[PATCH 4/4] of: request reserved memory regions so other code can't

Thu Jun 9 01:31:19 PDT 2022

On Thu, Jun 09, 2022 at 07:43:42AM +0200, Ahmad Fatoum wrote:
> From: Rouven Czerwinski <r.czerwinski at pengutronix.de>
> 
> Add a reserved_mem_read initcall which parses the reserved-memory
> entries and adds barebox of reserve entries. This avoids e.g. bootm
> trying to place the kernel into a reserved region.
> 
> Signed-off-by: Rouven Czerwinski <r.czerwinski at pengutronix.de>
> Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
> ---
> Compared with Rouven's v2, rename OF_RESERVE_ENTRY_FLAG_NO_RESERVE
> to NO_FIXUP and read both /reserved-memory and /memreserve
> to request memory regions.
> ---
>  common/memory.c     | 21 +++++++++++++++++++--
>  drivers/of/Makefile |  1 +
>  drivers/of/fdt.c    | 12 ++++++++----
>  include/of.h        |  2 ++
>  4 files changed, 30 insertions(+), 6 deletions(-)
> 
> diff --git a/common/memory.c b/common/memory.c
> index 95995bb6e310..b40c74bfe97f 100644
> --- a/common/memory.c
> +++ b/common/memory.c
> @@ -12,6 +12,7 @@
>  #include <asm-generic/memory_layout.h>
>  #include <asm/sections.h>
>  #include <malloc.h>
> +#include <of.h>
>  
>  /*
>   * Begin and End of memory area for malloc(), and current "brk"
> @@ -53,9 +54,12 @@ void mem_malloc_init(void *start, void *end)
>  	mem_malloc_initialized = 1;
>  }
>  
> -#if !defined __SANDBOX__
>  static int mem_malloc_resource(void)
>  {
> +	struct of_reserve_map *map;
> +	int i;
> +
> +#if !defined __SANDBOX__
>  	/*
>  	 * Normally it's a bug when one of these fails,
>  	 * but we have some setups where some of these
> @@ -80,10 +84,23 @@ static int mem_malloc_resource(void)
>  #ifdef STACK_BASE
>  	request_sdram_region("stack", STACK_BASE, STACK_SIZE);
>  #endif
> +#endif
> +
> +	map = of_get_reserve_map();
> +	if (!map)
> +		return 0;
> +
> +	for (i = 0; i < map->num_entries; i++) {
> +		const char *name;
> +
> +		name = map->runtime_fw & BIT(i) ? "protected code" : "protected data";
> +		request_sdram_region(name, map->start[i],
> +				     map->end[i] - map->start[i] + 1);
> +	}

Regions for entries that are present up to this point are always requested
whereas regions for entries that are added later are never requested.
This only works for you because all regions you are interested in
(OPTEE, ppa) happen to be registered before this point while all others
that you can't do a request_sdram_region() on happen to be added after
this point. That looks quite fragile.

If you want to protect OPTEE resources then call request_sdram_region()
from the code instantiating OPTEE. In case of OPTEE this happens too
early when the resource system is not yet ready, so pick it up in a
later initcall.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |