s390/ipl: read IPL report at early boot

Read the IPL Report block provided by secure-boot, add the entries
of the certificate list to the system key ring and print the list
of components.

PR: Adjust to Vasilys bootdata_preserved patch set. Preserve ipl_cert_list
for later use in kexec_file.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

4 files changed, 179 insertions, 11 deletions

diff --git a/arch/s390/boot/Makefile b/arch/s390/boot/Makefile
index a5ae68b2aa84..1f8fd68beae3 100644
--- a/arch/s390/boot/Makefile
+++ b/arch/s390/boot/Makefile
@@ -28,8 +28,9 @@ endif
 
 CFLAGS_sclp_early_core.o += -I$(srctree)/drivers/s390/char
 
-obj-y   := head.o als.o startup.o mem_detect.o ipl_parm.o string.o ebcdic.o
-obj-y   += sclp_early_core.o mem.o ipl_vmparm.o cmdline.o ctype.o
+obj-y   := head.o als.o startup.o mem_detect.o ipl_parm.o ipl_report.o
+obj-y   += string.o ebcdic.o sclp_early_core.o mem.o ipl_vmparm.o cmdline.o
+obj-y   += ctype.o
 obj-$(CONFIG_PROTECTED_VIRTUALIZATION_GUEST)    += uv.o
 targets := bzImage startup.a section_cmp.boot.data section_cmp.boot.preserved.data $(obj-y)
 subdir- := compressed
diff --git a/arch/s390/boot/boot.h b/arch/s390/boot/boot.h
index 82bc06346e05..ca395fcff15e 100644
--- a/arch/s390/boot/boot.h
+++ b/arch/s390/boot/boot.h
@@ -10,4 +10,6 @@ void parse_boot_command_line(void);
 void setup_memory_end(void);
 void print_missing_facilities(void);
 
+unsigned long read_ipl_report(unsigned long safe_offset);
+
 #endif /* BOOT_BOOT_H */
diff --git a/arch/s390/boot/ipl_report.c b/arch/s390/boot/ipl_report.c
new file mode 100644
index 000000000000..0b4965573656
--- /dev/null
+++ b/arch/s390/boot/ipl_report.c
@@ -0,0 +1,165 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/init.h>
+#include <linux/ctype.h>
+#include <asm/ebcdic.h>
+#include <asm/sclp.h>
+#include <asm/sections.h>
+#include <asm/boot_data.h>
+#include <uapi/asm/ipl.h>
+#include "boot.h"
+
+int __bootdata_preserved(ipl_secure_flag);
+
+unsigned long __bootdata_preserved(ipl_cert_list_addr);
+unsigned long __bootdata_preserved(ipl_cert_list_size);
+
+unsigned long __bootdata(early_ipl_comp_list_addr);
+unsigned long __bootdata(early_ipl_comp_list_size);
+
+#define for_each_rb_entry(entry, rb) \
+        for (entry = rb->entries; \
+             (void *) entry + sizeof(*entry) <= (void *) rb + rb->len; \
+             entry++)
+
+static inline bool intersects(unsigned long addr0, unsigned long size0,
+                              unsigned long addr1, unsigned long size1)
+{
+        return addr0 + size0 > addr1 && addr1 + size1 > addr0;
+}
+
+static unsigned long find_bootdata_space(struct ipl_rb_components *comps,
+                                         struct ipl_rb_certificates *certs,
+                                         unsigned long safe_addr)
+{
+        struct ipl_rb_certificate_entry *cert;
+        struct ipl_rb_component_entry *comp;
+        size_t size;
+
+        /*
+         * Find the length for the IPL report boot data
+         */
+        early_ipl_comp_list_size = 0;
+        for_each_rb_entry(comp, comps)
+                early_ipl_comp_list_size += sizeof(*comp);
+        ipl_cert_list_size = 0;
+        for_each_rb_entry(cert, certs)
+                ipl_cert_list_size += sizeof(unsigned int) + cert->len;
+        size = ipl_cert_list_size + early_ipl_comp_list_size;
+
+        /*
+         * Start from safe_addr to find a free memory area large
+         * enough for the IPL report boot data. This area is used
+         * for ipl_cert_list_addr/ipl_cert_list_size and
+         * early_ipl_comp_list_addr/early_ipl_comp_list_size. It must
+         * not overlap with any component or any certificate.
+         */
+repeat:
+        if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && INITRD_START && INITRD_SIZE &&
+            intersects(INITRD_START, INITRD_SIZE, safe_addr, size))
+                safe_addr = INITRD_START + INITRD_SIZE;
+        for_each_rb_entry(comp, comps)
+                if (intersects(safe_addr, size, comp->addr, comp->len)) {
+                        safe_addr = comp->addr + comp->len;
+                        goto repeat;
+                }
+        for_each_rb_entry(cert, certs)
+                if (intersects(safe_addr, size, cert->addr, cert->len)) {
+                        safe_addr = cert->addr + cert->len;
+                        goto repeat;
+                }
+        early_ipl_comp_list_addr = safe_addr;
+        ipl_cert_list_addr = safe_addr + early_ipl_comp_list_size;
+
+        return safe_addr + size;
+}
+
+static void copy_components_bootdata(struct ipl_rb_components *comps)
+{
+        struct ipl_rb_component_entry *comp, *ptr;
+
+        ptr = (struct ipl_rb_component_entry *) early_ipl_comp_list_addr;
+        for_each_rb_entry(comp, comps)
+                memcpy(ptr++, comp, sizeof(*ptr));
+}
+
+static void copy_certificates_bootdata(struct ipl_rb_certificates *certs)
+{
+        struct ipl_rb_certificate_entry *cert;
+        void *ptr;
+
+        ptr = (void *) ipl_cert_list_addr;
+        for_each_rb_entry(cert, certs) {
+                *(unsigned int *) ptr = cert->len;
+                ptr += sizeof(unsigned int);
+                memcpy(ptr, (void *) cert->addr, cert->len);
+                ptr += cert->len;
+        }
+}
+
+unsigned long read_ipl_report(unsigned long safe_addr)
+{
+        struct ipl_rb_certificates *certs;
+        struct ipl_rb_components *comps;
+        struct ipl_pl_hdr *pl_hdr;
+        struct ipl_rl_hdr *rl_hdr;
+        struct ipl_rb_hdr *rb_hdr;
+        unsigned long tmp;
+        void *rl_end;
+
+        /*
+         * Check if there is a IPL report by looking at the copy
+         * of the IPL parameter information block.
+         */
+        if (!ipl_block_valid ||
+            !(ipl_block.hdr.flags & IPL_PL_FLAG_IPLSR))
+                return safe_addr;
+        ipl_secure_flag = !!(ipl_block.hdr.flags & IPL_PL_FLAG_SIPL);
+        /*
+         * There is an IPL report, to find it load the pointer to the
+         * IPL parameter information block from lowcore and skip past
+         * the IPL parameter list, then align the address to a double
+         * word boundary.
+         */
+        tmp = (unsigned long) S390_lowcore.ipl_parmblock_ptr;
+        pl_hdr = (struct ipl_pl_hdr *) tmp;
+        tmp = (tmp + pl_hdr->len + 7) & -8UL;
+        rl_hdr = (struct ipl_rl_hdr *) tmp;
+        /* Walk through the IPL report blocks in the IPL Report list */
+        certs = NULL;
+        comps = NULL;
+        rl_end = (void *) rl_hdr + rl_hdr->len;
+        rb_hdr = (void *) rl_hdr + sizeof(*rl_hdr);
+        while ((void *) rb_hdr + sizeof(*rb_hdr) < rl_end &&
+               (void *) rb_hdr + rb_hdr->len <= rl_end) {
+
+                switch (rb_hdr->rbt) {
+                case IPL_RBT_CERTIFICATES:
+                        certs = (struct ipl_rb_certificates *) rb_hdr;
+                        break;
+                case IPL_RBT_COMPONENTS:
+                        comps = (struct ipl_rb_components *) rb_hdr;
+                        break;
+                default:
+                        break;
+                }
+
+                rb_hdr = (void *) rb_hdr + rb_hdr->len;
+        }
+
+        /*
+         * With either the component list or the certificate list
+         * missing the kernel will stay ignorant of secure IPL.
+         */
+        if (!comps || !certs)
+                return safe_addr;
+
+        /*
+         * Copy component and certificate list to a safe area
+         * where the decompressed kernel can find them.
+         */
+        safe_addr = find_bootdata_space(comps, certs, safe_addr);
+        copy_components_bootdata(comps);
+        copy_certificates_bootdata(certs);
+
+        return safe_addr;
+}
diff --git a/arch/s390/boot/startup.c b/arch/s390/boot/startup.c
index 2bd4a62d436c..90898976a941 100644
--- a/arch/s390/boot/startup.c
+++ b/arch/s390/boot/startup.c
@@ -25,19 +25,16 @@ unsigned long mem_safe_offset(void)
 }
 #endif
 
-static void rescue_initrd(void)
+static void rescue_initrd(unsigned long addr)
 {
-        unsigned long min_initrd_addr;
-
         if (!IS_ENABLED(CONFIG_BLK_DEV_INITRD))
                 return;
         if (!INITRD_START || !INITRD_SIZE)
                 return;
-        min_initrd_addr = mem_safe_offset();
-        if (min_initrd_addr <= INITRD_START)
+        if (addr <= INITRD_START)
                 return;
-        memmove((void *)min_initrd_addr, (void *)INITRD_START, INITRD_SIZE);
-        INITRD_START = min_initrd_addr;
+        memmove((void *)addr, (void *)INITRD_START, INITRD_SIZE);
+        INITRD_START = addr;
 }
 
 static void copy_bootdata(void)
@@ -52,12 +49,15 @@ static void copy_bootdata(void)
 
 void startup_kernel(void)
 {
+        unsigned long safe_addr;
         void *img;
 
+        store_ipl_parmblock();
+        safe_addr = mem_safe_offset();
+        safe_addr = read_ipl_report(safe_addr);
         uv_query_info();
-        rescue_initrd();
+        rescue_initrd(safe_addr);
         sclp_early_read_info();
-        store_ipl_parmblock();
         setup_boot_command_line();
         parse_boot_command_line();
         setup_memory_end();