From: Nick Kossifidis <mick@ics.forth.gr>
To: Alexandre Ghiti <alexandre.ghiti@canonical.com>,
Jonathan Corbet <corbet@lwn.net>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>, Zong Li <zong.li@sifive.com>,
Anup Patel <anup@brainfault.org>,
Atish Patra <Atish.Patra@rivosinc.com>,
Christoph Hellwig <hch@lst.de>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Alexander Potapenko <glider@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Ard Biesheuvel <ardb@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Kees Cook <keescook@chromium.org>,
Guo Ren <guoren@linux.alibaba.com>,
Heinrich Schuchardt <heinrich.schuchardt@canonical.com>,
Mayuresh Chitale <mchitale@ventanamicro.com>,
panqinglin2020@iscas.ac.cn, linux-doc@vger.kernel.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, linux-efi@vger.kernel.org,
linux-arch@vger.kernel.org
Subject: Re: [PATCH v3 07/13] riscv: Implement sv48 support
Date: Tue, 26 Apr 2022 08:57:19 +0300 [thread overview]
Message-ID: <ff85cdc4-b1e3-06a3-19fc-a7e1acf99d40@ics.forth.gr> (raw)
In-Reply-To: <20211206104657.433304-8-alexandre.ghiti@canonical.com>
Hello Alex,
On 12/6/21 12:46, Alexandre Ghiti wrote:
>
> +#ifdef CONFIG_64BIT
> +static void __init disable_pgtable_l4(void)
> +{
> + pgtable_l4_enabled = false;
> + kernel_map.page_offset = PAGE_OFFSET_L3;
> + satp_mode = SATP_MODE_39;
> +}
> +
> +/*
> + * There is a simple way to determine if 4-level is supported by the
> + * underlying hardware: establish 1:1 mapping in 4-level page table mode
> + * then read SATP to see if the configuration was taken into account
> + * meaning sv48 is supported.
> + */
> +static __init void set_satp_mode(void)
> +{
> + u64 identity_satp, hw_satp;
> + uintptr_t set_satp_mode_pmd;
> +
> + set_satp_mode_pmd = ((unsigned long)set_satp_mode) & PMD_MASK;
> + create_pgd_mapping(early_pg_dir,
> + set_satp_mode_pmd, (uintptr_t)early_pud,
> + PGDIR_SIZE, PAGE_TABLE);
> + create_pud_mapping(early_pud,
> + set_satp_mode_pmd, (uintptr_t)early_pmd,
> + PUD_SIZE, PAGE_TABLE);
> + /* Handle the case where set_satp_mode straddles 2 PMDs */
> + create_pmd_mapping(early_pmd,
> + set_satp_mode_pmd, set_satp_mode_pmd,
> + PMD_SIZE, PAGE_KERNEL_EXEC);
> + create_pmd_mapping(early_pmd,
> + set_satp_mode_pmd + PMD_SIZE,
> + set_satp_mode_pmd + PMD_SIZE,
> + PMD_SIZE, PAGE_KERNEL_EXEC);
> +
> + identity_satp = PFN_DOWN((uintptr_t)&early_pg_dir) | satp_mode;
> +
> + local_flush_tlb_all();
> + csr_write(CSR_SATP, identity_satp);
> + hw_satp = csr_swap(CSR_SATP, 0ULL);
> + local_flush_tlb_all();
> +
> + if (hw_satp != identity_satp)
> + disable_pgtable_l4();
> +
> + memset(early_pg_dir, 0, PAGE_SIZE);
> + memset(early_pud, 0, PAGE_SIZE);
> + memset(early_pmd, 0, PAGE_SIZE);
> +}
> +#endif
> +
When doing the 1:1 mapping you don't take into account the limitation
that all bits above 47 need to have the same value as bit 47. If the
kernel exists at a high physical address with bit 47 set the
corresponding virtual address will be invalid, resulting an instruction
fetch fault as the privilege spec mandates. We verified this bug on our
prototype. I suggest we re-write this in assembly and do a proper satp
switch like we do on head.S, so that we don't need the 1:1 mapping and
we also have a way to recover in case this fails.
Regards,
Nick
next prev parent reply other threads:[~2022-04-26 6:18 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 10:46 [PATCH v3 00/13] Introduce sv48 support without relocatable kernel Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 01/13] riscv: Move KASAN mapping next to the kernel mapping Alexandre Ghiti
2021-12-06 16:18 ` Jisheng Zhang
2021-12-06 10:46 ` [PATCH v3 02/13] riscv: Split early kasan mapping to prepare sv48 introduction Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 03/13] riscv: Introduce functions to switch pt_ops Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 04/13] riscv: Allow to dynamically define VA_BITS Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 05/13] riscv: Get rid of MAXPHYSMEM configs Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 06/13] asm-generic: Prepare for riscv use of pud_alloc_one and pud_free Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 07/13] riscv: Implement sv48 support Alexandre Ghiti
2021-12-06 11:05 ` Alexandre ghiti
2021-12-09 4:32 ` 潘庆霖
2021-12-26 8:59 ` Jisheng Zhang
2022-01-04 12:44 ` Alexandre Ghiti
2021-12-29 3:42 ` Guo Ren
2022-01-04 12:42 ` Alexandre Ghiti
2022-04-26 5:57 ` Nick Kossifidis [this message]
2021-12-06 10:46 ` [PATCH v3 08/13] riscv: Use pgtable_l4_enabled to output mmu_type in cpuinfo Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 09/13] riscv: Explicit comment about user virtual address space size Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 10/13] riscv: Improve virtual kernel memory layout dump Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 11/13] Documentation: riscv: Add sv48 description to VM layout Alexandre Ghiti
2021-12-06 10:46 ` [PATCH v3 12/13] riscv: Initialize thread pointer before calling C functions Alexandre Ghiti
2021-12-20 9:11 ` Guo Ren
2021-12-20 9:17 ` Ard Biesheuvel
2021-12-20 13:40 ` Guo Ren
2022-01-10 8:03 ` Alexandre ghiti
2021-12-06 10:46 ` [PATCH v3 13/13] riscv: Allow user to downgrade to sv39 when hw supports sv48 if !KASAN Alexandre Ghiti
2021-12-06 11:08 ` [PATCH v3 00/13] Introduce sv48 support without relocatable kernel Alexandre ghiti
2022-01-20 4:18 ` Palmer Dabbelt
2022-01-20 7:30 ` Alexandre Ghiti
2022-01-20 10:05 ` Alexandre Ghiti
2022-02-18 10:45 ` Alexandre Ghiti
2022-04-01 12:56 ` Alexandre Ghiti
2022-04-23 1:50 ` Palmer Dabbelt
2022-06-02 3:43 ` Palmer Dabbelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff85cdc4-b1e3-06a3-19fc-a7e1acf99d40@ics.forth.gr \
--to=mick@ics.forth.gr \
--cc=Atish.Patra@rivosinc.com \
--cc=alexandre.ghiti@canonical.com \
--cc=andreyknvl@gmail.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=guoren@linux.alibaba.com \
--cc=hch@lst.de \
--cc=heinrich.schuchardt@canonical.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=mchitale@ventanamicro.com \
--cc=palmer@dabbelt.com \
--cc=panqinglin2020@iscas.ac.cn \
--cc=paul.walmsley@sifive.com \
--cc=ryabinin.a.a@gmail.com \
--cc=zong.li@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).