUARDED) + { + o_pte->WIMG |= 0b0001; + } + if (i_accessType & READ_ONLY) { o_pte->pp1_2 = 0b01; // PP=001 @@ -940,7 +946,7 @@ uint64_t PageTableManager::getAccessType( const PageTableEntry* i_pte ) { return SegmentManager::CI_ACCESS; } - else if (i_pte->WIMG == 0b0010) + else if ( (i_pte->WIMG & 0b1110) == 0b0010) { if (i_pte->pp1_2 == 0b00) { diff --git a/src/kernel/segmentmgr.C b/src/kernel/segmentmgr.C index 341605fd6..73caaf76f 100644 --- a/src/kernel/segmentmgr.C +++ b/src/kernel/segmentmgr.C @@ -5,7 +5,9 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* COPYRIGHT International Business Machines Corp. 2011,2014 */ +/* Contributors Listed Below - COPYRIGHT 2011,2015 */ +/* [+] International Business Machines Corp. */ +/* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ /* you may not use this file except in compliance with the License. */ @@ -63,10 +65,11 @@ void SegmentManager::castOutPages(uint64_t i_type) Singleton<SegmentManager>::instance()._castOutPages(i_type); } -void* SegmentManager::devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI) +void* SegmentManager::devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI, + bool i_guarded) { return Singleton<SegmentManager>::instance()._devMap(ra, i_devDataSize, - i_nonCI); + i_nonCI, i_guarded); } int SegmentManager::devUnmap(void* ea) @@ -162,7 +165,8 @@ void SegmentManager::_castOutPages(uint64_t i_type) } } -void* SegmentManager::_devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI) +void* SegmentManager::_devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI, + bool i_guarded) { void* ea = NULL; for (size_t i = MMIO_FIRST_SEGMENT_ID; i <= MMIO_LAST_SEGMENT_ID; i++) @@ -170,7 +174,7 @@ void* SegmentManager::_devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI) if (NULL == iv_segments[i]) continue; ea = reinterpret_cast<DeviceSegment*>(iv_segments[i])-> - devMap(ra, i_devDataSize, i_nonCI); + devMap(ra, i_devDataSize, i_nonCI, i_guarded); if (ea != NULL) break; } diff --git a/src/kernel/syscall.C b/src/kernel/syscall.C index 7830f7757..d54d85ae7 100644 --- a/src/kernel/syscall.C +++ b/src/kernel/syscall.C @@ -535,6 +535,7 @@ namespace Systemcalls void *ra = (void*)TASK_GETARG0(t); uint64_t devDataSize = ALIGN_PAGE(TASK_GETARG1(t)); bool cacheable = (0 != TASK_GETARG2(t)); + bool guarded = (0 != TASK_GETARG3(t)); if (TASK_GETARG0(t) & (PAGESIZE - 1)) // ensure address page alignment. { @@ -547,7 +548,8 @@ namespace Systemcalls else { TASK_SETRTN(t, - (uint64_t)VmmManager::devMap(ra,devDataSize,cacheable)); + (uint64_t)VmmManager::devMap( + ra,devDataSize,cacheable,guarded)); } } diff --git a/src/kernel/vmmmgr.C b/src/kernel/vmmmgr.C index 98d752bbb..48675c398 100644 --- a/src/kernel/vmmmgr.C +++ b/src/kernel/vmmmgr.C @@ -5,7 +5,9 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* COPYRIGHT International Business Machines Corp. 2010,2014 */ +/* Contributors Listed Below - COPYRIGHT 2010,2015 */ +/* [+] International Business Machines Corp. */ +/* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ /* you may not use this file except in compliance with the License. */ @@ -86,10 +88,11 @@ void VmmManager::flushPageTable( void ) Singleton<VmmManager>::instance()._flushPageTable(); } -void* VmmManager::devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI) +void* VmmManager::devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI, + bool i_guarded) { return Singleton<VmmManager>::instance()._devMap(ra, i_devDataSize, - i_nonCI); + i_nonCI, i_guarded); } int VmmManager::devUnmap(void* ea) @@ -222,12 +225,13 @@ int VmmManager::_mmExtend(void) return rc; } -void* VmmManager::_devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI) +void* VmmManager::_devMap(void* ra, uint64_t i_devDataSize, bool i_nonCI, + bool i_guarded) { void* ea = NULL; lock.lock(); - ea = SegmentManager::devMap(ra, i_devDataSize, i_nonCI); + ea = SegmentManager::devMap(ra, i_devDataSize, i_nonCI, i_guarded); lock.unlock(); return ea; |
