SHA256
1
0
forked from pool/s390-tools
s390-tools/s390-tools-sles15sp2-zipl-check-for-valid-ipl-parmblock-lowcore-pointer.patch
Mark Post 58e312617d Accepting request 823200 from home:markkp:branches:Base:System
- The location of the udevadm binary was changed from /sbin/ to /usr/bin
  a while back. A symbolic link was added for compatibility. In the latest
  versions, that symbolic link has been removed, requiring changes to scripts
  that were depending on that.
  Added the following patches for bsc#1171587
  * s390-tools-sles15sp2-lsluns-try-harder-to-find-udevadm.patch
  * s390-tools-sles15sp2-znetconf-introduce-better-ways-to-locate-udevadm.patch
  *s390-tools-sles15sp2-mon_tools-update-udevadm-location.patch
- Added s390-tools-sles15sp2-zipl-prevent-endless-loop-during-IPL.patch
  (bsc#1174309) zipl: prevent endless loop during secure IPL
- Added s390-tools-sles15sp2-zipl-check-for-valid-ipl-parmblock-lowcore-pointer.patch
  (bsc#1174310) zipl: check for valid ipl parmblock lowcore pointer
- Added s390-tools-sles15sp2-01-zipl-libc-libc_stop-move-noreturn-to-declaration.patch
        s390-tools-sles15sp2-02-zipl-stage3-correctly-handle-diag308-response-code.patch
  (bsc1174311) zipl: Fix KVM IPL without bootindex
- Updated cputype and read_values to recognize the new z15 models.
- Added s390-tools-sles15sp2-zipl-prevent-endless-loop-during-IPL.patch
  (bsc#1174309) zipl: prevent endless loop during secure IPL
- Added s390-tools-sles15sp2-zipl-check-for-valid-ipl-parmblock-lowcore-pointer.patch
  (bsc#1174310) zipl: check for valid ipl parmblock lowcore pointer
- Added s390-tools-sles15sp2-01-zipl-libc-libc_stop-move-noreturn-to-declaration.patch
        s390-tools-sles15sp2-02-zipl-stage3-correctly-handle-diag308-response-code.patch
  (bsc1174311) zipl: Fix KVM IPL without bootindex
- Updated cputype and read_values to recognize the new z15 models.
- Added s390-tools-sles15sp2-vmcp-exit-code.patch (bsc#1173481)
  Change the vmcp exit code and return 'CP command failed' when both
  "CP command failed" and "response buffer is too small" error
  conditions are true.

OBS-URL: https://build.opensuse.org/request/show/823200
OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=97
2020-07-28 16:49:48 +00:00

82 lines
2.5 KiB
Diff

Subject: [PATCH] [BZ 186938] zipl: check for valid ipl parmblock lowcore pointer
From: Stefan Haberland <sth@linux.ibm.com>
Description: zipl: check for valid ipl parmblock lowcore pointer
Symptom: For CCW type IPL the IPL might fail.
Problem: The lowcore parmblock pointer is not valid in every
case. For example it is invalid for CCW type IPL.
Solution: To have an indication if the pointer is valid do a
diag308 to store the parmblock and check if secure boot
is enabled. If it is enabled the lowcore pointer is
valid and the ipl report that is needed for secure boot
can be found right behind the ipl parmblock.
Reproduction: IPL from CCW devices.
Upstream-ID: ee9d606f800741eedeec1dcf1d2ddbfccbc21140
Problem-ID: 186938
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
---
include/boot/ipl.h | 1 +
zipl/boot/stage3.c | 24 ++++++++++++++++++++----
2 files changed, 21 insertions(+), 4 deletions(-)
--- a/include/boot/ipl.h
+++ b/include/boot/ipl.h
@@ -18,6 +18,7 @@
#define IPL_RB_COMPONENT_FLAG_SIGNED 0x80
#define IPL_RB_COMPONENT_FLAG_VERIFIED 0x40
+#define IPL_MAX_SUPPORTED_VERSION 0
#define IPL_PARM_BLOCK_VERSION 0x1
/* IPL Types */
--- a/zipl/boot/stage3.c
+++ b/zipl/boot/stage3.c
@@ -26,6 +26,7 @@
static const char *msg_sipl_inval = "Secure boot failure: invalid load address";
static const char *msg_sipl_unverified = "Secure boot failure: unverified load address";
+static const char *msg_sipl_noparm = "Secure boot failure: unable to load ipl parameter";
static inline void __noreturn start_kernel(void)
{
@@ -54,6 +55,18 @@ static inline void __noreturn start_kern
while (1);
}
+unsigned int store_ipl_parmblock(struct ipl_pl_hdr *pl_hdr)
+{
+ int rc;
+
+ rc = diag308(DIAG308_STORE, pl_hdr);
+ if (rc == DIAG308_RC_OK &&
+ pl_hdr->version <= IPL_MAX_SUPPORTED_VERSION)
+ return 0;
+
+ return 1;
+}
+
unsigned int
is_verified_address(unsigned long image_addr)
{
@@ -104,12 +117,15 @@ unsigned int
secure_boot_enabled()
{
struct ipl_pl_hdr *pl_hdr;
- unsigned long tmp;
+ unsigned int rc;
- tmp = (unsigned long) S390_lowcore.ipl_parmblock_ptr;
- pl_hdr = (struct ipl_pl_hdr *) tmp;
+ pl_hdr = (void *)get_zeroed_page();
+ if (!pl_hdr || store_ipl_parmblock(pl_hdr))
+ panic(ESECUREBOOT, "%s", msg_sipl_noparm);
+ rc = !!(pl_hdr->flags & IPL_FLAG_SECURE);
+ free_page((unsigned long) pl_hdr);
- return pl_hdr->flags & IPL_FLAG_SECURE;
+ return rc;
}
void start(void)