From: Yeoreum Yun <yeoreum.yun@arm.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: catalin.marinas@arm.com, will@kernel.org, nathan@kernel.org,
nick.desaulniers+lkml@gmail.com, morbo@google.com,
justinstitt@google.com, broonie@kernel.org, maz@kernel.org,
oliver.upton@linux.dev, frederic@kernel.org, joey.gouly@arm.com,
james.morse@arm.com, hardevsinh.palaniya@siliconsignals.io,
shameerali.kolothum.thodi@huawei.com, ryan.roberts@arm.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev,
stable@vger.kernel.org
Subject: Re: [PATCH] arm64/cpufeature: annotate arm64_use_ng_mappings with ro_after_init to prevent wrong idmap generation
Date: Fri, 2 May 2025 18:23:23 +0100 [thread overview]
Message-ID: <aBT/i/1DmFsU0GUk@e129823.arm.com> (raw)
In-Reply-To: <CAMj1kXEoYcS6YPU0mBdvijDRK6ZVB7mPYZsCVpz7sYotabrxtQ@mail.gmail.com>
Hi Ard,
> On Fri, 2 May 2025 at 16:58, Yeoreum Yun <yeoreum.yun@arm.com> wrote:
> >
> > create_init_idmap() could be called before .bss section initialization
> > which is done in early_map_kernel() since data/test_prot could be set
> > wrong for PTE_MAYBE_NG macro.
> >
> > PTE_MAYBE_NG macro is set according to value of "arm64_use_ng_mappings".
> > and this variable is located in .bss section.
> >
> > # llvm-objdump-21 --syms vmlinux-gcc | grep arm64_use_ng_mappings
> > ffff800082f242a8 g O .bss 0000000000000001 arm64_use_ng_mappings
> >
> > If .bss section doesn't initialized, "arm64_use_ng_mappings" would be set
> > with garbage value ant then the text_prot or data_prot could be set
> > with garbgae value.
> >
> > Here is what i saw with kernel compiled via llvm-21
> >
> > // create_init_idmap()
> > ffff80008255c058: d10103ff sub sp, sp, #0x40
> > ffff80008255c05c: a9017bfd stp x29, x30, [sp, #0x10]
> > ffff80008255c060: a90257f6 stp x22, x21, [sp, #0x20]
> > ffff80008255c064: a9034ff4 stp x20, x19, [sp, #0x30]
> > ffff80008255c068: 910043fd add x29, sp, #0x10
> > ffff80008255c06c: 90003fc8 adrp x8, 0xffff800082d54000
> > ffff80008255c070: d280e06a mov x10, #0x703 // =1795
> > ffff80008255c074: 91400409 add x9, x0, #0x1, lsl #12 // =0x1000
> > ffff80008255c078: 394a4108 ldrb w8, [x8, #0x290] ------------- (1)
> > ffff80008255c07c: f2e00d0a movk x10, #0x68, lsl #48
> > ffff80008255c080: f90007e9 str x9, [sp, #0x8]
> > ffff80008255c084: aa0103f3 mov x19, x1
> > ffff80008255c088: aa0003f4 mov x20, x0
> > ffff80008255c08c: 14000000 b 0xffff80008255c08c <__pi_create_init_idmap+0x34>
> > ffff80008255c090: aa082d56 orr x22, x10, x8, lsl #11 -------- (2)
> >
>
> Interesting. So Clang just shifts the value of "arm64_use_ng_mappings"
> into bit #11, on the basis that 'bool' is a u8 that can only hold
> values 0 or 1.
>
> It is actually kind of nice that this happened, or we would likely
> have never found out - setting nG inadvertently on the initial ID map
> is not something one would ever notice in practice.
> ...
Yeap. it's a quite nice and funny :D
> >
> > In case of gcc, according to value of arm64_use_ng_mappings (annoated as(3)),
> > it branches to each prot settup code.
> > However this is also problem since it branches according to garbage
> > value too -- idmapping with wrong pgprot.
> >
>
> I think the only way to deal with this in a robust manner is to never
> call C code before clearing BSS. But this would mean clearing BSS
> before setting up the ID map, which means it will run with the caches
> disabled, making it slower and also making it necessary to perform
> cache invalidation afterwards.
>
> Making arm64_use_ng_mappings __ro_after_init seems like a useful
> change by itself, so I am not objecting to that. But we don't solve it
> more fundamentally, please at least add a big fat comment why it is
> important that the variable remains there.
Agree. I'll add the comment on arm64_use_ng_mapping.
Thanks!
--
Sincerely,
Yeoreum Yun
next prev parent reply other threads:[~2025-05-02 17:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-02 14:57 [PATCH] arm64/cpufeature: annotate arm64_use_ng_mappings with ro_after_init to prevent wrong idmap generation Yeoreum Yun
2025-05-02 16:25 ` Nathan Chancellor
2025-05-02 17:17 ` Yeoreum Yun
2025-05-02 16:41 ` Ard Biesheuvel
2025-05-02 17:23 ` Yeoreum Yun [this message]
2025-05-02 17:57 ` Catalin Marinas
2025-05-02 18:14 ` Yeoreum Yun
2025-05-03 10:06 ` Catalin Marinas
2025-05-03 11:22 ` Ard Biesheuvel
2025-05-03 14:52 ` Yeoreum Yun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBT/i/1DmFsU0GUk@e129823.arm.com \
--to=yeoreum.yun@arm.com \
--cc=ardb@kernel.org \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=frederic@kernel.org \
--cc=hardevsinh.palaniya@siliconsignals.io \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=justinstitt@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=oliver.upton@linux.dev \
--cc=ryan.roberts@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).