[PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code
@ 2025-05-03 11:21 Ard Biesheuvel
  2025-05-03 11:21 ` [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace Ard Biesheuvel
                   ` (3 more replies)
  0 siblings, 4 replies; 9+ messages in thread
From: Ard Biesheuvel @ 2025-05-03 11:21 UTC (permalink / raw)
  To: linux-arm-kernel
  Cc: linux-kernel, will, catalin.marinas, mark.rutland, Ard Biesheuvel,
	Yeoreum Yun

From: Ard Biesheuvel <ardb@kernel.org>

Move any variables accessed or assigned by the startup code out of BSS,
and into .data, so that we can forbid the use of BSS variables
altogether, by ASSERT()'ing in the linker script that each symbol made
available to the startup code lives before __bss_start in the linker
map.

Cc: Yeoreum Yun <yeoreum.yun@arm.com>

Ard Biesheuvel (3):
  arm64/boot: Move init_pgdir[] into __pi_ namespace
  arm64/boot: Move global CPU override variables out of BSS
  arm64/boot: Disallow BSS exports to startup code

 arch/arm64/include/asm/pgtable.h |  2 -
 arch/arm64/kernel/cpufeature.c   | 22 +++----
 arch/arm64/kernel/image-vars.h   | 68 ++++++++++----------
 arch/arm64/kernel/pi/pi.h        |  1 +
 arch/arm64/kernel/vmlinux.lds.S  |  6 +-
 5 files changed, 51 insertions(+), 48 deletions(-)

-- 
2.49.0.906.g1f30a19c02-goog



^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace
  2025-05-03 11:21 [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Ard Biesheuvel
@ 2025-05-03 11:21 ` Ard Biesheuvel
  2025-05-03 11:28   ` Ard Biesheuvel
                     ` (2 more replies)
  2025-05-03 11:21 ` [PATCH 3/3] arm64/boot: Disallow BSS exports to startup code Ard Biesheuvel
                   ` (2 subsequent siblings)
  3 siblings, 3 replies; 9+ messages in thread
From: Ard Biesheuvel @ 2025-05-03 11:21 UTC (permalink / raw)
  To: linux-arm-kernel
  Cc: linux-kernel, will, catalin.marinas, mark.rutland, Ard Biesheuvel,
	Yeoreum Yun

From: Ard Biesheuvel <ardb@kernel.org>

init_pgdir[] is only referenced from the startup code, but lives after
BSS in the linker map. Before tightening the rules about accessing BSS
from startup code, move init_pgdir[] into the __pi_ namespace, so it
does not need to be exported explicitly.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/include/asm/pgtable.h | 2 --
 arch/arm64/kernel/image-vars.h   | 2 --
 arch/arm64/kernel/pi/pi.h        | 1 +
 arch/arm64/kernel/vmlinux.lds.S  | 4 ++--
 4 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index d3b538be1500..6a040f0bbfe1 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -754,8 +754,6 @@ static inline bool pud_table(pud_t pud) { return true; }
 				 PUD_TYPE_TABLE)
 #endif
 
-extern pgd_t init_pg_dir[];
-extern pgd_t init_pg_end[];
 extern pgd_t swapper_pg_dir[];
 extern pgd_t idmap_pg_dir[];
 extern pgd_t tramp_pg_dir[];
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index 5e3c4b58f279..a0977f7cd3ec 100644
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -56,8 +56,6 @@ PROVIDE(__pi_memstart_offset_seed	= memstart_offset_seed);
 
 PROVIDE(__pi_init_idmap_pg_dir		= init_idmap_pg_dir);
 PROVIDE(__pi_init_idmap_pg_end		= init_idmap_pg_end);
-PROVIDE(__pi_init_pg_dir		= init_pg_dir);
-PROVIDE(__pi_init_pg_end		= init_pg_end);
 PROVIDE(__pi_swapper_pg_dir		= swapper_pg_dir);
 
 PROVIDE(__pi__text			= _text);
diff --git a/arch/arm64/kernel/pi/pi.h b/arch/arm64/kernel/pi/pi.h
index c91e5e965cd3..38a908d048e8 100644
--- a/arch/arm64/kernel/pi/pi.h
+++ b/arch/arm64/kernel/pi/pi.h
@@ -22,6 +22,7 @@ static inline void *prel64_to_pointer(const prel64_t *offset)
 extern bool dynamic_scs_is_enabled;
 
 extern pgd_t init_idmap_pg_dir[], init_idmap_pg_end[];
+extern pgd_t init_pg_dir[];
 
 void init_feature_override(u64 boot_status, const void *fdt, int chosen);
 u64 kaslr_early_init(void *fdt, int chosen);
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index e73326bd3ff7..73fa57f341b0 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -321,9 +321,9 @@ SECTIONS
 	BSS_SECTION(SBSS_ALIGN, 0, 0)
 
 	. = ALIGN(PAGE_SIZE);
-	init_pg_dir = .;
+	__pi_init_pg_dir = .;
 	. += INIT_DIR_SIZE;
-	init_pg_end = .;
+	__pi_init_pg_end = .;
 	/* end of zero-init region */
 
 	. += SZ_4K;		/* stack for the early C runtime */
-- 
2.49.0.906.g1f30a19c02-goog



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace
  2025-05-03 11:21 ` [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace Ard Biesheuvel
@ 2025-05-03 11:28   ` Ard Biesheuvel
  2025-05-05 13:54   ` kernel test robot
  2025-05-05 23:50   ` kernel test robot
  2 siblings, 0 replies; 9+ messages in thread
From: Ard Biesheuvel @ 2025-05-03 11:28 UTC (permalink / raw)
  Cc: linux-arm-kernel, linux-kernel, will, catalin.marinas,
	mark.rutland, Yeoreum Yun

On Sat, 3 May 2025 at 13:22, Ard Biesheuvel <ardb+git@google.com> wrote:
>
> From: Ard Biesheuvel <ardb@kernel.org>
>
> init_pgdir[] is only referenced from the startup code, but lives after
> BSS in the linker map. Before tightening the rules about accessing BSS
> from startup code, move init_pgdir[] into the __pi_ namespace, so it
> does not need to be exported explicitly.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/arm64/include/asm/pgtable.h | 2 --
>  arch/arm64/kernel/image-vars.h   | 2 --
>  arch/arm64/kernel/pi/pi.h        | 1 +
>  arch/arm64/kernel/vmlinux.lds.S  | 4 ++--
>  4 files changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
> index d3b538be1500..6a040f0bbfe1 100644
> --- a/arch/arm64/include/asm/pgtable.h
> +++ b/arch/arm64/include/asm/pgtable.h
> @@ -754,8 +754,6 @@ static inline bool pud_table(pud_t pud) { return true; }
>                                  PUD_TYPE_TABLE)
>  #endif
>
> -extern pgd_t init_pg_dir[];
> -extern pgd_t init_pg_end[];
>  extern pgd_t swapper_pg_dir[];
>  extern pgd_t idmap_pg_dir[];
>  extern pgd_t tramp_pg_dir[];
> diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
> index 5e3c4b58f279..a0977f7cd3ec 100644
> --- a/arch/arm64/kernel/image-vars.h
> +++ b/arch/arm64/kernel/image-vars.h
> @@ -56,8 +56,6 @@ PROVIDE(__pi_memstart_offset_seed     = memstart_offset_seed);
>
>  PROVIDE(__pi_init_idmap_pg_dir         = init_idmap_pg_dir);
>  PROVIDE(__pi_init_idmap_pg_end         = init_idmap_pg_end);
> -PROVIDE(__pi_init_pg_dir               = init_pg_dir);
> -PROVIDE(__pi_init_pg_end               = init_pg_end);
>  PROVIDE(__pi_swapper_pg_dir            = swapper_pg_dir);
>
>  PROVIDE(__pi__text                     = _text);
> diff --git a/arch/arm64/kernel/pi/pi.h b/arch/arm64/kernel/pi/pi.h
> index c91e5e965cd3..38a908d048e8 100644
> --- a/arch/arm64/kernel/pi/pi.h
> +++ b/arch/arm64/kernel/pi/pi.h
> @@ -22,6 +22,7 @@ static inline void *prel64_to_pointer(const prel64_t *offset)
>  extern bool dynamic_scs_is_enabled;
>
>  extern pgd_t init_idmap_pg_dir[], init_idmap_pg_end[];
> +extern pgd_t init_pg_dir[];
>

Apologies, I hit send too quickly - init_pg_end[] is missing here.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace
  2025-05-03 11:21 ` [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace Ard Biesheuvel
  2025-05-03 11:28   ` Ard Biesheuvel
@ 2025-05-05 13:54   ` kernel test robot
  2025-05-05 23:50   ` kernel test robot
  2 siblings, 0 replies; 9+ messages in thread
From: kernel test robot @ 2025-05-05 13:54 UTC (permalink / raw)
  To: Ard Biesheuvel, linux-arm-kernel
  Cc: llvm, oe-kbuild-all, linux-kernel, will, catalin.marinas,
	mark.rutland, Ard Biesheuvel, Yeoreum Yun

Hi Ard,

kernel test robot noticed the following build errors:

[auto build test ERROR on soc/for-next]
[also build test ERROR on linus/master v6.15-rc5 next-20250505]
[cannot apply to arm64/for-next/core kvmarm/next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Ard-Biesheuvel/arm64-boot-Move-init_pgdir-into-__pi_-namespace/20250503-192534
base:   https://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git for-next
patch link:    https://lore.kernel.org/r/20250503112137.1962910-6-ardb%2Bgit%40google.com
patch subject: [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace
config: arm64-randconfig-001-20250505 (https://download.01.org/0day-ci/archive/20250505/202505052102.U2NQHrS4-lkp@intel.com/config)
compiler: clang version 21.0.0git (https://github.com/llvm/llvm-project f819f46284f2a79790038e1f6649172789734ae8)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250505/202505052102.U2NQHrS4-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202505052102.U2NQHrS4-lkp@intel.com/

All errors (new ones prefixed by >>):

>> arch/arm64/kernel/pi/map_kernel.c:191:30: error: use of undeclared identifier 'init_pg_end'
     191 |         memset(init_pg_dir, 0, (u64)init_pg_end - (u64)init_pg_dir);
         |                                     ^
   arch/arm64/kernel/pi/map_kernel.c:222:30: error: use of undeclared identifier 'init_pg_end'
     222 |         memset(__bss_start, 0, (u64)init_pg_end - (u64)__bss_start);
         |                                     ^
   2 errors generated.


vim +/init_pg_end +191 arch/arm64/kernel/pi/map_kernel.c

9684ec186f8fadd Ard Biesheuvel 2024-02-14  158  
9684ec186f8fadd Ard Biesheuvel 2024-02-14  159  static void __init remap_idmap_for_lpa2(void)
9684ec186f8fadd Ard Biesheuvel 2024-02-14  160  {
9684ec186f8fadd Ard Biesheuvel 2024-02-14  161  	/* clear the bits that change meaning once LPA2 is turned on */
9684ec186f8fadd Ard Biesheuvel 2024-02-14  162  	pteval_t mask = PTE_SHARED;
9684ec186f8fadd Ard Biesheuvel 2024-02-14  163  
9684ec186f8fadd Ard Biesheuvel 2024-02-14  164  	/*
9684ec186f8fadd Ard Biesheuvel 2024-02-14  165  	 * We have to clear bits [9:8] in all block or page descriptors in the
9684ec186f8fadd Ard Biesheuvel 2024-02-14  166  	 * initial ID map, as otherwise they will be (mis)interpreted as
9684ec186f8fadd Ard Biesheuvel 2024-02-14  167  	 * physical address bits once we flick the LPA2 switch (TCR.DS). Since
9684ec186f8fadd Ard Biesheuvel 2024-02-14  168  	 * we cannot manipulate live descriptors in that way without creating
9684ec186f8fadd Ard Biesheuvel 2024-02-14  169  	 * potential TLB conflicts, let's create another temporary ID map in a
9684ec186f8fadd Ard Biesheuvel 2024-02-14  170  	 * LPA2 compatible fashion, and update the initial ID map while running
9684ec186f8fadd Ard Biesheuvel 2024-02-14  171  	 * from that.
9684ec186f8fadd Ard Biesheuvel 2024-02-14  172  	 */
9684ec186f8fadd Ard Biesheuvel 2024-02-14  173  	create_init_idmap(init_pg_dir, mask);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  174  	dsb(ishst);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  175  	set_ttbr0_for_lpa2((u64)init_pg_dir);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  176  
9684ec186f8fadd Ard Biesheuvel 2024-02-14  177  	/*
9684ec186f8fadd Ard Biesheuvel 2024-02-14  178  	 * Recreate the initial ID map with the same granularity as before.
9684ec186f8fadd Ard Biesheuvel 2024-02-14  179  	 * Don't bother with the FDT, we no longer need it after this.
9684ec186f8fadd Ard Biesheuvel 2024-02-14  180  	 */
9684ec186f8fadd Ard Biesheuvel 2024-02-14  181  	memset(init_idmap_pg_dir, 0,
ecc54006f158ae0 Zenghui Yu     2024-06-21  182  	       (u64)init_idmap_pg_end - (u64)init_idmap_pg_dir);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  183  
9684ec186f8fadd Ard Biesheuvel 2024-02-14  184  	create_init_idmap(init_idmap_pg_dir, mask);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  185  	dsb(ishst);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  186  
9684ec186f8fadd Ard Biesheuvel 2024-02-14  187  	/* switch back to the updated initial ID map */
9684ec186f8fadd Ard Biesheuvel 2024-02-14  188  	set_ttbr0_for_lpa2((u64)init_idmap_pg_dir);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  189  
9684ec186f8fadd Ard Biesheuvel 2024-02-14  190  	/* wipe the temporary ID map from memory */
9684ec186f8fadd Ard Biesheuvel 2024-02-14 @191  	memset(init_pg_dir, 0, (u64)init_pg_end - (u64)init_pg_dir);
9684ec186f8fadd Ard Biesheuvel 2024-02-14  192  }
9684ec186f8fadd Ard Biesheuvel 2024-02-14  193  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace
  2025-05-03 11:21 ` [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace Ard Biesheuvel
  2025-05-03 11:28   ` Ard Biesheuvel
  2025-05-05 13:54   ` kernel test robot
@ 2025-05-05 23:50   ` kernel test robot
  2 siblings, 0 replies; 9+ messages in thread
From: kernel test robot @ 2025-05-05 23:50 UTC (permalink / raw)
  To: Ard Biesheuvel, linux-arm-kernel
  Cc: oe-kbuild-all, linux-kernel, will, catalin.marinas, mark.rutland,
	Ard Biesheuvel, Yeoreum Yun

Hi Ard,

kernel test robot noticed the following build errors:

[auto build test ERROR on soc/for-next]
[also build test ERROR on arm/for-next arm/fixes linus/master v6.15-rc5 next-20250505]
[cannot apply to arm64/for-next/core kvmarm/next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Ard-Biesheuvel/arm64-boot-Move-init_pgdir-into-__pi_-namespace/20250503-192534
base:   https://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git for-next
patch link:    https://lore.kernel.org/r/20250503112137.1962910-6-ardb%2Bgit%40google.com
patch subject: [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace
config: arm64-allnoconfig (https://download.01.org/0day-ci/archive/20250506/202505060740.OIkWGFVZ-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250506/202505060740.OIkWGFVZ-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202505060740.OIkWGFVZ-lkp@intel.com/

All errors (new ones prefixed by >>):

   arch/arm64/kernel/pi/map_kernel.c: In function 'remap_idmap_for_lpa2':
>> arch/arm64/kernel/pi/map_kernel.c:191:37: error: 'init_pg_end' undeclared (first use in this function); did you mean 'init_pg_dir'?
     191 |         memset(init_pg_dir, 0, (u64)init_pg_end - (u64)init_pg_dir);
         |                                     ^~~~~~~~~~~
         |                                     init_pg_dir
   arch/arm64/kernel/pi/map_kernel.c:191:37: note: each undeclared identifier is reported only once for each function it appears in
   arch/arm64/kernel/pi/map_kernel.c: In function 'early_map_kernel':
   arch/arm64/kernel/pi/map_kernel.c:222:37: error: 'init_pg_end' undeclared (first use in this function); did you mean 'init_pg_dir'?
     222 |         memset(__bss_start, 0, (u64)init_pg_end - (u64)__bss_start);
         |                                     ^~~~~~~~~~~
         |                                     init_pg_dir


vim +191 arch/arm64/kernel/pi/map_kernel.c

9684ec186f8fad Ard Biesheuvel 2024-02-14  158  
9684ec186f8fad Ard Biesheuvel 2024-02-14  159  static void __init remap_idmap_for_lpa2(void)
9684ec186f8fad Ard Biesheuvel 2024-02-14  160  {
9684ec186f8fad Ard Biesheuvel 2024-02-14  161  	/* clear the bits that change meaning once LPA2 is turned on */
9684ec186f8fad Ard Biesheuvel 2024-02-14  162  	pteval_t mask = PTE_SHARED;
9684ec186f8fad Ard Biesheuvel 2024-02-14  163  
9684ec186f8fad Ard Biesheuvel 2024-02-14  164  	/*
9684ec186f8fad Ard Biesheuvel 2024-02-14  165  	 * We have to clear bits [9:8] in all block or page descriptors in the
9684ec186f8fad Ard Biesheuvel 2024-02-14  166  	 * initial ID map, as otherwise they will be (mis)interpreted as
9684ec186f8fad Ard Biesheuvel 2024-02-14  167  	 * physical address bits once we flick the LPA2 switch (TCR.DS). Since
9684ec186f8fad Ard Biesheuvel 2024-02-14  168  	 * we cannot manipulate live descriptors in that way without creating
9684ec186f8fad Ard Biesheuvel 2024-02-14  169  	 * potential TLB conflicts, let's create another temporary ID map in a
9684ec186f8fad Ard Biesheuvel 2024-02-14  170  	 * LPA2 compatible fashion, and update the initial ID map while running
9684ec186f8fad Ard Biesheuvel 2024-02-14  171  	 * from that.
9684ec186f8fad Ard Biesheuvel 2024-02-14  172  	 */
9684ec186f8fad Ard Biesheuvel 2024-02-14  173  	create_init_idmap(init_pg_dir, mask);
9684ec186f8fad Ard Biesheuvel 2024-02-14  174  	dsb(ishst);
9684ec186f8fad Ard Biesheuvel 2024-02-14  175  	set_ttbr0_for_lpa2((u64)init_pg_dir);
9684ec186f8fad Ard Biesheuvel 2024-02-14  176  
9684ec186f8fad Ard Biesheuvel 2024-02-14  177  	/*
9684ec186f8fad Ard Biesheuvel 2024-02-14  178  	 * Recreate the initial ID map with the same granularity as before.
9684ec186f8fad Ard Biesheuvel 2024-02-14  179  	 * Don't bother with the FDT, we no longer need it after this.
9684ec186f8fad Ard Biesheuvel 2024-02-14  180  	 */
9684ec186f8fad Ard Biesheuvel 2024-02-14  181  	memset(init_idmap_pg_dir, 0,
ecc54006f158ae Zenghui Yu     2024-06-21  182  	       (u64)init_idmap_pg_end - (u64)init_idmap_pg_dir);
9684ec186f8fad Ard Biesheuvel 2024-02-14  183  
9684ec186f8fad Ard Biesheuvel 2024-02-14  184  	create_init_idmap(init_idmap_pg_dir, mask);
9684ec186f8fad Ard Biesheuvel 2024-02-14  185  	dsb(ishst);
9684ec186f8fad Ard Biesheuvel 2024-02-14  186  
9684ec186f8fad Ard Biesheuvel 2024-02-14  187  	/* switch back to the updated initial ID map */
9684ec186f8fad Ard Biesheuvel 2024-02-14  188  	set_ttbr0_for_lpa2((u64)init_idmap_pg_dir);
9684ec186f8fad Ard Biesheuvel 2024-02-14  189  
9684ec186f8fad Ard Biesheuvel 2024-02-14  190  	/* wipe the temporary ID map from memory */
9684ec186f8fad Ard Biesheuvel 2024-02-14 @191  	memset(init_pg_dir, 0, (u64)init_pg_end - (u64)init_pg_dir);
9684ec186f8fad Ard Biesheuvel 2024-02-14  192  }
9684ec186f8fad Ard Biesheuvel 2024-02-14  193  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 3/3] arm64/boot: Disallow BSS exports to startup code
  2025-05-03 11:21 [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Ard Biesheuvel
  2025-05-03 11:21 ` [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace Ard Biesheuvel
@ 2025-05-03 11:21 ` Ard Biesheuvel
  2025-05-03 11:45   ` Ard Biesheuvel
  2025-05-03 11:21 ` [PATCH 2/3] arm64/boot: Move global CPU override variables out of BSS Ard Biesheuvel
  2025-05-08 11:14 ` [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Yeoreum Yun
  3 siblings, 1 reply; 9+ messages in thread
From: Ard Biesheuvel @ 2025-05-03 11:21 UTC (permalink / raw)
  To: linux-arm-kernel
  Cc: linux-kernel, will, catalin.marinas, mark.rutland, Ard Biesheuvel,
	Yeoreum Yun

From: Ard Biesheuvel <ardb@kernel.org>

BSS might be uninitialized when entering the startup code, so forbid the
use of any variables that live after __bss_start in the linker map.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/kernel/image-vars.h  | 66 +++++++++++---------
 arch/arm64/kernel/vmlinux.lds.S |  2 +
 2 files changed, 37 insertions(+), 31 deletions(-)

diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index a0977f7cd3ec..a70244d1aa2a 100644
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -10,6 +10,12 @@
 #error This file should only be included in vmlinux.lds.S
 #endif
 
+#define PI_EXPORT_SYM(sym)		\
+	__PI_EXPORT_SYM(sym, __pi_ ## sym, Cannot export BSS symbol sym to startup code)
+#define __PI_EXPORT_SYM(sym, pisym, msg)\
+	PROVIDE(pisym = sym);		\
+	ASSERT(sym < __bss_start, #msg)
+
 PROVIDE(__efistub_primary_entry		= primary_entry);
 
 /*
@@ -36,39 +42,37 @@ PROVIDE(__pi___memcpy			= __pi_memcpy);
 PROVIDE(__pi___memmove			= __pi_memmove);
 PROVIDE(__pi___memset			= __pi_memset);
 
-PROVIDE(__pi_id_aa64isar1_override	= id_aa64isar1_override);
-PROVIDE(__pi_id_aa64isar2_override	= id_aa64isar2_override);
-PROVIDE(__pi_id_aa64mmfr0_override	= id_aa64mmfr0_override);
-PROVIDE(__pi_id_aa64mmfr1_override	= id_aa64mmfr1_override);
-PROVIDE(__pi_id_aa64mmfr2_override	= id_aa64mmfr2_override);
-PROVIDE(__pi_id_aa64pfr0_override	= id_aa64pfr0_override);
-PROVIDE(__pi_id_aa64pfr1_override	= id_aa64pfr1_override);
-PROVIDE(__pi_id_aa64smfr0_override	= id_aa64smfr0_override);
-PROVIDE(__pi_id_aa64zfr0_override	= id_aa64zfr0_override);
-PROVIDE(__pi_arm64_sw_feature_override	= arm64_sw_feature_override);
-PROVIDE(__pi_arm64_use_ng_mappings	= arm64_use_ng_mappings);
+PI_EXPORT_SYM(id_aa64isar1_override);
+PI_EXPORT_SYM(id_aa64isar2_override);
+PI_EXPORT_SYM(id_aa64mmfr0_override);
+PI_EXPORT_SYM(id_aa64mmfr1_override);
+PI_EXPORT_SYM(id_aa64mmfr2_override);
+PI_EXPORT_SYM(id_aa64pfr0_override);
+PI_EXPORT_SYM(id_aa64pfr1_override);
+PI_EXPORT_SYM(id_aa64smfr0_override);
+PI_EXPORT_SYM(id_aa64zfr0_override);
+PI_EXPORT_SYM(arm64_sw_feature_override);
+PI_EXPORT_SYM(arm64_use_ng_mappings);
 #ifdef CONFIG_CAVIUM_ERRATUM_27456
-PROVIDE(__pi_cavium_erratum_27456_cpus	= cavium_erratum_27456_cpus);
-PROVIDE(__pi_is_midr_in_range_list	= is_midr_in_range_list);
+PI_EXPORT_SYM(cavium_erratum_27456_cpus);
+PI_EXPORT_SYM(is_midr_in_range_list);
 #endif
-PROVIDE(__pi__ctype			= _ctype);
-PROVIDE(__pi_memstart_offset_seed	= memstart_offset_seed);
-
-PROVIDE(__pi_init_idmap_pg_dir		= init_idmap_pg_dir);
-PROVIDE(__pi_init_idmap_pg_end		= init_idmap_pg_end);
-PROVIDE(__pi_swapper_pg_dir		= swapper_pg_dir);
-
-PROVIDE(__pi__text			= _text);
-PROVIDE(__pi__stext               	= _stext);
-PROVIDE(__pi__etext               	= _etext);
-PROVIDE(__pi___start_rodata       	= __start_rodata);
-PROVIDE(__pi___inittext_begin     	= __inittext_begin);
-PROVIDE(__pi___inittext_end       	= __inittext_end);
-PROVIDE(__pi___initdata_begin     	= __initdata_begin);
-PROVIDE(__pi___initdata_end       	= __initdata_end);
-PROVIDE(__pi__data                	= _data);
-PROVIDE(__pi___bss_start		= __bss_start);
-PROVIDE(__pi__end			= _end);
+PI_EXPORT_SYM(_ctype);
+PI_EXPORT_SYM(memstart_offset_seed);
+
+PI_EXPORT_SYM(init_idmap_pg_dir);
+PI_EXPORT_SYM(init_idmap_pg_end);
+PI_EXPORT_SYM(swapper_pg_dir);
+
+PI_EXPORT_SYM(_text);
+PI_EXPORT_SYM(_stext);
+PI_EXPORT_SYM(_etext);
+PI_EXPORT_SYM(__start_rodata);
+PI_EXPORT_SYM(__inittext_begin);
+PI_EXPORT_SYM(__inittext_end);
+PI_EXPORT_SYM(__initdata_begin);
+PI_EXPORT_SYM(__initdata_end);
+PI_EXPORT_SYM(_data);
 
 #ifdef CONFIG_KVM
 
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 73fa57f341b0..bd7626b8c7a3 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -319,6 +319,7 @@ SECTIONS
 
 	/* start of zero-init region */
 	BSS_SECTION(SBSS_ALIGN, 0, 0)
+	__pi___bss_start = __bss_start;
 
 	. = ALIGN(PAGE_SIZE);
 	__pi_init_pg_dir = .;
@@ -332,6 +333,7 @@ SECTIONS
 	. = ALIGN(SEGMENT_ALIGN);
 	__pecoff_data_size = ABSOLUTE(. - __initdata_begin);
 	_end = .;
+	__pi__end = .;
 
 	STABS_DEBUG
 	DWARF_DEBUG
-- 
2.49.0.906.g1f30a19c02-goog



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 3/3] arm64/boot: Disallow BSS exports to startup code
  2025-05-03 11:21 ` [PATCH 3/3] arm64/boot: Disallow BSS exports to startup code Ard Biesheuvel
@ 2025-05-03 11:45   ` Ard Biesheuvel
  0 siblings, 0 replies; 9+ messages in thread
From: Ard Biesheuvel @ 2025-05-03 11:45 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: linux-arm-kernel, linux-kernel, will, catalin.marinas,
	mark.rutland, Yeoreum Yun

On Sat, 3 May 2025 at 13:22, Ard Biesheuvel <ardb+git@google.com> wrote:
>
> From: Ard Biesheuvel <ardb@kernel.org>
>
> BSS might be uninitialized when entering the startup code, so forbid the
> use of any variables that live after __bss_start in the linker map.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/arm64/kernel/image-vars.h  | 66 +++++++++++---------
>  arch/arm64/kernel/vmlinux.lds.S |  2 +
>  2 files changed, 37 insertions(+), 31 deletions(-)
>
> diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
> index a0977f7cd3ec..a70244d1aa2a 100644
> --- a/arch/arm64/kernel/image-vars.h
> +++ b/arch/arm64/kernel/image-vars.h
> @@ -10,6 +10,12 @@
>  #error This file should only be included in vmlinux.lds.S
>  #endif
>
> +#define PI_EXPORT_SYM(sym)             \
> +       __PI_EXPORT_SYM(sym, __pi_ ## sym, Cannot export BSS symbol sym to startup code)
> +#define __PI_EXPORT_SYM(sym, pisym, msg)\
> +       PROVIDE(pisym = sym);           \
> +       ASSERT(sym < __bss_start, #msg)

LLD doesn't seem to love this. I'll replace this with

ASSERT((sym - KIMAGE_VADDR) < (__bss_start - KIMAGE_VADDR), #msg)

which appears to work for both LLD and ld.bfd



> +
>  PROVIDE(__efistub_primary_entry                = primary_entry);
>
>  /*
> @@ -36,39 +42,37 @@ PROVIDE(__pi___memcpy                       = __pi_memcpy);
>  PROVIDE(__pi___memmove                 = __pi_memmove);
>  PROVIDE(__pi___memset                  = __pi_memset);
>
> -PROVIDE(__pi_id_aa64isar1_override     = id_aa64isar1_override);
> -PROVIDE(__pi_id_aa64isar2_override     = id_aa64isar2_override);
> -PROVIDE(__pi_id_aa64mmfr0_override     = id_aa64mmfr0_override);
> -PROVIDE(__pi_id_aa64mmfr1_override     = id_aa64mmfr1_override);
> -PROVIDE(__pi_id_aa64mmfr2_override     = id_aa64mmfr2_override);
> -PROVIDE(__pi_id_aa64pfr0_override      = id_aa64pfr0_override);
> -PROVIDE(__pi_id_aa64pfr1_override      = id_aa64pfr1_override);
> -PROVIDE(__pi_id_aa64smfr0_override     = id_aa64smfr0_override);
> -PROVIDE(__pi_id_aa64zfr0_override      = id_aa64zfr0_override);
> -PROVIDE(__pi_arm64_sw_feature_override = arm64_sw_feature_override);
> -PROVIDE(__pi_arm64_use_ng_mappings     = arm64_use_ng_mappings);
> +PI_EXPORT_SYM(id_aa64isar1_override);
> +PI_EXPORT_SYM(id_aa64isar2_override);
> +PI_EXPORT_SYM(id_aa64mmfr0_override);
> +PI_EXPORT_SYM(id_aa64mmfr1_override);
> +PI_EXPORT_SYM(id_aa64mmfr2_override);
> +PI_EXPORT_SYM(id_aa64pfr0_override);
> +PI_EXPORT_SYM(id_aa64pfr1_override);
> +PI_EXPORT_SYM(id_aa64smfr0_override);
> +PI_EXPORT_SYM(id_aa64zfr0_override);
> +PI_EXPORT_SYM(arm64_sw_feature_override);
> +PI_EXPORT_SYM(arm64_use_ng_mappings);
>  #ifdef CONFIG_CAVIUM_ERRATUM_27456
> -PROVIDE(__pi_cavium_erratum_27456_cpus = cavium_erratum_27456_cpus);
> -PROVIDE(__pi_is_midr_in_range_list     = is_midr_in_range_list);
> +PI_EXPORT_SYM(cavium_erratum_27456_cpus);
> +PI_EXPORT_SYM(is_midr_in_range_list);
>  #endif
> -PROVIDE(__pi__ctype                    = _ctype);
> -PROVIDE(__pi_memstart_offset_seed      = memstart_offset_seed);
> -
> -PROVIDE(__pi_init_idmap_pg_dir         = init_idmap_pg_dir);
> -PROVIDE(__pi_init_idmap_pg_end         = init_idmap_pg_end);
> -PROVIDE(__pi_swapper_pg_dir            = swapper_pg_dir);
> -
> -PROVIDE(__pi__text                     = _text);
> -PROVIDE(__pi__stext                    = _stext);
> -PROVIDE(__pi__etext                    = _etext);
> -PROVIDE(__pi___start_rodata            = __start_rodata);
> -PROVIDE(__pi___inittext_begin          = __inittext_begin);
> -PROVIDE(__pi___inittext_end            = __inittext_end);
> -PROVIDE(__pi___initdata_begin          = __initdata_begin);
> -PROVIDE(__pi___initdata_end            = __initdata_end);
> -PROVIDE(__pi__data                     = _data);
> -PROVIDE(__pi___bss_start               = __bss_start);
> -PROVIDE(__pi__end                      = _end);
> +PI_EXPORT_SYM(_ctype);
> +PI_EXPORT_SYM(memstart_offset_seed);
> +
> +PI_EXPORT_SYM(init_idmap_pg_dir);
> +PI_EXPORT_SYM(init_idmap_pg_end);
> +PI_EXPORT_SYM(swapper_pg_dir);
> +
> +PI_EXPORT_SYM(_text);
> +PI_EXPORT_SYM(_stext);
> +PI_EXPORT_SYM(_etext);
> +PI_EXPORT_SYM(__start_rodata);
> +PI_EXPORT_SYM(__inittext_begin);
> +PI_EXPORT_SYM(__inittext_end);
> +PI_EXPORT_SYM(__initdata_begin);
> +PI_EXPORT_SYM(__initdata_end);
> +PI_EXPORT_SYM(_data);
>
>  #ifdef CONFIG_KVM
>
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index 73fa57f341b0..bd7626b8c7a3 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -319,6 +319,7 @@ SECTIONS
>
>         /* start of zero-init region */
>         BSS_SECTION(SBSS_ALIGN, 0, 0)
> +       __pi___bss_start = __bss_start;
>
>         . = ALIGN(PAGE_SIZE);
>         __pi_init_pg_dir = .;
> @@ -332,6 +333,7 @@ SECTIONS
>         . = ALIGN(SEGMENT_ALIGN);
>         __pecoff_data_size = ABSOLUTE(. - __initdata_begin);
>         _end = .;
> +       __pi__end = .;
>
>         STABS_DEBUG
>         DWARF_DEBUG
> --
> 2.49.0.906.g1f30a19c02-goog
>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 2/3] arm64/boot: Move global CPU override variables out of BSS
  2025-05-03 11:21 [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Ard Biesheuvel
  2025-05-03 11:21 ` [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace Ard Biesheuvel
  2025-05-03 11:21 ` [PATCH 3/3] arm64/boot: Disallow BSS exports to startup code Ard Biesheuvel
@ 2025-05-03 11:21 ` Ard Biesheuvel
  2025-05-08 11:14 ` [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Yeoreum Yun
  3 siblings, 0 replies; 9+ messages in thread
From: Ard Biesheuvel @ 2025-05-03 11:21 UTC (permalink / raw)
  To: linux-arm-kernel
  Cc: linux-kernel, will, catalin.marinas, mark.rutland, Ard Biesheuvel,
	Yeoreum Yun

From: Ard Biesheuvel <ardb@kernel.org>

Accessing BSS will no longer be permitted form the startup code in
arch/arm64/kernel/pi, as some of it executes before BSS is cleared.
Clearing BSS earlier would involve managing cache coherency explicitly
in software, which is a hassle we prefer to avoid.

So move some variables that are assigned by the startup code out of BSS
and into .data.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/kernel/cpufeature.c | 22 ++++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 9c4d6d552b25..4f7a8050ab85 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -758,17 +758,17 @@ static const struct arm64_ftr_bits ftr_raz[] = {
 #define ARM64_FTR_REG(id, table)		\
 	__ARM64_FTR_REG_OVERRIDE(#id, id, table, &no_override)
 
-struct arm64_ftr_override id_aa64mmfr0_override;
-struct arm64_ftr_override id_aa64mmfr1_override;
-struct arm64_ftr_override id_aa64mmfr2_override;
-struct arm64_ftr_override id_aa64pfr0_override;
-struct arm64_ftr_override id_aa64pfr1_override;
-struct arm64_ftr_override id_aa64zfr0_override;
-struct arm64_ftr_override id_aa64smfr0_override;
-struct arm64_ftr_override id_aa64isar1_override;
-struct arm64_ftr_override id_aa64isar2_override;
-
-struct arm64_ftr_override arm64_sw_feature_override;
+struct arm64_ftr_override __section(".data") id_aa64mmfr0_override;
+struct arm64_ftr_override __section(".data") id_aa64mmfr1_override;
+struct arm64_ftr_override __section(".data") id_aa64mmfr2_override;
+struct arm64_ftr_override __section(".data") id_aa64pfr0_override;
+struct arm64_ftr_override __section(".data") id_aa64pfr1_override;
+struct arm64_ftr_override __section(".data") id_aa64zfr0_override;
+struct arm64_ftr_override __section(".data") id_aa64smfr0_override;
+struct arm64_ftr_override __section(".data") id_aa64isar1_override;
+struct arm64_ftr_override __section(".data") id_aa64isar2_override;
+
+struct arm64_ftr_override __section(".data") arm64_sw_feature_override;
 
 static const struct __ftr_reg_entry {
 	u32			sys_id;
-- 
2.49.0.906.g1f30a19c02-goog



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code
  2025-05-03 11:21 [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Ard Biesheuvel
                   ` (2 preceding siblings ...)
  2025-05-03 11:21 ` [PATCH 2/3] arm64/boot: Move global CPU override variables out of BSS Ard Biesheuvel
@ 2025-05-08 11:14 ` Yeoreum Yun
  3 siblings, 0 replies; 9+ messages in thread
From: Yeoreum Yun @ 2025-05-08 11:14 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: linux-arm-kernel, linux-kernel, will, catalin.marinas,
	mark.rutland, Ard Biesheuvel

Hi Ard,

> From: Ard Biesheuvel <ardb@kernel.org>
>
> Move any variables accessed or assigned by the startup code out of BSS,
> and into .data, so that we can forbid the use of BSS variables
> altogether, by ASSERT()'ing in the linker script that each symbol made
> available to the startup code lives before __bss_start in the linker
> map.
>
> Cc: Yeoreum Yun <yeoreum.yun@arm.com>

Thanks for ccing me and with the your fix it looks good to me.
When you send the patch with fix, I'll test it.

Thanks.

--
Sincerely,
Yeoreum Yun


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2025-05-08 11:17 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-03 11:21 [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Ard Biesheuvel
2025-05-03 11:21 ` [PATCH 1/3] arm64/boot: Move init_pgdir[] into __pi_ namespace Ard Biesheuvel
2025-05-03 11:28   ` Ard Biesheuvel
2025-05-05 13:54   ` kernel test robot
2025-05-05 23:50   ` kernel test robot
2025-05-03 11:21 ` [PATCH 3/3] arm64/boot: Disallow BSS exports to startup code Ard Biesheuvel
2025-05-03 11:45   ` Ard Biesheuvel
2025-05-03 11:21 ` [PATCH 2/3] arm64/boot: Move global CPU override variables out of BSS Ard Biesheuvel
2025-05-08 11:14 ` [PATCH 0/3] arm64/boot: Forbid the use of BSS symbols in startup code Yeoreum Yun

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).