Fix secure PNOR provider deadlock

- Direct extended/targeting image unprotected payload access to PNOR range Change-Id: Id81b3bcc8c3ef4317e68e111847d6c9d3ede7ac4 CQ: SW392719 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42156 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Nick Bofferding <bofferdn@us.ibm.com> 2017-06-20 14:22:38 -0500
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-06-22 09:20:28 -0400
commit: ccb74685e3205a1f74e4a2264f27775144600d2c (patch)
tree: 1c05f71a8cded2d600ba83621fd8827e32452069 /src
parent: 68ff2b9ea18728f467d8945023e62b7b4f645087 (diff)
download: talos-hostboot-ccb74685e3205a1f74e4a2264f27775144600d2c.tar.gz
talos-hostboot-ccb74685e3205a1f74e4a2264f27775144600d2c.zip
4 files changed, 23 insertions, 3 deletions
diff --git a/src/usr/secureboot/base/test/securerommgrtest.H b/src/usr/secureboot/base/test/securerommgrtest.H
index a10bd853c..a26b18b96 100644
--- a/src/usr/secureboot/base/test/securerommgrtest.H
+++ b/src/usr/secureboot/base/test/securerommgrtest.H
@@ -360,6 +360,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
         // Calculate pnor vaddr and read original page so we can run test case
         // in both secure and unsecure mode.
         uint64_t l_pnorVaddr = VFS::VfsRp::getInstance().iv_pnor_vaddr
+                               - VFS::VfsRp::getInstance().iv_unprotectedOffset
                                + l_vaddr;
         memcpy(l_originPage, reinterpret_cast<uint8_t*>(l_pnorVaddr), PAGESIZE);
 
diff --git a/src/usr/targeting/attrrp.C b/src/usr/targeting/attrrp.C
index 28ffe8133..da1efdb15 100755
--- a/src/usr/targeting/attrrp.C
+++ b/src/usr/targeting/attrrp.C
@@ -442,6 +442,17 @@ namespace TARGETING
                 iv_sections[i].pnorAddress =
                     l_pnorSectionInfo.vaddr + l_section->sectionOffset;
 
+                #ifdef CONFIG_SECUREBOOT
+                // RW targeting section is part of the unprotected payload
+                // so use the normal PNOR virtual address space
+                if(   l_pnorSectionInfo.secure
+                   && iv_sections[i].type == SECTION_TYPE_PNOR_RW)
+                {
+                    iv_sections[i].pnorAddress -=
+                        (VMM_VADDR_SPNOR_DELTA + VMM_VADDR_SPNOR_DELTA);
+                }
+                #endif
+
                 if(iv_isMpipl)
                 {
                     //For MPIPL we are reading from real memory,
diff --git a/src/usr/vfs/vfsrp.C b/src/usr/vfs/vfsrp.C
index 6284edd5a..63f2a15e7 100644
--- a/src/usr/vfs/vfsrp.C
+++ b/src/usr/vfs/vfsrp.C
@@ -182,6 +182,10 @@ errlHndl_t VfsRp::_init()
                   iv_hashPageTableSize);
         // skip the hash page table
         iv_pnor_vaddr += iv_hashPageTableSize;
+
+        // Compute offset to the unprotected payload virtual address range.
+        // This offset should be subtracted from the secure address
+        iv_unprotectedOffset = VMM_VADDR_SPNOR_DELTA+VMM_VADDR_SPNOR_DELTA;
     }
 #endif
 
@@ -365,7 +369,8 @@ void VfsRp::msgHandler()
                             }
                         }
 #endif
-                        memcpy((void *)paddr, (void *)(iv_pnor_vaddr+vaddr),
+                        memcpy((void *)paddr, (void *)(iv_pnor_vaddr
+                               -iv_unprotectedOffset+vaddr),
                                PAGE_SIZE);
                         mm_icache_invalidate((void*)paddr,PAGE_SIZE/8);
                         msg->data[1] = 0;
@@ -762,7 +767,7 @@ errlHndl_t VfsRp::verify_page(uint64_t i_vaddr, uint64_t i_baseOffset,
                               uint64_t i_hashPageTableOffset) const
 {
     errlHndl_t l_errl = nullptr;
-    uint64_t l_pnorVaddr = iv_pnor_vaddr + i_vaddr;
+    uint64_t l_pnorVaddr = iv_pnor_vaddr-iv_unprotectedOffset+i_vaddr;
 
     // Get current hash page table entry
     TRACDCOMP(g_trac_vfs, "VfsRp::verify_page Current Page vaddr = 0x%llX, index = %d, bin file offset = 0x%llX",
diff --git a/src/usr/vfs/vfsrp.H b/src/usr/vfs/vfsrp.H
index 6c1feb7db..ebf9c86fd 100644
--- a/src/usr/vfs/vfsrp.H
+++ b/src/usr/vfs/vfsrp.H
@@ -95,7 +95,8 @@ namespace VFS
              */
             VfsRp() : iv_msgQ(NULL), iv_msg(NULL), iv_pnor_vaddr(0),
                       iv_hashPageTableOffset(0),iv_hashPageTableSize(0),
-                      iv_protectedPayloadSize(0),iv_hbExtSecure(0)
+                      iv_protectedPayloadSize(0),iv_hbExtSecure(0),
+                      iv_unprotectedOffset(0)
             {
                 mutex_init(&iv_mutex);
             }
@@ -258,6 +259,8 @@ namespace VFS
             uint64_t iv_protectedPayloadSize; //!< size of entire protected payload of ext img
                                               //!< Includes Hash page table and VFS module table
             bool     iv_hbExtSecure; //!< cache result if hostboot extended image is secure
+            uint64_t iv_unprotectedOffset; //!< Offset to unprotected payload
+                                           //!< (subtract from secure offset)
 
             typedef std::vector<VfsSystemModule *> ModuleList_t;
author	Nick Bofferding <bofferdn@us.ibm.com>	2017-06-20 14:22:38 -0500
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2017-06-22 09:20:28 -0400
commit	ccb74685e3205a1f74e4a2264f27775144600d2c (patch)
tree	1c05f71a8cded2d600ba83621fd8827e32452069 /src
parent	68ff2b9ea18728f467d8945023e62b7b4f645087 (diff)
download	talos-hostboot-ccb74685e3205a1f74e4a2264f27775144600d2c.tar.gz talos-hostboot-ccb74685e3205a1f74e4a2264f27775144600d2c.zip